Fixes#20550
This update to libseccomp supports the new versions of socket
system calls that can be called directly rather than via the
socketcall syscall in kernel versions 4.3 or later with new glibc.
Note this library version now supports s390x and ppc64le, so
seccomp can be potentially be enabled for these architectures now.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Going forward, Docker won't use a different default registry on Windows.
This changes Windows to use the standard Docker Hub registry as the
default registry.
There is a plan in place to migrate existing images from the Windows
registry to Hub's normal registry, in advance of the 1.11 release. In
the mean time, images on the Windows registry can be accessed by
prefixing them with `registry-win-tp3.docker.io/`.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The version of sed on MacOS X is different then the one on linux. The mac version
requires a parameter for the inline (-i) flag, where this isn't required on linux.
On the mac it thinks the -e flag is the parameter, and it causes the vendoring script
to fail.
This fix adds an empty string '' as a parameter to sed, which works fine on both the
mac and linux versions.
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
Attach can hang forever if there is no data to send. This PR adds notification
of Attach goroutine about container stop.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This change centralizes the template manipulation in a single package
and adds basic string functions to their execution.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.
Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This mechanism exchanges basic auth credentials for an identity token.
The identity token is used going forward to request scoped-down tokens
to use for registry operations.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Dump from 1.10.1 has this fields.
Signed-off-by: Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
Close and carry #20377
Include David's request
Signed-off-by: Mary Anthony <mary@docker.com>
On redhat based distribution, checking that USER_NS is compiled in the
kernel is not sufficient, we also have to check that the feature as
been enabled.
With this commit, it is now done by checking the content of
`/sys/module/user_namespace/parameters/enable`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Removed unnecessary RUN statements and combined some of the RUN statement into a single line.
The runtime performance is seen as follows:
pre-change:
PASS: docker_cli_build_test.go:3826: DockerSuite.TestBuildUsersAndGroups
63.074s
post-change:
PASS: docker_cli_build_test.go:3826: DockerSuite.TestBuildUsersAndGroups
49.698s
Signed-off-by: Anil Belur <askb23@gmail.com>
Arnaud Porterie
David Calavera
Tonis Tiigi
Tibor Vass
allencloud
Justin Cormack
Brian Goff
Aaron Lehmann
Ken Cochrane
Sebastiaan van Stijn
Tibor Vass
Alexander Morozov
Alexander Morozov
Dan Walsh
Antonio Murdaca
msabansal
Alessandro Boch
Derek McGowan
Kanstantsin Shautsou
Kenfe-Mickael Laventure
Phil Estes
Anil Belur
Zhang Wei