- make quiet
- force, so some adjustments are not checked see https://github.com/docker/pinata/issues/6198
- set resize_inode as we do resize partitions on cloud and they could have very few inodes otherwise
- inline all the default options and remove the config file, so script is more standalone
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- run test suite under containerd
- in future this should be converted to Go not shell see #860
- test suite is now in its own initrd, can be run on any platform not just qemu
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Regenerated the kernel config from container, which bumped the kernel
version and included some other fixes. Also bumps the check-config
container to check for VSYSCALL_NATIVE
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When building the base images always test signatures.
This will be the default at some point.
Add a test that content trust is working.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8
fix#53
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously when the block device was resized the partition table was also
resized but the filesystem was not. For an increase from 64GiB to 128GiB
the console showed:
* Configuring host block device .../dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks
Resizing disk partition: Unpartitioned space /dev/vda: 64 GiB, 68719476736 bytes, 134217728 sectors
resize2fs 1.43.3 (04-Sep-2016)
Please run 'e2fsck -f /dev/vda1' first.
/dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks
This patch makes `resize2fs` happy by running `e2fsck -f` beforehand as
requested.
Signed-off-by: David Scott <dave.scott@docker.com>
So as to allow a read only root filesystem, we use the proxy
path config option to override the Docker proxy for 1.13.
This means that the iptables override needs to call this binary
not the original docker-proxy binary to allow port forwarding.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- never update root filesystem see #583
- remove tests for earlier docker versions
- only use iptables override on desktop
fix#753
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)
Fix#619
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Most editions were shipping with experimental; now it is a daemon
flag this seems the best behaviour.
Only do this on recent dockerd as we are still supporting 1.12 for
a while longer.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is not working well, and was binding over the logs, and losing
logs. We need a uniform approach on all platforms, planned to be
syslog.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
