This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 3f81b49352)
this bumps the containerd binary in the Dockerfiles
for 1.11.0-rc4, to include https://github.com/docker/containerd/pull/184
NOTE: the hack/vendor.sh commit is NOT updated in this
patch; there's no reason to update containerd there
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes fixes for;
- outputing errors for missing seccomp options on seccomp versions < 2.3
- cap set apply EPERM errors on ARM systems
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 752b31d3fe)
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.
Fixes 21475
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 7ed3d265a4)
Contains fixes for:
- pid.max fix that is causing hang on network stats test.
- fix for early stdin close containerd-shim
- better logging for `could not synchronise with container process`
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 22d997b374)
devmapper uses xfs by default now. So include xfsprogs in build
environment. Also update docs to reflect the new default.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This also updates the comments at the top of the file to note that `-v /var/lib/docker` should be supplied for running `test-integration-cli` and that `hack/dind` is actually also required for `test-unit`.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This is the absolute bare minimum necessary to compile and test Docker -- this is going to be especially useful for testing and verifying assumptions.
With this, we can setup a Jenkins job that tests to ensure that all the work we do to make sure our build scripts and tests don't contain assumptions is not effort spent in vain.
This is important because this is the kind of bare-bones stock environment our packagers build in. Additionally, this verifies that our scripts will work reasonably on other platforms (such as Darwin and Windows) as well.
Assumptions existing tests make that currently fail:
- `registry-v2` exists as a binary in `$PATH` (FIXED IN #11005🎉)
- `unprivilegeduser` exists as a user in `/etc/passwd`
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
