Due to the iptables package being `init`ed at start of the docker
runtime, this means the iptables --wait command listing all rules
is run, no matter if the command is simply "docker -h". It makes
more sense to both locate the iptables command and check for the
wait flag support at the time iptables is actually used, as it
may not be used at all if certain network support is off/configured
differently.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Addresses #5811
This cleans up an error in the logic which removes localhost resolvers
from the host resolv.conf at container creation start time. Specifically
when the determination is made if any nameservers are left after
removing localhost resolvers, it was using a string match on the word
"nameserver", which could have been anywhere (including commented out)
leading to incorrect situations where no nameservers were left but the
default ones were not added.
This also adds some complexity to the regular expressions for finding
nameservers in general, as well as matching on localhost resolvers due
to the recent addition of IPv6 support. Because of IPv6 support now
available in the Docker daemon, the resolvconf code is now aware of
IPv6 enable/disable state and uses that for both filter/cleaning of
nameservers as well as adding default Google DNS (IPv4 only vs. IPv4
and IPv6 if IPv6 enabled). For all these changes, tests have been
added/strengthened to test these additional capabilities.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
DM_UDEV_DISABLE_LIBRARY_FALLBACK is disabled by most applications today
when using device-mapper, and ensuring that device-mapper is in sync
with udev. This flag instructs devicemapper to not fallback to creating
the device nodes itself. In the case of udev sync not being supported,
devicemapper will attempt to create the devices in a timely manner,
regardless of udev.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
While the v2 pull operation is writing the body of the layer blob to disk
it now computes the tarsum checksum of the archive before extracting it to
the backend storage driver. If the checksum does not match that from the
image manifest an error is raised.
Also adds more debug logging to the pull operation and fixes existing test
cases which were failing. Adds a reverse lookup constructor to the tarsum
package so that you can get a tarsum object using a checksum label.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.
an events test kept failing for me so I tried to fix that too
Closes#8330
Signed-off-by: Doug Davis <dug@us.ibm.com>
* Do not log bad options error message twice, e.g.:
$ docker run --pouet
flag provided but not defined: --pouet
See 'docker run --help'.
2014/11/05 21:41:23 flag provided but not defined: --pouet
With this patch just the first two lines will be produced.
* Print 'docker' just once when run without a command, e.g.:
$ docker --hel
flag provided but not defined: --hel
See 'docker docker --help'.
Signed-off-by: Michal Minar <miminar@redhat.com>
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This way, we can embed the link/description lines directly in the array itself, conflicts between PRs to this section are minimized, new PRs are easier to review, and it's a lot easier to notice when people are missing a link/description (like the few that currently are).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
To avoid an expensive call to archive.ChangesDirs() which walks two directory
trees and compares every entry, archive.ApplyLayer() has been extended to
also return the size of the layer changes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When the user is not using the full has to retrieve a container it's
possible that we find conflicts with the ids of other containers.
At the moment it's just failing saying that it can not find a container,
but it doesn't say why. Adding a small log saying that duplicates where
found is going to help the user.
Closes#8098
Signed-off-by: Alex Gonzalez <agonzalezro@gmail.com>