Commit graph

41 commits

Author SHA1 Message Date
Brian Goff
7db6117c8e Use pivot_root instead of chroot for chrootarchive
This fixes one issue with Docker running under a grsec kernel, which
denies chmod and mknod under chroot.

Note, if pivot_root fails it will still fallback to chroot.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-05-04 19:55:34 -04:00
Amit Krishnan
98910db2c0 Remove flush(stdout) in pkg/chrootarchive/diff_unix.go and improve error reporting of flush() to fix #21103
pkg/chrootarchive/diff_unix.go erroneously calls flush on stdout, which tries to read from stdout returning an error.
This has been fixed by removing the call and by modifying flush to return errors and checking for these errors on calls to flush.

Signed-off-by: Amit Krishnan <krish.amit@gmail.com>
2016-03-15 10:29:51 -07:00
Darren Stahl
7baaf6fd2a Windows CI: Unit Tests stop running failing chrootarchive tests
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-03-01 14:28:29 -08:00
Alexander Morozov
795370d737 Merge pull request #17035 from estesp/fix-build-dir-perms
Correct build-time directory creation with user namespaced daemon
2015-10-20 08:57:19 -07:00
Phil Estes
e8282c4e9d Correct build-time directory creation with user namespaced daemon
This fixes errors in ownership on directory creation during build that
can cause inaccessible files depending on the paths in the Dockerfile
and non-existing directories in the starting image.

Add tests for the mkdir variants in pkg/idtools

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-20 08:59:48 -04:00
Derek Ch
c45a95b9c0 fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:

``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```

When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.

this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;

in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.

the CmdStream is actually called in the same file only, change it
lowercase to mark as private.

[...]
INFO[0000] Docker daemon                                 commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2

DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range

goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
    /usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
    /usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
    /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
    /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec

goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
    /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
    /usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
    /usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
    /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
    /go/src/github.com/docker/docker/docker/docker.go:69 +0x428

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/local/go/src/os/signal/signal_unix.go:27 +0x35

Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-13 15:58:06 -07:00
Phil Estes
e118299052 Add user namespace (mapping) support to the Docker engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.

Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:47:37 -04:00
Stefan J. Wernli
fe637416e9 Windows: Fix long path handling for docker build
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-09-15 10:58:11 -07:00
Stefan J. Wernli
1c1d0c5f6f Fixing Tar functions to support Windows long paths.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-11 16:07:36 -07:00
Lei Jitang
fb58e0d9c2 Enable golint in pkg/arcive
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-08-04 09:52:54 +08:00
John Howard
786c3fafa0 Tidy platform common bits in diff
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-30 13:04:49 -07:00
John Howard
95594939be Windows: Daemon build is broken
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-29 20:08:51 -07:00
Vincent Batts
f0512440f7 archive, chrootarchive: split out decompression
In `ApplyLayer` and `Untar`, the stream is magically decompressed. Since
this is not able to be toggled, rather than break this ./pkg/ API, add
an `ApplyUncompressedLayer` and `UntarUncompressed` that does not
magically decompress the layer stream.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-07-28 16:36:38 -04:00
Arnaud Porterie
879067d69e Enable validate-lint as part of CI
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-07-22 15:23:34 -07:00
John Howard
65cbc7cb25 Windows: Docker build starting to work
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-17 10:41:28 -07:00
unclejack
bfdf63d37c linting changes
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2015-06-17 01:16:57 +03:00
Alexander Morozov
0b830276db Merge pull request #13231 from Microsoft/10662-chrootarchive
Windows: chrootarchive refactor
2015-06-03 09:54:42 -07:00
John Howard
b973596a91 Windows: Undo 908db518 for Windows daemon
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-28 12:04:09 -07:00
John Howard
d025345cdd Windows: chrootarchive refactor
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-20 08:56:42 -07:00
Phil Estes
1a59c1698e Merge pull request #12360 from yestin/11601-supplement-tests-part-2
Improve test accuracy for pkg/chrootarchive (part 2)
2015-04-14 21:00:12 -04:00
Megan Kostick
967f4dc067 Fix vet warning in archive.go
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
2015-04-14 09:13:50 -07:00
Yestin Sun
6ae14a2625 Improve test accuracy for pkg/chrootarchive (part 2)
Check test correctness of untar by comparing destination with
source. For part 2, it checkes hashes of source and destination
files or the target files of symbolic links.

