Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker: upgrade to 19.03.12 #1025

Merged
merged 2 commits into from
Aug 11, 2020
Merged

docker: upgrade to 19.03.12 #1025

merged 2 commits into from
Aug 11, 2020

Conversation

samuelkarp
Copy link
Contributor

Description of changes:
Upgrade docker-engine and docker-cli to 19.03.12.

Testing done:
Built and ran both the aws-dev and aws-ecs-1 variants. Both variants are able to run containers. docker version output looks reasonable.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

tjkirch
tjkirch approved these changes Aug 11, 2020
View reviewed changes
packages/docker-cli/clarify.toml
Comment on lines +11 to +12
{ path = "LICENSE", hash = 0xcdf3ae00},
]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nits: lost final newline, and space before }

jamieand
jamieand reviewed Aug 11, 2020
View reviewed changes
packages/docker-engine/docker-engine.spec
%global rpmver %{gover}
%global gitrev 9dc6525e6118a25fab2be322d1914740ea842495

%global source_date_epoch 1363394400
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does this timestamp come from?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is, as near as I can tell, Docker's birthday. (The date and time of this talk.)

@samuelkarp
Copy link
Contributor Author

--security-opt label:disable appears to have different behavior now; in the previous version of Docker it would successfully disable all process and mount labeling. With this upgraded version of Docker, I'm still seeing the system_u:system_r:container_t:s0 process label and system_u:object_r:local_t:s0:c322,c990 mount label applied. --security-opt label:type:super_t behaves as expected.

@samuelkarp
Copy link
Contributor Author

Discussed with @bcressey offline; we believe the change in behavior is fine for now, it ends up with strictly more-compatible behavior for the case where label:disable is provided (the container can actually write to its rootfs). We'll need to revisit a little when we revise our SELinux policy for MCS enforcement as the rootfs mount currently has an MCS pair but the process does not.

@samuelkarp samuelkarp merged commit fef4a9f into bottlerocket-os:develop Aug 11, 2020
@samuelkarp samuelkarp deleted the docker branch August 11, 2020 18:44
@bcressey bcressey mentioned this pull request Feb 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamieand jamieand jamieand left review comments

@webern webern webern approved these changes

@bcressey bcressey bcressey approved these changes

@iliana iliana iliana approved these changes

@tjkirch tjkirch tjkirch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@samuelkarp @tjkirch @iliana @bcressey @webern @jamieand