full diff: 55eda46b22...19ee068f93
brings in updated protobufs, generated with gogo/protobuf v1.3.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting `dockerd-rootless.sh` checks that `$HOME` is writeable, but does not
require it to be so.
Make the check more precise, and check that it actually exists and is a
directory.
Signed-off-by: Hugo Osvaldo Barrera <hugo@barrera.io>
Whether or not the command path is in the error message is a an
implementation detail.
For example, on Windows the only reason this ever matched was because it
dumped the entire container config into the error message, but this had
nothing to do with the actual error.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
this refactors the Stop command to fix a few issues and behaviors that
dont seem completely correct:
1. first it fixes a situation where stop could hang forever (#41579)
2. fixes a behavior where if sending the
stop signal failed, then the code directly sends a -9 signal. If that
fails, it returns without waiting for the process to exit or going
through the full docker kill codepath.
3. fixes a behavior where if sending the stop signal failed, then the
code sends a -9 signal. If that succeeds, then we still go through the
same stop waiting process, and may even go through the docker kill path
again, even though we've already sent a -9.
4. fixes a behavior where the code would wait the full 30 seconds after
sending a stop signal, even if we already know the stop signal failed.
fixes#41579
Signed-off-by: Cam <gh@sparr.email>
Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption
that quotas can be enabled or disabled on a subvolume level, which is
not true - enabling or disabling quota is always done on a filesystem
level.
That was leading to disabling quota on btrfs filesystems on each daemon
shutdown.
This change fixes that behavior and removes misleading `subvol` prefix
from functions and methods which set up quota (on a filesystem level).
Fixes: #34593
Fixes: 401c8d1767 ("Add disk quota support for btrfs")
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
These tests fail, possibly due to changes in the kernel. Temporarily skipping
these tests, so that we at least have some coverage on these windows versions
in this repo, and we can look into this specific issue separately.;
=== FAIL: github.com/docker/docker/pkg/archive TestChangesDirsEmpty (0.21s)
changes_test.go:261: Reported changes for identical dirs: [{\dirSymlink C}]
=== FAIL: github.com/docker/docker/pkg/archive TestChangesDirsMutated (0.14s)
changes_test.go:391: unexpected change "C \\dirSymlink" "\\dirnew"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Images for Windows 2022 (SAC) are not yet available, so using insider builds
in the meantime; mcr.microsoft.com/windows/servercore/insider:10.0.20295.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds a stage to test against the current SAC (Semi Annual Channel),
which allows us to catch possible regressions on upcoming LTS versions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The runc/libcontainer apparmor package on master no longer checks if apparmor_parser
is enabled, or if we are running docker-in-docker.
While those checks are not relevant to runc (as it doesn't load the profile), these
checks _are_ relevant to us (and containerd). So switching to use the containerd
apparmor package, which does include the needed checks.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch picks the first commit in containerd that exports the AppArmor package
functions to keep the vendor diff small (there are some updates to that package
after this, but those will be included in other patches).
full diff: fbf1a72de7...55eda46b22
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is the first commit after the containerd transition to go modules. Using this
as an intermediate version to allow us to track what dependency changes are
introduced in the containerd dependency since.
full diff: b9092fae15...fbf1a72de7
There were some fix-ups in the PR after adding go modules that updated dependencies,
which will be aligned in the next commit.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is the last commit before containerd switched to using go modules. Using this
as an intermediate version to allow us to more easily track what dependency updates
containerd has.
full diff: 0edc412565...b9092fae15
relevant changes in vendored code:
- Do not hardcode "amd64" on LCOW and Windows-related files
- Optimize Windows and LCOW snapshotters to only create scratch layer on the final snapshot
- Add annotations to task update request api
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Inode numbers are guaranteed to be unique only within a filesystem.
As such there is an edge case where these predicates are true on a
non-btrfs filesystem.
Closes#42271
Signed-off-by: Brett Milford <brettmilford@gmail.com>
This was changed as part of a refactor to use containerd dist code. The
problem is the OCI media types are not compatible with older versions of
Docker.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
