[pull] master from moby:master#1404
Open
pull[bot] wants to merge 10000 commits intonext-stack:masterfrom
Open
Conversation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Our Linux integration test harness continues to run tests for subsequent packages after one package's tests fail unless the environment variable TEST_INTEGRATION_FAIL_FAST is set to a nonempty value. Our Windows integration test harness always fails fast. Modify our integration test harness on Windows to follow the same conventions as our Linux harness. Change `make.ps1 -TestIntegration` to only skip testing the remaining packages on failure when the TEST_INTEGRATON_FAIL_FAST environment variable is set. Signed-off-by: Cory Snider <csnider@mirantis.com>
hack/make.ps1: respect $TEST_INTEGRATION_FAIL_FAST
Signed-off-by: Cory Snider <csnider@mirantis.com>
The Windows integration test harness goes out of its way to set TEST_INTEGRATION_USE_GRAPHDRIVER=1 in the graphdriver branches of the test matrix. But on Windows the graphdriver is already the default. Explicitly configure the daemon to use the containerd snapshotter in the snapshotter branches of the test matrix. Signed-off-by: Cory Snider <csnider@mirantis.com>
Buildkit was enabled for Windows engines when using containerd snapshotters in commit a9ec07a. Buildkit's integration tests are run on Windows in CI, but a handful of daemon integration tests are still skipped. Change those tests to only skip on Windows when the daemon under test is not using containerd snapshotters. Signed-off-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Mend Renovate <bot@renovateapp.com>
Dockerfile: upgrade Delve to v1.26.0
integration: run more Buildkit tests on Windows
Image mounts are validated to not accept BindOptions (validateExclusiveOptions), so BindOptions.Propagation handling in the Linux mount parser is unreachable. Set default propagation unconditionally and leave a breadcrumb comment for future reference. Fixes #51980. Signed-off-by: Mantas Suminas <mantas.sumin@gmail.com>
daemon/volume: Drop BindOptions for image mounts
When restoring volumes at startup, the local volume driver's constructor
([daemon/volume/local.New]) iterates over all directories found inside the
volume storage path (`/var/lib/docker/volumes`). It does not (currently) check
for presence of other indicators that the directory is an actual volume, such
as the `_data` directory being present, or a `opts.json`.
In situations where `/var/lib/docker/volumes` contains directories that were
not created by docker, this can result in errors when calculating the size
of volumes (`docker system df`);
Before (re)starting the daemon, create some directories;
mkdir /var/lib/docker/volumes/notavolume
echo "some file" > /var/lib/docker/volumes/notavolume/some-file
mkdir /var/lib/docker/volumes/notavolume2
Then, start the daemon, and run `docker system df`. The daemon logs will
now contain warnings about the path not being found:
WARN[2026-02-09T11:27:31.940713593Z] Failed to determine size of volume error="lstat /var/lib/docker/volumes/notavolume/_data: no such file or directory" volume=notavolume
WARN[2026-02-09T11:27:31.940765468Z] Failed to determine size of volume error="lstat /var/lib/docker/volumes/notavolume2/_data: no such file or directory" volume=notavolume2
The [calcSize] function used to calculate the size of a volume already ignores
files _within_ the volume's storage that are not / no longer found, but does
not ignore errors if the base directory (`_data`) itself doesn't exist.
This patch:
- makes the logs ignore "not found" errors
- adds a TODO to look into ignoring these directories during daemon startup
(when instantiating the driver and restoring volumes).
[daemon/volume/local.New]: https://github.com/moby/moby/blob/6c5233e1098dc689b2e665087780695ac8864e95/daemon/volume/local/local.go#L51-L85
[calcSize]: https://github.com/moby/moby/blob/daeaac0d3cf147cc7450a3ab9a869327c71bad45/daemon/internal/directory/directory_unix.go#L13-L24
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…policy-helpers-digest Update github.com/moby/policy-helpers digest to 77d5435
daemon/volume: don't print warnings for non-volume directories
We use `"volume"` in most places, so let's use that consistently;
git grep '"volume-name"' | wc -l
9
git grep '"volume"' | wc -l
403
Also update some logs to use structured logs and to use `WithFields` instead
of chaining multiple `WithField` / `WithError`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon/volume: cleanup some logs
These parts were flagged by my IDE, complaining about resources not being closed properly. These code-paths open a bolt DB (which includes opening the DB file, and acquiring a advisory lock on some file-descriptors). This _probably_ is mostly cleanliness, as (AFAICS) all code paths leading to an error would be in the daemon startup, and make the daemon exit, and BoltDB should handle those OK, but probably won't do harm either to explicitly close. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
netip.Addr returns "invalid IP" for zero-values; while we should not have those in the slice of IP-addresses, let's make sure we don't accidentally set this as value. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon: allow service registration on Windows with missing system dependencies
Update the Docker CLI used in the dev-container Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Dockerfile: update docker CLI to v29.2.1
builder-next: close boltdb instances on error and some minor fixes
forwardExtDNS: Don't cancel context then use it
The newExecutor and newExecutorGD constructors started to gain a long list of arguments, some of which were platform-specific and not used on other platforms. Add a basic struct to pass options, which also allows documenting platform-specific fields through comments, and makes it easier to maintain platform-specific stubs. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://cs.opensource.google/go/x/sys/+/refs/tags/v0.40.0...refs/tags/v0.41.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://cs.opensource.google/go/x/text/+/refs/tags/v0.33.0...refs/tags/v0.34.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://cs.opensource.google/go/x/term/+/refs/tags/v0.39.0...refs/tags/v0.40.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon: add regression test for getSourceMount
vendor: github.com/moby/moby/client v0.3.0
Includes fix for panic when client uses a closed stream full diff: containerd/ttrpc@v1.2.7...v1.2.8 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The API Dockerfile should be ok to ignore for this check, as it's not part of the module; ``` ================================================ ================================================ api diff: -ARG GO_VERSION=1.25.7 +ARG GO_VERSION=1.25.8 ================================================ Detected changes in ./api directory, checking for replace rule... null ERROR: Changes detected in ./api but go.mod is missing a replace rule for github.com/moby/moby/api Please run ./hack/vendor.sh replace ================================================ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
vendor: github.com/containerd/ttrpc v1.2.8
Replace timestamp-based duplicate exit detection for running containers with a live containerd task status check, and ignore exits only when the task is still `Running`. Also simplify restarting-state handling by always treating exit events as duplicates while restart processing is in progress, and add warning logs for task status lookups. This avoids relying on wall-clock timestamps that can move backward (e.g., NTP), which could misclassify duplicate exit events. Signed-off-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: George Kapetanakis <github@kapetanak.is>
ci: module-replace: ignore Dockerfile for api changes
bugfix: handle duplicate exit events via task status
go1.25.8 (released 2026-03-05) includes security fixes to the html/template, net/url, and os packages, as well as bug fixes to the go command, the compiler, and the os package. See the Go 1.25.8 milestone on our issue tracker for details. - 1.25.8 https://github.com/golang/go/issues?q=milestone%3AGo1.25.8+label%3ACherryPickApproved - diff: golang/go@go1.25.7...go1.25.8 - 1.26.1 https://github.com/golang/go/issues?q=milestone%3AGo1.26.1+label%3ACherryPickApproved - diff: golang/go@go1.26.0...go1.26.1 --- We have just released Go versions 1.26.1 and 1.25.8, minor point releases. These releases include 5 security fixes following the security policy: crypto/x509: incorrect enforcement of email constraints - When verifying a certificate chain which contains a certificate containing multiple email address constraints (composed of the full email address) which share common local portions (the portion of the address before the '@' character) but different domain portions (the portion of the address after the '@' character), these constraints will not be properly applied, and only the last constraint will be considered. This can allow certificates in the chain containing email addresses which are either not permitted or excluded by the relevant constraints to be returned by calls to Certificate.Verify. Since the name constraint checks happen after chain building is complete, this only applies to certificate chains which chain to trusted roots (root certificates either in VerifyOptions.Roots or in the system root certificate pool), requiring a trusted CA to issue certificates containing either not permitted or excluded email addresses. This issue only affects Go 1.26. Thanks to Jakub Ciolek for reporting this issue. This is CVE-2026-27137 and Go issue https://go.dev/issue/77952. - crypto/x509: panic in name constraint checking for malformed certificates Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS. Since the name constraint checks happen after chain building is complete, this only applies to certificate chains which chain to trusted roots (root certificates either in VerifyOptions.Roots or in the system root certificate pool), requiring a trusted CA to issue certificates containing malformed DNS names. This issue only affects Go 1.26. Thanks to Jakub Ciolek for reporting this issue. This is CVE-2026-27138 and Go issue https://go.dev/issue/77953. - html/template: URLs in meta content attribute actions are not escaped Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. This is CVE-2026-27142 and Go issue https://go.dev/issue/77954. - net/url: reject IPv6 literal not at start of host The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid. To prevent this behavior, net/url.Parse now rejects IPv6 literals that do not appear at the start of the host subcomponent of a URL. Thanks to Masaki Hara (https://github.com/qnighy) of Wantedly. This is CVE-2026-25679 and Go issue https://go.dev/issue/77578. - os: FileInfo can escape from a Root On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The contents of the FileInfo were populated using the lstat system call, which takes the path to the file as a parameter. If a component of the full path of the file described by the FileInfo is replaced with a symbolic link, the target of the lstat can be directed to another location on the filesystem. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem. This could be used to probe for the presence or absence of files as well as gleaning metadata like file sizes, but does not permit reading or writing files outside the root. The FileInfo is now populated using fstatat. Thank you to Miloslav Trmač of Red Hat for reporting this issue. This is CVE-2026-27139 and Go issue https://go.dev/issue/77827. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
update to go1.25.8
hack/test/unit: avoid unbound pkg vars with set -u
full diff: containerd/containerd@v2.2.1...v2.2.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
relevant changes: - core/mount: fix getUnprivilegedMountFlags iterating over indices instead of values full diff: containerd/containerd@v2.2.1...v2.2.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Dockerfile: update containerd to v2.2.2
go.mod: add back replace rules
- Move "Example" tests separate so that we can use the actual import - Add "WithUserAgent" in the examples, which should be best practice Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
vendor: github.com/containerd/containerd v2.2.2
client: update examples
- Prevent panic when calling .Proto() on zero values - Don't iterate on zero-value port-ranges Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This brings back the Port() method that was defined on the nat.Port type, which was used in many places to (e.g.) do a network.JoinHostPort. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Call out that users should check if the port/port-range is valid before consuming the value returned by String(). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
api/types/network: Port,PortRange: don't panic on zero values, add Port.Port()
… types Add missing Go doc comments to exported option and result types in image_tag.go, build_cancel.go, and system_info.go. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Poyraz Küçükarslan <83272398+PoyrazK@users.noreply.github.com>
Add missing Go doc comments to the exported option and result types in client/container_copy.go. These were the only exported types in this file without documentation, which is required by golint for exported declarations. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Poyraz Küçükarslan <83272398+PoyrazK@users.noreply.github.com>
Add missing Go doc comments to the exported option and result types in config_remove.go, config_update.go, secret_remove.go, secret_update.go, node_inspect.go, node_list.go, node_remove.go, and node_update.go. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Poyraz Küçükarslan <83272398+PoyrazK@users.noreply.github.com>
client: add missing doc comments to container copy types
client: add missing doc comments to various client types
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )