From 4bdf0ab40280f9b064d4204b0df21a05398a7c34e48c77dd4c4ae5bdd9829385 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Thu, 29 Nov 2018 15:15:40 +0000
Subject: [PATCH] Accepting request 652637 from
 home:cyphar:containers:docker_18.09

[ DO NOT FORWARD TO FACTORY! ]
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md
- Add revert of an upstream patch to fix docker-* handling.
  + packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
  * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
  - bsc1100727-0001-build-add-buildmode-pie.patch

OBS-URL: https://build.opensuse.org/request/show/652637
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=271
---
 _service                                      |   4 +-
 ...DATE_EPOCH-when-generating-man-pages.patch |   8 +-
 ...eceiving-of-signals-from-docker-kill.patch |  55 ++-
 ...bber-docker-default-profile-on-start.patch |   8 +-
 bsc1100727-0001-build-add-buildmode-pie.patch |  30 --
 docker-18.06.1_ce.tar.xz                      |   3 -
 docker-18.09.0_ce.tar.xz                      |   3 +
 docker.changes                                |  17 +
 docker.spec                                   |  16 +-
 ...cker-prefix-for-containerd-and-runc-.patch | 339 ++++++++++++++++++
 ...-Add-private-registry-mirror-support.patch |  17 +-
 ...ow-directory-creation-in-run-secrets.patch |   6 +-
 ...USE-implement-SUSE-container-secrets.patch |   4 +-
 13 files changed, 438 insertions(+), 72 deletions(-)
 delete mode 100644 bsc1100727-0001-build-add-buildmode-pie.patch
 delete mode 100644 docker-18.06.1_ce.tar.xz
 create mode 100644 docker-18.09.0_ce.tar.xz
 create mode 100644 packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch

diff --git a/_service b/_service
index 661ed9d..29e28cd 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
     <param name="url">https://github.com/docker/docker-ce.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">18.06.1_ce</param>
-    <param name="revision">v18.06.1-ce</param>
+    <param name="versionformat">18.09.0_ce</param>
+    <param name="revision">v18.09.0</param>
     <param name="filename">docker</param>
   </service>
   <service name="recompress" mode="disabled">
diff --git a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch b/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
index c0a2216..c9e460e 100644
--- a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+++ b/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
@@ -1,4 +1,4 @@
-From d84d2f13c475bf5ff0ce7b080b759b0239d5d345 Mon Sep 17 00:00:00 2001
+From 0a2ba19d51fef679d2a695fd14c30facd5f901f1 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Thu, 23 Aug 2018 19:53:55 +1000
 Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
@@ -23,7 +23,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
  1 file changed, 13 insertions(+)
 
 diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
-index 4197558a2225..4a3e98fb22c1 100644
+index 2d940e31fd10..e5e480be3f32 100644
 --- a/components/cli/man/generate.go
 +++ b/components/cli/man/generate.go
 @@ -6,6 +6,8 @@ import (
@@ -51,8 +51,8 @@ index 4197558a2225..4a3e98fb22c1 100644
 +	}
 +
  	stdin, stdout, stderr := term.StdStreams()
- 	dockerCli := command.NewDockerCli(stdin, stdout, stderr, false)
+ 	dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
  	cmd := &cobra.Command{Use: "docker"}
 -- 
-2.18.0
+2.19.1
 
diff --git a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch b/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
index 71a5aad..0ac53e5 100644
--- a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+++ b/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
@@ -1,4 +1,4 @@
-From 3464bd58d266b0640774952e825558044ffc64e2 Mon Sep 17 00:00:00 2001
+From 4962b0a0bc6ca1fc99b0936175f929f9d3f5fa4c Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Sun, 8 Apr 2018 20:21:30 +1000
 Subject: [PATCH 1/2] apparmor: allow receiving of signals from 'docker kill'
@@ -7,15 +7,54 @@ In newer kernels, AppArmor will reject attempts to send signals to a
 container because the signal originated from outside of that AppArmor
 profile. Correct this by allowing all unconfined signals to be received.
 
-SUSE-Bugs: bsc#1073877 boo#1089732
 Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
- components/engine/profiles/apparmor/template.go | 6 ++++++
- 1 file changed, 6 insertions(+)
+ .../engine/profiles/apparmor/apparmor.go      | 21 +++++++++++++++++++
+ .../engine/profiles/apparmor/template.go      |  6 ++++++
+ 2 files changed, 27 insertions(+)
 
+diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
+index b021668c8e4c..2f58ee852cab 100644
+--- a/components/engine/profiles/apparmor/apparmor.go
++++ b/components/engine/profiles/apparmor/apparmor.go
+@@ -23,6 +23,8 @@ var (
+ type profileData struct {
+ 	// Name is profile name.
+ 	Name string
++	// DaemonProfile is the profile name of our daemon.
++	DaemonProfile string
+ 	// Imports defines the apparmor functions to import, before defining the profile.
+ 	Imports []string
+ 	// InnerImports defines the apparmor functions to import in the profile.
+@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
+ 		Name: name,
+ 	}
+ 
++	// Figure out the daemon profile.
++	currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
++	if err != nil {
++		// If we couldn't get the daemon profile, assume we are running
++		// unconfined which is generally the default.
++		currentProfile = nil
++	}
++	daemonProfile := string(currentProfile)
++	// Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
++	// profiles cannot contain spaces so this doesn't restrict daemon profile
++	// names.
++	if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
++		daemonProfile = parts[0]
++	}
++	if daemonProfile == "" {
++		daemonProfile = "unconfined"
++	}
++	p.DaemonProfile = daemonProfile
++
+ 	// Install to a temporary directory.
+ 	f, err := ioutil.TempFile("", name)
+ 	if err != nil {
 diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
-index c00a3f70e993..772c4a4873f6 100644
+index c00a3f70e993..400b3bd50a11 100644
 --- a/components/engine/profiles/apparmor/template.go
 +++ b/components/engine/profiles/apparmor/template.go
 @@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
@@ -24,13 +63,13 @@ index c00a3f70e993..772c4a4873f6 100644
    umount,
 +{{if ge .Version 208096}}
 +{{/* Allow 'docker kill' to actually send signals to container processes. */}}
-+  signal (receive) peer=unconfined,
-+{{/* And allow signals to be sent inside the container. */}}
++  signal (receive) peer={{.DaemonProfile}},
++{{/* Allow container processes to send signals amongst themselves. */}}
 +  signal (send,receive) peer={{.Name}},
 +{{end}}
  
    deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
    # deny write to files not in /proc/<number>/** or /proc/sys/**
 -- 
-2.18.0
+2.19.1
 
diff --git a/bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch b/bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
index 2755e61..a804feb 100644
--- a/bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
+++ b/bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
@@ -1,4 +1,4 @@
-From 0954810e947abf0b4e5d8f6c78598c5d66b43952 Mon Sep 17 00:00:00 2001
+From 04f594765577163a26f24d0fe3fc7a2283f1e018 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Jun 2018 17:59:30 +1000
 Subject: [PATCH 2/2] apparmor: clobber docker-default profile on start
@@ -68,10 +68,10 @@ index 51f9c526b350..97d7758442ee 100644
  	return nil
  }
 diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
-index 5e5f586ae085..6ca6a7aaa268 100644
+index a307863017ab..67cd286002bf 100644
 --- a/components/engine/daemon/daemon.go
 +++ b/components/engine/daemon/daemon.go
-@@ -660,7 +660,9 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe
+@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
  		logrus.Warnf("Failed to configure golang's threads limit: %v", err)
  	}
  
@@ -83,5 +83,5 @@ index 5e5f586ae085..6ca6a7aaa268 100644
  	}
  
 -- 
-2.18.0
+2.19.1
 
diff --git a/bsc1100727-0001-build-add-buildmode-pie.patch b/bsc1100727-0001-build-add-buildmode-pie.patch
deleted file mode 100644
index ec9271e..0000000
--- a/bsc1100727-0001-build-add-buildmode-pie.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 547870ff2904a75fa3e0ee96fa264d53a81d4c01 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Mon, 30 Jul 2018 19:34:01 +1000
-Subject: [PATCH] build: add -buildmode=pie
-
-Make all dynbinary builds be position-independent (this adds both
-security benefits and can help with flaky builds on POWER
-architectures).
-
-SUSE-Bugs: bsc#1100727
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- components/cli/scripts/build/dynbinary | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary
-index 3c32ed342ef7..4feb7e71d852 100755
---- a/components/cli/scripts/build/dynbinary
-+++ b/components/cli/scripts/build/dynbinary
-@@ -9,6 +9,6 @@ source ./scripts/build/.variables
- 
- echo "Building dynamically linked $TARGET"
- export CGO_ENABLED=1
--go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" "${SOURCE}"
-+go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" -buildmode=pie "${SOURCE}"
- 
- ln -sf "$(basename "${TARGET}")" build/docker
--- 
-2.18.0
-
diff --git a/docker-18.06.1_ce.tar.xz b/docker-18.06.1_ce.tar.xz
deleted file mode 100644
index 70bfb8b..0000000
--- a/docker-18.06.1_ce.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:061ae523be13dbe05ff5377626113a299327cc39fc145f801cd674c67b8c7fe0
-size 8561132
diff --git a/docker-18.09.0_ce.tar.xz b/docker-18.09.0_ce.tar.xz
new file mode 100644
index 0000000..f42cb41
--- /dev/null
+++ b/docker-18.09.0_ce.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce38c3b659b78bccdfaf07b1f0a4eaaf454ffec726434511feeee1b9a2fc8151
+size 9264940
diff --git a/docker.changes b/docker.changes
index 0fb6e16..a8a2781 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Thu Nov 29 09:41:11 UTC 2018 - Aleksa Sarai <asarai@suse.com>
+
+- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
+  /usr/share/doc/packages/docker/CHANGELOG.md
+- Add revert of an upstream patch to fix docker-* handling.
+  + packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+- Rebase patches:
+  * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+  * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
+  * private-registry-0001-Add-private-registry-mirror-support.patch
+  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+- Remove upstreamed patches:
+  - bsc1100727-0001-build-add-buildmode-pie.patch
+
 -------------------------------------------------------------------
 Mon Oct  8 06:41:21 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
 
diff --git a/docker.spec b/docker.spec
index 55e2c41..d575687 100644
--- a/docker.spec
+++ b/docker.spec
@@ -49,10 +49,10 @@
 # sure we didn't miss anything important when doing upgrades.
 %define required_containerd 468a545b9edcd5932818eb9de8e72413e616e86e
 %define required_dockerrunc 69663f0bd4b60df09991c08812a60108003fa340
-%define required_libnetwork 3ac297bc7fd0afec9051bbb47024c9bc1d75bf5b
+%define required_libnetwork 6da50d1978302f04c3e2089e29112ea24812f05b
 
 Name:           %{realname}%{name_suffix}
-Version:        18.06.1_ce
+Version:        18.09.0_ce
 Release:        0
 Summary:        The Linux container runtime
 License:        Apache-2.0
@@ -76,14 +76,14 @@ Source9:        tests.sh
 # branch in http://github.com/suse/docker.mirror.
 Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
 Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/36822. bsc#1073877
+# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37831. bsc#1073877
 Patch400:       bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
 # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277
 Patch401:       bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1242. bsc#1100727
-Patch402:       bsc1100727-0001-build-add-buildmode-pie.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
-Patch403:       bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+Patch402:       bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+# SUSE-ISSUE: Revert of https://github.com/moby/moby/pull/37907.
+Patch403:       packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
 # SUSE-FEATURE: Add support to mirror inofficial/private registries
 #               (https://github.com/moby/moby/pull/34319)
 Patch500:       private-registry-0001-Add-private-registry-mirror-support.patch
@@ -263,9 +263,9 @@ docker container runtime configuration for kubeadm
 %patch400 -p1
 # bsc#1099277
 %patch401 -p1
-# bsc#1100727
-%patch402 -p1
 # boo#1047218
+%patch402 -p1
+# revert upstream
 %patch403 -p1
 %if "%flavour" == "kubic"
 # PATCH-SUSE: Mirror patch.
diff --git a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
new file mode 100644
index 0000000..bd2b456
--- /dev/null
+++ b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
@@ -0,0 +1,339 @@
+From c948416313c2a1f65ed083a4df19008c8c5d00ba Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 29 Nov 2018 20:53:16 +1100
+Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
+ binaries"
+
+This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
+would significantly break openSUSE's packaging (as well as causing
+conflicts between the very-outdated runc that Docker uses and the more
+up-to-date one available for Podman).
+
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ components/engine/api/swagger.yaml            |  4 +--
+ .../builder/builder-next/executor_unix.go     |  2 +-
+ components/engine/cmd/dockerd/daemon.go       | 36 +++++++------------
+ .../contrib/docker-machine-install-bundle.sh  |  2 +-
+ components/engine/daemon/daemon_unix.go       |  6 ++--
+ .../dockerfile/install/containerd.installer   |  6 ++--
+ .../hack/dockerfile/install/runc.installer    |  2 +-
+ components/engine/hack/make/.binary-setup     |  8 ++---
+ .../hack/make/.integration-test-helpers       |  2 +-
+ .../engine/integration-cli/check_test.go      |  2 +-
+ .../integration-cli/docker_cli_daemon_test.go |  8 ++---
+ .../engine/internal/test/daemon/daemon.go     |  3 +-
+ .../libcontainerd/supervisor/remote_daemon.go |  4 +--
+ .../supervisor/remote_daemon_linux.go         |  4 +--
+ .../supervisor/remote_daemon_windows.go       |  4 +--
+ 15 files changed, 40 insertions(+), 53 deletions(-)
+
+diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
+index f58a64f29ea3..d275f2ff49eb 100644
+--- a/components/engine/api/swagger.yaml
++++ b/components/engine/api/swagger.yaml
+@@ -3852,10 +3852,10 @@ definitions:
+           $ref: "#/definitions/Runtime"
+         default:
+           runc:
+-            path: "runc"
++            path: "docker-runc"
+         example:
+           runc:
+-            path: "runc"
++            path: "docker-runc"
+           runc-master:
+             path: "/go/bin/runc"
+           custom:
+diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
+index b3ea33c05c71..94d8bb766045 100644
+--- a/components/engine/builder/builder-next/executor_unix.go
++++ b/components/engine/builder/builder-next/executor_unix.go
+@@ -27,7 +27,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
+ 	}
+ 	return runcexecutor.New(runcexecutor.Opt{
+ 		Root:                filepath.Join(root, "executor"),
+-		CommandCandidates:   []string{"runc"},
++		CommandCandidates:   []string{"docker-runc", "runc"},
+ 		DefaultCgroupParent: cgroupParent,
+ 	}, networkProviders)
+ }
+diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
+index 839537316af4..05922e6418d0 100644
+--- a/components/engine/cmd/dockerd/daemon.go
++++ b/components/engine/cmd/dockerd/daemon.go
+@@ -10,7 +10,6 @@ import (
+ 	"strings"
+ 	"time"
+ 
+-	containerddefaults "github.com/containerd/containerd/defaults"
+ 	"github.com/docker/distribution/uuid"
+ 	"github.com/docker/docker/api"
+ 	apiserver "github.com/docker/docker/api/server"
+@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
+ 
+ 	ctx, cancel := context.WithCancel(context.Background())
+ 	if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
+-		if !systemContainerdRunning() {
+-			opts, err := cli.getContainerdDaemonOpts()
+-			if err != nil {
+-				cancel()
+-				return fmt.Errorf("Failed to generate containerd options: %v", err)
+-			}
+-
+-			r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
+-			if err != nil {
+-				cancel()
+-				return fmt.Errorf("Failed to start containerd: %v", err)
+-			}
+-			cli.Config.ContainerdAddr = r.Address()
++		opts, err := cli.getContainerdDaemonOpts()
++		if err != nil {
++			cancel()
++			return fmt.Errorf("Failed to generate containerd options: %v", err)
++		}
+ 
+-			// Try to wait for containerd to shutdown
+-			defer r.WaitTimeout(10 * time.Second)
+-		} else {
+-			cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
++		r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
++		if err != nil {
++			cancel()
++			return fmt.Errorf("Failed to start containerd: %v", err)
+ 		}
++		cli.Config.ContainerdAddr = r.Address()
++
++		// Try to wait for containerd to shutdown
++		defer r.WaitTimeout(10 * time.Second)
+ 	}
+ 	defer cancel()
+ 
+@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
+ 	}
+ 	return nil
+ }
+-
+-func systemContainerdRunning() bool {
+-	_, err := os.Lstat(containerddefaults.DefaultAddress)
+-	return err == nil
+-}
+diff --git a/components/engine/contrib/docker-machine-install-bundle.sh b/components/engine/contrib/docker-machine-install-bundle.sh
+index eff821799c71..860598943bd4 100755
+--- a/components/engine/contrib/docker-machine-install-bundle.sh
++++ b/components/engine/contrib/docker-machine-install-bundle.sh
+@@ -31,7 +31,7 @@ bundle_files(){
+ 	    echo $BUNDLE/binary-daemon/$f
+ 	fi
+     done
+-    for f in containerd ctr containerd-shim docker-init runc; do
++    for f in docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-runc; do
+ 	echo $BUNDLE/binary-daemon/$f
+     done
+     if [ -d $BUNDLE/dynbinary-client ]; then
+diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
+index b69eede21c44..77adba94a468 100644
+--- a/components/engine/daemon/daemon_unix.go
++++ b/components/engine/daemon/daemon_unix.go
+@@ -54,11 +54,11 @@ import (
+ const (
+ 	// DefaultShimBinary is the default shim to be used by containerd if none
+ 	// is specified
+-	DefaultShimBinary = "containerd-shim"
++	DefaultShimBinary = "docker-containerd-shim"
+ 
+ 	// DefaultRuntimeBinary is the default runtime to be used by
+ 	// containerd if none is specified
+-	DefaultRuntimeBinary = "runc"
++	DefaultRuntimeBinary = "docker-runc"
+ 
+ 	// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
+ 	linuxMinCPUShares = 2
+@@ -76,7 +76,7 @@ const (
+ 
+ 	// DefaultRuntimeName is the default runtime to be used by
+ 	// containerd if none is specified
+-	DefaultRuntimeName = "runc"
++	DefaultRuntimeName = "docker-runc"
+ )
+ 
+ type containerGetter interface {
+diff --git a/components/engine/hack/dockerfile/install/containerd.installer b/components/engine/hack/dockerfile/install/containerd.installer
+index 4e5680d1ec92..4be15a6abfb8 100755
+--- a/components/engine/hack/dockerfile/install/containerd.installer
++++ b/components/engine/hack/dockerfile/install/containerd.installer
+@@ -30,7 +30,7 @@ install_containerd() {
+ 
+ 	mkdir -p ${PREFIX}
+ 
+-	cp bin/containerd ${PREFIX}/containerd
+-	cp bin/containerd-shim ${PREFIX}/containerd-shim
+-	cp bin/ctr ${PREFIX}/ctr
++	cp bin/containerd ${PREFIX}/docker-containerd
++	cp bin/containerd-shim ${PREFIX}/docker-containerd-shim
++	cp bin/ctr ${PREFIX}/docker-containerd-ctr
+ }
+diff --git a/components/engine/hack/dockerfile/install/runc.installer b/components/engine/hack/dockerfile/install/runc.installer
+index ed483e0f40c6..62263b3c038b 100755
+--- a/components/engine/hack/dockerfile/install/runc.installer
++++ b/components/engine/hack/dockerfile/install/runc.installer
+@@ -18,5 +18,5 @@ install_runc() {
+ 	fi
+ 	make BUILDTAGS="$RUNC_BUILDTAGS" "$target"
+ 	mkdir -p ${PREFIX}
+-	cp runc ${PREFIX}/runc
++	cp runc ${PREFIX}/docker-runc
+ }
+diff --git a/components/engine/hack/make/.binary-setup b/components/engine/hack/make/.binary-setup
+index 69bb39b364c6..15de89fe1025 100644
+--- a/components/engine/hack/make/.binary-setup
++++ b/components/engine/hack/make/.binary-setup
+@@ -1,9 +1,9 @@
+ #!/usr/bin/env bash
+ 
+ DOCKER_DAEMON_BINARY_NAME='dockerd'
+-DOCKER_RUNC_BINARY_NAME='runc'
+-DOCKER_CONTAINERD_BINARY_NAME='containerd'
+-DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr'
+-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim'
++DOCKER_RUNC_BINARY_NAME='docker-runc'
++DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
++DOCKER_CONTAINERD_CTR_BINARY_NAME='docker-containerd-ctr'
++DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim'
+ DOCKER_PROXY_BINARY_NAME='docker-proxy'
+ DOCKER_INIT_BINARY_NAME='docker-init'
+diff --git a/components/engine/hack/make/.integration-test-helpers b/components/engine/hack/make/.integration-test-helpers
+index 149b6538004c..da2bb7cad2e3 100644
+--- a/components/engine/hack/make/.integration-test-helpers
++++ b/components/engine/hack/make/.integration-test-helpers
+@@ -112,7 +112,7 @@ error_on_leaked_containerd_shims() {
+ 	fi
+ 
+ 	leftovers=$(ps -ax -o pid,cmd |
+-	            awk '$2 == "containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
++	            awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
+ 	if [ -n "$leftovers" ]; then
+ 		ps aux
+ 		kill -9 $leftovers 2> /dev/null
