packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
79 Commits 1 Branch 0 Tags
Commit Graph

79 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
zhongjiawei
9a50eeaaec docker:fix CVE-2024-29018 
(cherry picked from commit adb48fa1c7bf5be06a8e553a9352dc2fce8143ce)
 2024-04-12 15:25:51 +08:00
openeuler-ci-bot
ab8b227617
!288 [sync] PR-282: backport: fix CVE-2024-24557 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234 
Signed-off-by: @zhangsong234
 2024-03-19 12:08:03 +00:00
chenjiankun
29cae17262 backport: fix CVE-2024-24557 
fix #I90KVB

(cherry picked from commit f051d4a9ea3df9c4e9cd21ad5272f67b86970ea8)
 2024-03-19 19:54:19 +08:00
openeuler-ci-bot
e2089c429b
!287 docker: sync patches from upstream 
From: @jackchan8 
Reviewed-by: @zhangsong234 
Signed-off-by: @zhangsong234
 2024-03-19 11:53:23 +00:00
chenjiankun
c4fa88b3f5 docker: sync patches from upstream 
Sync patches from upstream, including:
b033961a82
2a8341f252
cae76642b6
f43f820a8c
b1d05350ec
7a24e475b3
f89fd3df7d
76e4260141
b92585a470
 2024-03-19 20:26:27 +08:00
openeuler-ci-bot
35f67067e8
!269 docker:sync two patches 
From: @zhong-jiawei-1 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-10-26 01:24:15 +00:00
zhongjiawei
bae0837aef docker:sync two patches 2023-10-25 16:46:21 +08:00
openeuler-ci-bot
5a79b6b7e5
!250 [sync] PR-248: 修复docker pull和restart dockerd并发操作,/var/lib/docker/devicemapper/mnt/目录资源残留问题 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-08-29 02:51:47 +00:00
flyflyflypeng
027945c03a docker: remove useless mount point dir 
fix #I7UQ2Y

Signed-off-by: flyflyflypeng <jiangpengfei9@huawei.com>
(cherry picked from commit 7179c48dbcd22d05fa3c84d6bcc15dad0bda9ecf)
 2023-08-28 15:12:15 +08:00
openeuler-ci-bot
05b08ee965
!246 [sync] PR-238: [20.03 SP1] docker: define a dummy hostname to use for local connections 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-08-03 08:49:25 +00:00
jingxiaolu
e5ee0a0ce1 docker: define a dummy hostname to use for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
(cherry picked from commit eedae47681500c0f38752cd3c0bf3d08d7b3c7fc)
 2023-08-03 16:16:02 +08:00
openeuler-ci-bot
8feeb9f719
!244 [sync] PR-226: docker:remove invalid libcgroup dependencies 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-08-03 07:45:32 +00:00
zhongjiawei
c3b88b8cfc docker:remove invalid libcgroup dependencies 
(cherry picked from commit 40e5353324d08f405630f329c10f441d3c1f4a49)
 2023-08-03 10:28:46 +08:00
openeuler-ci-bot
6a47048829
!243 [sync] PR-224: docker: repalce unix.Rmdir with os.RemoveAll when remove mount point dir 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-08-03 02:25:28 +00:00
chenjiankun
4ea1d4e164 docker: repalce unix.Rmdir with os.RemoveAll when remove mount point dir 
fix #I7G1LL

(cherry picked from commit 3bd8a5e5db07f799b66ccaee5f84665632ff00a4)
 2023-08-02 16:02:13 +08:00
openeuler-ci-bot
0c9023c4b4
!221 [sync] PR-220: docker: fix blockThreshold full bug 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-07-03 02:11:15 +00:00
chenjiankun
f4b7deed86 docker: fix blockThreshold full bug 
Reference:dcfe23a038
(cherry picked from commit 0a4d9fd935beba53895f650ab233538f15f579db)
 2023-06-29 15:29:20 +08:00
openeuler-ci-bot
7a9b8e8216
!215 [sync] PR-212: docker: thinpool full because docker daemon restart when docker pull 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-06-09 04:02:06 +00:00
zhongjiawei
ea96e880ad docker:thinpool full because docker daemon restart when docker pull 
(cherry picked from commit b2a0f1208e3496beda2021d6d88132421faa3f6f)
 2023-06-09 10:58:35 +08:00
openeuler-ci-bot
9c762335fd
!206 [sync] PR-204: docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-04-06 12:31:51 +00:00
zhongjiawei
1f59c513a7 docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 
(cherry picked from commit 89d75b17a59db0e702af8b015d43fdcc150810db)
 2023-04-06 20:00:12 +08:00
openeuler-ci-bot
a0beaa1a70
!199 [sync] PR-197: docker:backport upstream patches 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-03-30 06:09:57 +00:00
zhongjiawei
7470010764 docker:sync some patches 
(cherry picked from commit 2e6b7fad8e6f9c3d6b654059eaa2dbebd9e16914)
 2023-03-30 10:02:39 +08:00
openeuler-ci-bot
8cf1227540
!192 [sync] PR-187: docker:try http for docker manifest insecure 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
 2023-03-16 07:12:49 +00:00
zhongjiawei
52284b74eb docker:try http for docker manifest insecure 
(cherry picked from commit 32b9a9fdb012d226da909b3249f7b8b4df7278b5)
 2023-03-16 14:36:24 +08:00
openeuler-ci-bot
e6a2b554de
!185 [sync] PR-180: docker: fix container missing after restarting dockerd twice 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-03-15 02:50:57 +00:00
JackChan8
63617251b6 docker: fix container missing after restarting dockerd twice 
fix #I6MJ4X

