Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

Overview

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.


Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Issues
  • Use separate openrc init script for containerd

    Use separate openrc init script for containerd

    The current init script spawns both a docker process and a containerd process. This probably confuses openrc which sometimes leads to a crashed docker service when running /etc/init.d/docker start.
    Gentoo Linux ships with a separate init script for containerd. By adding the dependency to the docker init script, both processes can be monitored separately by openrc.

    Probably related issue: #23628


    Related bug for Gentoo Linux #842567

    The current docker init file does not specify containerd as dependency. When the docker service is started, it first starts containerd itself. You can check this by

    rc-service docker stop
    rc-service containerd stop
    dockerd
    

    -> output that indicates that both docker and containerd are started. Htop shows containerd as child process of dockerd.

    There exists a separate init script for containerd which is always there when docker is installed because app-containers/containerd (to which the file belongs) is pulled in as a dependency of docker.

    When starting the containerd service before docker, the already existing process is used. You can check this by

    rc-service docker stop
    rc-service containerd start
    dockerd
    

    -> output that indicates that only dockerd is started. Containerd is a separate process.

    opened by Ultimator14 0
  • Port forwarding on host not working anymore since 20.10.15

    Port forwarding on host not working anymore since 20.10.15

    Description Since a upgrade to 20.10.15 we have strange issues with port forwarding. A downgrade to 20.10.14 is fixing the issue. On 20.10.16 is still happens.

    Steps to reproduce the issue:

    • we start a socat container which opens a port on the host to be proxied to one of the containers.
    • From the host 0.0.0.0:49183 should get mapped to socat:2002 which is then forwarded. But it never reaches the socat process
    • inside the container everything works, a curl to the target port+the local socat port is working
    • on the host we just get curl localhost:49183 curl: (56) Recv failure: Connection reset by peer also via 0.0.0.0.
    • This other Stackoverflow report MIGHT be related. Same symtoms and also after 20.10.15 upgrade

    Describe the results you received:

    • no other container is running at this time, also docker restart, purging all networks etc did not help.

    Here are more logs, all ones from the host:

    docker ps
    CONTAINER ID   IMAGE                                                         COMMAND                  CREATED              STATUS                        PORTS                                                                                                                                                                                                                                                                          NAMES
    5b16a0d2680b   ourproxy:5000/alpine/socat:latest               "/bin/sh -c 'socat T…"   About a minute ago   Up About a minute             0.0.0.0:49185->2000/tcp, :::49185->2000/tcp, 0.0.0.0:49184->2001/tcp, :::49184->2001/tcp, 0.0.0.0:49183->2002/tcp, :::49183->2002/tcp, 0.0.0.0:49182->2003/tcp, :::49182->2003/tcp, 0.0.0.0:49181->2004/tcp, :::49181->2004/tcp, 0.0.0.0:49180->2005/tcp, :::49180->2005/tcp   socat
    03a4684a9358   ourproxy:5000/jaegertracing/all-in-one:latest   "/go/bin/all-in-one-…"   12 minutes ago   Up 12 minutes             5775/udp, 5778/tcp, 14250/tcp, 14268/tcp, 6831-6832/udp, 16686/tcp                                                                                                                                                                                                             9yqcmrujhvwt_jaeger_1
    ...
    

    The docker-proxy processes for the 49183 port:

    ps aux | grep 49183
    matze    14878  0.0  0.0   6144   892 pts/9    R+   12:28   0:00 grep --color=auto 49183
    root     19489  0.0  0.0 1370352 7228 ?        Sl   11:57   0:01 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49183 -container-ip 172.21.0.7 -container-port 2002
    root     19495  0.0  0.0 1148388 3376 ?        Sl   11:57   0:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 49183 -container-ip 172.21.0.7 -container-port 2002
    

    Strace of the docker-proxy. so the proxy kinda get a connect...but not more:

