rpm/docker
SHA256
1
0
Fork 0
forked from pool/docker
Code Pull Requests Activity

Accepting request 653738 from home:cyphar:containers:docker_18.09

Browse Source 
- Add backports of https://github.com/docker/docker/pull/37302 and
  https://github.com/docker/cli/pull/1130, which allow for users to explicitly
  specify the NIS domainname of a container. bsc#1001161
  + bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  + bsc1001161-0002-cli-add-a-separate-domainname-flag.patch

OBS-URL: https://build.opensuse.org/request/show/653738
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=273
This commit is contained in:
Aleksa Sarai 2018-12-04 04:34:12 +00:00 committed by Git OBS Bridge
parent 51f454aa26
commit 1d3bce0fc6
7 changed files with 327 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch Normal file
View File

@ -0,0 +1,66 @@
From 244ae6114d89a495f1f2b4cf98eb5979fe1381b0 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 17 Jun 2018 17:05:54 +1000
Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
The OCI doesn't have a specific field for an NIS domainname[1] (mainly
because FreeBSD and Solaris appear to have a similar concept but it is
configured entirely differently).
However, on Linux, the NIS domainname can be configured through both the
setdomainname(2) syscall but also through the "kernel.domainname"
sysctl. Since the OCI has a way of injecting sysctls this means we don't
need to have any OCI changes to support NIS domainnames (and we can
always switch if the OCI picks up such support in the future).
It should be noted that because we have to generate this each spec
creation we also have to make sure that it's not clobbered by the
HostConfig. I'm pretty sure making this change generic (so that
HostConfig will not clobber any pre-set sysctls) will not cause other
issues to crop up.
[1]: https://github.com/opencontainers/runtime-spec/issues/592
SUSE-Bugs: bsc#1001161
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 7611fc054d13..d5838623528e 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
s.Process.Cwd = cwd
s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
s.Process.Terminal = c.Config.Tty
- s.Hostname = c.FullHostname()
+
+ s.Hostname = c.Config.Hostname
+ // There isn't a field in the OCI for the NIS domainname, but luckily there
+ // is a sysctl which has an identical effect to setdomainname(2) so there's
+ // no explicit need for runtime support.
+ s.Linux.Sysctl = make(map[string]string)
+ if c.Config.Domainname != "" {
+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
+ }
return nil
}
@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
if err := setResources(&s, c.HostConfig.Resources); err != nil {
return nil, fmt.Errorf("linux runtime spec resources: %v", err)
}
- s.Linux.Sysctl = c.HostConfig.Sysctls
+ // We merge the sysctls injected above with the HostConfig (latter takes
+ // precedence for backwards-compatibility reasons).
+ for k, v := range c.HostConfig.Sysctls {
+ s.Linux.Sysctl[k] = v
+ }
p := s.Linux.CgroupsPath
if useSystemd {
--
2.19.2

227
bsc1001161-0002-cli-add-a-separate-domainname-flag.patch Normal file
View File

