[pull] master from moby:master #1404
Open
+1,213,432
−487,649
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
c8d/pull: Show progress for non-layer blobs
Signed-off-by: Albin Kerouanton <[email protected]>
Signed-off-by: Albin Kerouanton <[email protected]>
This fix address issues where the scanner was unable to properly parse longer outputs from /proc/stat. This could happen on an ARM machine with large amount of CPU cores (and interrupts). By switching to reader we have more control over data parsing and dump unnecessary data Signed-off-by: Patrik Leifert <[email protected]>
Signed-off-by: Albin Kerouanton <[email protected]>
image/inspect: Add platform selection
…ndpointStore libnet: de-flake TestEndpointStore and TestNetworkStore
no changes in vendored files full diff: moby/sys@6e2523c...atomicwriter/v0.1.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Report FirewallBackend in "docker info". It's currently "iptables" or "iptables+firewalld" on Linux, and omitted on Windows. Signed-off-by: Rob Murray <[email protected]>
…_stat Fix docker stats parsing with large amount of interrupts
Add Info.FirewallBackend
- registry.ServiceConfig: add a "ExtraFields" for outputting deprecated fields. - remove uses of AllowNondistributableArtifactsCIDRs and AllowNondistributableArtifactsHostnames Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor: github.com/moby/sys/atomicwriter v0.1.0
registry: wire up contexts in some places, and remove some intermediate vars
Add utils for manipulating nftables rules
Using iptables.OnReloaded to restore individual per-network rules on firewalld reload means rules for deleted networks pop back in to existence (because there was no way to delete the callbacks on network-delete). So, on firewalld reload, walk over current networks and ask them to restore their iptables rules. Signed-off-by: Rob Murray <[email protected]>
Signed-off-by: Rob Murray <[email protected]>
Signed-off-by: Rob Murray <[email protected]>
Signed-off-by: CrazyMax <[email protected]>
Stop firewalld reload re-creating rules for deleted networks
dockerfile: dind target to build docker image for testing
api: /info: omit non-distributable-artifacts fields for API >= 1.49
These fields were deprecated in ff191c5, and are now omitted. Signed-off-by: Sebastiaan van Stijn <[email protected]>
- pkg/archive: deprecate, and add aliases
Keeping the tests in this commit; also moves various utilities
into a _test.go file, as they were now only used in tests.
- pkg/chrootarchive: deprecate and add aliase
deprecate pkg/archive and add aliases
keeping the tests in this commit
- Add temporary exceptions for deprecation linting errors, because
this commit is to verify everything works with the aliases.
- remove tests that depend on un-exported types
=== RUN TestDisablePigz
--- FAIL: TestDisablePigz (0.00s)
panic: interface conversion: io.Reader is *archive.readCloserWrapper, not *archive.readCloserWrapper (types from different packages) [recovered]
- pkg/archive, pkg/chrootarchive: remove test files
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Derek McGowan <[email protected]>
Signed-off-by: Derek McGowan <[email protected]>
Update use of idtools to moby/user for archive and other deprecated uses Signed-off-by: Derek McGowan <[email protected]>
Since commit `eaa84bc`, when a container joins a network, we broadcast unsolicited ARP/NAs to other containers connected to that network. The initial advertisement is sent synchronously, and then remaining advertisements (by default, 2) are sent asynchronously at a regular interval (by default, 1 second). An OTel span records the time spent sending subsequent advertisements, but it's attached to the parent span `libnetwork.osl.AddInterface` so it affects the overall latency reported by the trace. The real latency (i.e. excluding the latency of that asynchronous process), is pretty much what CLI users perceive, so it's an important measure. It's available on the top-most span in the trace, but limiting the trace to the real time taken by the Engine to process the HTTP request seems better. With this change, the initial advertisement is now tracked by a dedicated span, and a new independent trace (containing a single span) is created and linked to the 'initial' span / HTTP trace. Signed-off-by: Albin Kerouanton <[email protected]>
Plumb context from the API down to libnet driver method `CreateNetwork`, and add an OTel span to the bridge driver's `createNetwork` method. Include a few attributes describing the network configuration (e.g. IPv4/IPv6, ICC, internal and MTU). A new util function, `RecordStatus`, is added to the `otelutil` package to easily record any error, and update the span status accordingly. Signed-off-by: Albin Kerouanton <[email protected]>
Signed-off-by: Jonathan A. Sternberg <[email protected]>
vendor: github.com/moby/buildkit v0.21.1
trusted_host_interface have access to published ports on container addresses - enabling direct routing to the container via those interfaces. Signed-off-by: Rob Murray <[email protected]>
Signed-off-by: Rob Murray <[email protected]>
Per-network option com.docker.network.bridge.trusted-host-interfaces accepts a list of interfaces that are allowed to route directly to a container's published ports in a bridge network with nat enabled. This daemon level option disables direct access filtering, enabling direct access to published ports on container addresses in all bridge networks, via all host interfaces. It overlaps with short-term env-var workaround: DOCKER_INSECURE_NO_IPTABLES_RAW=1 - it does not allow packets sent from outside the host to reach ports published only to 127.0.0.1 - it will outlive iptables (the workaround was initially intended for hosts that do not have kernel support for the "raw" iptables table). Signed-off-by: Rob Murray <[email protected]>
Allow direct routing to container ports from trusted interfaces
daemon/*: reduce named (error)-returns, naked returns, and some minor linting-fixes
vendor: github.com/opencontainers/runtime-spec v1.2.1
vendor: github.com/spf13/cobra v1.9.1
man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.7
fix various "no shadow" linting issues (govet)
config: set buildkit gc enabled to default to true
Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
… == -1 Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
…..)) Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Matthieu MOREL <[email protected]>
fix staticcheck linting issues for golangci-lint v2
Signed-off-by: Austin Vazquez <[email protected]>
…-05-01-2025 project: update status of branches for Moby 28.x
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )