Commit graph

1810 commits

Author SHA1 Message Date
Phil Estes
f87775b873 Merge pull request #19517 from calavera/validate_config_keys
Verify that the configuration keys in the file are valid.
2016-01-22 15:01:29 -05:00
David Calavera
1002d55ee7 Merge pull request #19549 from cpuguy83/bump_plugin_api_version
Bump plugin API version
2016-01-22 09:33:29 -08:00
Vincent Demeester
a32cd99704 Merge pull request #19470 from Microsoft/jjh/confans
Windows: VirtualTerminalInput native console
2016-01-22 17:27:47 +01:00
Vincent Demeester
54ba7f08d5 Merge pull request #19558 from LK4D4/reduce_cgroup_parsing
Refactor sysinfo usage
2016-01-22 11:18:53 +01:00
Phil Estes
ba0a933bad Merge pull request #19263 from jfrazelle/update-aa-parser
refactor aaparser pkg, add unit tests
2016-01-21 19:40:53 -05:00
David Calavera
d0585b6411 Verify that the configuration keys in the file are valid.
- Return an error if any of the keys don't match valid flags.
- Fix an issue ignoring merged values as named values.
- Fix tlsverify configuration key.
- Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-21 16:56:12 -05:00
Brian Goff
d41cd11fcb Bump plugin API version
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-21 11:41:32 -05:00
Zhang Wei
584913a99c Remove hard coded 'docker' string from package
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-01-22 00:14:52 +08:00
Alexander Morozov
8fa328ce02 Reuse subsystems mountpoints between checks
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-20 19:20:59 -08:00
John Howard
d9241b57d8 Windows: VirtualTerminalInput native console
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-19 15:59:21 -08:00
John Howard
1fd7b5e933 Windows: Remove dead code
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-15 12:48:40 -08:00
Sebastiaan van Stijn
1b0b71c66d Merge pull request #18587 from calavera/daemon_configuration_file
Allow to set daemon and server configurations in a file.
2016-01-14 16:44:58 -08:00
Brian Goff
fa7ee8955f Merge pull request #19325 from mingqing/fix-pid-convert-error
fix pidfile, pid is num use '/proc + string(pid)' can't found it
2016-01-14 16:49:20 -05:00
David Calavera
3ac1016064 Allow to set daemon and server configurations in a file.
Read configuration after flags making this the priority:

1- Apply configuration from file.
2- Apply configuration from flags.

Reload configuration when a signal is received, USR2 in Linux:

- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 16:44:37 -05:00
David Calavera
409a9da270 Add an unsafe memory discovery store for testing.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 11:58:38 -05:00
mingqing
fcbf19f04d fix pidfile, pid is num use '/proc + string(pid)' can't found it
Signed-off-by: mingqing <limingqing@cyou-inc.com>
2016-01-14 16:03:33 +08:00
Brian Goff
0ec7cb1db9 Don't dump authz request when body is too large
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-13 17:04:49 -05:00
Jessica Frazelle
b792640a37 refactor aaparser pkg, add unit tests
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-13 08:43:12 -08:00
Jess Frazelle
cb3454b895 Merge pull request #19245 from jfrazelle/seccomp-kernel-check
check seccomp is configured in the kernel
2016-01-12 11:33:27 -08:00
Jessica Frazelle
37926ea8f2 check seccomp is configured in the kernel
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-12 09:45:21 -08:00
Alexander Morozov
1f3d2cd816 Merge pull request #16032 from cpuguy83/remove_sqlite_dep
Build names and links at runtime - no more sqlite
2016-01-11 10:59:49 -08:00
Sebastiaan van Stijn
7967aed912 Merge pull request #19222 from justincormack/shirley
Add Dame Stephanie "Steve" Shirley to names
2016-01-11 00:09:45 +01:00
Justin Cormack
ffa62d15d4 Add Dame Stephanie "Steve" Shirley to names
Born in Germany, she had to flee on the kindertransport to England in
1939. In the 1950s she worked at the Post Office Research Station at
Dollis Hill, building computers from scratch, and took evening classes
to get a degree in Mathematics.

In 1962 she set up a software company, employing almost entirely women,
working at home; the company was floated in 1996. Her team's projects
included programming Concorde's black box flight recorder. She adopted
the name "Steve" to fit in in a male domainated world.

http://www.bbc.co.uk/programmes/b05pmvl8
https://en.wikipedia.org/wiki/Steve_Shirley

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
2016-01-10 21:33:18 +00:00
Anuj
fd86072fb9 Adding two pioneer CS reseachers - Shafi Goldwasser and Michael Stonebraker
Signed-off-by: Anuj Bahuguna <anujbahuguna.dev@gmail.com>
2016-01-11 00:25:46 +05:30
Tõnis Tiigi
50aeb5ad91 Merge pull request #19167 from vieux/bring_discovery_on_par
Bring discovery on par with the one in docker/swarm
2016-01-08 22:54:01 -08:00
Aaron Lehmann
fe5eb4b46a Remove ansiescape package
api/client/trust.go was the last file that used it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Aaron Lehmann
1fe4441875 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Brian Goff
c1ed831486 Build names and links at runtime
Don't rely on sqlite db for name registration and linking.
Instead register names and links when the daemon starts to an in-memory
store.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-07 14:10:42 -05:00
Brian Goff
486bca6d94 Don't error out on plugin err with json
We don't want to error out when there is a json unmarshal error since
the `old way` will cause this to error.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-06 11:34:14 -05:00
Victor Vieux
cc9d62dd28 Before that change, etcd and zookeeper would fail to instantiate
the discovery without the key being already there in the store or
created beforehand and implicitely by a 'swarm join'.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>

This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.

If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-01-06 05:18:52 -08:00
Brian Goff
390876ba18 Move responsibility of ls/inspect to volume driver
Makes `docker volume ls` and `docker volume inspect` ask the volume
drivers rather than only using what is cached locally.

Previously in order to use a volume from an external driver, one would
either have to use `docker volume create` or have a container that is
already using that volume for it to be visible to the other volume
API's.

For keeping uniqueness of volume names in the daemon, names are bound to
a driver on a first come first serve basis. If two drivers have a volume
with the same name, the first one is chosen, and a warning is logged
about the second one.

Adds 2 new methods to the plugin API, `List` and `Get`.
If a plugin does not implement these endpoints, a user will not be able
to find the specified volumes as well requests go through the drivers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-05 16:28:38 -05:00
Sebastiaan van Stijn
5548d51a76 Merge pull request #15666 from vdemeester/3519-configurable-escape
Implement configurable escape key for attach/exec
2016-01-04 00:49:07 +01:00
Vincent Demeester
b30831bbe7 Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-01-03 23:03:39 +01:00
Sebastiaan van Stijn
e1589b001e Merge pull request #18387 from wenchma/18385-improve_help_msg
Improvement for docker subcommand's help messages
2016-01-03 12:19:53 +01:00
Phil Estes
20e95d5106 Merge pull request #19036 from calavera/thank_you_ian
Thanks for everything Ian.
2016-01-02 21:21:03 -05:00
David Calavera
b5be835ff4 Add Ian Murdock to the names generator.
❤️ 😢

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-02 19:17:17 -05:00
Vincent Demeester
24e9bc0daf Merge pull request #19006 from jen20/f-solaris-stat
Fix downstream client API build errors on Solaris
2016-01-01 20:09:22 +01:00
Wen Cheng Ma
ac81eea671 Improvement for docker subcommand's help messages
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2016-01-01 12:27:28 +08:00
Tim Wang
ecd2717cbf Update LICENSE date
Signed-off-by: Tim <timwangdev@gmail.com>
2015-12-31 13:07:35 +00:00
James Nugent
81a350b801 Fix downstream client API build errors on Solaris
The client API at fsouza/go-dockerclient has dependencies on packages in
the docker/docker repository which currently do not build on Solaris. In
particular, stat_unsupported.go makes use of the Mtimespec field of the
syscall.Stat_t struct, which is not present on Solaris, and a number of
Unix-specific packages do not list Solaris in their compile targets.

This commit adds enough support to be able to build
fsouza/go-dockerclient on SmartOS using Go 1.5.1 without affecting other
platforms.

Signed-off-by: James Nugent <james@jen20.com>
2015-12-30 18:25:42 -05:00
David Calavera
562ec005a6 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Arnaud Porterie
4fef057438 Merge pull request #18810 from runcom/pkg-authz-fixes
pkg: authorization: do not register the same plugin
2015-12-23 15:09:06 -08:00
Antonio Murdaca
f35a0f3210 pkg: authorization: do not register the same plugin
This patches avoids registering (and calling) the same plugin more than
once. Using an helper map which indexes by name guarantees this and keeps
the order.
The behavior of overriding the same name in a flag is consistent with,
for instance, the `docker run -v /test -v /test` flag which register
the volume just once.
Adds integration tests.

Without this patch:
```
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.080901676+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081213202+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081268132+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081699788+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081762507+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.082092480+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.628691038+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.629880930+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

With this patch:
```
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376523958+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376715483+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376771230+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.377698897+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.951016441+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

Also removes a somehow duplicate debug statement (leaving only the
second one as it's a loop of plugin's manifest):
```
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544090518+01:00" level=debug
msg="docker-novolume-plugin's manifest: &{[authz]}"
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544170677+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-23 21:08:40 +01:00
Daniel Nephin
d2d85c6d52 Remove package pkg/ulimit, use go-units instead.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-23 13:27:58 -05:00
Daniel Nephin
c2c7305180 Remove unused parser functions that were replaced by go-connections/nat.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-22 19:06:49 -05:00
Alexander Morozov
b635d70be4 Merge pull request #18762 from calavera/runconfig_to_types
Move container configuration types to api/types/container.
2015-12-22 14:22:08 -08:00
Alexander Morozov
2bb3747f56 Merge pull request #18857 from calavera/catch_pipeline_error
Catch command pipeline error.
2015-12-22 13:34:56 -08:00
David Calavera
c5ceeda30a Catch command pipeline error.
Rather than ignoring errors in the pipeline, return an execution error
and do not proceed with the latest command in the pipeline.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 15:17:15 -05:00
Dan Walsh
e2af99fc16 No options to tmpfs is valid
If you run a

docker run command with --tmpfs /mountpoint:noexec

Or certain options that get translated into mount options, the mount command can get passed "" for mount data.
So this should be valid.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-12-22 14:15:07 -05:00
David Calavera
3d3aaa0d2e Replace usage of pkg/nat with go-connections/nat.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:46 -05:00