@ -0,0 +1,227 @@
From 975d8efceb479c3d0994814cc5d488ac33d0d2d6 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 18 Jun 2018 21:58:23 +1000
Subject: [PATCH 2/2] cli: add a separate --domainname flag
A while ago, Docker split the "Domainname" field out from the "Hostname"
field for the container configuration. There was no real user-visible
change associated with this (and under the hood "Domainname" was mostly
left unused from the command-line point of view). We now add this flag
in order to match other proposed changes to allow for setting the NIS
domainname of a container.
This also includes a fix for the --hostname parsing tests (they would
not error out if only one of .Hostname and .Domainname were incorrectly
set -- which is not correct).
SUSE-Bugs: bsc#1001161
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/cli/command/container/opts.go | 3 ++
.../cli/cli/command/container/opts_test.go | 31 ++++++++++++++++---
components/cli/contrib/completion/bash/docker | 5 +--
components/cli/contrib/completion/zsh/_docker | 1 +
.../cli/docs/reference/commandline/create.md | 1 +
.../cli/docs/reference/commandline/run.md | 1 +
.../reference/commandline/service_create.md | 2 +-
components/cli/docs/reference/run.md | 6 ++--
components/cli/man/docker-run.1.md | 7 +++++
9 files changed, 46 insertions(+), 11 deletions(-)
diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go
index 97906b672252..7cd9ce998c8b 100644
--- a/components/cli/cli/command/container/opts.go
+++ b/components/cli/cli/command/container/opts.go
@@ -74,6 +74,7 @@ type containerOptions struct {
containerIDFile string
entrypoint string
hostname string
+ domainname string
memory opts.MemBytes
memoryReservation opts.MemBytes
memorySwap opts.MemSwapBytes
@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
+ flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name")
flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err
config := &container.Config{
Hostname: copts.hostname,
+ Domainname: copts.domainname,
ExposedPorts: ports,
User: copts.user,
Tty: copts.tty,
diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go
index 6d7c95a5ddb8..70bedc661751 100644
--- a/components/cli/cli/command/container/opts_test.go
+++ b/components/cli/cli/command/container/opts_test.go
@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) {
hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
for hostname, expectedHostname := range validHostnames {
if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
- t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
+ t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
}
}
- if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
+ if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
}
- if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
+ if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
+ }
+}
+
+func TestParseHostnameDomainname(t *testing.T) {
+ validDomainnames := map[string]string{
+ "domainname": "domainname",
+ "domain-name": "domain-name",
+ "domainname123": "domainname123",
+ "123domainname": "123domainname",
+ "domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
+ }
+ for domainname, expectedDomainname := range validDomainnames {
+ if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
+ t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
+ }
+ }
+ if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
+ t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
+ }
+ if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
+ t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
}
}
diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker
index 44ac8f3e0ed9..c532f5142c3d 100644
--- a/components/cli/contrib/completion/bash/docker
+++ b/components/cli/contrib/completion/bash/docker
@@ -5,8 +5,8 @@
# - SC2016: Expressions don't expand in single quotes, use double quotes for that.
# - SC2119: Use foo "$@" if function's $1 should mean script's $1.
# - SC2155: Declare and assign separately to avoid masking return values.
-#
-# You can find more details for each warning at the following page:
+#
+# You can find more details for each warning at the following page:
# https://github.com/koalaman/shellcheck/wiki/<SCXXXX>
#
# bash completion file for core docker commands
@@ -1785,6 +1785,7 @@ _docker_container_run_and_create() {
--dns
--dns-option
--dns-search
+ --domainname
--entrypoint
--env -e
--env-file
diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker
index 94f042204dfb..9a502db0886f 100644
--- a/components/cli/contrib/completion/zsh/_docker
+++ b/components/cli/contrib/completion/zsh/_docker
@@ -617,6 +617,7 @@ __docker_container_subcommand() {
"($help)*--dns=[Custom DNS servers]:DNS server: "
"($help)*--dns-option=[Custom DNS options]:DNS option: "
"($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
+ "($help)*--domainname=[Container NIS domain name]:domainname:_hosts"
"($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
"($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
"($help)*--env-file=[Read environment variables from a file]:environment file:_files"
diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md
index d585da40ae1e..c829dbb3e5b9 100644
--- a/components/cli/docs/reference/commandline/create.md
+++ b/components/cli/docs/reference/commandline/create.md
@@ -53,6 +53,7 @@ Options:
--dns value Set custom DNS servers (default [])
--dns-option value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
+ --domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md
index 08b9f18d68ac..f448e1acf89b 100644
--- a/components/cli/docs/reference/commandline/run.md
+++ b/components/cli/docs/reference/commandline/run.md
@@ -57,6 +57,7 @@ Options:
--dns value Set custom DNS servers (default [])
--dns-option value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
+ --domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md
index 8fdb5297a102..c55c77b52d77 100644
--- a/components/cli/docs/reference/commandline/service_create.md
+++ b/components/cli/docs/reference/commandline/service_create.md
@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service.
Containers on the same network can access each other using
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
-Long form syntax of `--network` allows to specify list of aliases and driver options:
+Long form syntax of `--network` allows to specify list of aliases and driver options:
`--network name=my-network,alias=web1,driver-opt=field1=value1`
### Publish service ports externally to the swarm (-p, --publish)
diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
index a59a30525554..695974fe533c 100644
--- a/components/cli/docs/reference/run.md
+++ b/components/cli/docs/reference/run.md
@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible
to running processes in that namespace. By default, all containers, including
those with `--network=host`, have their own UTS namespace. The `host` setting will
result in the container using the same UTS namespace as the host. Note that
-`--hostname` is invalid in `host` UTS mode.
+`--hostname` and `--domainname` are invalid in `host` UTS mode.
You may wish to share the UTS namespace with the host if you would like the
hostname of the container to change as the hostname of the host changes. A
@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the
container. The container's hostname will match the hostname on the host
system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
network mode a container has its own UTS namespace by default. As such
-`--hostname` is allowed in `host` network mode and will only change the
-hostname inside the container.
+`--hostname` and `--domainname` are allowed in `host` network mode and will
+only change the hostname and domain name inside the container.
Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
`--dns-option` options can be used in `host` network mode. These options update
`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md
index e03377001d4e..4a1464a74200 100644
--- a/components/cli/man/docker-run.1.md
+++ b/components/cli/man/docker-run.1.md
@@ -35,6 +35,7 @@ docker-run - Run a command in a new container
[**--dns**[=*[]*]]
[**--dns-option**[=*[]*]]
[**--dns-search**[=*[]*]]
+[**--domainname**[=*DOMAINNAME*]]
[**-e**|**--env**[=*[]*]]
[**--entrypoint**[=*ENTRYPOINT*]]
[**--env-file**[=*[]*]]
@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the
host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
is the case the **--dns** flags is necessary for every run.
+**--domainname**=""
+ Container NIS domain name
+
+ Sets the container's NIS domain name (see also **setdomainname(2)**) that is
+ available inside the container.
+
**-e**, **--env**=[]
Set environment variables
--
2.19.2

