From af6293703d31fbe21751cef63481b2d94a5f363b Mon Sep 17 00:00:00 2001 From: jingrui Date: Tue, 19 Jan 2021 10:15:58 +0800 Subject: [PATCH] docker: sync bugfix Change-Id: I4dc92059d90415199fcd143d75cc68cfdb67c430 Signed-off-by: jingrui --- VERSION-openeuler | 2 +- docker.spec | 53 ++++++--- gen-commit.sh | 28 ++++- git-commit | 2 +- ...-containerd-object-on-start-failure.patch} | 24 ++-- ...62-docker-remove-redundant-word-item.patch | 25 ++++ ...delete-event-is-not-need-to-process.patch} | 0 ...ss-exit-file-when-kill-process-dire.patch} | 0 patch/0167-docker-fix-CVE-2020-13401.patch | 69 +++++++++++ ...messages-for-ops-when-device-not-fo.patch} | 0 ...fix-stats-memory-usage-display-error.patch | 38 +++++++ ...-docker-clean-docker-load-leak-files.patch | 85 ++++++++++++++ ...=> 0175-docker-mask-proc-pin_memory.patch} | 0 ...ainer-process-if-its-status-is-not-r.patch | 62 ++++++++++ patch/0177-resume-suspend-dm-on-start.patch | 82 ++++++++++++++ ...-and-restart-containerd-during-docke.patch | 85 ++++++++++++++ patch/0179-handle-exit-force.patch | 107 ++++++++++++++++++ ...-wait-io-with-timeout-in-task-delete.patch | 47 ++++++++ ...return-when-matched-registry-mirror.patch} | 14 +-- ...-pagealloc_module-and-slaballoc_stat.patch | 29 +++++ ...ith-timeout-when-process-Start-faile.patch | 48 ++++++++ ...age-reference-when-failed-to-get-ima.patch | 63 +++++++++++ series.conf | 25 +++- 23 files changed, 840 insertions(+), 48 deletions(-) rename patch/{0161-docker-Delete-stale-containerd-object-on-start-f.patch => 0161-docker-Delete-stale-containerd-object-on-start-failure.patch} (70%) create mode 100644 patch/0162-docker-remove-redundant-word-item.patch rename patch/{0162-docker-delete-event-is-not-need-to-process.patch => 0163-docker-delete-event-is-not-need-to-process.patch} (100%) rename patch/{0163-docker-stat-process-exit-file-when-kill-process-dire.patch => 0164-docker-stat-process-exit-file-when-kill-process-dire.patch} (100%) create mode 100644 patch/0167-docker-fix-CVE-2020-13401.patch rename patch/{0167-docker-add-more-messages-for-ops-when-device-not-fo.patch => 0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch} (100%) create mode 100644 patch/0173-docker-fix-stats-memory-usage-display-error.patch create mode 100644 patch/0175-docker-clean-docker-load-leak-files.patch rename patch/{0173-docker-mask-proc-pin_memory.patch => 0175-docker-mask-proc-pin_memory.patch} (100%) create mode 100644 patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch create mode 100644 patch/0177-resume-suspend-dm-on-start.patch create mode 100644 patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch create mode 100644 patch/0179-handle-exit-force.patch create mode 100644 patch/0180-wait-io-with-timeout-in-task-delete.patch rename patch/{0174-docker-do-not-return-when-matched-registry-mirror.patch => 0181-docker-do-not-return-when-matched-registry-mirror.patch} (92%) create mode 100644 patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch create mode 100644 patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch create mode 100644 patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch diff --git a/VERSION-openeuler b/VERSION-openeuler index 4c88868..0ec0e1a 100644 --- a/VERSION-openeuler +++ b/VERSION-openeuler @@ -1 +1 @@ -18.09.0.105 +18.09.0.112 diff --git a/docker.spec b/docker.spec index 15563ef..d752abb 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 111 +Release: 112 Summary: The open-source application container engine Group: Tools/Docker @@ -210,30 +210,57 @@ fi %endif %changelog -* Mon Jan 4 2021 yangyanchao - 18.09.111 +* Mon Jan 4 2021 yangyanchao - 18.09.0-111 - Type:requirement - ID:NA - CVE:NA - SUG:restart - docker:components:add config files for riscv -* Mon Dec 21 2020 fengshaobao - 18.09.110 +* Mon Jan 18 2021 jingrui - 18.09.0-107 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync bugfix include + 1. fix image cleanup failed. + 2. cleanup load tmp files. + 3. kill residual container process. + 4. resume suspend dm device. + 5. dont kill containerd during dockerd starting. + 6. handle exit event for restore failed container. + 7. wait io with timeout when start failed. + 8. support hostname mirror registry. + 9. mask unused proc files. + +* Tue Dec 8 2020 xiadanni - 18.09.0-104 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:runc don't deny all devices when update cgroup resource + +* Thu Dec 3 2020 xiadanni - 18.09.0-103 - Type:bugfix - ID:NA -- CVE:NA - SUG:restart -- DESC: append the image hostname itself as an endpoint even the registry mirror matched. +- DESC:containerd fix CVE-2020-15257 -* Fri Nov 27 2020 liuzekun - 18.09.109 +* Fri Nov 27 2020 liuzekun - 18.09.0-102 - Type:bugfix - ID:NA - CVE:NA - SUG:restart - DESC: -1.add more messages for ops when device not found -2.do not add "-w" to LDFLAG -3.add files in proc for mask -4.fix docker load files leak -5.do not sync if BYPAAS_SYNC is false -6.fix panic on single-character volumes -7.mask /proc/pin_memory +1.delete stale containerd object on start failure +2.remove redundant word item +3.delete event is not need to process +4.stat process exit file when kill process dire +5.sync cli vendor +6.fix CVE-2020-13401 +7.do not add w to LDFLAGS +8.add files in proc for mask +9.fix docker load files leak +10.do not sync if BYPAAS_SYNC is false +11.fix panic on single character volumes +12.fix stats memory usage display error +13.add more messages for ops when device not found +14.mask proc pin_memory diff --git a/gen-commit.sh b/gen-commit.sh index b4c4c80..6b5dd75 100755 --- a/gen-commit.sh +++ b/gen-commit.sh @@ -1,12 +1,28 @@ -#!/bin/sh +#!/bin/bash -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# Description: This shell script is used to generate commitID store file. -# Author: xiadanni1@huawei.com -# Create: 2020-06-09 +# Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved. +# Description: This script uses to update docker-ce component's version and release +# Author: caihaomin@huawei.com +# Create: 2018-10-25 changeID=`git log -1 | grep Change-Id | awk '{print $2}'` if [ "${changeID}" = "" ];then changeID=`date | sha256sum | head -c 40` fi -echo "${changeID}" > git-commit +echo "${changeID}" > git-commit + +old_version=`head -n 10 docker.spec|grep Release|awk '{print $2}'` +let new_version=$old_version+1 +sed -i -e "s/^\Release: $old_version/Release: $new_version/g" ./*.spec +echo 18.09.0.$new_version > VERSION-openeuler + +author=$(git config user.name) +email=$(git config user.email) +version=$(head -1 docker.spec | awk '{print $NF}') +release=$(head -10 docker.spec | grep Release | awk '{print $2}' | awk -F% '{print $1}') +new_all=$version-$release +new_changelog=$(cat << EOF +* $(LC_ALL="C" date '+%a %b %d %Y') $author<$email> - $new_all\n- Type:\n- CVE:\n- SUG:\n- DESC:\n +EOF +) +sed -i -e "/\%changelog/a$new_changelog" *.spec diff --git a/git-commit b/git-commit index 4ac9680..c0a03a6 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -026550e43812d1fc2fcea9cc172e35a4b7f1a848 +I4dc92059d90415199fcd143d75cc68cfdb67c430 diff --git a/patch/0161-docker-Delete-stale-containerd-object-on-start-f.patch b/patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch similarity index 70% rename from patch/0161-docker-Delete-stale-containerd-object-on-start-f.patch rename to patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch index 6720c29..8d8c1cc 100644 --- a/patch/0161-docker-Delete-stale-containerd-object-on-start-f.patch +++ b/patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch @@ -1,32 +1,30 @@ -From 6fe2bd73981651b275e508dd2c4806b20853684b Mon Sep 17 00:00:00 2001 -From: Grooooot -Date: Tue, 17 Mar 2020 10:34:59 +0800 -Subject: [PATCH] docker: Delete stale containerd object on start failure +From 5ba30cd1dc6000ee53b34f628cbff91d7f6d7231 Mon Sep 17 00:00:00 2001 +From: Brian Goff +Date: Wed, 12 Dec 2018 12:04:09 -0800 +Subject: [PATCH] Delete stale containerd object on start failure containerd has two objects with regard to containers. -This is a "container" object which is metadata and a "task" which is +There is a "container" object which is metadata and a "task" which is manging the actual runtime state. -When docker starts a container, it creates both the container metadata -and the task at the same time. So when a container exists, docker deletes +When docker starts a container, it creartes both the container metadata +and the task at the same time. So when a container exits, docker deletes both of these objects as well. This ensures that if, on start, when we go to create the container metadata object -in containerd, if there is an error due to a name conflict taht we go +in containerd, if there is an error due to a name conflict that we go ahead and clean that up and try again. -backport from upstream: https://github.com/moby/moby/pull/38364 - -Signed-off-by: Grooooot +Signed-off-by: Brian Goff --- components/engine/daemon/start.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go -index 8ff636b..07bffaa 100644 +index 393e00b..57a7267 100644 --- a/components/engine/daemon/start.go +++ b/components/engine/daemon/start.go -@@ -185,9 +185,22 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint +@@ -177,9 +177,22 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint return err } diff --git a/patch/0162-docker-remove-redundant-word-item.patch b/patch/0162-docker-remove-redundant-word-item.patch new file mode 100644 index 0000000..69de191 --- /dev/null +++ b/patch/0162-docker-remove-redundant-word-item.patch @@ -0,0 +1,25 @@ +From 92266f008637a02ebffa2aa2704a09701b07a405 Mon Sep 17 00:00:00 2001 +From: liuzekun +Date: Mon, 27 Apr 2020 09:43:21 +0800 +Subject: [PATCH] docker: remove redundant word item + +Signed-off-by: liuzekun +--- + components/cli/vendor/github.com/asaskevich/govalidator/types.go | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/components/cli/vendor/github.com/asaskevich/govalidator/types.go b/components/cli/vendor/github.com/asaskevich/govalidator/types.go +index 4f7e9274..78be68c6 100644 +--- a/components/cli/vendor/github.com/asaskevich/govalidator/types.go ++++ b/components/cli/vendor/github.com/asaskevich/govalidator/types.go +@@ -370,7 +370,6 @@ var ISO3166List = []ISO3166Entry{ + {"Spain", "Espagne (l')", "ES", "ESP", "724"}, + {"South Sudan", "Soudan du Sud (le)", "SS", "SSD", "728"}, + {"Sudan (the)", "Soudan (le)", "SD", "SDN", "729"}, +- {"Western Sahara*", "Sahara occidental (le)*", "EH", "ESH", "732"}, + {"Suriname", "Suriname (le)", "SR", "SUR", "740"}, + {"Svalbard and Jan Mayen", "Svalbard et l'Île Jan Mayen (le)", "SJ", "SJM", "744"}, + {"Swaziland", "Swaziland (le)", "SZ", "SWZ", "748"}, +-- +2.19.1 + diff --git a/patch/0162-docker-delete-event-is-not-need-to-process.patch b/patch/0163-docker-delete-event-is-not-need-to-process.patch similarity index 100% rename from patch/0162-docker-delete-event-is-not-need-to-process.patch rename to patch/0163-docker-delete-event-is-not-need-to-process.patch diff --git a/patch/0163-docker-stat-process-exit-file-when-kill-process-dire.patch b/patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch similarity index 100% rename from patch/0163-docker-stat-process-exit-file-when-kill-process-dire.patch rename to patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch diff --git a/patch/0167-docker-fix-CVE-2020-13401.patch b/patch/0167-docker-fix-CVE-2020-13401.patch new file mode 100644 index 0000000..b3bd2b3 --- /dev/null +++ b/patch/0167-docker-fix-CVE-2020-13401.patch @@ -0,0 +1,69 @@ +From 727ce265564d1dc3031221a84f95abad20a20f11 Mon Sep 17 00:00:00 2001 +From: jingrui +Date: Thu, 11 Jun 2020 21:55:49 +0800 +Subject: [PATCH] docker: fix CVE-2020-13401 + +Change-Id: I267bde21d88927a0beb7599651b856a2dd1371d3 +Signed-off-by: jingrui +--- + .../libnetwork/drivers/bridge/bridge.go | 6 ++++++ + .../libnetwork/drivers/bridge/setup_device.go | 19 +++++++++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +index 535da3c1ad..3288ff8652 100644 +--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go ++++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +@@ -679,6 +679,12 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) { + bridgeAlreadyExists := bridgeIface.exists() + if !bridgeAlreadyExists { + bridgeSetup.queueStep(setupDevice) ++ bridgeSetup.queueStep(setupDefaultSysctl) ++ } ++ ++ // For the default bridge, set expected sysctls ++ if config.DefaultBridge { ++ bridgeSetup.queueStep(setupDefaultSysctl) + } + + // Even if a bridge exists try to setup IPv4. +diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go +index a9dfd06771..9822236dfd 100644 +--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go ++++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go +@@ -2,6 +2,9 @@ package bridge + + import ( + "fmt" ++ "io/ioutil" ++ "os" ++ "path/filepath" + + "github.com/docker/docker/pkg/parsers/kernel" + "github.com/docker/libnetwork/netutils" +@@ -50,6 +53,22 @@ func setupDevice(config *networkConfiguration, i *bridgeInterface) error { + return err + } + ++func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error { ++ // Disable IPv6 router advertisements originating on the bridge ++ sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra") ++ if _, err := os.Stat(sysPath); err != nil { ++ logrus. ++ WithField("bridge", config.BridgeName). ++ WithField("syspath", sysPath). ++ Info("failed to read ipv6 net.ipv6.conf..accept_ra") ++ return nil ++ } ++ if err := ioutil.WriteFile(sysPath, []byte{'0', '\n'}, 0644); err != nil { ++ return fmt.Errorf("libnetwork: Unable to disable IPv6 router advertisement: %v", err) ++ } ++ return nil ++} ++ + // SetupDeviceUp ups the given bridge interface. + func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error { + err := i.nlh.LinkSetUp(i.Link) +-- +2.17.1 + diff --git a/patch/0167-docker-add-more-messages-for-ops-when-device-not-fo.patch b/patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch similarity index 100% rename from patch/0167-docker-add-more-messages-for-ops-when-device-not-fo.patch rename to patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch diff --git a/patch/0173-docker-fix-stats-memory-usage-display-error.patch b/patch/0173-docker-fix-stats-memory-usage-display-error.patch new file mode 100644 index 0000000..08d6827 --- /dev/null +++ b/patch/0173-docker-fix-stats-memory-usage-display-error.patch @@ -0,0 +1,38 @@ +From d26341e4c447ddbb6bd289845b7b47f0e4348c62 Mon Sep 17 00:00:00 2001 +From: xiadanni1 +Date: Wed, 11 Nov 2020 17:35:06 +0800 +Subject: [PATCH] docker:fix stats memory usage display error + +fix stats memory usage display error +use total_inactive_file not cache to calculate memory usage +The new stat definition corresponds to containerd/CRI and cadvisor. + +https://github.com/containerd/cri/blob/c1115d4e57f55a5f45fb3efd29d3181ce26d5c6a/pkg/server/container_stats_list_unix.go#L106-L129 +https://github.com/google/cadvisor/commit/307d1b1cb320fef66fab02db749f07a459245451 + +Signed-off-by: xiadanni1 +Signed-off-by: Akihiro Suda +--- + components/cli/cli/command/container/stats_helpers.go | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/components/cli/cli/command/container/stats_helpers.go b/components/cli/cli/command/container/stats_helpers.go +index 2300ce5..c254212 100644 +--- a/components/cli/cli/command/container/stats_helpers.go ++++ b/components/cli/cli/command/container/stats_helpers.go +@@ -226,7 +226,11 @@ func calculateNetwork(network map[string]types.NetworkStats) (float64, float64) + // calculateMemUsageUnixNoCache calculate memory usage of the container. + // Page cache is intentionally excluded to avoid misinterpretation of the output. + func calculateMemUsageUnixNoCache(mem types.MemoryStats) float64 { +- return float64(mem.Usage - mem.Stats["cache"]) ++ if v, isCgroup1 := mem.Stats["total_inactive_file"]; isCgroup1 && v < mem.Usage { ++ return float64(mem.Usage - v) ++ } ++ ++ return float64(mem.Usage) + } + + func calculateMemPercentUnixNoCache(limit float64, usedNoCache float64) float64 { +-- +1.8.3.1 + diff --git a/patch/0175-docker-clean-docker-load-leak-files.patch b/patch/0175-docker-clean-docker-load-leak-files.patch new file mode 100644 index 0000000..f0a32c3 --- /dev/null +++ b/patch/0175-docker-clean-docker-load-leak-files.patch @@ -0,0 +1,85 @@ +From a74f1c3e4ab7c6f4a043904a8e68edf04864d98a Mon Sep 17 00:00:00 2001 +From: jingrui +Date: Wed, 2 Dec 2020 17:20:50 +0800 +Subject: [PATCH] docker: clean docker load leak files + +Change-Id: I09b66e204f655a9fef660bb85619f5711fb5700b +Signed-off-by: jingrui +--- + components/engine/daemon/daemon.go | 39 +++++++++++++++++++ + .../daemon/graphdriver/devmapper/deviceset.go | 3 +- + 2 files changed, 41 insertions(+), 1 deletion(-) + +diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go +index 3ff5691257..1acd355a15 100644 +--- a/components/engine/daemon/daemon.go ++++ b/components/engine/daemon/daemon.go +@@ -613,11 +613,50 @@ func (daemon *Daemon) restore() error { + + group.Wait() + ++ daemon.cleanExit() + logrus.Info("Loading containers: done.") + + return nil + } + ++func (daemon *Daemon) cleanExit() { ++ mnt := filepath.Join(daemon.root, "devicemapper/mnt") ++ if dir, err := ioutil.ReadDir(mnt); err == nil { ++ for _, f := range dir { ++ fname := filepath.Join(mnt, f.Name()) ++ data, err := ioutil.ReadFile(fname) ++ if err != nil { ++ continue ++ } ++ if string(data) == "exit" { ++ logrus.Infof("cleanExit remove mnt %s", fname) ++ os.Remove(fname) ++ } ++ } ++ } ++ ++ tmp := filepath.Join(daemon.root, "image/devicemapper/layerdb/tmp") ++ if dir, err := ioutil.ReadDir(tmp); err == nil { ++ for _, f := range dir { ++ if strings.Contains(f.Name(), "write-set-") { ++ fname := filepath.Join(tmp, f.Name()) ++ logrus.Infof("cleanExit remove layerdb %s", fname) ++ os.RemoveAll(fname) ++ } ++ } ++ } ++ ++ if dir, err := ioutil.ReadDir(os.Getenv("TMPDIR")); err == nil { ++ for _, f := range dir { ++ if strings.Contains(f.Name(), "docker-import-") { ++ fname := filepath.Join(os.Getenv("TMPDIR"), f.Name()) ++ logrus.Infof("cleanExit remove tmpdir %s", fname) ++ os.RemoveAll(fname) ++ } ++ } ++ } ++} ++ + // RestartSwarmContainers restarts any autostart container which has a + // swarm endpoint. + func (daemon *Daemon) RestartSwarmContainers() { +diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go +index ff90c44ce3..750f2b13f8 100644 +--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go ++++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go +@@ -2286,8 +2286,9 @@ func (devices *DeviceSet) unmountAndDeactivateAll(dir string) { + if err := unix.Unmount(fullname, unix.MNT_DETACH); err != nil && err != unix.EINVAL { + logger.Warnf("Shutdown unmounting %s, error: %s", fullname, err) + } else if err == nil { +- logger.Debugf("Remove %s", fullname) ++ logger.Infof("cleanExit prepare %s", fullname) + os.RemoveAll(fullname) ++ ioutil.WriteFile(fullname, []byte("exit"), 0600) + } + + if devInfo, err := devices.lookupDevice(name); err != nil { +-- +2.17.1 + diff --git a/patch/0173-docker-mask-proc-pin_memory.patch b/patch/0175-docker-mask-proc-pin_memory.patch similarity index 100% rename from patch/0173-docker-mask-proc-pin_memory.patch rename to patch/0175-docker-mask-proc-pin_memory.patch diff --git a/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch b/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch new file mode 100644 index 0000000..49693f2 --- /dev/null +++ b/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch @@ -0,0 +1,62 @@ +From 544d24895836ec576febaf94be8affde56449fba Mon Sep 17 00:00:00 2001 +From: xiadanni1 +Date: Fri, 27 Nov 2020 16:31:56 +0800 +Subject: [PATCH] docker: kill container process if its status is not running + when start daemon + +Signed-off-by: xiadanni1 +--- + components/engine/daemon/daemon.go | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go +index 3ff5691..3cc2a20 100644 +--- a/components/engine/daemon/daemon.go ++++ b/components/engine/daemon/daemon.go +@@ -17,8 +17,10 @@ import ( + "runtime" + "strings" + "sync" ++ "syscall" + "time" + ++ "golang.org/x/sys/unix" + "google.golang.org/grpc" + + "github.com/containerd/containerd" +@@ -43,6 +45,7 @@ import ( + "github.com/moby/buildkit/util/resolver" + "github.com/moby/buildkit/util/tracing" + "github.com/sirupsen/logrus" ++ + // register