This is a supplement to the #11601 fix.

Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
2015-04-13 21:46:14 -07:00
Evan Hazlett
86168f3594 Merge pull request #12204 from yestin/11601-supplement-tests-part-1
Improve test accuracy for pkg/chrootarchive (part 1)
2015-04-13 16:14:18 -04:00
Phil Estes
70210e11f2 Send archive options via pipe in chrootarchive
After finding our initial thinking on env. space versus arg list space
was wrong, we need to solve this by using a pipe between the caller and
child to marshall the (potentially very large) options array to the
archiver.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-04-12 21:16:54 -04:00
Yestin Sun
f16c4275d2 Improve test accuracy for pkg/chrootarchive (part 1)
Check test correctness of untar by comparing destination with
source. For part one, it only compares the directories.

This is a supplement to the #11601 fix.

Signed-off-by: Yestin Sun <yestin.sun@polyera.com>
2015-04-08 14:07:31 -07:00
Yestin Sun
219034eabe Add more tests for pkg/chrootarchive
Fixes issue #11601

Change-Id: Ifc1dbcc59cc4dc581ed43fc8fbe43fbaec4ccad0
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
2015-03-24 18:23:28 -07:00
Alexander Morozov
3d26fc868b Merge pull request #10439 from estesp/10426-fix-arg-list-too-long
Pass excludes/options to tar unarchiver via environment versus cmd line
2015-02-20 23:48:55 -08:00
Phil Estes
2c7172b274 Pass excludes/options to tar unarchiver via environment
Fixes #10426

Because of the ability to easily overload the shell max argument list
length once the image count is several hundred, `docker load` will
start to fail because of this as it passes an excludes list of all
images in the graph.  This patch uses an environment variable with the
json marshalled through it to get around the arg length limitation.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-02-19 17:53:39 -08:00
Jason Sommer
eba8586d2b Fixed relative filepath check
Signed-off-by: Jason Sommer <jsdirv@gmail.com>
2015-02-16 20:38:52 -06:00
Ian Babrou
eec1af54d1 Not doing extra assertion for io.Closer
Signed-off-by: Ian Babrou <ibobrik@gmail.com>
2015-01-22 10:36:20 +03:00
Doug Davis
f8ec68ef67 Have .dockerignore support Dockerfile/.dockerignore
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.

an events test kept failing for me so I tried to fix that too

Closes #8330

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-01-06 10:57:48 -08:00
Josh Hawn
c57c03f841 Refactor to optimize storage driver ApplyDiff()
To avoid an expensive call to archive.ChangesDirs() which walks two directory
trees and compares every entry, archive.ApplyLayer() has been extended to
also return the size of the layer changes.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 21:54:23 -08:00
Alexander Morozov
6b772e6532 Fix vet errors about unkeyed fields
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-12 10:44:59 -08:00
Michael Crosby
cd74be68b8 Flush stdin from within chroot archive
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	pkg/chrootarchive/diff.go
2014-12-09 14:56:17 -05:00
Lewis Marshall
a8124280d2 Fix chroot untar for zero padded archive from slow reader
Signed-off-by: Lewis Marshall <lewis@lmars.net>
2014-12-09 14:56:16 -05:00
Michael Crosby
1036313f03 Decompress archive before streaming the unpack in a chroot
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	pkg/archive/archive.go
	pkg/chrootarchive/archive.go
2014-12-09 14:56:16 -05:00
Michael Crosby
79b559bc05 Update chroot apply layer to handle decompression outside chroot
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	pkg/archive/diff.go
	pkg/chrootarchive/archive.go
2014-12-09 14:56:16 -05:00
unclejack
cdf5a07698 pkg/chrootarchive: provide TMPDIR for ApplyLayer
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-11-24 11:51:37 -05:00
unclejack
d729913f31 don't call reexec.Init from chrootarchive
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-11-11 23:20:16 +02:00
Tibor Vass
57f40e0735 pkg/chrootarchive: pass TarOptions via CLI arg
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-11 23:20:09 +02:00
unclejack
2f3002a00b add pkg/chrootarchive and use it on the daemon
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-11-11 23:20:02 +02:00