Commit Graph

2720 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
1e1156cf67 Skip kernel-memory tests on RHEL/CentOS daemons
RHEL/CentOS 3.10 kernels report that kernel-memory accounting is supported,
but it actually does not work.

Runc (when compiled for those kernels) will be compiled without kernel-memory
support, so even though the daemon may be reporting that it's supported,
it actually is not.

This cause tests to fail when testing against a daemon that's using a runc
version without kmem support.

For now, skip these tests based on the kernel version reported by the daemon.

This should fix failures such as:

```
FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_run_unix_test.go:499: DockerSuite.TestRunWithKernelMemory

assertion failed:
Command:  /usr/bin/docker run --kernel-memory 50M --name test1 busybox cat /sys/fs/cgroup/memory/memory.kmem.limit_in_bytes
ExitCode: 0
Error:    <nil>
Stdout:   9223372036854771712

Stderr:   WARNING: You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected and can cause your system to be unstable.

Failures:
Expected stdout to contain "52428800"

FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:125: DockerSuite.TestUpdateKernelMemory

/go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:136:
    ...open /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go: no such file or directory
... obtained string = "9223372036854771712"
... expected string = "104857600"

----------------------------------------------------------------------
FAIL: /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:139: DockerSuite.TestUpdateKernelMemoryUninitialized

/go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go:149:
    ...open /go/src/github.com/docker/docker/integration-cli/docker_cli_update_unix_test.go: no such file or directory
... value = nil
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-04 13:27:46 +01:00
Vincent Demeester
de640c9f49 Merge pull request #38038 from AkihiroSuda/ubuntu-overlayfs
pkg/archive: support overlayfs in userns (Ubuntu kernel only)
2019-01-04 09:50:15 +01:00
Sebastiaan van Stijn
9c83124302 Fix some go_vet issues
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-19 23:57:06 +01:00
Fabian Kramm
eea4977d02 Fix unmount redeclaration on darwin in github.com/docker/docker/pkg/mount
Signed-off-by: Fabian Kramm <kramm@covexo.com>
2018-12-14 11:10:52 +01:00
Kir Kolyshkin
6533136961 pkg/mount: wrap mount/umount errors
The errors returned from Mount and Unmount functions are raw
syscall.Errno errors (like EPERM or EINVAL), which provides
no context about what has happened and why.

Similar to os.PathError type, introduce mount.Error type
with some context. The error messages will now look like this:

> mount /tmp/mount-tests/source:/tmp/mount-tests/target, flags: 0x1001: operation not permitted

or

> mount tmpfs:/tmp/mount-test-source-516297835: operation not permitted

Before this patch, it was just

> operation not permitted

[v2: add Cause()]
[v3: rename MountError to Error, document Cause()]
[v4: fixes; audited all users]
[v5: make Error type private; changes after @cpuguy83 reviews]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-12-10 20:07:02 -08:00
Kir Kolyshkin
90be078fe5 pkg/mount: refactor Unmount()
It has been pointed out that we're ignoring EINVAL from umount(2)
everywhere, so let's move it to a lower-level function. Also, its
implementation should be the same for any UNIX incarnation, so
let's consolidate it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-12-10 20:06:10 -08:00
Kir Kolyshkin
8072e62d83 pkg/system/stat_unix: wrap errors in PathError
syscall.Stat (and Lstat), unlike functions from os pkg,
return "raw" errors (like EPERM or EINVAL), and those are
propagated up the function call stack unchanged, and gets
logged and/or returned to the user as is.

Wrap those into os.PathError{} so the error message will
at least have function name and file name.

Note we use Capitalized function names to distinguish
between functions in os and ours.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-12-10 20:06:10 -08:00
Akihiro Suda
ec153ccfc8 pkg/archive: add TestReexecUserNSOverlayWhiteoutConverter
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-12-11 07:18:37 +09:00
Akihiro Suda
037e370de1 pkg/archive: annotate tests that requires initial userns
`rootlesskit go test ./pkg/archive` now succeeds

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-12-11 07:18:37 +09:00
Akihiro Suda
f8ed19c8b4 pkg/archive: support overlayfs in userns (Ubuntu kernel only)
Ubuntu kernel supports overlayfs in user namespaces.

