9a4f7f6039
- Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Update to Go 1.22. - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch - Add docker-integration-tests-devel subpackage for building and running the upstream Docker integration tests on machines to test that Docker works properly. Users should not install this package. - docker-rpmlintrc updated to include allow-list for all of the integration tests package, since it contains a bunch of stuff that wouldn't normally be allowed. OBS-URL: https://build.opensuse.org/request/show/1230066 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=420
54 lines
2.0 KiB
Diff
54 lines
2.0 KiB
Diff
From 62035ba22a45bde6bed2da321e7ad954f5b461b4 Mon Sep 17 00:00:00 2001
|
|
From: Aleksa Sarai <cyphar@cyphar.com>
|
|
Date: Wed, 19 Jun 2024 16:30:49 +1000
|
|
Subject: [PATCH 7/7] bsc1214855: volume: use AtomicWriteFile to save volume
|
|
options
|
|
|
|
If the system (or Docker) crashes while saivng the volume options, on
|
|
restart the daemon will error out when trying to read the options file
|
|
because it doesn't contain valid JSON.
|
|
|
|
In such a crash scenario, the new volume will be treated as though it
|
|
has the default options configuration. This is not ideal, but volumes
|
|
created on very old Docker versions (pre-1.11[1], circa 2016) do not
|
|
have opts.json and so doing some kind of cleanup when loading the volume
|
|
store (even if we take care to only delete empty volumes) could delete
|
|
existing volumes carried over from very old Docker versions that users
|
|
would not expect to disappear.
|
|
|
|
Ultimately, if a user creates a volume and the system crashes, a volume
|
|
that has the wrong config is better than Docker not being able to start.
|
|
|
|
[1]: commit b05b2370757d ("Support mount opts for `local` volume driver")
|
|
|
|
SUSE-Bugs: https://bugzilla.suse.com/show_bug.cgi?id=1214855
|
|
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
|
|
---
|
|
volume/local/local.go | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/volume/local/local.go b/volume/local/local.go
|
|
index 6e96aeea4189..4412f34a3da9 100644
|
|
--- a/volume/local/local.go
|
|
+++ b/volume/local/local.go
|
|
@@ -17,6 +17,7 @@ import (
|
|
"github.com/docker/docker/daemon/names"
|
|
"github.com/docker/docker/errdefs"
|
|
"github.com/docker/docker/pkg/idtools"
|
|
+ "github.com/docker/docker/pkg/ioutils"
|
|
"github.com/docker/docker/quota"
|
|
"github.com/docker/docker/volume"
|
|
"github.com/pkg/errors"
|
|
@@ -388,7 +389,7 @@ func (v *localVolume) saveOpts() error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
- err = os.WriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0o600)
|
|
+ err = ioutils.AtomicWriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0o600)
|
|
if err != nil {
|
|
return errdefs.System(errors.Wrap(err, "error while persisting volume options"))
|
|
}
|
|
--
|
|
2.45.2
|
|
|