    sudo strace -p 19489 -p 19495 -p 19650 -F
    [pid 19502] accept4(4,  <unfinished ...>
    [pid 19500] nanosleep({tv_sec=0, tv_nsec=20000},  <unfinished ...>
    [pid 19503] epoll_pwait(6,  <unfinished ...>
    [pid 19502] <... accept4 resumed> 0xc000048bd8, [112], SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
    [pid 19503] <... epoll_pwait resumed> [{EPOLLIN|EPOLLOUT, {u32=3467071096, u64=140105300266616}}], 128, 0, NULL, 0) = 1
    [pid 19502] socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP <unfinished ...>
    [pid 19503] epoll_pwait(6,  <unfinished ...>
    [pid 19502] <... socket resumed> )      = 5
    [pid 19500] <... nanosleep resumed> NULL) = 0
    [pid 19502] connect(5, {sa_family=AF_INET, sin_port=htons(2002), sin_addr=inet_addr("172.21.0.7")}, 16 <unfinished ...>
    [pid 19500] nanosleep({tv_sec=0, tv_nsec=20000},  <unfinished ...>
    [pid 19502] <... connect resumed> )     = -1 EINPROGRESS (Operation now in progress)
    [pid 19500] <... nanosleep resumed> NULL) = 0
    [pid 19502] epoll_ctl(6, EPOLL_CTL_ADD, 5, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=3467070856, u64=140105300266376}} <unfinished ...>
    [pid 19500] nanosleep({tv_sec=0, tv_nsec=20000},  <unfinished ...>
    [pid 19502] <... epoll_ctl resumed> )   = 0
    [pid 19502] futex(0xc00003ed50, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
    [pid 19500] <... nanosleep resumed> NULL) = 0
    [pid 19500] futex(0x5609d3690238, FUTEX_WAIT_PRIVATE, 0, {tv_sec=60, tv_nsec=0} <unfinished ...>
    [pid 19503] <... epoll_pwait resumed> [{EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP|EPOLLRDHUP, {u32=3467070856, u64=140105300266376}}], 128, -1, NULL, 0) = 1
    [pid 19503] futex(0x5609d3690238, FUTEX_WAKE_PRIVATE, 1) = 1
    [pid 19500] <... futex resumed> )       = 0
    [pid 19503] getsockopt(5, SOL_SOCKET, SO_ERROR,  <unfinished ...>
    [pid 19500] nanosleep({tv_sec=0, tv_nsec=20000},  <unfinished ...>
    [pid 19503] <... getsockopt resumed> [ECONNREFUSED], [4]) = 0
    [pid 19503] epoll_ctl(6, EPOLL_CTL_DEL, 5, 0xc00004db2c) = 0
    [pid 19503] close(5)                    = 0
    [pid 19503] write(2, "2022/05/16 12:27:29 Can't forwar"..., 128) = 128
    [pid 19503] epoll_ctl(6, EPOLL_CTL_DEL, 3, 0xc00004de24) = 0
    [pid 19503] close(3)                    = 0
    [pid 19503] epoll_pwait(6, [], 128, 0, NULL, 824634040320) = 0
    [pid 19503] epoll_pwait(6,  <unfinished ...>
    [pid 19500] <... nanosleep resumed> NULL) = 0
    
     docker exec -it 5b16a0d2680b ps
    PID   USER     TIME  COMMAND
        1 root      0:00 socat TCP-LISTEN:2005,fork,reuseaddr TCP:master_1:8080
        8 root      0:00 socat TCP-LISTEN:2000,fork,reuseaddr TCP:postgres_1:5432
        9 root      0:00 socat TCP-LISTEN:2001,fork,reuseaddr TCP:redis_1:6379
       10 root      0:00 socat TCP-LISTEN:2002,fork,reuseaddr TCP:jaeger_1:14268
       11 root      0:00 socat TCP-LISTEN:2003,fork,reuseaddr TCP:socketserver_1:80
       12 root      0:00 socat TCP-LISTEN:2004,fork,reuseaddr TCP:socketserver_1:80
       30 root      0:00 ps
    

    From socat container:

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:2000            0.0.0.0:*               LISTEN      8/socat
    tcp        0      0 0.0.0.0:2001            0.0.0.0:*               LISTEN      9/socat
    tcp        0      0 127.0.0.11:35857        0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:2002            0.0.0.0:*               LISTEN      10/socat
    tcp        0      0 0.0.0.0:2003            0.0.0.0:*               LISTEN      11/socat
    tcp        0      0 0.0.0.0:2004            0.0.0.0:*               LISTEN      12/socat
    tcp        0      0 0.0.0.0:2005            0.0.0.0:*               LISTEN      1/socat
    

    Output of docker version:

    docker version
    Client: Docker Engine - Community
     Version:           20.10.16
     API version:       1.41
     Go version:        go1.17.10
     Git commit:        aa7e414
     Built:             Thu May 12 09:17:38 2022
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server: Docker Engine - Community
     Engine:
      Version:          20.10.16
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.17.10
      Git commit:       f756502
      Built:            Thu May 12 09:15:44 2022
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.6.4
      GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
     runc:
      Version:          1.1.1
      GitCommit:        v1.1.1-0-g52de29d
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
    
    Server:
     Containers: 13
      Running: 7
      Paused: 0
      Stopped: 6
     Images: 48
     Server Version: 20.10.16
     Storage Driver: overlay2
      Backing Filesystem: xfs
      Supports d_type: true
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
     runc version: v1.1.1-0-g52de29d
     init version: de40ad0
     Security Options:
      apparmor
      seccomp
       Profile: default
     Kernel Version: 5.7.0-0.bpo.2-amd64
     Operating System: Debian GNU/Linux 10 (buster)
     OSType: linux
     Architecture: x86_64
     CPUs: 6
     Total Memory: 10.77GiB
     Name: XXXXX
     ID: XXXXXXX
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
    
    WARNING: No swap limit support
    

    Additional environment details (AWS, VirtualBox, physical, etc.):

    • debian10 with 5:20.10.(15|16) debian package
    opened by brainexe 0
  • Pulling image from private registry when using DOCKER_HOST returns 'no basic auth credentials'

    Pulling image from private registry when using DOCKER_HOST returns 'no basic auth credentials'

    Description

    When using DOCKER_HOST=ssh://[email protected] on a remote machine, and then trying to run docker pull image REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest returns a failure from the Docker host:

    Calling HEAD /_ping
    Calling POST /v1.41/images/create?fromImage=REDACT.dkr.ecr.us-east-1.amazonaws.com%2Fapp&tag=latest
    hostDir: /etc/docker/certs.d/REDACT.dkr.ecr.us-east-1.amazonaws.com
    Trying to pull REDACT.dkr.ecr.us-east-1.amazonaws.com/app from https://REDACT.dkr.ecr.us-east-1.amazonaws.com v2
    Attempting next endpoint for pull after error: Head \"https://REDACT.dkr.ecr.us-east-1.amazonaws.com/v2/app/manifests/latest\": no basic auth credentials
    Handler for POST /v1.41/images/create returned error: Head \"https://REDACT.dkr.ecr.us-east-1.amazonaws.com/v2/app/manifests/latest\": no basic auth credentials
    

    However, docker pull image REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest works correctly when running on local:

    Calling HEAD /_ping
    Calling POST /v1.41/images/create?fromImage=REDACT.dkr.ecr.us-east-1.amazonaws.com%2Fapp&tag=latest
    hostDir: /etc/docker/certs.d/REDACT.dkr.ecr.us-east-1.amazonaws.com
    Trying to pull REDACT.dkr.ecr.us-east-1.amazonaws.com/app from https://REDACT.dkr.ecr.us-east-1.amazonaws.com v2
    Pulling ref from V2 registry: REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest
    .
    .
    .
    Adding content digest to lease" digest="sha256:b27e3b8e090eba10309e65a79f3e8d3156303a00a0054cf9824924de4611bb90" lease="moby-image-sha256:f2c8af66a15dd2706264084c35cb7cdb6d1f752d608169a3905b69d114ce6f57" remote="REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest
    

    All other docker commands run fine. Only pulling images from an ECR private repo while using DOCKER_HOST fails.

    Steps to reproduce the issue:

    1. Created a new EC2 instance (has role attached which allows pulling from ECR private registry)
    2. SSH-ed into instance and installed Docker with amazon-linux-extras install docker -y, usermod -a -G docker ec2-user, systemctl enable --now docker
    3. Configured amazon-ecr-credential-helper with yum install amazon-ecr-credential-helper and then created config.json in ~/.docker/config.json with the contents:
    {
    	"credsStore": "ecr-login"
    }
    
    1. Run docker pull image REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest on instance. Works.
    2. Add remote machine's public key to authorized_hosts
    3. From remote machine, run export DOCKER_HOST=ssh://[email protected] and then docker image pull REDACT.dkr.ecr.us-east-1.amazonaws.com/app:latest

    Describe the results you received:

    Error response from daemon: Head "https://REDACT.dkr.ecr.us-east-1.amazonaws.com/v2/app/manifests/latest": no basic auth credentials
    

    Describe the results you expected: Image should have pulled successfully, just like it works when running the command from inside the instance

    Additional information you deem important (e.g. issue happens only occasionally):

    • I have tried with multiple remote hosts, the pull doesn't work
    • Tried pulling a public image export DOCKER_HOST=ssh://[email protected] and then docker image pull nginx:alpine. Works.
    • Tried setting export DOCKER_CONFIG=/home/ec2-user/.docker as mentioned in this fix. Still din't work.

    Output of docker version:

    Client:
     Version:           20.10.13
     API version:       1.41
     Go version:        go1.16.15
     Git commit:        a224086
     Built:             Thu Mar 31 19:20:32 2022
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server:
     Engine:
      Version:          20.10.13
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.16.15
      Git commit:       906f57f
      Built:            Thu Mar 31 19:21:13 2022
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.13
      GitCommit:        9cc61520f4cd876b86e77edfeb88fbcd536d1f9d
     runc:
      Version:          1.0.3
      GitCommit:        f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0)
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
      scan: Docker Scan (Docker Inc., v0.8.0)
    
    Server:
     Containers: 0
      Running: 0
      Paused: 0
      Stopped: 0
     Images: 1
     Server Version: 20.10.13
     Storage Driver: overlay2
      Backing Filesystem: xfs
      Supports d_type: true
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 9cc61520f4cd876b86e77edfeb88fbcd536d1f9d
     runc version: f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe
     init version: de40ad0
     Security Options:
      seccomp
       Profile: default
     Kernel Version: 5.10.112-108.499.amzn2.x86_64
     Operating System: Amazon Linux 2
     OSType: linux
     Architecture: x86_64
     CPUs: 2
     Total Memory: 7.685GiB
     Name: ip-172-21-32-154.us-east-1.compute.internal
     ID: TH6V:7WR4:4C2S:NJ4V:KZX6:NOOD:IJ2E:2NLV:BVLE:UW45:VBNN:BV6U
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
    

    Additional environment details (AWS, VirtualBox, physical, etc.):

    • AWS EC2
    • Remote host: 1. macOS, 2. Debian 10
    opened by jetxr 0
  • Can not update block I/O in docker update.

    Can not update block I/O in docker update.

    I would like to update --blkio-weight in docker. Howerver, I get the error

    Steps to reproduce the issue:

    1. docker run -itd --name redis6.2 -p 6379:6379 redis:6.2
    2. docker update --blkio-weight 100 redis6.2

    Describe the results you received: redis6.2 Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.