+diff --git a/components/engine/integration-cli/check_test.go b/components/engine/integration-cli/check_test.go
+index 2282967ee569..256b9153d298 100644
+--- a/components/engine/integration-cli/check_test.go
++++ b/components/engine/integration-cli/check_test.go
+@@ -32,7 +32,7 @@ const (
+ 	privateRegistryURL = registry.DefaultURL
+ 
+ 	// path to containerd's ctr binary
+-	ctrBinary = "ctr"
++	ctrBinary = "docker-containerd-ctr"
+ 
+ 	// the docker daemon binary to use
+ 	dockerdBinary = "dockerd"
+diff --git a/components/engine/integration-cli/docker_cli_daemon_test.go b/components/engine/integration-cli/docker_cli_daemon_test.go
+index d3cd5f167649..52946738edd7 100644
+--- a/components/engine/integration-cli/docker_cli_daemon_test.go
++++ b/components/engine/integration-cli/docker_cli_daemon_test.go
+@@ -44,8 +44,6 @@ import (
+ 	"gotest.tools/icmd"
+ )
+ 
+-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
+-
+ // TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
+ // command. Remove this test when we remove this.
+ func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
+@@ -1451,7 +1449,7 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *chec
+ 	c.Assert(d.Kill(), check.IsNil)
+ 
+ 	// kill the container
+-	icmd.RunCommand(ctrBinary, "--address", containerdSocket,
++	icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
+ 		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", id).Assert(c, icmd.Success)
+ 
+ 	// restart daemon.
+@@ -1973,7 +1971,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
+ 	}
+ 
+ 	// kill the container
+-	icmd.RunCommand(ctrBinary, "--address", containerdSocket,
++	icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
+ 		"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", cid).Assert(t, icmd.Success)
+ 
+ 	// Give time to containerd to process the command if we don't
+@@ -2076,7 +2074,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
+ 	// resume the container
+ 	result := icmd.RunCommand(
+ 		ctrBinary,
+-		"--address", containerdSocket,
++		"--address", "/var/run/docker/containerd/docker-containerd.sock",
+ 		"--namespace", moby_daemon.ContainersNamespace,
+ 		"tasks", "resume", cid)
+ 	result.Assert(t, icmd.Success)
+diff --git a/components/engine/internal/test/daemon/daemon.go b/components/engine/internal/test/daemon/daemon.go
+index 4f56dff9bba8..8c04c3158f7a 100644
+--- a/components/engine/internal/test/daemon/daemon.go
++++ b/components/engine/internal/test/daemon/daemon.go
+@@ -38,7 +38,6 @@ type logT interface {
+ }
+ 
+ const defaultDockerdBinary = "dockerd"
+-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
+ 
+ var errDaemonNotStarted = errors.New("daemon not started")
+ 
+@@ -225,7 +224,7 @@ func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
+ 		return errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
+ 	}
+ 	args := append(d.GlobalFlags,
+-		"--containerd", containerdSocket,
++		"--containerd", "/var/run/docker/containerd/docker-containerd.sock",
+ 		"--data-root", d.Root,
+ 		"--exec-root", d.execRoot,
+ 		"--pidfile", fmt.Sprintf("%s/docker.pid", d.Folder),
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
+index 095300f753e9..1dcfbe176b0d 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
+@@ -27,8 +27,8 @@ const (
+ 	shutdownTimeout         = 15 * time.Second
+ 	startupTimeout          = 15 * time.Second
+ 	configFile              = "containerd.toml"
+-	binaryName              = "containerd"
+-	pidFile                 = "containerd.pid"
++	binaryName              = "docker-containerd"
++	pidFile                 = "docker-containerd.pid"
+ )
+ 
+ type pluginConfigs struct {
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+index 799399c07bc5..1ea91d2b5d0b 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+@@ -11,8 +11,8 @@ import (
+ )
+ 
+ const (
+-	sockFile      = "containerd.sock"
+-	debugSockFile = "containerd-debug.sock"
++	sockFile      = "docker-containerd.sock"
++	debugSockFile = "docker-containerd-debug.sock"
+ )
+ 
+ func (r *remote) setDefaults() {
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
+index 9b254ef58a0a..bcdc9529e0f7 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
+@@ -7,8 +7,8 @@ import (
+ )
+ 
+ const (
+-	grpcPipeName  = `\\.\pipe\containerd-containerd`
+-	debugPipeName = `\\.\pipe\containerd-debug`
++	grpcPipeName  = `\\.\pipe\docker-containerd-containerd`
++	debugPipeName = `\\.\pipe\docker-containerd-debug`
+ )
+ 
+ func (r *remote) setDefaults() {
+-- 
+2.19.1
+
diff --git a/private-registry-0001-Add-private-registry-mirror-support.patch b/private-registry-0001-Add-private-registry-mirror-support.patch
index 48fefa7..c4558b2 100644
--- a/private-registry-0001-Add-private-registry-mirror-support.patch
+++ b/private-registry-0001-Add-private-registry-mirror-support.patch
@@ -1,4 +1,4 @@
-From 46c2590f7637dba208b3db7e44c04e24f33c436d Mon Sep 17 00:00:00 2001
+From a2d285ef5de9537fe2dbf14c4671625aa3035b98 Mon Sep 17 00:00:00 2001
 From: Valentin Rothberg <vrothberg@suse.com>
 Date: Mon, 2 Jul 2018 13:37:34 +0200
 Subject: [PATCH] Add private-registry mirror support
@@ -63,6 +63,7 @@ http for security reasons.
 
