Commit graph

1858 commits

Author SHA1 Message Date
Brian Goff
c923ab0dc5 Merge pull request #20602 from twistlock/20508_authz_plugin_corrupt_body
Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body
2016-02-29 10:43:02 -05:00
Brian Goff
fcb2e0b085 Merge pull request #20706 from calavera/remove_concurrent_access_to_stdtypes
Make stdcopy.StdWriter thread safe.
2016-02-27 21:14:09 -05:00
David Calavera
f55298771e Make stdcopy.stdWriter goroutine safe.
Stop using global variables as prefixes to inject the writer header.
That can cause issues when two writers set the length of the buffer in
the same header concurrently.

Stop Writing to the internal buffer twice for each write. This could
mess up with the ordering information is written.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-26 16:51:18 -05:00
Antonio Murdaca
7e132eee02 pkg: idtools: fix subid files parsing
Since Docker is already skipping newlines in /etc/sub{uid,gid},
this patch skips commented out lines - otherwise Docker fails to start.
Add unit test also.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-02-26 15:42:05 +01:00
David Calavera
366b774b47 Merge pull request #20263 from Microsoft/jjh/testunit-fileutils
Windows CI: Fixes panic in test-unit for FileUtils
2016-02-25 17:35:32 -08:00
Vincent Demeester
29aeaf7880 Merge pull request #20572 from runcom/sudo-user
resolve the config file from the sudo user
2016-02-25 16:05:25 +01:00
Liron Levin
b3ff922a7b Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body
Based on the discussion, we have changed the following:

1. Send body only if content-type is application/json (based on the
Docker official daemon REST specification, this is the provided for all
APIs that requires authorization.

2. Correctly verify that the msg body is smaller than max cap (this was
the actual bug). Fix includes UT.

3. Minor: Check content length > 0 (it was -1 for load, altough an
attacker can still modify this)

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-02-25 08:11:55 +02:00
Brian Goff
f5003987da Close resp body on plugin call error
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-24 20:09:51 -05:00
Brian Goff
c8da8b3693 add file poller panic fix from 1.10.2
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-24 10:17:29 -05:00
Antonio Murdaca
51359df9fb resolve the config file from the sudo user
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-02-24 15:41:00 +01:00
Brian Goff
d932514e7e Revert "use pubsub instead of filenotify to follow json logs"
This reverts commit b1594c59f5e0d1ac898eacde8d91b1ba33c2b626.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-23 21:43:52 -05:00
Brian Goff
e901b002ac Revert "pkg: remove unused filenotify"
This reverts commit ee99b5f2e96aafa982487aadbb78478898ae0c71.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-23 21:43:46 -05:00
John Howard
11fdefb289 Windows CI: Fixes panic in test-unit for FileUtils
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-23 13:31:45 -08:00
Stefan Weil
8cb9b57bc2 Fix some typos in comments and strings
Most of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-02-22 20:27:15 +01:00
Brian Goff
049dda3ee7 Merge pull request #20292 from Microsoft/jjh/testunit-pkgarchivestep2
Windows CI: test-unit on pkg\archive part 2
2016-02-18 12:12:09 -05:00
David Calavera
1197aed664 Merge pull request #20408 from cpuguy83/use_pool_for_pubsub_wg
Use pool for pubsub `Publish`'s waitgroups
2016-02-17 14:46:13 -08:00
David Calavera
7100db90d0 Merge pull request #20260 from Microsoft/jjh/testunit-pkggitutils
Windows CI: Unit tests - port pkg\gitutils
2016-02-17 13:50:17 -08:00
Brian Goff
201d0bde99 Use pool for pubsub Publish's waitgroups
benchmark             old ns/op      new ns/op      delta
BenchmarkPubSub-8     1036494796     1032443513     -0.39%

benchmark             old allocs     new allocs     delta
BenchmarkPubSub-8     2467           1441           -41.59%

benchmark             old bytes     new bytes     delta
BenchmarkPubSub-8     212216        187792        -11.51%

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-17 14:36:57 -05:00
Aleksa Sarai
598f68663b pkg: remove unused filenotify
pkg/filenotify isn't used anymore and it causes problems with
hack/vendor.sh (nothing uses it, so hack/vendor.sh will remove the
vendored code).

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-18 00:11:43 +11:00
Phil Estes
59e100d7c2 Merge pull request #20366 from LK4D4/socks_proxy
Add support for forwarding Docker client through SOCKS proxy
2016-02-16 22:29:49 -08:00
Alexander Morozov
3fcb349dba Merge pull request #19498 from mountkin/refactor-jsonfilelog-reader
use pubsub instead of filenotify to follow json logs
2016-02-16 13:55:48 -08:00
Alexander Morozov
54bafc26b7 Add support for forwarding Docker client through SOCKS proxy
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-02-16 11:09:28 -08:00
Shijiang Wei
b8296053e2 optimize pubsub.Publish function
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2016-02-15 19:25:21 +08:00
Shijiang Wei
092f2d6aed use pubsub instead of filenotify to follow json logs
inotify event is trigged immediately there's data written to disk.
But at the time that the inotify event is received, the json line might
not fully saved to disk. If the json decoder tries to decode in such
case, an io.UnexpectedEOF will be trigged.
We used to retry for several times to mitigate the io.UnexpectedEOF error.
But there are still flaky tests caused by the partial log entries.

