packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
138 Commits 1 Branch 0 Tags
Commit Graph

29 Commits

Author SHA1 Message Date
zhongjiawei
a8f31ed0bf docker:sync some patches 
(cherry picked from commit d4cbc6b9cb46f6932e34abf7dfa15257379f762a)
 2025-02-24 09:32:52 +08:00
zhongjiawei
96638540d5 docker:fix CVE-2024-36623 
(cherry picked from commit bac17d509e0e29a47e18ba9950b23a4069b3713b)
 2024-12-06 14:49:35 +08:00
zhongjiawei
0bb947b3e4 docker:fix missing lock in ensurelayer 
(cherry picked from commit 7d79bc05c62531d7ffcc2caaf89c29e33440171e)
 2024-12-02 16:03:49 +08:00
zhongjiawei
aa51a103f3 docker:support calling clone when clone3 is not support 2024-10-25 15:59:11 +08:00
zhongjiawei
159a4f423f docker:try to reconnect when containerd grpc return unexpected EOF 
(cherry picked from commit bb19128a08aa2355d23555925a14a3733d173b64)
 2024-08-31 11:43:27 +08:00
zhongjiawei
6e938d7183 docker:add clone3 seccomp whitelist for arm64 
(cherry picked from commit 36446e9c94c779506c0d37b582a8b4330afeaaa1)
 2024-08-02 17:31:18 +08:00
zhongjiawei
e091545f2d docker:fix CVE-2024-41110 
(cherry picked from commit e6ebcc95f414d60dd04019b0deab87cb56760c7f)
 2024-07-26 17:32:03 +08:00
chenjiankun
6d238abf6b docker: Ignore SIGURG on Linux 
fix #IA9T8K

(cherry picked from commit c24648a4d416f366d23ee7ae58736c7794595d15)
 2024-07-15 17:05:06 +08:00
chenjiankun
65c2f7d283 backport: fix CVE-2024-32473 
fix #I9HX2H

(cherry picked from commit d958cc81c9d6b18ecd2568727ed778de043d5fbe)
 2024-05-08 17:10:00 +08:00
chenjiankun
57dee86c1a docker: fix CVE-2024-29018 
fix #I9A82U

(cherry picked from commit 8ed18fcd14ecac175c68eebd55399615ee13e159)
 2024-04-12 17:06:06 +08:00
chenjiankun
ee2b6a007c backport: fix CVE-2024-24557 
fix #I90KVB

(cherry picked from commit 7a70f28050f176675b52d8116a2ba038b18ae93c)
 2024-03-19 20:26:03 +08:00
Lu Jingxiao
74460e0b20 docker: sync patches from upstream 
Sync patches from upstream, including:
- b033961a82
- 2a8341f252
- cae76642b6
- f43f820a8c
- b1d05350ec
- 7a24e475b3
- f89fd3df7d
- 76e4260141
- b92585a470

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2023-12-22 17:24:47 +08:00
zhongjiawei
1bcaf75f0b docker:modify runc rpm package name from docker-runc to runc 2023-11-17 11:29:53 +08:00
zhongjiawei
2e48b57e25 docker:add delay after freeze 2023-10-12 15:12:06 +08:00
Lu Jingxiao
84fd54726a docker: fix COPY --from should preserve ownership 
Fixes: #I86H6B

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2023-10-09 16:35:32 +08:00
flyflyflypeng
e519069449 docker: remove useless mount point dir 
fix #I7UQ2Y

Signed-off-by: flyflyflypeng <jiangpengfei9@huawei.com>
 2023-08-28 10:22:46 +08:00
jingxiaolu
f5527c508a docker: define a dummy hostname to use for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
 2023-07-28 17:47:05 +08:00
zhongjiawei
76ef69817e docker:remove invalid libcgroup dependencies 2023-07-12 09:53:04 +08:00
chenjiankun
2e888b9837 docker: repalce unix.Rmdir with os.RemoveAll when remove mount point dir 
fix #I7G1LL
 2023-06-29 16:16:05 +08:00
chenjiankun
9b293e9221 docker: fix blockThreshold full bug 
Reference:dcfe23a038
 2023-06-27 16:59:43 +08:00
zhongjiawei
2e483250b2 docker:thinpool full because docker daemon restart when docker pull 
Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
 2023-06-08 16:32:46 +08:00
zhongjiawei
3b459012b6 docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 2023-04-06 16:19:21 +08:00
zhongjiawei
59f6a66701 docker:sync some patches 2023-03-29 15:16:12 +08:00
zhongjiawei
ff3bcc697b docker: try http for docker manifest insecure 2023-03-15 17:24:08 +08:00
JackChan8
5ecf0ca3e7 docker: fix container missing after restarting dockerd twice 
fix #I6MJ4X
 2023-03-14 19:27:35 +08:00
Song Zhang
8ed0a65d0b docker stats: fix 'panic: close of closed channel' 
bugfix: https://gitee.com/src-openeuler/docker/issues/I6LNNW?from=project-issue

Signed-off-by: Song Zhang <zhangsong34@huawei.com>
 2023-03-10 15:42:11 +08:00
chenjiankun
b78a50c378 docker: set freezer.state to Thawed to increase freeze chances 
docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances
 2023-02-17 16:39:45 +08:00
zhongjiawei
365eb0b196 docker:do not stop health check before sending signal 2022-12-01 15:19:28 +08:00
chenjiankun
3cc77fa02d docker: using VERSION-vendor to record version 2022-11-24 11:46:52 +08:00