 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
  .../engine/api/types/registry/registry.go     | 144 ++++++++++++++++++
  components/engine/daemon/config/config.go     |   4 +
@@ -242,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
  
  // NetIPNet is the net.IPNet type, which can be marshalled and
 diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
-index 6cda223a1181..308eb83f2116 100644
+index 8b2c844a579f..e61940661c70 100644
 --- a/components/engine/daemon/config/config.go
 +++ b/components/engine/daemon/config/config.go
-@@ -439,6 +439,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
+@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
  	// 1. Search keys from the file that we don't recognize as flags.
  	unknownKeys := make(map[string]interface{})
  	for key, value := range config {
@@ -253,11 +254,11 @@ index 6cda223a1181..308eb83f2116 100644
 +		if key == "registries" {
 +			continue
 +		}
- 		if flag := flags.Lookup(key); flag == nil {
+ 		if flag := flags.Lookup(key); flag == nil && !skipValidateOptions[key] {
  			unknownKeys[key] = value
  		}
 diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
-index 210864ff879d..5e744c5dcf8d 100644
+index 026d7dd517f7..924c3982cd2a 100644
 --- a/components/engine/daemon/reload.go
 +++ b/components/engine/daemon/reload.go
 @@ -21,8 +21,14 @@ import (
@@ -275,7 +276,7 @@ index 210864ff879d..5e744c5dcf8d 100644
  	daemon.configStore.Lock()
  	attributes := map[string]string{}
  