    Describe the results you expected: redis6.2

    Output of docker version:

    Client: Docker Engine - Community
     Version:           20.10.16
     API version:       1.41
     Go version:        go1.17.10
     Git commit:        aa7e414
     Built:             Thu May 12 09:17:23 2022
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server: Docker Engine - Community
     Engine:
      Version:          20.10.16
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.17.10
      Git commit:       f756502
      Built:            Thu May 12 09:15:28 2022
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.6.4
      GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
     runc:
      Version:          1.1.1
      GitCommit:        v1.1.1-0-g52de29d
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    

    Output of docker info:

    Client:
     Context:    default
     Debug Mode: false
     Plugins:
      app: Docker App (Docker Inc., v0.9.1-beta3)
      buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
      scan: Docker Scan (Docker Inc., v0.17.0)
    
    Server:
     Containers: 4
      Running: 2
      Paused: 0
      Stopped: 2
     Images: 14
     Server Version: 20.10.16
     Storage Driver: overlay2
      Backing Filesystem: extfs
      Supports d_type: true
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Cgroup Version: 1
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
     runc version: v1.1.1-0-g52de29d
     init version: de40ad0
     Security Options:
      apparmor
      seccomp
       Profile: default
     Kernel Version: 5.4.0-89-generic
     Operating System: Ubuntu 20.04.4 LTS
     OSType: linux
     Architecture: x86_64
     CPUs: 6
     Total Memory: 7.775GiB
     Name: bEtGZz0x
     ID: PDEQ:QYGO:JXVT:FYPQ:NZO7:PU66:J2CP:4RRS:TL6N:AGCR:OGZE:SH5K
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Registry Mirrors:
      https://nexus.cloudcontrolsystems.cn/
     Live Restore Enabled: false
    
    WARNING: No swap limit support
    

    Additional environment details (AWS, VirtualBox, physical, etc.): Ubuntu 20.04.4 LTS both in VirtualBox and physical

    opened by RuifMaxx 0
  • fix docker-proxy defunct

    fix docker-proxy defunct

    Signed-off-by: ningmingxiao [email protected]

    - What I did

    [[email protected] ~]# cat /etc/docker/daemon.json
    {
    "userland-proxy": true
    }
    
    [[email protected] ~]# docker run -itd  -p 127.0.0.1:50001:5000 busybox   sh
    d7dde92c36249c7f9c32c626c24c1ac6a88c9ff826888b0f8d7f3888fcc29db9
    

    [[email protected] ~]# ps -auxf

    root       2467  0.1  2.3 1055896 43820 ?       Ssl  12:40   0:00 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
    root       2803  0.0  0.2 103364  5080 ?        Sl   12:42   0:00  \_ /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 50001 -container-ip 172.17.0.3 -container-port 5000
    

    [[email protected] ~]# kill -9 2803 (2803 is pid of docker-proxy )

    root       2467  0.0  2.4 1055896 45588 ?       Ssl  12:40   0:00 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
    root       2803  0.0  0.0      0     0 ?        Z    12:42   0:00  \_ [docker-proxy] <defunct>
    

    docker-proxy will not be recycled by dockerd

    status/2-code-review area/networking kind/bugfix 
    opened by ningmingxiao 0
  • volume: mask password in cifs mount error messages

    volume: mask password in cifs mount error messages

    In managed environment (such as Nomad clusters), users are not always supposed to see credentials used to mount volumes. However, if errors occur (most commonly, misspelled mount paths), the error messages will output the full mount command -- which might contain a username and a password in the case of CIFS mounts.

    This PR detects password=... when error messages are wrapped and masks them with ********.

    Closes https://github.com/fsouza/go-dockerclient/issues/905. Closes https://github.com/hashicorp/nomad/issues/12296. Closes https://github.com/moby/moby/issues/43596.

    Signed-off-by: Sebastian Höffner [email protected]

    - What I did In the error handler for cifs mounts, password=... will be masked with ******** in user facing error messages.

    - How I did it

    • Added func getPassword(opts string) string in line with getAddr (could potentially be refactored into something such as func getOption(opt string, opts string) string)
    • Added unit tests for getPassword
    • Replaced password=[detectedPassword] with password=********

    - How to verify it Was:

    $ docker volume create --driver local --opt type=cifs --opt "o=username=shoeffner,password=supersecretpassword,iocharset=utf8,file_mode=0777,dir_mode=0777" --opt device=//192.168.1.2/Public cifstest
    $ docker run --rm -it -v cifstest:/themnt busybox bash
    docker: Error response from daemon: error while mounting volume '/var/lib/docker/volumes/cifstest/_data': failed to mount local volume: mount //192.168.1.2/Public:/var/lib/docker/volumes/cifstest/_data, data: username=shoeffner,password=supersecretpassword,iocharset=utf8,file_mode=0777,dir_mode=0777: permission denied.
    

    Is:

    $ docker volume create --driver local --opt type=cifs --opt "o=username=shoeffner,password=supersecretpassword,iocharset=utf8,file_mode=0777,dir_mode=0777" --opt device=//192.168.1.2/Public cifstest
    $ docker run --rm -it -v cifstest:/themnt busybox bash
    docker: Error response from daemon: error while mounting volume '/var/lib/docker/volumes/cifstest/_data': failed to mount local volume: mount //192.168.1.2/Public:/var/lib/docker/volumes/cifstest/_data, data: username=shoeffner,password=********,iocharset=utf8,file_mode=0777,dir_mode=0777: permission denied.
    

    - Description for the changelog

    Passwords in user facing error messages for CIFS mounts are masked.

