As we released this in the beta channel, and it is a nice feature that our users love,
backporting this to 4.4 so we don't have to revert it or conditionally behave differently.
This is upstream Linux commits
- 9a08c352d05305ca7651540c3b107da1e4e1f40b fs: add filp_clone_open API
- 948b701a607f123df92ed29084413e5dd8cda2ed binfmt_misc: add persistent opened binary handler for containers
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Add back Linux kernel 4.4.x support, only for AUFS at present.
- Add back config options that are different for 4.4 series
See #923 for discussion on whether we need to do this.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use jq to fix up the output where there are still issues
- some issues will need fixing up in future too
- can remove fixes later
- still plan to restructure the code around containers to make it easier and clearer
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Missed these before, noticed while making a new one.
Also a copy paste error left one shasum incorrect.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- remove patch now https://github.com/iovisor/bcc/pull/887 is merged
- move the patches to the base image as it makes more sense like this
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Where the suggestions came from is not that useful, just have a
single file for the main ones and then distro specific versions.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Some/most of the samples/tools throw and error, e.g.:
LLVM ERROR: Cannot select: 0x56049b79dcb0: ch,glue = BPFISD::CALL 0x56049a93ad60, TargetExternalSymbol:i64'__stack_chk_fail'
0x56049b391500: i64 = TargetExternalSymbol'__stack_chk_fail'
In function: waker
bcc-stack-protector.patch adds -fno-stack-protector to the CFLAGS
which fixes this error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is a temporary workaround for https://github.com/docker/docker/issues/29950
which has broken caching and therefore is very annoying for development, but we
don't really need to set it, so it can stay...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This has various security updates which do potentially affect
containerised application security see
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1
estimated medium severity.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
A lot of the `iovisor/bcc` tools take a pid as a command line option and using
`--pid=host` allows you to use `$(pgrep foo)`
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