9
docker.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Dec 3 16:14:22 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Add backports of https://github.com/docker/docker/pull/37302 and
https://github.com/docker/cli/pull/1130, which allow for users to explicitly
specify the NIS domainname of a container. bsc#1001161
+ bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+ bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
-------------------------------------------------------------------
Thu Nov 29 09:41:11 UTC 2018 - Aleksa Sarai <asarai@suse.com>

15
docker.spec
View File

@ -76,16 +76,20 @@ Source9: tests.sh
# branch in http://github.com/suse/docker.mirror.
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37831. bsc#1073877
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37831. bsc#1073877
Patch400: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
Patch401: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
# SUSE-ISSUE: Revert of https://github.com/moby/moby/pull/37907.
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161
Patch404: bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161
Patch405: bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/moby/moby/pull/34319)
# (https://github.com/docker/docker/pull/34319)
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
BuildRequires: audit
BuildRequires: bash-completion
@ -267,6 +271,9 @@ docker container runtime configuration for kubeadm
%patch402 -p1
# revert upstream
%patch403 -p1
# bsc#1001161
%patch404 -p1
%patch405 -p1
%if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch.
%patch500 -p1

158
packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
View File

@ -1,4 +1,4 @@
From c948416313c2a1f65ed083a4df19008c8c5d00ba Mon Sep 17 00:00:00 2001
From 9236191a98a0e9b8aa4ac7da4d4b1c0c196344e2 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
@ -14,19 +14,11 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
components/engine/api/swagger.yaml | 4 +--
.../builder/builder-next/executor_unix.go | 2 +-
components/engine/cmd/dockerd/daemon.go | 36 +++++++------------
.../contrib/docker-machine-install-bundle.sh | 2 +-
components/engine/daemon/daemon_unix.go | 6 ++--
.../dockerfile/install/containerd.installer | 6 ++--
.../hack/dockerfile/install/runc.installer | 2 +-
components/engine/hack/make/.binary-setup | 8 ++---
.../hack/make/.integration-test-helpers | 2 +-
.../engine/integration-cli/check_test.go | 2 +-
.../integration-cli/docker_cli_daemon_test.go | 8 ++---
.../engine/internal/test/daemon/daemon.go | 3 +-
.../libcontainerd/supervisor/remote_daemon.go | 4 +--
.../supervisor/remote_daemon_linux.go | 4 +--
.../supervisor/remote_daemon_windows.go | 4 +--
15 files changed, 40 insertions(+), 53 deletions(-)
7 files changed, 25 insertions(+), 35 deletions(-)
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
index f58a64f29ea3..d275f2ff49eb 100644
@ -118,19 +110,6 @@ index 839537316af4..05922e6418d0 100644
- _, err := os.Lstat(containerddefaults.DefaultAddress)
- return err == nil
-}
diff --git a/components/engine/contrib/docker-machine-install-bundle.sh b/components/engine/contrib/docker-machine-install-bundle.sh
index eff821799c71..860598943bd4 100755
--- a/components/engine/contrib/docker-machine-install-bundle.sh
+++ b/components/engine/contrib/docker-machine-install-bundle.sh
@@ -31,7 +31,7 @@ bundle_files(){
echo $BUNDLE/binary-daemon/$f
fi
done
- for f in containerd ctr containerd-shim docker-init runc; do
+ for f in docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-runc; do
echo $BUNDLE/binary-daemon/$f
done
if [ -d $BUNDLE/dynbinary-client ]; then
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
index b69eede21c44..77adba94a468 100644
--- a/components/engine/daemon/daemon_unix.go
@ -158,137 +137,6 @@ index b69eede21c44..77adba94a468 100644
)
type containerGetter interface {
diff --git a/components/engine/hack/dockerfile/install/containerd.installer b/components/engine/hack/dockerfile/install/containerd.installer
index 4e5680d1ec92..4be15a6abfb8 100755
--- a/components/engine/hack/dockerfile/install/containerd.installer
+++ b/components/engine/hack/dockerfile/install/containerd.installer
@@ -30,7 +30,7 @@ install_containerd() {
mkdir -p ${PREFIX}
- cp bin/containerd ${PREFIX}/containerd
- cp bin/containerd-shim ${PREFIX}/containerd-shim
- cp bin/ctr ${PREFIX}/ctr
+ cp bin/containerd ${PREFIX}/docker-containerd
+ cp bin/containerd-shim ${PREFIX}/docker-containerd-shim
+ cp bin/ctr ${PREFIX}/docker-containerd-ctr
}
diff --git a/components/engine/hack/dockerfile/install/runc.installer b/components/engine/hack/dockerfile/install/runc.installer
index ed483e0f40c6..62263b3c038b 100755
