We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
After copying allowed device nodes, set up "/dev/fd", "/dev/stdin",
"/dev/stdout", and "/dev/stderr" symlinks.
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
[rebased by @crosbymichael]
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
When listener channel is closed, it becomes always available for
reading: select becomes an active loop which writes default-constructed
events (i.e: empty strings).
Fixes#5766.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <arnaud.porterie@gmail.com> (github: icecrime)
to cover a couple of use-cases:
* 1mb file, using no compression
* 1mb file, using compression
* 1024 1k files, using no compression
* 1024 1k files, using compression
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This commit makes the Docker daemon call UpdateSuffixarray only after
it finishes registering all containers.
This lowers the amount of time required for the Docker daemon to start
up.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This commit refactors TruncIndex to make it possible to add container
ids to the TruncIndex without updating the Suffixarray.
This is useful during the Docker daemon's startup when we don't want to
update the Suffixarray for every container we add.
Add continues to function like before.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This moves the call to sort in daemon/history to a function to be
called explicitly when we're done adding elements to the list.
This speeds up `docker ps`.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Now IP reuses only after all IPs from network was allocated
Fixes#5729
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
This patch is a preventative patch, it fixes possible future
vulnerabilities regarding unsantised paths. Due to several recent
vulnerabilities, wherein the docker daemon could be fooled into
accessing data from the host (rather than a container), this patch
was created to try and mitigate future possible vulnerabilities in
the same vein.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch fixes the bug that allowed cp to copy files outside of
the containers rootfs, by passing a relative path (such as
../../../../../../../../etc/shadow). This is fixed by first converting
the path to an absolute path (relative to /) and then appending it
to the container's rootfs before continuing.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Michael Crosby
Michael Crosby
Victor Vieux
O.S. Tezer
Bernerd Schaefer
Arnaud Porterie
Guillaume J. Charmes
Joel Handwell
James Turnbull
unclejack
Vincent Batts
unclejack
Alexandr Morozov
cyphar
SvenDowideit
Guillaume J. Charmes
Alexander Larsson
Sven Dowideit
Dan Keder