17.03.2 cherry picks #33236
Merged
17.03.2 cherry picks #33236
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Antonio Murdaca <runcom@redhat.com> (cherry picked from commit b11af7b) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently local volumes and other volumes that support SELinux do not get labeled correctly. This patch will allow a user to specify :Z or :z when mounting a volume and have it fix the label of the newly created volume. Signed-off-by: Dan Walsh <dwalsh@redhat.com> (cherry picked from commit 0c791c8) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The call is not needed here and wouldn't really work since `Source` in this case is a volume name. Further we don't neccessarily even have a volume path at this time since the volume hasn't been mounted yet. The volume will be relabled either: 1. When data gets copied to it from the image (if applicable) -- https://github.com/docker/docker/blob/master/container/container_unix.go#L196 2. When the container is started -- https://github.com/docker/docker/blob/master/daemon/oci_linux.go#L737 Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit 898e84d) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
In some cases, if a user specifies `-f` when disabling a plugin mounts can still exist on the plugin rootfs. This can cause problems during upgrade where the rootfs is removed and may cause data loss. To resolve this, ensure the rootfs is unmounted before performing an upgrade. Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit 83f44d2) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Until and unless user has specified a propagation property for volume, they should default to "rprivate" and it should be passed to runc. We can't make it conditional on HasPropagation(). GetPropagation() returns default of rprivate if noting was passed in by user. If we don't pass "rprivate" to runc, then bind mount could be shared even if user did not ask for it. For example, mount two volumes in a container. One is "shared" while other's propagation is not specified by caller. If both volume has same source mount point of "shared", then second volume will also be shared inside container (instead of being private). Signed-off-by: Vivek Goyal <vgoyal@redhat.com> (cherry picked from commit af8a143) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(-‸ლ) Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit 5baf8a4) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com> (cherry picked from commit b1570ba) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The overlay(2) drivers were moved up in the list of storage drivers, and are known to have problems if the backing filesystem does not support d_type. Commit 2e20e63 added a warning, which is logged in the daemon logs, however, many users do not check those logs, and may overlook this warning. This patch adds the same warning to the output of `docker info` so that the warning is more easily found. In addition, the output of warnings printed by `docker info` is optimized, by; - moving all warnings to the _end_ of the output, instead of mixing them with the regular output - wrapping the storage-driver warnings, so that they are more easily readable Example output with this patch applied ============================================ devicemapper using loopback devices: ... Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled overlay2 on xfs without d_type support; ... Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. Running without d_type support will not be supported in future releases. WARNING: bridge-nf-call-iptables is disabled Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 1921559) Signed-off-by: Brian Goff <cpuguy83@gmail.com>
|
ping @mlaventure @thaJeztah |
|
hm, never mind looks like we have done both in the past |
mlaventure
approved these changes
May 16, 2017
|
can we also cherry-pick #31966? |
|
LGTM otherwise |
|
@runcom can you prepare a separate cherry-pick for that so that we can discuss? |
|
I'll merge this one, as it's all green (thanks for reviewing!) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.