--- a/components/engine/hack/dockerfile/install/runc.installer
+++ b/components/engine/hack/dockerfile/install/runc.installer
@@ -18,5 +18,5 @@ install_runc() {
fi
make BUILDTAGS="$RUNC_BUILDTAGS" "$target"
mkdir -p ${PREFIX}
- cp runc ${PREFIX}/runc
+ cp runc ${PREFIX}/docker-runc
}
diff --git a/components/engine/hack/make/.binary-setup b/components/engine/hack/make/.binary-setup
index 69bb39b364c6..15de89fe1025 100644
--- a/components/engine/hack/make/.binary-setup
+++ b/components/engine/hack/make/.binary-setup
@@ -1,9 +1,9 @@
#!/usr/bin/env bash
DOCKER_DAEMON_BINARY_NAME='dockerd'
-DOCKER_RUNC_BINARY_NAME='runc'
-DOCKER_CONTAINERD_BINARY_NAME='containerd'
-DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr'
-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim'
+DOCKER_RUNC_BINARY_NAME='docker-runc'
+DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
+DOCKER_CONTAINERD_CTR_BINARY_NAME='docker-containerd-ctr'
+DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim'
DOCKER_PROXY_BINARY_NAME='docker-proxy'
DOCKER_INIT_BINARY_NAME='docker-init'
diff --git a/components/engine/hack/make/.integration-test-helpers b/components/engine/hack/make/.integration-test-helpers
index 149b6538004c..da2bb7cad2e3 100644
--- a/components/engine/hack/make/.integration-test-helpers
+++ b/components/engine/hack/make/.integration-test-helpers
@@ -112,7 +112,7 @@ error_on_leaked_containerd_shims() {
fi
leftovers=$(ps -ax -o pid,cmd |
- awk '$2 == "containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
+ awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
if [ -n "$leftovers" ]; then
ps aux
kill -9 $leftovers 2> /dev/null
diff --git a/components/engine/integration-cli/check_test.go b/components/engine/integration-cli/check_test.go
index 2282967ee569..256b9153d298 100644
--- a/components/engine/integration-cli/check_test.go
+++ b/components/engine/integration-cli/check_test.go
@@ -32,7 +32,7 @@ const (
privateRegistryURL = registry.DefaultURL
// path to containerd's ctr binary
- ctrBinary = "ctr"
+ ctrBinary = "docker-containerd-ctr"
// the docker daemon binary to use
dockerdBinary = "dockerd"
diff --git a/components/engine/integration-cli/docker_cli_daemon_test.go b/components/engine/integration-cli/docker_cli_daemon_test.go
index d3cd5f167649..52946738edd7 100644
--- a/components/engine/integration-cli/docker_cli_daemon_test.go
+++ b/components/engine/integration-cli/docker_cli_daemon_test.go
@@ -44,8 +44,6 @@ import (
"gotest.tools/icmd"
)
-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
-
// TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
// command. Remove this test when we remove this.
func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
@@ -1451,7 +1449,7 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *chec
c.Assert(d.Kill(), check.IsNil)
// kill the container
- icmd.RunCommand(ctrBinary, "--address", containerdSocket,
+ icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", id).Assert(c, icmd.Success)
// restart daemon.
@@ -1973,7 +1971,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
}
// kill the container
- icmd.RunCommand(ctrBinary, "--address", containerdSocket,
+ icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", cid).Assert(t, icmd.Success)
// Give time to containerd to process the command if we don't
@@ -2076,7 +2074,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
// resume the container
result := icmd.RunCommand(
ctrBinary,
- "--address", containerdSocket,
+ "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace,
"tasks", "resume", cid)
result.Assert(t, icmd.Success)
diff --git a/components/engine/internal/test/daemon/daemon.go b/components/engine/internal/test/daemon/daemon.go
index 4f56dff9bba8..8c04c3158f7a 100644
--- a/components/engine/internal/test/daemon/daemon.go
+++ b/components/engine/internal/test/daemon/daemon.go
@@ -38,7 +38,6 @@ type logT interface {
}
const defaultDockerdBinary = "dockerd"
-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
var errDaemonNotStarted = errors.New("daemon not started")
@@ -225,7 +224,7 @@ func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
return errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
}
args := append(d.GlobalFlags,
- "--containerd", containerdSocket,
+ "--containerd", "/var/run/docker/containerd/docker-containerd.sock",
"--data-root", d.Root,
"--exec-root", d.execRoot,
"--pidfile", fmt.Sprintf("%s/docker.pid", d.Folder),
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
index 095300f753e9..1dcfbe176b0d 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
@ -335,5 +183,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644
func (r *remote) setDefaults() {
--
2.19.1
2.19.2

10
secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
View File

@ -1,4 +1,4 @@
From c3d68210b8ff379d2e0c2de9f37cc0834a343228 Mon Sep 17 00:00:00 2001
From 4eba91df3257644105ef344949705651507eb2bd Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
index 9953c7f3fddc..05e67ca3fa6f 100644
index 9953c7f3fddc..e8f6784ca19a 100644
--- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
@ -55,8 +55,8 @@ index 9953c7f3fddc..05e67ca3fa6f 100644
+ // If the "file" is a directory, then s.File.Data is actually a tar
+ // archive of the directory. So we just do a tar extraction here.
+ if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{
+ UIDMaps: daemon.idMappings.UIDs(),
+ GIDMaps: daemon.idMappings.GIDs(),
+ UIDMaps: daemon.idMapping.UIDs(),
+ GIDMaps: daemon.idMapping.GIDs(),
+ }); err != nil {
+ return errors.Wrap(err, "error injecting secretdir")
+ }
@ -70,5 +70,5 @@ index 9953c7f3fddc..05e67ca3fa6f 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.19.1
2.19.2

12
secrets-0002-SUSE-implement-SUSE-container-secrets.patch
View File

@ -1,4 +1,4 @@
From accb71345392d5885a61180f547367835f9e3047 Mon Sep 17 00:00:00 2001
From 229a891b45b996a2cd10f5a71541d124e884556e Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -36,7 +36,7 @@ index c00bd9ceb22b..aa705888df39 100644
return errdefs.System(err)
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
new file mode 100644
index 000000000000..817cd5561023
index 000000000000..087c877015a7
--- /dev/null
+++ b/components/engine/daemon/suse_secrets.go
@@ -0,0 +1,396 @@
@ -112,11 +112,11 @@ index 000000000000..817cd5561023
+ }
+}
+
+func (s SuseFakeFile) toSecretReference(idMaps *idtools.IDMappings) *swarmtypes.SecretReference {
+func (s SuseFakeFile) toSecretReference(idMaps *idtools.IdentityMapping) *swarmtypes.SecretReference {
+ // Figure out the host-facing {uid,gid} based on the provided maps. Fall
+ // back to root if the UID/GID don't match (we are guaranteed that root is
+ // mapped).
+ ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid}
+ ctrUser := idtools.Identity{UID: s.Uid, GID: s.Gid}
+ hostUser := idMaps.RootPair()
+ if user, err := idMaps.ToHost(ctrUser); err == nil {
+ hostUser = user
@ -410,7 +410,7 @@ index 000000000000..817cd5561023
+ return err
+ }
+
+ idMaps := daemon.IDMappings()
+ idMaps := daemon.idMapping
+ for _, secret := range secrets {
+ newDependencyStore.secrets[secret.id()] = secret.toSecret()
+ c.SecretReferences = append(c.SecretReferences, secret.toSecretReference(idMaps))
@ -437,5 +437,5 @@ index 000000000000..817cd5561023
+ return nil
+}
--
2.19.1
2.19.2