However, Docker had previously crafting overlay opaques directly
using mknod(2) and setxattr(2), which are not supported in userns.

Tested with LXD, Ubuntu 18.04, kernel 4.15.0-36-generic #39-Ubuntu.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-12-11 07:18:37 +09:00
Tibor Vass
6e3113f700 Merge pull request #38327 from andrewhsu/ctrd
update containerd to v1.2.1
2018-12-10 17:28:50 +01:00
Andrew Hsu
78045a5419 use empty string as cgroup path to grab first find
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-07 18:44:00 +01:00
Akihiro Suda
9ddd6e47a9 pkg/archive: fix TestTarUntarWithXattr failure on recent kernel
Recent kernel has strict check for security.capability value.
Fix #38289

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-11-29 16:14:35 +09:00
Yong Tang
f023816608 Add memory.kernelTCP support for linux
This fix tries to address the issue raised in 37038 where
there were no memory.kernelTCP support for linux.

This fix add MemoryKernelTCP to HostConfig, and pass
the config to runtime-spec.

Additional test case has been added.

This fix fixes 37038.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2018-11-26 21:03:08 +00:00
Yong Tang
ea3ac621e3 Merge pull request #37982 from Microsoft/jjh/archive
pkg/archive fixes, and port most unit tests to Windows
2018-11-27 05:49:39 +09:00
John Howard
56b732058e pkg/archive fixes, and port most unit tests to Windows
Signed-off-by: John Howard <jhoward@microsoft.com>

If fixes an error in sameFsTime which was using `==` to compare two times. The correct way is to use go's built-in timea.Equals(timeb).

In changes_windows, it uses sameFsTime to compare mTim of a `system.StatT` to allow TestChangesDirsMutated to operate correctly now.

Note there is slight different between the Linux and Windows implementations of detecting changes. Due to https://github.com/moby/moby/issues/9874,
and the fix at https://github.com/moby/moby/pull/11422, Linux does not consider a change to the directory time as a change. Windows on NTFS
does. See https://github.com/moby/moby/pull/37982 for more information. The result in `TestChangesDirsMutated`, `dir3` is NOT considered a change
in Linux, but IS considered a change on Windows. The test mutates dir3 to have a mtime of +1 second.

With a handful of tests still outstanding, this change ports most of the unit tests under pkg/archive to Windows.

It provides an implementation of `copyDir` in tests for Windows. To make a copy similar to Linux's `cp -a` while preserving timestamps
and links to both valid and invalid targets, xcopy isn't sufficient. So I used robocopy, but had to circumvent certain exit codes that
robocopy exits with which are warnings. Link to article describing this is in the code.
2018-11-26 10:20:40 -08:00
Kir Kolyshkin
8abadb36fa pkg/mount: add MakeMount()
This function ensures the argument is the mount point
(i.e. if it's not, it bind mounts it to itself).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-10-11 23:30:52 -07:00
Kir Kolyshkin
f01297d1ae pkg/mount: simplify ensureMountedAs
1. There is no need to specify rw argument -- bind mounts are
   read-write by default.

2. There is no point in parsing /proc/self/mountinfo after performing
   a mount, especially if we don't check whether the fs is mounted or
   not -- the only outcome from it could be an error from our mountinfo
   parser, which makes no sense in this context.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-10-11 23:16:10 -07:00
Yong Tang
ffaa0b7b3f Merge pull request #37936 from benny-gold/master
Added two new scientists to the namesgenerator
2018-10-08 23:40:51 +00:00
Yong Tang
2cc338c100 Merge pull request #37967 from thaJeztah/upstream_dos_fix
Fix denial of service with large numbers in cpuset-cpus and cpuset-mems
2018-10-08 13:23:03 +00:00
Vincent Demeester
a3f54d4570 Merge pull request #37977 from mooncak/remove_duplicated_word
Remove duplicated words in pkg files
2018-10-08 11:40:10 +02:00
Vincent Demeester
5f6aca784f Merge pull request #37491 from poizan42/fix-mips-signals
SIGSKTFLT does not exist on MIPS, instead SIGEMT does. SIGRTMAX is also 127 on MIPS
2018-10-08 09:28:20 +02:00
mooncake
35739fd290 Remove duplicated words in pkg files
Signed-off-by: mooncake <xcoder@tenxcloud.com>
2018-10-05 22:32:14 +08:00
Justin Cormack
f8e876d761 Fix denial of service with large numbers in cpuset-cpus and cpuset-mems
Using a value such as `--cpuset-mems=1-9223372036854775807` would cause
`dockerd` to run out of memory allocating a map of the values in the
validation code. Set limits to the normal limit of the number of CPUs,
and improve the error handling.

Reported by Huawei PSIRT.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 15:09:02 +02:00
David P Hilton
272759f268 make xattr EPERM non-fatal in createTarFile
Signed-off-by: David P Hilton <david.hilton.p@gmail.com>
2018-10-04 00:00:23 -06:00
Ben Gould
733d777bc0 added an adjective to kick off another build!
Signed-off-by: Ben Gould <ben@bengould.co.uk>
2018-09-30 21:00:09 +01:00
Ben Gould
13c36d00fd Added two new scientists to the namesgenerator
Signed-off-by: Ben Gould <ben@bengould.co.uk>
2018-09-29 20:26:24 +01:00
Lifubang
00eb3480dc fixes display text in Multiple IDs found with provided prefix
Signed-off-by: Lifubang <lifubang@acmcoder.com>
2018-09-24 12:17:31 +08:00
Tibor Vass
11841b70d0 Merge pull request #37780 from tiborvass/fix-progress-panic
pkg/progress: work around closing closed channel panic
2018-09-13 14:45:15 -07:00
Oli
68906e6dcd Update LICENSE
Signed-off-by: Oliver Reason <oli@overrateddev.co>

Update LICENSE.APACHE

Signed-off-by: Oliver Reason <oli@overrateddev.co>

Update LICENSE.BSD

Signed-off-by: Oliver Reason <oli@overrateddev.co>
2018-09-12 14:27:53 +01:00
Kir Kolyshkin
9b0097a699 Format code with gofmt -s from go-1.11beta1
This should eliminate a bunch of new (go-1.11 related) validation
errors telling that the code is not formatted with `gofmt -s`.

No functional change, just whitespace (i.e.
`git show --ignore-space-change` shows nothing).

Patch generated with:

> git ls-files | grep -v ^vendor/ | grep .go$ | xargs gofmt -s -w

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-09-06 15:24:16 -07:00
Tibor Vass
7dac70324d pkg/progress: work around closing closed channel panic
I could not reproduce the panic in #37735, so here's a bandaid.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-06 20:20:12 +00:00
John Howard
b1b9937bc7 Windows: Go1.11: Use long path names in build context (TestBuildSymlinkBreakout)
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-09-05 17:01:05 -07:00
Anusha Ragunathan
c129828151 Merge pull request #37666 from Yadnyawalkya/docker_names
Added two new adjectives and four new names to names-generator.go
2018-09-04 12:15:24 -07:00
Kir Kolyshkin
fffa8958d0 pkg/filenotify/poller: fix Close()
The code in Close() that removes the watches was not working,
because it first sets `w.closed = true` and then calls w.close(),
which starts with
```
        if w.closed {
                return errPollerClosed
	}
```

Fix by setting w.closed only after calling w.remove() for all the
files being watched.

While at it, remove the duplicated `delete(w.watches, name)` code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-08-29 22:16:04 -07:00
Kir Kolyshkin
dfbb64ea7d pkg/filenotify/poller: close file asap
There is no need to wait for up to 200ms in order to close
the file descriptor once the chClose is received.

This commit might reduce the chances for occasional "The process
cannot access the file because it is being used by another process"
error on Windows, where an opened file can't be removed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-08-29 13:51:09 -07:00
Kir Kolyshkin
88bcf1573c pkg/filenotify: poller.Add: fix fd leaks on err
In case of errors, the file descriptor is never closed. Fix it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-08-29 13:46:46 -07:00
Yadnyawalkya Tale
3cd0bfc68e Add adjectives, male and female populer personalities
* Add cool, crazy, charming, magical and sweet as a adjectives (Aug 18)
* Add four male scientists to the list - faraday, maxwell, sutherland, and moore (Aug 21)
* Add four female scientists to the list - cannon, moser and rhodes (Aug 28)

Signed-off-by: Yadnyawalkya Tale <yadnyawalkyatale@gmail.com>
2018-08-28 23:58:10 +05:30
Sebastiaan van Stijn
e0ad6d045c Merge pull request #37092 from cpuguy83/local_logger
Add "local" log driver
2018-08-20 07:01:41 +01:00
John Stephens
b3e9f7b13b Merge pull request #35521 from salah-khan/35507
Add --chown flag support for ADD/COPY commands for Windows
2018-08-17 11:31:16 -07:00
Yong Tang
74c43af1a3 Merge pull request #37600 from edrevo/conemu-fix
Fix #28814: use emulation for ConEmu and ConsoleZ
2018-08-15 16:50:05 -07:00
Salahuddin Khan
763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00
Yong Tang
1fd7e4c28d Merge pull request #37443 from Projjol/new_names
Add in two new names for names-generator
2018-08-12 19:04:56 -07:00
Brian Goff
874867d4e5 Add func to get an io.Reader for tail operations
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-08-10 21:01:15 -07:00
Ximo Guanter Gonzálbez
ea65a0b134 Fix #28814
Signed-off-by: Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
2018-08-07 10:20:13 +02:00
Sebastiaan van Stijn
09f5e9dae3 Merge pull request #37465 from Russtopia/master
namesgenerator: new adjective, two inspiring Computing Science authors
2018-08-01 23:50:05 +02:00
Russ Magee
72a5e621e5 Added additional scientists for balance per names-generator.go policy
Signed-off-by: Russ Magee <rmagee@gmail.com>
2018-07-31 11:34:56 -07:00
Iskander Sharipov
cda9d5f7f0 pkg/system: return nil explicitly
Makes code less confusing.
Otherwise it looks like an error (typo of "==" instead "!=").

Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
2018-07-29 01:31:08 +03:00
Kasper Fabæch Brandt
12804540f3 SIGSKTFLT does not exist on MIPS, instead SIGEMT does. SIGRTMAX is also 127 on MIPS.
Signed-off-by: Kasper Fabæch Brandt <poizan@poizan.dk>
2018-07-19 12:26:52 +02:00
Kir Kolyshkin
05cbe23db9 pkg/tarsum: fix unit test for Go 1.11+
Since go-1.11beta1 archive/tar, tar headers with Typeflag == TypeRegA
(numeric 0) (which is the default unless explicitly initialized) are
modified to have Typeflag set to either tar.TypeReg (character value
'0', not numeric 0) or tar.TypeDir (character value '5') [1].
This results in different Typeflag value in the resulting header,
leading to a different Checksum, and causing the following test
case errors:

> 12:09:14 --- FAIL: TestTarSums (0.05s)
> 12:09:14 tarsum_test.go:393: expecting
> [tarsum+sha256:8bf12d7e67c51ee2e8306cba569398b1b9f419969521a12ffb9d8875e8836738],
> but got
> [tarsum+sha256:75258b2c5dcd9adfe24ce71eeca5fc5019c7e669912f15703ede92b1a60cb11f]
> ... (etc.)

All the other code explicitly sets the Typeflag field, but this test
case is not, causing the incompatibility with Go 1.11. Therefore,
the fix is to set TypeReg explicitly, and change the expected checksums
in test cases).

Alternatively, we can vendor archive/tar again (for the 100th time),
but given that the issue is limited to the particular test case it
does not make sense.

This fixes the test for all Go versions.

[1] https://go-review.googlesource.com/c/go/+/85656

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-07-19 10:38:45 +03:00