Hash the container ID, mount source and destination together to form a
layer name.
This ensures the generated names are filesystem-friendly and don't
exceed path length limits while maintaining uniqueness across different
mount points and containers.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
When attempting to read a (malformed) resolv.conf with a very long line,
a obscure error would be produced that didn't provide much context to
identify the problem;
Handler for POST /v1.51/containers/mariadb11/start returned error: bufio.Scanner: token too long
This patch adds some additional error-handling to detect this situation,
and includes the filename of the resolv.conf to help the user locating
the file that failed to be parsed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "param" field was only used to generate the error-message, and the
produced error-message was missing a space so we may as well just inline it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add nil check before calling EventsService.Close() to prevent panic
when daemon.EventsService is not initialized during shutdown.
Signed-off-by: jinda.ljd <jinda.ljd@alibaba-inc.com>
The test was failing on Windows because it used Unix-style paths and
relied on platform-specific filesystem behavior.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Restriction on anonymouse read-only volumes is currently preventing
the use of pre-populated volumes that should be accessed in a read-only manner in a container
(e.g. an NFS volume containing data to be processed or served).
According to @neersighted the restriction may have originally been put
in place with the assumption that pre-populated volumes would be
exposed as a named volume by the volume driver.
In practice, NFS volumes are mounted using the docker `local` driver
by supplying driver opts. Example that fails when `readonly` is specified but works without:
```
docker run --rm -it \
--mount 'readonly,type=volume,dst=/data/dest,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/export/some-share,"volume-opt=o=nfsvers=4,addr=some.server"' \
debian
```
Fixes#45297
Signed-off-by: Shane St Savage <shane@axds.co>
This check was added in 14c5cd377d to prevent
passing `nil` as type (`GenerateFromModel[nil](....)`), however, `nil` is not
a type, so trying to do so won't compile. Even if it would, it would be
theoretical at best, so let's just remove it.
fix linting:
daemon/libnetwork/options/options.go:57:13: SA4023(related information): the lhs of the comparison is the 1st return value of this function call (staticcheck)
modType := reflect.TypeFor[T]()
^
daemon/libnetwork/options/options.go:58:5: SA4023: this comparison is never true (staticcheck)
if modType == nil {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some false positives from gosec (G602: slice index out of range)
integration-cli/daemon/daemon.go:109:1: deprecatedComment: `Deprecated: ` notices should be in a dedicated paragraph, separated from the rest (gocritic)
// Deprecated: use cli.WaitCmd instead
^
integration-cli/docker_cli_build_test.go:562:3: dupOption: function argument `build.WithFile("test_file3", "test3")` is duplicated (gocritic)
build.WithFile("test_file3", "test3"),
^
integration-cli/docker_utils_test.go:250:1: deprecatedComment: `Deprecated: ` notices should be in a dedicated paragraph, separated from the rest (gocritic)
// Deprecated: use cli.WaitFor
^
daemon/libnetwork/ipams/defaultipam/address_space.go:45:39: G602: slice index out of range (gosec)
if predefined[j].Overlaps(predefined[i].Base) {
^
daemon/libnetwork/ipams/defaultipam/address_space.go:49:29: G602: slice index out of range (gosec)
predefined[j] = predefined[i]
^
daemon/libnetwork/libnetwork_linux_test.go:1492:9: G602: slice index out of range (gosec)
sboxes[thd-1], err = controller.NewSandbox(context.Background(), fmt.Sprintf("%drace", thd))
^
daemon/libnetwork/networkdb/cluster_test.go:111:21: G602: slice index out of range (gosec)
mean, stdev := nf[0], nf[1]
^
daemon/libnetwork/osl/interface_linux.go:586:54: G602: slice index out of range (gosec)
log.G(ctx).WithField("portState", stateFileContent[0]).Debug("waiting for bridge port to be forwarding")
^
daemon/libnetwork/osl/interface_linux.go:594:32: G602: slice index out of range (gosec)
"portState": stateFileContent[0],
^
daemon/libnetwork/portallocator/osallocator_linux_test.go:358:13: G602: slice index out of range (gosec)
if payload[0] != 0x1 {
^
daemon/libnetwork/portallocator/osallocator_linux_test.go:359:68: G602: slice index out of range (gosec)
readCh <- fmt.Errorf("expected payload 0x1, but got %x", payload[0])
^
daemon/logger/gelf/gelf_test.go:197:9: nilness: impossible condition: nil != nil (govet)
if err != nil {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The /grpc and /session endpoints are now deprecated as the Engine has
been upgraded to properly support HTTP/2 and h2c requests, making these
specialized endpoints unnecessary.
These endpoints will be removed in the next major API version to
complete the cleanup.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
When logging an unmarshal failure in the registry error handling code,
the function was incorrectly logging the uninitialized `derrs` variable
instead of the actual JSON unmarshal error `jerr`.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Add cleanup for the init layer directory if any operation fails after
driver.CreateReadWrite() succeeds in initMount(). Previously, failures
in driver.Get(), initFunc(), or driver.Put() would leave an orphaned
overlay2 directory.
Related to moby/moby#45939
Signed-off-by: Jan Scheffler <jan.scheffler@qodev.ai>
Add cleanup for the RW layer directory if saveMount() fails after
driver.CreateReadWrite() succeeds. Previously, this failure path would
leave an orphaned overlay2 directory with no corresponding metadata.
Related to moby/moby#45939
Signed-off-by: Jan Scheffler <jan.scheffler@qodev.ai>
