This makes sure that once we have ro rootfs any programs that still
for any reason use `/tmp` can still write to it, or if people expect
sharing it into a container to work.
fix#778
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
So as to allow a read only root filesystem, we use the proxy
path config option to override the Docker proxy for 1.13.
This means that the iptables override needs to call this binary
not the original docker-proxy binary to allow port forwarding.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These will be containerised, and were disabled anyway.
Need client, as git needs it, and docker needs git.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- never update root filesystem see #583
- remove tests for earlier docker versions
- only use iptables override on desktop
fix#753
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)
Fix#619
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Some of git's whitespace fixup option corrupts the patches by (at least)
stripping trailing spaces (which are present for empty lines in context) and
changing leading <space><tab> into just <tab>. `patch(1)` used by the build
here seems to tolerate this, but `git am` and/or `git apply` do not.
Fix this up by running git am and at each failure point (i.e. every patch)
applying the relevant patch using `patch(1)` (which works because `git am` was
unable to even partially apply the patches) before regenerating the whole lot
with `git format-patch`.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Add toybox statically linked ls, sh, find etc so that it is
possible to examine the archive eaily.
Fix#749
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
128 CPUs seems plenty for now and it allows for the
debug kernels to boot on Hyper-V without modifications. It may
also have the added benefit of reducing some data structures
allocated per CPU (in particular for Debug kernels).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This stops device auto-detect in 'hwdrivers'. On Docker
for Windows driver auto-detect should not be necessary as all
drivers are compiled in.
Further, on slow machines (and in CI) th 'hwdrivers' seems to have
race as it does a 'find' on '/sys/devices' and then performs actions.
On slow machines (and in CI) it appears that VMBus devices get
removed (and possibly re-added) causing the script to error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This removes all the patches which have been upstreamed since 4.4.x
and only leaves patches for a minor fix to AF_VSOCK, the Hyper-V socket patch
and a new patch for fixing delays on creating netns with tunnel interfaces.
The latter has been accecpted into the upstream netdev branch and will
likely appear in 4.9.0 and we can cherry pick from there then.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Most editions were shipping with experimental; now it is a daemon
flag this seems the best behaviour.
Only do this on recent dockerd as we are still supporting 1.12 for
a while longer.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is not working well, and was binding over the logs, and losing
logs. We need a uniform approach on all platforms, planned to be
syslog.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Setting kernel boot params values as recommended by Microsoft for Azure (should avoid slow boots) and disabling efi framebuffer (should avoid hanging on efi fb setup)
