As we released this in the beta channel, and it is a nice feature that our users love,
backporting this to 4.4 so we don't have to revert it or conditionally behave differently.
This is upstream Linux commits
- 9a08c352d05305ca7651540c3b107da1e4e1f40b fs: add filp_clone_open API
- 948b701a607f123df92ed29084413e5dd8cda2ed binfmt_misc: add persistent opened binary handler for containers
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Add back Linux kernel 4.4.x support, only for AUFS at present.
- Add back config options that are different for 4.4 series
See #923 for discussion on whether we need to do this.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use jq to fix up the output where there are still issues
- some issues will need fixing up in future too
- can remove fixes later
- still plan to restructure the code around containers to make it easier and clearer
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Missed these before, noticed while making a new one.
Also a copy paste error left one shasum incorrect.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- remove patch now https://github.com/iovisor/bcc/pull/887 is merged
- move the patches to the base image as it makes more sense like this
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Where the suggestions came from is not that useful, just have a
single file for the main ones and then distro specific versions.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Some/most of the samples/tools throw and error, e.g.:
LLVM ERROR: Cannot select: 0x56049b79dcb0: ch,glue = BPFISD::CALL 0x56049a93ad60, TargetExternalSymbol:i64'__stack_chk_fail'
0x56049b391500: i64 = TargetExternalSymbol'__stack_chk_fail'
In function: waker
bcc-stack-protector.patch adds -fno-stack-protector to the CFLAGS
which fixes this error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is a temporary workaround for https://github.com/docker/docker/issues/29950
which has broken caching and therefore is very annoying for development, but we
don't really need to set it, so it can stay...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This has various security updates which do potentially affect
containerised application security see
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1
estimated medium severity.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
A lot of the `iovisor/bcc` tools take a pid as a command line option and using
`--pid=host` allows you to use `$(pgrep foo)`
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This might fix the issue that GCE is not setting the MTU from
the DHCP response. The documentation says this is shipped but
it is not in Alpine, this one is from a NetBSD install.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
