| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
These types were moved to api/types/container in 7ac4232e70fe7cf7318333cd0890db7f95663079,
but the unit-tests for them were not moved. This patch moves the unit-tests back together
with the types.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
| |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
runconfig/config_test.go:23:46: empty-lines: extra empty line at the start of a block (revive)
runconfig/config_test.go:75:55: empty-lines: extra empty line at the start of a block (revive)
oci/devices_linux.go:57:34: empty-lines: extra empty line at the start of a block (revive)
oci/devices_linux.go:60:69: empty-lines: extra empty line at the start of a block (revive)
image/fs_test.go:53:38: empty-lines: extra empty line at the end of a block (revive)
image/tarexport/save.go:88:29: empty-lines: extra empty line at the end of a block (revive)
layer/layer_unix_test.go:21:34: empty-lines: extra empty line at the end of a block (revive)
distribution/xfer/download.go:302:9: empty-lines: extra empty line at the end of a block (revive)
distribution/manifest_test.go:154:99: empty-lines: extra empty line at the end of a block (revive)
distribution/manifest_test.go:329:52: empty-lines: extra empty line at the end of a block (revive)
distribution/manifest_test.go:354:59: empty-lines: extra empty line at the end of a block (revive)
registry/config_test.go:323:42: empty-lines: extra empty line at the end of a block (revive)
registry/config_test.go:350:33: empty-lines: extra empty line at the end of a block (revive)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
| |
Implement similar logic as is used in httputils.ReadJSON(). Before
this patch, endpoints using the ContainerDecoder would incorrectly
return a 500 (internal server error) status.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |\
| |
| | |
runconfig: decodeContainerConfig() return early if there's no HostConfig
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Each of the validation functions depended on HostConfig being not `nil`. Use an
early return, instead of continuing, and checking if it's `nil` in each of the
validate functions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The "quiet" argument was only used in a single place (at daemon startup), and
every other use had to pass "false" to prevent this function from logging
warnings.
Now that SysInfo contains the warnings that occurred when collecting the
system information, we can make leave it up to the caller to use those
warnings (and log them if wanted).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CPU CFS cgroup-aware scheduler is one single kernel feature, not
two, so it does not make sense to have two separate booleans
(CPUCfsQuota and CPUCfsPeriod). Merge these into CPUCfs.
Same for CPU realtime.
For compatibility reasons, /info stays the same for now.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |
|
|
|
|
| |
ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
| |
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
| |
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
| |
The tests using these functions were removed in e89b6e8c2d2c36c43f22aeaf2a885646c2994051
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds both a daemon-wide flag and a container creation property:
- Set the `CgroupnsMode: "host|private"` HostConfig property at
container creation time to control what cgroup namespace the container
is created in
- Set the `--default-cgroupns-mode=host|private` daemon flag to control
what cgroup namespace containers are created in by default
- Set the default if the daemon flag is unset to "host", for backward
compatibility
- Default to CgroupnsMode: "host" for client versions < 1.40
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should eliminate a bunch of new (go-1.11 related) validation
errors telling that the code is not formatted with `gofmt -s`.
No functional change, just whitespace (i.e.
`git show --ignore-space-change` shows nothing).
Patch generated with:
> git ls-files | grep -v ^vendor/ | grep .go$ | xargs gofmt -s -w
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |
|
|
| |
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
|
| |
|
|
|
|
| |
gty-migrate-from-testify --ignore-build-tags
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
| |
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
| |
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
| |
|
|
|
|
| |
For obvious reasons that it is not really supported now.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
|
| |
|
|
| |
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
|
| |
|
|
|
|
| |
Update gometalinter
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
| |
Signed-off-by: Daniel Nephin <dnephin@docker.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the commit d88fe447df0e8 ("Add support for sharing /dev/shm/ and
/dev/mqueue between containers") container's /dev/shm is mounted on the
host first, then bind-mounted inside the container. This is done that
way in order to be able to share this container's IPC namespace
(and the /dev/shm mount point) with another container.
Unfortunately, this functionality breaks container checkpoint/restore
(even if IPC is not shared). Since /dev/shm is an external mount, its
contents is not saved by `criu checkpoint`, and so upon restore any
application that tries to access data under /dev/shm is severily
disappointed (which usually results in a fatal crash).
