In order to do this, allow the socketcall syscall in the default
seccomp profile. This is a multiplexing syscall for the socket
operations, which is becoming obsolete gradually, but it is used
in some architectures. libseccomp has special handling for it for
x86 where it is common, so we did not need it in the profile,
but does not have any handling for ppc64le. It turns out that the
Debian images we use for tests do use the socketcall, while the
newer images such as Ubuntu 16.04 do not. Enabling this does no
harm as we allow all the socket operations anyway, and we allow
the similar ipc call for similar reasons already.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This fix tries to cover the issue raised in #22463 by adding
filter for events emitted by docker daemon so that user could
utilize filter to receive events of interest.
Documentations have been updated for this fix.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to cover the issue raised in #22463 by emitting
events for docker daemon so that user could be notified by
scenarios like config reload, etc.
This fix adds the `daemon reload`, and events for docker daemon.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
It appears that on some systems apparmor gets in the way of libc.so.6
shared library being loaded - which means the ping fails.
To get around this if we run ping under `/lib64/ld-linux-x86-64.so.2`
then it works. So we only do this for linux and only if the first attempt
fails. If this 2nd attempt fails then we'll show the original error to
the user for debugging.
Also s/Output/CombinedOutput/ to help debugging in the future. It didn't
show the real error msg.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This was not changed when the additional tests were added.
It may be the reason for occasional test failures.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Check for the rootDir first because the mergeDir may not exist if root
is present.
Also fix unmounting in the defer to make sure it does not have a
refcount.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
For things that we can check if they are mounted by using their fsmagic
we should use that and for others do it the slow way.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This test is not applicable anymore now that containers are not stopped
when the daemon is restored.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
similar to the changes made in a4192471cd,
clean the branch-name before using it as a tag-name
for the image that's built.
this also changes the "image name" for docs images
being built from "docs-base" to "docker-docs", to
be in line with the main Makefile
before this change:
/usr/bin/make -C docs docs
docker build -t "docs-base:docs/slashes" .
invalid value "docs-base:docs/slashes" for flag -t: Error parsing reference: "docs-base:docs/slashes" is not a valid repository/tag
See 'docker build --help'.
make[1]: *** [docs-build] Error 125
make: *** [docs] Error 2
after this change:
/usr/bin/make -C docs docs
docker build -t "docker-docs:docs-slashes" .
Sending build context to Docker daemon 9.165 MB
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
hack/vendor.sh can now accept command line arguments
`./hack/vendor.sh github.com/docker/engine-api` will revendor only the
engine-api dependency.
`./hack/vendor.sh github.com/docker/engine-api v0.3.3` will vendor only
engine-api at the specified tag/commit.
`./hack/vendor.sh git github.com/docker/engine-api v0.3.3` is the same
but specifies the VCS for cases where the VCS is something else than git
`./hack/vendor.sh git golang.org/x/sys
eb2c74142fd19a79b3f237334c7384d5167b1b46
https://github.com/golang/sys.git` will vendor only golang.org/x/sys
downloading from the specified URL
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add link to valid image name and tag formats in referenced files
- Per review comments, updated docs to remove reference to `USERNAME` and
`REGISTRYHOST`.
- Per review comment, removed links from man page.
- Per review comment, added and updated examples on `docker tag`
Signed-off-by: Subhajit Ghosh <isubuz.g@gmail.com>
Vincent Demeester