    - A picture of a cute animal (not mandatory but encouraged)

    image https://www.pexels.com/photo/cold-nature-cute-ice-52509/

    opened by shoeffner 4
Releases(v20.10.16)
  • v20.10.16(May 12, 2022)

    This release of Docker Engine fixes a regression in the Docker CLI builds for macOS, fixes an issue with docker stats when using containerd 1.5 and up, and updates the Go runtime to include a fix for CVE-2022-29526.

    Client

    Daemon

    • Fix an issue where docker stats was showing empty stats when running with containerd 1.5.0 or up moby/moby#43567.
    • Update the golang.org/x/sys build-time dependency which contains a fix for CVE-2022-29526.

    Packaging

    • Update Go runtime to 1.17.10, which contains a fix for CVE-2022-29526.
    • Use "weak" dependencies for the docker scan CLI plugin, to prevent a "conflicting requests" error when users performed an off-line installation from downloaded RPM packages docker/docker-ce-packaging#659.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.15(May 5, 2022)

    This release of Docker Engine comes with updated versions of the compose, buildx, containerd, and runc components, as well as some minor bugfixes.

    Daemon

    • Use a RWMutex for stateCounter to prevent potential locking congestion moby/moby#43426.
    • Prevent an issue where the daemon was unable to find an available IP-range in some conditions moby/moby#43360

    Packaging

    • Update Docker Compose to v2.5.0.
    • Update Docker Buildx to v0.8.2.
    • Update Go runtime to 1.17.9.
    • Update containerd (containerd.io package) to v1.6.4.
    • Update runc version to v1.1.1.
    • Add packages for CentOS 9 stream and Fedora 36.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.14(Mar 24, 2022)

    This release of Docker Engine updates the default inheritable capabilities for containers to address CVE-2022-24769, a new version of the containerd.io runtime is also included to address the same issue.

    Daemon

    • Update the default inheritable capabilities.

    Builder

    • Update the default inheritable capabilities for containers used during build.

    Packaging

    • Update containerd (containerd.io package) to v1.5.11.
    • Update docker buildx to v0.8.1.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.13(Mar 10, 2022)

    This release of Docker Engine contains some bug-fixes and packaging changes, updates to the docker scan and docker buildx commands, an updated version of the Go runtime, and new versions of the containerd.io runtime. Together with this release, we now also provide .deb and .rpm packages of Docker Compose V2, which can be installed using the (optional) docker-compose-plugin package.

    Builder

    • Updated the bundled version of buildx to v0.8.0.

    Daemon

    • Fix a race condition when updating the container's state moby/moby#43166.
    • Update the etcd dependency to prevent the daemon from incorrectly holding file locks moby/moby#43259
    • Fix detection of user-namespaces when configuring the default net.ipv4.ping_group_range sysctl moby/moby#43084.

    Distribution

    • Retry downloading image-manifests if a connection failure happens during image pull moby/moby#43333.

    Documentation

    • Various fixes in command-line reference and API documentation.

    Logging

    • Prevent an OOM when using the "local" logging driver with containers that produce a large amount of log messages moby/moby#43165.
    • Updates the fluentd log driver to prevent a potential daemon crash, and prevent containers from hanging when using the fluentd-async-connect=true and the remote server is unreachable moby/moby#43147.

    Packaging

    • Provide .deb and .rpm packages for Docker Compose V2. Docker Compose v2.3.3 can now be installed on Linux using the docker-compose-plugin packages, which provides the docker compose subcommand on the Docker CLI. The Docker Compose plugin can also be installed and run standalone to be used as a drop-in replacement for docker-compose (Docker Compose V1) docker/docker-ce-packaging#638. The compose-cli-plugin package can also be used on older version of the Docker CLI with support for CLI plugins (Docker CLI 18.09 and up).
    • Provide packages for the upcoming Ubuntu 22.04 "Jammy Jellyfish" LTS release docker/docker-ce-packaging#645, docker/containerd-packaging#271.
    • Update docker buildx to v0.8.0.
    • Update docker scan (docker-scan-plugin) to v0.17.0.
    • Update containerd (containerd.io package) to v1.5.10.
    • Update the bundled runc version to v1.0.3.
    • Update Golang runtime to Go 1.16.15.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.12(Jan 10, 2022)

  • v20.10.11(Nov 18, 2021)

    20.10.11

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

    Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

    Distribution

    Windows

    Packaging

    Source code(tar.gz)
    Source code(zip)
  • v20.10.10(Oct 25, 2021)

    20.10.10

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

    Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server.

    Builder

    • Fix platform-matching logic to fix docker build using not finding images in the local image cache on Arm machines when using BuildKit moby/moby#42954

    Runtime

    • Add support for clone3 syscall in the default seccomp policy to support running containers based on recent versions of Fedora and Ubuntu. moby/moby/#42836.
    • Windows: update hcsshim library to fix a bug in sparse file handling in container layers, which was exposed by recent changes in Windows moby/moby#42944.
    • Fix some situations where docker stop could hang forever moby/moby#42956.

    Swarm

    • Fix an issue where updating a service did not roll back on failure moby/moby#42875.

    Packaging

    • Add packages for Ubuntu 21.10 "Impish Indri" and Fedora 35.
    • Update docker scan to v0.9.0
    • Update Golang runtime to Go 1.16.9.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.9(Oct 4, 2021)

    This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package and the Go runtime.

