`${SOME_VAR%pattern}` was turning into `SOME_VAL%pattern}` which the shell would then balk at.
I've updated the `TOKEN_ENV_INTERPOLATION` regex to account for this (ie, if `${` is used, it _must_ also match the closing `}`), and renamed the variable to not be exported (since it's not used outside the function following it).
I also added comments for the bits of `tokenEnvInterpolation` so they're easier to follow. 😄
Signed-off-by: Andrew Page <admwiggin@gmail.com>
This fixes issues where the apparmor profile is not applied to processes
via docker exec. As a side effect the parent processes were unable to
kill the additional child processes because of the profile mismatch.
Easy way to reproduce on an apparmor system:
docker run -ti debian:jessie bash
ps auxZ
- look at the labels
- in another shell
docker exec <name> sleep 1000
- go back to the first container and
ps auxZ
- make sure all processes have the correct docker-default profile
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because of the base image change, $HOME is not always / and we need to
write to the proper $HOME within the container to complete the release
process.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add some information about the storage and execution driver choices
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This makes it possible to make the Docker client "secure by default"
without wrapping the binary in a shell alias so that `--tlsverify` is
always passed.
Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
and move the complicated discussion about branches lower down,
hopefully most won't need to know
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This uses @dnephin's changes to the base.html (thank you!)
and then adds the hide_toc: page meta
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
First off, sorry for the noise. This is a cleaner step of #8508
Found more of a root cause of the open file handles.
After more testing I found that the open file descriptors will still
occur for TCP:// connections to the daemon, causing client and/or daemon
to fail.
The issue was instantiating a new http.Transport on _ever_ client
request. So each instance held the prior connection alive, but was only
ever used once.
By moving it out to the initilization of DockerCli, we can now have
reuse of idled connections. Simplifies the garbage overhead of the
client too, though that's not usually a deal.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
In the go stdlib net/http Transport, the used connections are cached
when idled. This behaviour is intended for TCP connections and does not
behave correctly for unix sockets. Despite the
DefaultMaxIdleConnsPerHost being 2, the idled connections are held open
during a session. For large sessions like `docker rm $(docker ps -a -q)`
of thousands of containers, it will cause the client _and_ the server to
open too many fails and have failures.
Having keep alives not used for only unix sockets is a work around for
this stdlib issue.
Also this includes disabling compression when communicating over the
local unix socket too.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
James Turnbull
Fabio Rehm
Victor Vieux
Tianon Gravi
Michael Crosby
Victor Vieux
Michael Crosby
Sven Dowideit
SvenDowideit
Erik Hollensbe
Sven Dowideit
Fred Lifton
Tibor Vass
Aanand Prasad
Vincent Batts
Doug Davis
Lajos Papp
unclejack
Jessie Frazelle
Derek McGowan