packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
108 Commits 1 Branch 0 Tags
Commit Graph

25 Commits

Author SHA1 Message Date
zhongjiawei
257b0325f5 docker:fix missing lock in ensurelayer 
(cherry picked from commit 811fea11922b9da55ebd901c65d7fff82328cf36)
 2024-12-02 16:03:41 +08:00
zhongjiawei
e35d689a81 docker:try to reconnect when containerd grpc return unexpected EOF 
(cherry picked from commit bb19128a08aa2355d23555925a14a3733d173b64)
 2024-08-31 11:43:21 +08:00
zhongjiawei
982b382e17 docker:add clone3 seccomp whitelist for arm64 
(cherry picked from commit 36446e9c94c779506c0d37b582a8b4330afeaaa1)
 2024-08-02 17:31:10 +08:00
zhongjiawei
f91c6cce71 docker:fix CVE-2024-41110 
(cherry picked from commit e6ebcc95f414d60dd04019b0deab87cb56760c7f)
 2024-07-26 17:31:57 +08:00
chenjiankun
39938b951e docker: Ignore SIGURG on Linux 
fix #IA9T8K
 2024-07-15 17:56:41 +08:00
chenjiankun
5bee9b894d backport: fix CVE-2024-32473 
fix #I9HX2H

(cherry picked from commit d958cc81c9d6b18ecd2568727ed778de043d5fbe)
 2024-05-08 17:09:55 +08:00
chenjiankun
c71044c2d8 docker: fix CVE-2024-29018 
fix #I9A82U

(cherry picked from commit 8ed18fcd14ecac175c68eebd55399615ee13e159)
 2024-04-12 17:06:03 +08:00
chenjiankun
38ff1b1b5d backport: fix CVE-2024-24557 
fix #I90KVB
 2024-03-19 20:12:04 +08:00
flyflyflypeng
6c4fcf023e docker: sync patches from upstream 
Sync patches from upstream, including:
- b033961a82
- 2a8341f252
- cae76642b6
- f43f820a8c
- b1d05350ec
- 7a24e475b3
- f89fd3df7d
- 76e4260141
- b92585a470

Signed-off-by: flyflypeng <jiangpengfei9@huawei.com>
 2023-12-28 21:57:15 +08:00
zhongjiawei
15a8a28493 docker:modify runc rpm package name from docker-runc to runc 2023-11-17 11:21:10 +08:00
zhongjiawei
937754a249 docker:add delay after freeze 
(cherry picked from commit 2e48b57e25c721804c926c73370c33d3e769bc94)
 2023-10-12 17:19:29 +08:00
Lu Jingxiao
0b26f41390 docker: fix COPY --from should preserve ownership 
Fixes: #I86H6B

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit 84fd54726a663f603700e4b565b065a62c268449)
 2023-10-09 18:58:59 +08:00
flyflyflypeng
1dceeb1c20 docker: remove useless mount point dir 
fix #I7UQ2Y

Signed-off-by: flyflyflypeng <jiangpengfei9@huawei.com>
(cherry picked from commit e5190694496f1b5fccb7b70e982fdf3fadb6e3cb)
 2023-08-28 15:14:00 +08:00
chenjiankun
cd7070aebb docker: define a dummy hostname to use for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.
 2023-08-02 16:30:20 +08:00
chenjiankun
f69d70d2e2 docker: sync patches from master 
(cherry picked from commit faa68fcbfa7bc543cdf70f004b82eed8431c7c77)
 2023-07-13 11:26:08 +08:00
zhongjiawei
1beb1da2de docker:remove invalid libcgroup dependencies 2023-07-12 11:39:01 +08:00
zhongjiawei
a4edd1edf4 docker:thinpool full because docker daemon restart when docker pull 2023-06-09 11:06:25 +08:00
zhongjiawei
7a60984014 docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 
(cherry picked from commit f021f5c385bf7dd11a892a128888f5998f754b24)
 2023-04-06 20:00:21 +08:00
zhongjiawei
cf3b5bbff6 docker:sync some patches 
(cherry picked from commit 5004ebff5b6cd0eeff1a8edaf8f59dea0f348021)
 2023-03-30 10:02:42 +08:00
zhongjiawei
9c2234772a docker: try http for docker manifest insecure 
(cherry picked from commit ff3bcc697b172784a8dacd637576cd932801399a)
 2023-03-16 14:27:21 +08:00
JackChan8
2f5e04a8aa docker: fix container missing after restarting dockerd twice 
fix #I6MJ4X

(cherry picked from commit 5ecf0ca3e74f004180222c8ec9ea3e240bf96d15)
 2023-03-15 10:03:30 +08:00
Song Zhang
725d53a12b docker stats: fix 'panic: close of closed channel' 
bugfix: https://gitee.com/src-openeuler/docker/issues/I6LNNW?from=project-issue

Signed-off-by: Song Zhang <zhangsong34@huawei.com>
(cherry picked from commit 8ed0a65d0b666a1f05e3b9c2e0f906859a1c4acb)
 2023-03-10 16:39:45 +08:00
chenjiankun
8eacb70a4e docker: set freezer.state to Thawed to increase freeze chances 
docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances

(cherry picked from commit b78a50c378d2ccef2254cf694991f4d52eec1fe9)
 2023-02-17 16:52:06 +08:00
zhongjiawei
748628a918 docker:do not stop health check before sending signal 
(cherry picked from commit 365eb0b1969d296e7e6894af9f913b3e24f81c21)
 2022-12-01 16:28:49 +08:00
chenjiankun
ec922e1fed docker: using VERSION-vendor to record version 
(cherry picked from commit 3cc77fa02d5a0efb77b71d4f506b44f209329b1d)
 2022-11-24 14:31:40 +08:00