diff --git a/examples/docker.yml b/examples/docker.yml index 2d169c154..1b7a4e377 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -30,7 +30,7 @@ services: - name: ntpd image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile index 639156913..cf5f235c7 100644 --- a/pkg/docker-ce/Dockerfile +++ b/pkg/docker-ce/Dockerfile @@ -17,8 +17,10 @@ RUN apk add --no-cache --initdb -p /out \ xz RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache +FROM linuxkit/vpnkit-forwarder:883de832c2c3cb72cd9b01e3f7bd788649e0f2c2 AS vpnkit FROM scratch COPY --from=mirror /out/ / +COPY --from=vpnkit /vpnkit-expose-port /usr/bin/vpnkit-expose-port # set up Docker group # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index 2ec0ce2bb..aff359fed 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -27,7 +27,7 @@ services: - name: ntpd image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index 8d818ba73..59dd920f2 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -27,7 +27,7 @@ services: - name: ntpd image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host diff --git a/projects/kubernetes/image-cache/Dockerfile b/projects/kubernetes/image-cache/Dockerfile index dfbc6eb30..0e3d7455f 100644 --- a/projects/kubernetes/image-cache/Dockerfile +++ b/projects/kubernetes/image-cache/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59 +FROM linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848 ADD . /images ENTRYPOINT [ "/bin/sh", "-c" ] CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index a718876c3..7dd4b8911 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -38,7 +38,7 @@ services: - name: sshd image: "linuxkit/sshd:abc1f5e096982ebc3fb61c506aed3ac9c2ae4d55" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 077fe522b..2f04500e6 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -38,7 +38,7 @@ services: - name: sshd image: "linuxkit/sshd:abc1f5e096982ebc3fb61c506aed3ac9c2ae4d55" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 8c2c32652..3e71d4f6b 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -24,7 +24,7 @@ services: - name: dhcpcd image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1" - name: docker - image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59" + image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848" capabilities: - all net: host