packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
138 Commits 1 Branch 0 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
zhongjiawei
a8f31ed0bf docker:sync some patches 
(cherry picked from commit d4cbc6b9cb46f6932e34abf7dfa15257379f762a)
 2025-02-24 09:32:52 +08:00
zhongjiawei
96638540d5 docker:fix CVE-2024-36623 
(cherry picked from commit bac17d509e0e29a47e18ba9950b23a4069b3713b)
 2024-12-06 14:49:35 +08:00
zhongjiawei
0bb947b3e4 docker:fix missing lock in ensurelayer 
(cherry picked from commit 7d79bc05c62531d7ffcc2caaf89c29e33440171e)
 2024-12-02 16:03:49 +08:00
zhongjiawei
aa51a103f3 docker:support calling clone when clone3 is not support 2024-10-25 15:59:11 +08:00
zhongjiawei
159a4f423f docker:try to reconnect when containerd grpc return unexpected EOF 
(cherry picked from commit bb19128a08aa2355d23555925a14a3733d173b64)
 2024-08-31 11:43:27 +08:00
zhongjiawei
6e938d7183 docker:add clone3 seccomp whitelist for arm64 
(cherry picked from commit 36446e9c94c779506c0d37b582a8b4330afeaaa1)
 2024-08-02 17:31:18 +08:00
zhongjiawei
e091545f2d docker:fix CVE-2024-41110 
(cherry picked from commit e6ebcc95f414d60dd04019b0deab87cb56760c7f)
 2024-07-26 17:32:03 +08:00
chenjiankun
6d238abf6b docker: Ignore SIGURG on Linux 
fix #IA9T8K

(cherry picked from commit c24648a4d416f366d23ee7ae58736c7794595d15)
 2024-07-15 17:05:06 +08:00
chenjiankun
65c2f7d283 backport: fix CVE-2024-32473 
fix #I9HX2H

(cherry picked from commit d958cc81c9d6b18ecd2568727ed778de043d5fbe)
 2024-05-08 17:10:00 +08:00
chenjiankun
57dee86c1a docker: fix CVE-2024-29018 
fix #I9A82U

(cherry picked from commit 8ed18fcd14ecac175c68eebd55399615ee13e159)
 2024-04-12 17:06:06 +08:00
chenjiankun
ee2b6a007c backport: fix CVE-2024-24557 
fix #I90KVB

(cherry picked from commit 7a70f28050f176675b52d8116a2ba038b18ae93c)
 2024-03-19 20:26:03 +08:00
Lu Jingxiao
74460e0b20 docker: sync patches from upstream 
Sync patches from upstream, including:
- b033961a82
- 2a8341f252
- cae76642b6
- f43f820a8c
- b1d05350ec
- 7a24e475b3
- f89fd3df7d
- 76e4260141
- b92585a470

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2023-12-22 17:24:47 +08:00
Lu Jingxiao
84fd54726a docker: fix COPY --from should preserve ownership 
Fixes: #I86H6B

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
 2023-10-09 16:35:32 +08:00
flyflyflypeng
e519069449 docker: remove useless mount point dir 
fix #I7UQ2Y

Signed-off-by: flyflyflypeng <jiangpengfei9@huawei.com>
 2023-08-28 10:22:46 +08:00
jingxiaolu
f5527c508a docker: define a dummy hostname to use for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
 2023-07-28 17:47:05 +08:00
chenjiankun
2e888b9837 docker: repalce unix.Rmdir with os.RemoveAll when remove mount point dir 
fix #I7G1LL
 2023-06-29 16:16:05 +08:00
chenjiankun
9b293e9221 docker: fix blockThreshold full bug 
Reference:dcfe23a038
 2023-06-27 16:59:43 +08:00
zhongjiawei
2e483250b2 docker:thinpool full because docker daemon restart when docker pull 
Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
 2023-06-08 16:32:46 +08:00
zhongjiawei
3b459012b6 docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 2023-04-06 16:19:21 +08:00
zhongjiawei
59f6a66701 docker:sync some patches 2023-03-29 15:16:12 +08:00
zhaozhen
9cd20b596b add loongarch64 support for docker 2023-03-16 20:03:19 +08:00
zhongjiawei
ff3bcc697b docker: try http for docker manifest insecure 2023-03-15 17:24:08 +08:00
JackChan8
5ecf0ca3e7 docker: fix container missing after restarting dockerd twice 
fix #I6MJ4X
 2023-03-14 19:27:35 +08:00
Song Zhang
8ed0a65d0b docker stats: fix 'panic: close of closed channel' 
bugfix: https://gitee.com/src-openeuler/docker/issues/I6LNNW?from=project-issue