This commit solves the issue by introducing new IPC modes for containers
(in addition to 'host' and 'container:ID'). The new modes are:
- 'shareable': enables sharing this container's IPC with others
(this used to be the implicit default);
- 'private': disables sharing this container's IPC.
In 'private' mode, container's /dev/shm is truly mounted inside the
container, without any bind-mounting from the host, which solves the
issue.
While at it, let's also implement 'none' mode. The motivation, as
eloquently put by Justin Cormack, is:
> I wondered a while back about having a none shm mode, as currently it is
> not possible to have a totally unwriteable container as there is always
> a /dev/shm writeable mount. It is a bit of a niche case (and clearly
> should never be allowed to be daemon default) but it would be trivial to
> add now so maybe we should...
...so here's yet yet another mode:
- 'none': no /dev/shm mount inside the container (though it still
has its own private IPC namespace).
Now, to ultimately solve the abovementioned checkpoint/restore issue, we'd
need to make 'private' the default mode, but unfortunately it breaks the
backward compatibility. So, let's make the default container IPC mode
per-daemon configurable (with the built-in default set to 'shareable'
for now). The default can be changed either via a daemon CLI option
(--default-shm-mode) or a daemon.json configuration file parameter
of the same name.
Note one can only set either 'shareable' or 'private' IPC modes as a
daemon default (i.e. in this context 'host', 'container', or 'none'
do not make much sense).
Some other changes this patch introduces are:
1. A mount for /dev/shm is added to default OCI Linux spec.
2. IpcMode.Valid() is simplified to remove duplicated code that parsed
'container:ID' form. Note the old version used to check that ID does
not contain a semicolon -- this is no longer the case (tests are
modified accordingly). The motivation is we should either do a
proper check for container ID validity, or don't check it at all
(since it is checked in other places anyway). I chose the latter.
3. IpcMode.Container() is modified to not return container ID if the
mode value does not start with "container:", unifying the check to
be the same as in IpcMode.IsContainer().
3. IPC mode unit tests (runconfig/hostconfig_test.go) are modified
to add checks for newly added values.
[v2: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-51345997]
[v3: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-53902833]
[v4: addressed the case of upgrading from older daemon, in this case
container.HostConfig.IpcMode is unset and this is valid]
[v5: document old and new IpcMode values in api/swagger.yaml]
[v6: add the 'none' mode, changelog entry to docs/api/version-history.md]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
gofmt from go1.8.3
hg locate '*.go' |xargs ~/go/bin/gofmt -s -w
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| |
|
|
| |
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
|
| |
|
|
| |
Signed-off-by: Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: John Howard <jhoward@microsoft.com>
|
| |
|
|
| |
Signed-off-by: Alessandro Boch <aboch@docker.com>
|
| |
|
|
| |
Signed-off-by: Aaron.L.Xu <liker.xu@foxmail.com>
|
| |
|
|
| |
Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com>
|
| |
|
|
|
|
|
| |
(*) (vdemeester) Removed duplicate code across Windows and Unix wrt Net:Containers
(*) Return unsupported error for network sharing for hyperv isolation containers
Signed-off-by: Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
After running the test suite with the race detector enabled I found
these gems that need to be fixed.
This is just round one, sadly lost my test results after I built the
binary to test this... (whoops)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
|
| |\
| |
| | |
Extract the daemon image cache to its own package
|
| | |
| |
| |
| |
| |
| |
| | |
ImageCache is now independent of `Daemon` and is located in
`image/cache` package.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
|
| |/
|
|
| |
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
|
| |
|
|
|
|
|
|
| |
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
|
| |
|
|
| |
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
|
| |\
| |
| | |
Remove a redundant funtion and fix some typos
|
| | |
| |
| |
| | |
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
|
| | |
| |
| |
| | |
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts 26103. 26103 was trying to make it so that if someone did:
docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd. However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".
This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.
Closes #29084
Signed-off-by: Doug Davis <dug@us.ibm.com>
|
| | |
| |
| |
| | |
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
|
| |/
|
|
|
|
|
| |
This commit reverts 273eeb813c1db0f42c2ad5e053972eeb00907568 (#26825).
For the discussion so far, please refer to #28527.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
| |\
| |
| | |
Windows: Case insensitive env vars
|
| | |
| |
| |
| | |
Signed-off-by: John Howard <jhoward@microsoft.com>
|
| |/
|
|
| |
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
|
| |\
| |
| | |
Don't validate platform-dep tmpfs opts on client
|
