Seccomp is only *compiled* in binaries built for
distros that ship with seccomp 2.2.1 or higher,
and in the static binaries.
The static binaries are not really useful for
RHEL and CentOS, because devicemapper does
not work properly with the static binaries,
so static binaries is only an option for Ubuntu
and Debian.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows easier URL handling in code that uses APIEndpoint.
If we continued to store the URL unparsed, it would require redundant
parsing whenver we want to extract information from it. Also, parsing
the URL earlier should give improve validation.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
When linking, position of `-l` flags is important since
they muse come _after_ any object files which uses symbols
from a specified library, that is due to --as-needed binutils
ld flag enabled by default
Signed-off-by: Maxim Ivanov <ivanov.maxim@gmail.com>
Sometimes transient network issues will cause
TestPullFromCentralRegistryImplicitRefParts to end up pulling with the
v1 protocol. This violates the assumptions behind the test. To make the
test more robust, allow a few retries if any pull ends up using the v1
protocol.
Fixes#17214
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
benchmark old ns/op new ns/op delta
BenchmarkPubSub-8 1036494796 1032443513 -0.39%
benchmark old allocs new allocs delta
BenchmarkPubSub-8 2467 1441 -41.59%
benchmark old bytes new bytes delta
BenchmarkPubSub-8 212216 187792 -11.51%
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Also changes missing storage layer for container
RWLayer to a soft failure.
Fixes#20147
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 2798d7a6a681aee8995e87c9b68128e54876d2b5)
This adds verification for getting layer data out
of layerstore. These failures should only be possible
if layer metadata files have been manually changed
of if something is wrong with tar-split algorithm.
Failing early makes sure we don’t upload invalid data
to the registries where it would fail after someone
tries to pull it.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e29e580f7fe628e936925681a4885d0b655bb151)
It is not longer used by us, so hack/vendor.sh complains because it
removes unused files (but also complains about removing an entire
vendored project).
Signed-off-by: Aleksa Sarai <asarai@suse.com>
pkg/filenotify isn't used anymore and it causes problems with
hack/vendor.sh (nothing uses it, so hack/vendor.sh will remove the
vendored code).
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Fixes: #20328
We sort network ls output with incresing order,
it may make output more easy to consume for users.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
Brian Goff