-@@ -64,6 +70,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
+@@ -65,6 +71,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
  	if err := daemon.reloadLiveRestore(conf, attributes); err != nil {
  		return err
  	}
@@ -285,7 +286,7 @@ index 210864ff879d..5e744c5dcf8d 100644
  	return daemon.reloadNetworkDiagnosticPort(conf, attributes)
  }
  
-@@ -293,6 +302,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
+@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
  	return nil
  }
  
@@ -1159,5 +1160,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
  
  	endpoints = []APIEndpoint{
 -- 
-2.18.0
+2.19.1
 
diff --git a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
index 18403e8..a7d202c 100644
--- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
@@ -1,4 +1,4 @@
-From 95a40e4f18c80cce91f16c6dff08e13642de54da Mon Sep 17 00:00:00 2001
+From c3d68210b8ff379d2e0c2de9f37cc0834a343228 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 12:41:54 +1100
 Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
  1 file changed, 21 insertions(+), 3 deletions(-)
 
 diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
-index bc7ee452332b..d34129dfd80b 100644
+index 9953c7f3fddc..05e67ca3fa6f 100644
 --- a/components/engine/daemon/container_operations_unix.go
 +++ b/components/engine/daemon/container_operations_unix.go
 @@ -3,6 +3,7 @@
@@ -70,5 +70,5 @@ index bc7ee452332b..d34129dfd80b 100644
  			return errors.Wrap(err, "error setting ownership for secret")
  		}
 -- 
-2.18.0
+2.19.1
 
diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
index 93b95fa..03d56b9 100644
--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@@ -1,4 +1,4 @@
-From f178392f98b42bf36ff8d8c6a23c8caab9ac10f7 Mon Sep 17 00:00:00 2001
+From accb71345392d5885a61180f547367835f9e3047 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@@ -437,5 +437,5 @@ index 000000000000..817cd5561023
 +	return nil
 +}
 -- 
-2.18.0
+2.19.1