    Client

    • CVE-2021-41092 Ensure default auth config has address field set, to prevent credentials being sent to the default registry.

    Runtime

    • CVE-2021-41089 Create parent directories inside a chroot during docker cp to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.
    • CVE-2021-41091 Lock down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

    Packaging

    • Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221 and CVE-2021-39293
    • Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address CVE-2021-41103.
    • Update the bundled buildx version to v0.6.3 for rpm and deb packages.
    Source code(tar.gz)
    Source code(zip)
  • v20.10.8(Aug 4, 2021)

    20.10.8

    IMPORTANT

    Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs. Refer to the HTTP/HTTPS proxy section in the documentation to learn how to configure the Docker Daemon to use a proxy server.

    Deprecation

    • Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. docker/cli#3219
    • Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes, support for Kubernetes in the stack and context commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release docker/cli#3174.

    Client

    • Fix Invalid standard handle identifier errors on Windows docker/cli#3132.

    Rootless

    • Avoid can't open lock file /run/xtables.lock: Permission denied error on SELinux hosts moby/moby#42462.
    • Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#42462.
    • Fix x509: certificate signed by unknown authority error on openSUSE Tumbleweed moby/moby#42462.

    Runtime

    • Print a warning when using the --platform option to pull a single-arch image that does not match the specified architecture moby/moby#42633.
    • Fix incorrect Your kernel does not support swap memory limit warning when running with cgroups v2 moby/moby#42479.
    • Windows: Fix a situation where containers were not stopped if HcsShutdownComputeSystem returned an ERROR_PROC_NOT_FOUND error moby/moby#42613

    Swarm

    • Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs moby/moby#42538
    • Fix a deadlock in log broker ("dispatcher is stopped") moby/moby#42537

    Packaging

    Known issue

    The ctr binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the libc6-compat package, or download a previous version of the ctr binary as a workaround. Refer to the containerd ticket related to this issue for more details: containerd/containerd#5824.

    Source code(tar.gz)
    Source code(zip)
  • v20.10.7(Jun 2, 2021)

    20.10.7

    Client

    • Suppress warnings for deprecated cgroups docker/cli#3099.
    • Prevent sending SIGURG signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses SIGURG signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore SIGURG signals docker/cli#3107, moby/moby#42421.

    Builder

    • Update BuildKit to version v0.8.3-3-g244e8cde moby/moby#42448:
      • Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. moby/buildkit#2137.
      • Add retry on image push 5xx errors. moby/buildkit#2043.
      • Fix build-cache not being invalidated when renaming a file that is copied using a COPY command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. moby/buildkit#2018.
      • Fix build-cache not being invalidated when using mounts moby/buildkit#2076.
    • Fix build failures when FROM image is not cached when using legacy schema 1 images moby/moby#42382.

    Logging

    • Update the hcsshim SDK to make daemon logs on Windows less verbose moby/moby#42292.

    Rootless

    • Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled moby/moby#42352.

    Networking

    • Update libnetwork to fix publishing ports on environments with kernel boot parameter ipv6.disable=1, and to fix a deadlock causing internal DNS lookups to fail moby/moby#42413.

    Contrib

    • Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the slirp4netns port driver moby/moby#42294.
    • Fix "Device or resource busy" errors when running docker-in-docker on a rootless daemon moby/moby#42342.

    Packaging

    Source code(tar.gz)
    Source code(zip)
  • v20.10.6(Apr 14, 2021)

  • v20.10.5(Mar 3, 2021)

  • v20.10.4(Feb 28, 2021)

    release notes: https://docs.docker.com/engine/release-notes/#20104

    20.10.4

    Builder

    • Fix incorrect cache match for inline cache import with empty layers moby/moby#42061
    • Update BuildKit to v0.8.2 moby/moby#42061
      • resolver: avoid error caching on token fetch
      • fileop: fix checksum to contain indexes of inputs preventing certain cache misses
      • Fix reference count issues on typed errors with mount references (fixing invalid mutable ref errors)
      • git: set token only for main remote access allowing cloning submodules with different credentials
    • Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run builder prune moby/moby#42065
    • Fix parallel pull synchronization regression moby/moby#42049
    • Ensure libnetwork state files do not leak moby/moby#41972

    Client

    • Fix a panic on docker login if no config file is present docker/cli#2959
    • Fix WARNING: Error loading config file: .dockercfg: $HOME is not defined docker/cli#2958

    Runtime

    Logger

    • Honor labels-regex config even if labels is not set moby/moby#42046
    • Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB mobymoby#41975

    Rootless

    Security

    Swarm

    • Fix issue with heartbeat not persisting upon restart moby/moby#42060
    • Fix potential stalled tasks moby/moby#42060
    • Fix --update-order and --rollback-order flags when only --update-order or --rollback-order is provided docker/cli#2963
    • Fix docker service rollback returning a non-zero exit code in some situations docker/cli#2964
    • Fix inconsistent progress-bar direction on docker service rollback docker/cli#2964
    Source code(tar.gz)
    Source code(zip)
  • v20.10.3(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/#20103

    20.10.3

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    • Windows: prevent executing certain binaries from current directory docker/cli#2950
    Source code(tar.gz)
    Source code(zip)
  • v19.03.15(Feb 2, 2021)

    Release notes: https://docs.docker.com/engine/release-notes/19.03/#190315

    Security

    • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
    • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
    • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

    Client

    • Check contexts before importing them to reduce risk of extracted files escaping context store
    Source code(tar.gz)
    Source code(zip)
  • v20.10.2(Jan 5, 2021)

  • v20.10.1(Dec 15, 2020)

  • v20.10.0(Dec 9, 2020)

  • v19.03.14(Dec 2, 2020)

    For official release notes for Docker Engine CE and Docker Engine EE, visit the release notes page.