Signed-off-by: Song Zhang <zhangsong34@huawei.com>
 2023-03-10 15:42:11 +08:00
chenjiankun
b78a50c378 docker: set freezer.state to Thawed to increase freeze chances 
docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances
 2023-02-17 16:39:45 +08:00
zhongjiawei
365eb0b196 docker:do not stop health check before sending signal 2022-12-01 15:19:28 +08:00
chenjiankun
07ce32f65f docker: fix dockerd core when release network 
fix #I627ON
 2022-11-22 20:49:27 +08:00
chenjiankun
6a3861c8c1 docker: cleanup netns file when stop docker daemon 
fix #I5W2XY
 2022-11-22 14:50:42 +08:00
chenjiankun
54c9d1260f docker: ensure layer digest folder removed if ls.driver.Remove fails 
If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder of layer
will be removed first, and then the digest folder will be removed.
If the diff folder fails to be removed, such as operation not permitted or
interrupted by others, both the digest folder and diff folder will remain
on the disk, this will cause image not be complete and not repairable.

So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.
 2022-09-15 17:31:01 +08:00
chenjiankun
fc3bc485d1 docker: fix CVE-2022-36109 
fix #I5QLCS
 2022-09-15 11:24:04 +08:00
chenjiankun
214570099c docker: Add an ExitPid field for State struct to record exit process id 
fix #I5OBUW
 2022-09-13 20:38:42 +08:00
chenjiankun
542207bf0a docker: fix terminal abnormal after docker run 
fix #I5OBZ9
fix #I5LDB4
fix #I5FTB4
 2022-09-13 19:58:50 +08:00
zhongjiawei
777a2b05b8 fix CVE-2021-41092 
fix #I5D1C0
fix CVE-2021-41092
 2022-06-29 14:52:33 +08:00
zjw
69f6dc243f fix CVE-2021-41091 
fix #I5CA8V
fix CVE-2021-41091
 2022-06-29 09:57:50 +08:00
zjw
9d4f69f055 fix CVE-2021-41089 
fix #I5CA8X
 2022-06-29 09:54:58 +08:00
zjw
2b2be77fce close channel in write side to avoid panic in docker stats 
fix #I5ATMV
 2022-06-29 09:50:20 +08:00
zjw
6b4b0f7702 fix status inconsistent after restart container 
fix #I5AIPF
fix #I5AD5N
 2022-06-29 09:45:41 +08:00
chenjiankun
e676158bba sync from openEuler-22.03-LTS 2022-06-28 16:29:12 +08:00
duyiwei
632b430ea3 fix CVE-2022-24769 2022-06-10 15:13:38 +08:00
xiadanni
447f294a20 docker:update seccomp whitelist to Linux 5.10 syscall list 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-09-26 23:57:52 +08:00
WangFengTu
aa6647526e fix dangling unpigz 
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 2021-08-30 09:19:11 +08:00
WangFengTu
82696f6e38 rollback if docker restart when doing BlkDiscard 
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
 2021-04-01 16:25:19 +08:00
xiadanni
1bae2e5ea3 docker:sync bugfix and fix CVE-2021-21284 2021-21285 
1.fix execCommands leak in health-check
2.check containerd pid before kill it
3.fix CVE-2021-21284
4.fix CVE-2021-21285

Change-Id: I2fe1dd40281f1786ecc63ff19d416b113710e611
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 15:40:53 +08:00
jingrui
af6293703d docker: sync bugfix 
Change-Id: I4dc92059d90415199fcd143d75cc68cfdb67c430
Signed-off-by: jingrui <jingrui@huawei.com>
 2021-01-19 14:03:29 +08:00
yangyanchao
4780a2ff0e docker:components:add config files for riscv 
Signe:-off-by: yangyanchao <yangyanchao6@huawei.com>
 2021-01-04 10:45:04 +08:00
f00231050
27493a1bf2 docker: fix registry not try hostname issue 
reason: when mirror is matched, only matched mirror endpoint is added to endpoint list, but the hostname itself is not in the list, which is not compatible with the case of docker.io, docker.io will be appended to the last of the endpoint list.
 2020-12-21 09:46:50 +08:00
liuzekun
294a810705 docker: sync patches from internal 
Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-11-28 09:37:25 +08:00
jingrui
a7fbe55e45 docker: sync daemon pkg to cli vendor 
Change-Id: I3f272af66670959fc7d42d5be2526ebf7f9eecfb
Signed-off-by: jingrui <jingrui@huawei.com>
 2020-07-06 18:56:50 +08:00
xiadanni1
07877c6fda docker: use git-commit to store commit ID 
Change-Id: Id13ecdba61708f62595d6db593c670c304abf0bb
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-06-16 02:07:26 +08:00
liuzekun
c0d5f8afd5 docker: check whether exit file is exist before kill process directly 
kill process directly should check whether exit file is exist already,
for avoid kill the new process which reused this pid

Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-04-10 17:13:31 +08:00