(cherry picked from commit c449de66430e0546323a3b63f1ba78c449b077da)
 2023-03-15 10:04:07 +08:00
openeuler-ci-bot
43168916ff
!175 [sync] PR-171: docker: set freezer.state to Thawed to increase freeze chances 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2023-02-17 09:39:00 +00:00
chenjiankun
638e17af84 docker: set freezer.state to Thawed to increase freeze chances 
fix #I6EOOP

docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances

(cherry picked from commit 6b695c68f87ef189c79797e95698ced4bf669f9d)
 2023-02-17 16:52:28 +08:00
openeuler-ci-bot
d21506e0f5
!162 [sync] PR-161: docker:do not stop health check before sending signal 
From: @openeuler-sync-bot 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git
 2022-12-01 09:04:46 +00:00
zhongjiawei
99fc560004 docker:do not stop health check before sending signal 
(cherry picked from commit 44b62dc88af07cc91a6cb523fa8cd3037c3c66be)
 2022-12-01 16:28:40 +08:00
openeuler-ci-bot
f5a6e93a36
!159 [sync] PR-155: docker: using VERSION-vendor to record version 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-11-24 07:34:32 +00:00
chenjiankun
05606411e0 docker: using VERSION-vendor to record version 
(cherry picked from commit 7847f38213109046bc356616b236865ef5dc708f)
 2022-11-24 14:31:55 +08:00
openeuler-ci-bot
d03e2d35a0
!153 [sync] PR-149: docker: fix dockerd core when release network 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-11-23 02:37:00 +00:00
chenjiankun
894f5c0d57 docker: fix dockerd core when release network 
fix #I627ON

(cherry picked from commit eb9eabe25426f30d4690a9b651f7af7d5d715477)
 2022-11-22 20:41:35 +08:00
openeuler-ci-bot
da3fe4d2ae
!147 [sync] PR-143: docker: cleanup netns file when stop docker daemon 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-11-22 12:37:45 +00:00
chenjiankun
3d41826f07 docker: cleanup netns file when stop docker daemon 
fix #I5W2XY

(cherry picked from commit a81ea9875a9ca5bb61fcccc747b4a9f73a175680)
 2022-11-22 16:37:24 +08:00
openeuler-ci-bot
ec2ddd5603
!137 docker:fix compile problem 
From: @DCCooper 
Reviewed-by: @jackchan8, @duguhaotian, @Vanient 
Signed-off-by: @duguhaotian
 2022-10-15 10:03:46 +00:00
DCCooper
27e8320345 docker:fix compile problem 
change runc original install location
(/usr/local/bin --> /usr/bin) to fix compile problem

Signed-off-by: DCCooper <1866858@gmail.com>
 2022-09-24 01:35:03 +08:00
openeuler-ci-bot
ce42130c08
!133 [sync] PR-132: docker: add epoch for easy upgrade 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-09-21 06:16:13 +00:00
chenjiankun
340b8d7164 docker: add epoch for easy upgrade 
(cherry picked from commit 7770ba688f2fe0ba20ff05d55bb9db20ba7854bf)
 2022-09-21 11:28:54 +08:00
openeuler-ci-bot
220dc337d8
!127 [sync] PR-126: docker: ensure layer digest folder removed if ls.driver.Remove fails 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-09-16 06:51:15 +00:00
chenjiankun
9bb3a56c0e docker: ensure layer digest folder removed if ls.driver.Remove fails 
If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder of layer
will be removed first, and then the digest folder will be removed.
If the diff folder fails to be removed, such as operation not permitted or
interrupted by others, both the digest folder and diff folder will remain
on the disk, this will cause image not be complete and not repairable.

So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.

(cherry picked from commit 219f49ee216459dc50dcbddaade9828ad7fa31fb)
 2022-09-16 09:23:38 +08:00
openeuler-ci-bot
55c13ee484
!124 [sync] PR-122: [sync] docker: fix CVE-2022-36109 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-09-15 08:44:54 +00:00
chenjiankun
06e6588807 docker: fix CVE-2022-36109 
fix #I5QLCS

(cherry picked from commit dde1451e0188d0be7b34c14b277b87dbf24e5581)
 2022-09-15 16:28:51 +08:00
openeuler-ci-bot
2f0e2c80ed
!119 [sync] PR-118: [sync] docker: Add an ExitPid field for State struct to record exit process id 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-09-15 08:27:08 +00:00
chenjiankun
d774ef3f7d docker: Add an ExitPid field for State struct to record exit process id 
fix #I5OBUW

(cherry picked from commit c8142e10cf71a5a38616f1a7277ed879e796adca)
 2022-09-15 15:05:15 +08:00
openeuler-ci-bot
d31e1f2b9b
!115 [sync] PR-113: [sync] docker: fix terminal abnormal after docker run 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-09-15 07:03:16 +00:00
chenjiankun
b0de51e996 [sync]docker: fix terminal abnormal after docker run 
fix #I5FTB4
fix #I5LDB4
fix #I5OBZ9

(cherry picked from commit b4a83d73a3cdba481691bf29f2f1f17a98d34a14)
 2022-09-15 14:16:29 +08:00
openeuler-ci-bot
4f81b515cd
!96 [sync] PR-95: sync from internal 
From: @openeuler-sync-bot 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
 2022-06-29 01:34:38 +00:00