    Security

    • CVE-2020-15257: Update bundled static binaries of containerd to v1.3.9 moby/moby#41731. Package managers should update the containerd.io package.

    Builder

    • Beta versions of apparmor are now parsed correctly preventing build failures moby/moby#41542

    Networking

    Runtime

    Rootless

    • Lock state dir for preventing automatic clean-up by systemd-tmpfiles moby/moby#41635
    • dockerd-rootless.sh: support new containerd shim socket path convention moby/moby#41557

    Logging

    Source code(tar.gz)
    Source code(zip)
  • v19.03.13(Sep 17, 2020)

  • v19.03.12(Jun 30, 2020)

  • v19.03.11(Jun 4, 2020)

  • v19.03.10(May 29, 2020)

  • v19.03.9(May 28, 2020)

  • v19.03.8(Apr 9, 2020)

  • v17.03.2-ce(Jun 28, 2017)

    17.03.2-ce (2017-06-27)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.03.2-ce-rc1(May 30, 2017)

    17.03.2-ce (2017-05-29)

    Networking

    • Fix a concurrency issue preventing network creation #33273

    Runtime

    • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
    • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
    • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
    • Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
    • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
    • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
    • Fix an issue with backporting mount spec to older volumes #33207
    • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

    Swarm Mode

    • Fix a case where tasks could get killed unexpectedly #33118
    • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

    Downloads

    Docker CE 17.03.2-rc1 is available from the Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce(May 5, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-04)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://get.docker.com/ | sh Linux 64bits tgz: https://get.docker.com/builds/Linux/x86_64/docker-17.05.0-ce.tgz Darwin/OSX 64bits client tgz: https://get.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce.tgz Linux 32bits arm tgz: https://get.docker.com/builds/Linux/armel/docker-17.05.0-ce.tgz Windows 64bits zip: https://get.docker.com/builds/Windows/x86_64/docker-17.05.0-ce.zip Windows 32bits client zip: https://get.docker.com/builds/Windows/i386/docker-17.05.0-ce.zip

    Note: those packages won't be updated for the next releases. Get Docker CE from Docker Store

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc3(May 3, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc3.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc3.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc3.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc3.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc3.zip

    Source code(tar.gz)
    Source code(zip)
  • v17.05.0-ce-rc2(Apr 27, 2017)

    Changelog

    Items starting with DEPRECATE are important deprecation notices. For more information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found.

    17.05.0-ce (2017-05-03)

    Builder

    • Add multi-stage build support #31257 #32063
    • Allow using build-time args (ARG) in FROM #31352
    • Add an option for specifying build target #32496
    • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
    • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
    • Fix setting command if a custom shell is used in a parent image #32236
    • Fix docker build --label when the label includes single quotes and a space #31750

    Client

    • Add --mount flag to docker run and docker create #32251
    • Add --type=secret to docker inspect #32124
    • Add --format option to docker secret ls #31552
    • Add --filter option to docker secret ls #30810
    • Add --filter scope=<swarm|local> to docker network ls #31529
    • Add --cpus support to docker update #31148
    • Add label filter to docker system prune and other prune commands #30740
    • docker stack rm now accepts multiple stacks as input #32110
    • Improve docker version --format option when the client has downgraded the API version #31022
    • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
    • Display created tags on successful docker build #32077
    • Cleanup compose convert error messages #32087

    Contrib

    • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

    Daemon

    • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
    • Cleanup docker tmp dir on start #31741
    • Deprecate --graph flag in favor or --data-root #28696

    Logging

    • Add support for logging driver plugins #28403
    • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
    • Add --log-opt env-regex option to match environment variables using a regular expression #27565

    Networking

    • Allow user to replace, and customize the ingress network #31714
    • Fix UDP traffic in containers not working after the container is restarted #32505
    • Fix files being written to /var/lib/docker if a different data-root is set #32505

    Runtime

    • Ensure health probe is stopped when a container exits #32274

    Swarm Mode

    • Add update/rollback order for services (--update-order / --rollback-order) #30261
    • Add support for synchronous service create and service update #31144
    • Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
    • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
    • docker service inspect now shows default values for fields that are not specified by the user #32284
    • Move docker service logs out of experimental #32462
    • Add support for Credential Spec and SELinux to services to the API #32339
    • Add --entrypoint flag to docker service create and docker service update #29228
    • Add --network-add and --network-rm to docker service update #32062
    • Add --credential-spec flag to docker service create and docker service update #32339
    • Add --filter mode=<global|replicated> to docker service ls #31538
    • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
    • Add --format option to docker node ls #30424
    • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
    • Add PORTS column for docker service ls when using ingress mode #30813
    • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
    • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
    • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

    Security

    • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

    Deprecation

    • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
    • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

    Downloads

    deb/rpm install: curl -fsSL https://test.docker.com/ | sh Linux 64bits tgz: https://test.docker.com/builds/Linux/x86_64/docker-17.05.0-ce-rc2.tgz Darwin/OSX 64bits client tgz: https://test.docker.com/builds/Darwin/x86_64/docker-17.05.0-ce-rc2.tgz Linux 32bits arm tgz: https://test.docker.com/builds/Linux/armel/docker-17.05.0-ce-rc2.tgz Windows 64bits zip: https://test.docker.com/builds/Windows/x86_64/docker-17.05.0-ce-rc2.zip Windows 32bits client zip: https://test.docker.com/builds/Windows/i386/docker-17.05.0-ce-rc2.zip

    Source code(tar.gz)
    Source code(zip)
Owner
Moby
An open framework to assemble specialized container systems without reinventing the wheel.
Moby
An efficient Go Rapid Product Assembly system used within the Bhojpur.NET Platform ecosystem.

Bhojpur GoRPA - Builder, Packager, Assembler An efficient Go-based Rapid Product Assembly software tool used within the Bhojpur.NET Platform ecosystem

Bhojpur Consulting 0 Apr 28, 2022
godesim Simulate complex systems with a simple API.

godesim Simulate complex systems with a simple API. Wrangle non-linear differential equations while writing maintainable, simple code. Why Godesim?

Patricio Whittingslow 19 Mar 5, 2022
F' - A flight software and embedded systems framework

F´ (F Prime) is a component-driven framework that enables rapid development and deployment of spaceflight and other embedded software applications.

NASA 8.9k May 17, 2022
IBus Engine for GoVarnam. An easy way to type Indian languages on GNU/Linux systems.

IBus Engine For GoVarnam An easy way to type Indian languages on GNU/Linux systems. goibus - golang implementation of libibus Thanks to sarim and haun

Varnamproject 10 Feb 10, 2022
Distributed Systems 2021 -- Miniproject 3

Mini_Project3 == A Distributed Auction System == You must implement a distributed auction system using replication: a distributed component which hand

null 0 Dec 1, 2021
A simple tool to send binary data over a serial port. Designed for use with my retro computer systems.

Colin's Transfer Tool This is a really basic tool to transfer firmware files to my retro computer systems over a serial port. This removes the need fo

Colin Maykish 0 Dec 21, 2021
Ghdl - A much more convenient way to download GitHub release binaries on the command line, works on Win & Unix-like systems

ghdl Memorize ghdl as github download ghdl is a fast and simple program (and als

beet 43 Apr 24, 2022
A getting-started project based on asynq.

README QuickStart Make sure Redis run on localhost:6379. cd workers && go run workers.go cd client && go run client.go We can run client.go first the

wjjiang 1 Apr 2, 2022
This Go based project of Aadhyarupam Innovators demonstrate the code examples for building microservices, integration with cloud services (Google Cloud Firestore), application configuration management (Viper) etc.

This Go based project of Aadhyarupam Innovators demonstrate the code examples for building microservices, integration with cloud services (Google Cloud Firestore), application configuration management (Viper) etc.

Aadhyarupam 0 Jan 31, 2022
Complete container management platform

Rancher Rancher is an open source project that provides a container management platform built for organizations that deploy containers in production.

Rancher 19.2k May 22, 2022
Generate random, pronounceable, sometimes even memorable, "superhero like" codenames - just like Docker does with container names.

Codename an RFC1178 implementation to generate pronounceable, sometimes even memorable, "superheroe like" codenames, consisting of a random combinatio

Luca Sepe 81 May 12, 2022
Monitoring Go application inside docker container by InfluxDB, Telegraf, Grafana

REST API for TreatField app Docker compose for TIG and Golang simple app: https://github.com/tochytskyi/treatfield-api/blob/main/docker-compose.yml Gr

Volodymyr Tochytskyi 0 Nov 6, 2021
Generic-list-go - Go container/list but with generics

generic-list-go Go container/list but with generics. The code is based on contai

Arne Bahlo 5 May 16, 2022
Placeholder for the future project (lets-go-chat)Placeholder for the future project (lets-go-chat)

Placeholder for the future project (lets-go-chat)Placeholder for the future project (lets-go-chat)

null 0 Jan 10, 2022
Flow-based and dataflow programming library for Go (golang)

GoFlow - Dataflow and Flow-based programming library for Go (golang) Status of this branch (WIP) Warning: you are currently on v1 branch of GoFlow. v1

Vladimir Sibirov 1.4k May 18, 2022
GObject-introspection based bindings generator

WARNING! This project is no longer maintained. Probably doesn't even compile. GObject-introspection based bindings generator for Go. Work in progress

null 47 Jan 5, 2022
Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.

yubigo Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubikey into any Go application. Installation Installation is

Geert-Johan Riemer 119 Apr 28, 2022
A Go based HTTP Botnet

Second interation of GoBot, https://github.com/SaturnsVoid/GoBot2 GoBot GoBot is a project i am working on as i learn Go. GoBot is a PoC(Proof of Conc

Adam 106 Apr 17, 2022
Generate spreadsheets based on GitHub contributions

pullsheet generates a CSV (comma separated values) & HTML output about GitHub activity across a series of repositories.

Google 50 Mar 31, 2022