The daemon knows exactly when there are new log entries emitted. We can
use the pubsub package to notify all the log readers instead of inotify.

Signed-off-by: Shijiang Wei <mountkin@gmail.com>

try to fix broken test. will squash once tests pass

Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2016-02-15 19:25:16 +08:00
Aleksa Sarai
174bb1a967 apparmor: fix version checks to work properly
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-02-15 20:36:07 +11:00
John Howard
5fe89a3e8e Windows CI: test-unit on pkg\archive part 2
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-12 15:40:41 -08:00
John Howard
e178bdf28e Windows CI: test-unit pkg\archive step 1
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-12 10:13:44 -08:00
Vincent Demeester
82fe40e860 Merge pull request #20258 from Microsoft/jjh/testunit-authz
Windows CI: test-unit turn off pkg\authorisation
2016-02-12 08:33:20 +01:00
Vincent Demeester
2b1675779f Merge pull request #20259 from Microsoft/jjh/testunit-pkgfilenotify
Windows CI: test-unit for pkg\filenotify
2016-02-12 08:32:43 +01:00
Vincent Demeester
670d3ae8be Merge pull request #20249 from Microsoft/jjh/testunit-pkgintegration
Windows CI: Fix test-unit for pkg\integration
2016-02-12 08:32:03 +01:00
John Howard
a2f66f78e4 Windows CI: Unit tests - port pkg\gitutils
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-11 18:19:17 -08:00
John Howard
d8039979b1 Windows CI: test-unit for pkg\filenotify
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-11 17:47:26 -08:00
John Howard
06d7595dc1 Windows CI: test-unit turn off pkg\authorisation
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-11 17:42:12 -08:00
Victor Vieux
209fd53a0c fix common misspell
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-02-11 15:49:36 -08:00
John Howard
0fcc9dd7ec Windows CI: Fix test-unit for pkg\integration
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-11 15:06:22 -08:00
Vincent Demeester
daae58b282 Merge pull request #20216 from Microsoft/jjh/testunit-pkgplugins-v2
Windows CI: test-unit on pkg\plugins
2016-02-11 12:39:08 +01:00
John Howard
ab793c4490 Windows CI: test-unit on pkg\plugins
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-10 19:28:30 -08:00
John Howard
f0b9a576e5 Windows CI: Unit Test - pkg/mount is Unix specific
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-10 18:09:15 -08:00
Brian Goff
7982606371 Cleanup WriteFlusher
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-09 14:02:26 -05:00
Stefan J. Wernli
24854e692c Fixing 'docker save' on Windows.
Save was failing file integrity checksums due to bugs in both
Windows and Docker. This commit includes fixes to file time handling
in tarexport and system.chtimes that are necessary along with
the Windows platform fixes to correctly support save. With this
change, sysfile_backups for windowsfilter driver are no longer
needed, so that code is removed.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-02-08 18:08:49 -08:00
Sebastiaan van Stijn
a830282265 Fix 'tcp+tls' protocol not being accepted
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-02-08 17:34:39 +00:00
Alexander Morozov
80e2b1b5e2 Merge pull request #20002 from twistlock/19575_authz_plugin_support_events
Fix 19575: Docker events doesn't work with authorization plugin
2016-02-08 09:10:39 -08:00
Liron Levin
a903b6a9c8 Fix 19575: Docker events doesn't work with authorization plugin
To support the requirement of blocking the request after the daemon
responded the authorization plugin use a `response recorder` that replay
the response after the flow ends.

This commit adds support for commands that hijack the connection and
flushes data via the http.Flusher interface. This resolves the error
with the event endpoint.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-02-05 22:30:01 +02:00
David Calavera
52470a41b8 Apply context changes to the client.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-04 13:59:57 -05:00
John Howard
80ef4bfbc0 Improvements to ANSI emulation in conemu
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-28 20:37:42 -08:00
Anuj Bahuguna
a8cc8fea55 Adding biologist Christiane Nüsslein Volhard and AI pioneer Marvin Minsky
Signed-off-by: Anuj Bahuguna anujbahuguna.dev@gmail.com

Signed-off-by: Anuj Bahuguna <anujbahuguna.dev@gmail.com>
2016-01-28 14:33:58 +00:00
Aleksa Sarai
0b48f3b72d *: purge dockerinit from source code
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-26 23:47:02 +11:00
Brian Goff
1cb28d7bbe Add back compat for volume drivers Get and Ls
Use a back-compat struct to handle listing volumes for volumes we know
about (because, presumably, they are being used by a container) for
volume drivers which don't yet support `List`.

Adds a fall-back for the volume driver `Get` call, which will use
`Create` when the driver returns a `404` for `Get`. The old behavior was
to always use `Create` to get a volume reference.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-22 22:48:17 -05:00
Phil Estes
f87775b873 Merge pull request #19517 from calavera/validate_config_keys
Verify that the configuration keys in the file are valid.
2016-01-22 15:01:29 -05:00
David Calavera
1002d55ee7 Merge pull request #19549 from cpuguy83/bump_plugin_api_version
Bump plugin API version
2016-01-22 09:33:29 -08:00