graph drivers + _ "github.com/docker/docker/daemon/graphdriver/register" + "github.com/docker/docker/daemon/stats" +@@ -51,7 +54,7 @@ import ( + "github.com/docker/docker/image" + "github.com/docker/docker/layer" + "github.com/docker/docker/libcontainerd" +- "github.com/docker/docker/migrate/v1" ++ v1 "github.com/docker/docker/migrate/v1" + "github.com/docker/docker/pkg/idtools" + "github.com/docker/docker/pkg/locker" + "github.com/docker/docker/pkg/plugingetter" +@@ -389,6 +392,15 @@ func (daemon *Daemon) restore() error { + } + } + ++ if alive && !c.IsRunning() && pid > 1 { ++ if c.Pid == 0 { ++ c.Pid = pid ++ } ++ err := unix.Kill(pid, syscall.SIGKILL) ++ logrus.Warnf("process %v is killed as container=%s is alive but not running, err: %v", pid, c.ID, err) ++ return ++ } ++ + if c.IsRunning() || c.IsPaused() { + c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking + +-- +1.8.3.1 + diff --git a/patch/0177-resume-suspend-dm-on-start.patch b/patch/0177-resume-suspend-dm-on-start.patch new file mode 100644 index 0000000..2ee80f3 --- /dev/null +++ b/patch/0177-resume-suspend-dm-on-start.patch @@ -0,0 +1,82 @@ +From 37e3e3dfb31f30b2599d05f021671f6e682f37d6 Mon Sep 17 00:00:00 2001 +From: jingrui +Date: Wed, 9 Dec 2020 17:37:02 +0800 +Subject: [PATCH] resume suspend dm on start + +Change-Id: Ibe215c80aa62b4d4b464749cc6e995d2e0e845af +Signed-off-by: jingrui +--- + components/engine/cmd/dockerd/daemon.go | 43 +++++++++++++++++++++++++ + 1 file changed, 43 insertions(+) + +diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go +index 0b3fa0e037..dbf37f3338 100644 +--- a/components/engine/cmd/dockerd/daemon.go ++++ b/components/engine/cmd/dockerd/daemon.go +@@ -6,6 +6,7 @@ import ( + "fmt" + "io/ioutil" + "os" ++ "os/exec" + "path/filepath" + "runtime" + "strings" +@@ -72,6 +73,45 @@ func NewDaemonCli() *DaemonCli { + return &DaemonCli{} + } + ++func resumeDM() { ++ c := make(chan struct{}) ++ go func() { ++ defer close(c) ++ out, err := exec.Command("dmsetup", "info", "-c", "--sort", "minor", "--noheadings", "--separator", ",", "-o", "attr,name").CombinedOutput() ++ if err != nil { ++ logrus.Errorf("resume-dm dmsetup info failed: %v", err) ++ return ++ } ++ ++ args := []string{"resume"} ++ for _, line := range strings.Split(string(out), "\n") { ++ aa := strings.Split(line, ",") ++ if len(aa) != 2 || !strings.Contains(aa[0], "s") || strings.Index(aa[1], "docker-") != 0 { ++ continue ++ } ++ args = append(args, aa[1]) ++ } ++ if len(args) == 1 { ++ return ++ } ++ ++ logrus.Infof("resume-dm start resume suspended dm %v", args) ++ _, err = exec.Command("dmsetup", args...).CombinedOutput() ++ if err != nil { ++ logrus.Errorf("resume-dm %s failed: %v", err) ++ return ++ } ++ logrus.Infof("resume-dm finished resume suspended dm") ++ }() ++ select { ++ case <-c: ++ return ++ case <-time.After(10*time.Second): ++ logrus.Warnf("resume-dm timeout, continue anyway.") ++ return ++ } ++} ++ + func cleanupLocalDB(db string) { + _, err := os.Stat(db) + if err == nil { +@@ -150,6 +190,9 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) { + }) + + system.InitLCOW(cli.Config.Experimental) ++ if cli.Config.GraphDriver == "devicemapper" { ++ resumeDM() ++ } + + if err := setDefaultUmask(); err != nil { + return fmt.Errorf("Failed to set umask: %v", err) +-- +2.17.1 + diff --git a/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch b/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch new file mode 100644 index 0000000..69d9794 --- /dev/null +++ b/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch @@ -0,0 +1,85 @@ +From a56def385f835885df056d0d54372111abdc1507 Mon Sep 17 00:00:00 2001 +From: xiadanni +Date: Sat, 19 Dec 2020 18:56:38 +0800 +Subject: [PATCH] docker:skip kill and restart containerd during docker daemon + is starting + +Signed-off-by: xiadanni +--- + components/engine/cmd/dockerd/daemon.go | 4 +++- + components/engine/libcontainerd/supervisor/remote_daemon.go | 9 +++++++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go +index dbf37f3..c25ee0e 100644 +--- a/components/engine/cmd/dockerd/daemon.go ++++ b/components/engine/cmd/dockerd/daemon.go +@@ -10,6 +10,7 @@ import ( + "path/filepath" + "runtime" + "strings" ++ "sync/atomic" + "time" + + containerddefaults "github.com/containerd/containerd/defaults" +@@ -106,7 +107,7 @@ func resumeDM() { + select { + case <-c: + return +- case <-time.After(10*time.Second): ++ case <-time.After(10 * time.Second): + logrus.Warnf("resume-dm timeout, continue anyway.") + return + } +@@ -304,6 +305,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) { + + logrus.Info("Daemon has completed initialization") + ++ atomic.StoreInt32(&supervisor.IsDockerUp, 1) + cli.d = d + + routerOptions, err := newRouterOptions(cli.Config, d) +diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go +index 62ea58c..19582cd 100644 +--- a/components/engine/libcontainerd/supervisor/remote_daemon.go ++++ b/components/engine/libcontainerd/supervisor/remote_daemon.go +@@ -11,6 +11,7 @@ import ( + "strconv" + "strings" + "sync" ++ "sync/atomic" + "time" + + "github.com/BurntSushi/toml" +@@ -19,6 +20,7 @@ import ( + "github.com/docker/docker/pkg/system" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" ++ "golang.org/x/sys/unix" + ) + + const ( +@@ -31,6 +33,8 @@ const ( + pidFile = "containerd.pid" + ) + ++var IsDockerUp int32 ++ + type pluginConfigs struct { + Plugins map[string]interface{} `toml:"plugins"` + } +@@ -314,6 +318,11 @@ func (r *remote) monitorDaemon(ctx context.Context) { + } + + if system.IsProcessAlive(r.daemonPid) { ++ if atomic.LoadInt32(&IsDockerUp) == 0 { ++ r.logger.WithField("pid", r.daemonPid).Info("dockerd is starting, skip killing containerd") ++ unix.Kill(r.daemonPid, unix.SIGCONT) ++ continue ++ } + r.logger.WithField("pid", r.daemonPid).Info("killing and restarting containerd") + r.killDaemon() + } +-- +1.8.3.1 + diff --git a/patch/0179-handle-exit-force.patch b/patch/0179-handle-exit-force.patch new file mode 100644 index 0000000..76c1a5e --- /dev/null +++ b/patch/0179-handle-exit-force.patch @@ -0,0 +1,107 @@ +From 66b6e3065b160bd7d480f183156acbe1cb9bf2e0 Mon Sep 17 00:00:00 2001 +From: jingrui +Date: Tue, 15 Dec 2020 16:05:56 +0800 +Subject: [PATCH] handle exit force + +Change-Id: If08483f57b4f04d6c4961c9f588e4d599009eddc +Signed-off-by: jingrui +--- + components/engine/daemon/monitor.go | 9 +++++++++ + components/engine/libcontainerd/client_daemon.go | 14 ++++++++++++++ + components/engine/libcontainerd/types.go | 1 + + .../plugin/executor/containerd/containerd.go | 5 +++++ + 4 files changed, 29 insertions(+) + +diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go +index e041bd5c69..1b577c0dae 100644 +--- a/components/engine/daemon/monitor.go ++++ b/components/engine/daemon/monitor.go +@@ -26,6 +26,14 @@ func (daemon *Daemon) setStateCounter(c *container.Container) { + } + } + ++func (daemon *Daemon) IsContainerRunning(id string) bool { ++ c, err := daemon.GetContainer(id) ++ if err != nil { ++ return false ++ } ++ return c.IsRunning() ++} ++ + // ProcessEvent is called by libcontainerd whenever an event occurs + func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libcontainerd.EventInfo) error { + c, err := daemon.GetContainer(id) +@@ -51,6 +59,7 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc + case libcontainerd.EventExit: + if int(ei.Pid) == c.Pid { + c.Lock() ++ logrus.Infof("handle exit event cid=%s pid=%d", c.ID, c.Pid) + _, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID) + if err != nil { + logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID) +diff --git a/components/engine/libcontainerd/client_daemon.go b/components/engine/libcontainerd/client_daemon.go +index 05c439c540..502796bd25 100755 +--- a/components/engine/libcontainerd/client_daemon.go ++++ b/components/engine/libcontainerd/client_daemon.go +@@ -517,9 +517,16 @@ func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, ti + return status.ExitCode(), status.ExitTime(), nil + } + ++func (c *client) deleteForce(ctx context.Context, id string) { ++ if ctr, err := c.client.LoadContainer(ctx, id); err == nil { ++ logrus.Warnf("delete containerd meta id=%s force: error=%v", id, ctr.Delete(ctx)) ++ } ++} ++ + func (c *client) Delete(ctx context.Context, containerID string) error { + ctr := c.getContainer(containerID) + if ctr == nil { ++ c.deleteForce(ctx, containerID) + return errors.WithStack(newNotFoundError("no such container")) + } + +@@ -907,6 +914,13 @@ func (c *client) processEventStream(ctx context.Context, ns string) { + ctr = c.getContainer(ei.ContainerID) + if ctr == nil { + c.logger.WithField("container", ei.ContainerID).Warn("unknown container") ++ if et == EventExit && ei.ProcessID == ei.ContainerID && c.backend.IsContainerRunning(ei.ContainerID) { ++ c.logger.WithField("container", ei.ContainerID).Warn("handle exit event force ...") ++ c.eventQ.append(ei.ContainerID, func() { ++ c.logger.WithField("container", ei.ContainerID).Warnf("handle exit event force: error=%v", ++ c.backend.ProcessEvent(ei.ContainerID, et, ei)) ++ }) ++ } + continue + } + +diff --git a/components/engine/libcontainerd/types.go b/components/engine/libcontainerd/types.go +index c4de5e674d..0b9df9193b 100644 +--- a/components/engine/libcontainerd/types.go ++++ b/components/engine/libcontainerd/types.go +@@ -60,6 +60,7 @@ type EventInfo struct { + // Backend defines callbacks that the client of the library needs to implement. + type Backend interface { + ProcessEvent(containerID string, event EventType, ei EventInfo) error ++ IsContainerRunning(id string) bool + } + + // Client provides access to containerd features. +diff --git a/components/engine/plugin/executor/containerd/containerd.go b/components/engine/plugin/executor/containerd/containerd.go +index a3401dce79..f75771fe41 100644 +--- a/components/engine/plugin/executor/containerd/containerd.go ++++ b/components/engine/plugin/executor/containerd/containerd.go +@@ -141,6 +141,11 @@ func (e *Executor) ProcessEvent(id string, et libcontainerd.EventType, ei libcon + return nil + } + ++func (e *Executor) IsContainerRunning(id string) bool { ++ ok, _ := e.IsRunning(id) ++ return ok ++} ++ + type rio struct { + cio.IO + +-- +2.17.1 + diff --git a/patch/0180-wait-io-with-timeout-in-task-delete.patch b/patch/0180-wait-io-with-timeout-in-task-delete.patch new file mode 100644 index 0000000..5ac8675 --- /dev/null +++ b/patch/0180-wait-io-with-timeout-in-task-delete.patch @@ -0,0 +1,47 @@ +From 0f3aa35a1c38fe7fc49cd6fb66fc47a993ad6bb8 Mon Sep 17 00:00:00 2001 +From: jingrui +Date: Wed, 16 Dec 2020 18:39:00 +0800 +Subject: [PATCH] wait io with timeout in task delete + +Change-Id: I23ed40d69279b14a216b6ffb9988439475be5cad +Signed-off-by: jingrui +--- + .../github.com/containerd/containerd/task.go | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/components/engine/vendor/github.com/containerd/containerd/task.go b/components/engine/vendor/github.com/containerd/containerd/task.go +index 6806e11620..7421432bed 100644 +--- a/components/engine/vendor/github.com/containerd/containerd/task.go ++++ b/components/engine/vendor/github.com/containerd/containerd/task.go +@@ -44,6 +44,7 @@ import ( + "github.com/opencontainers/image-spec/specs-go/v1" + specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" ++ "github.com/sirupsen/logrus" + ) + + // UnknownExitStatus is returned when containerd is unable to +@@ -287,8 +288,18 @@ func (t *task) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitStat + return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "task must be stopped before deletion: %s", status.Status) + } + if t.io != nil { +- t.io.Cancel() +- t.io.Wait() ++ done := make(chan struct{}) ++ go func() { ++ t.io.Cancel() ++ t.io.Wait() ++ close(done) ++ }() ++ select { ++ case <-time.After(3 * time.Second): ++ logrus.Warnf("task delete wait io close timeout, some fifo io may be dropped.") ++ case <-done: ++ // ok ++ } + } + r, err := t.client.TaskService().Delete(ctx, &tasks.DeleteTaskRequest{ + ContainerID: t.id, +-- +2.17.1 + diff --git a/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch b/patch/0181-docker-do-not-return-when-matched-registry-mirror.patch similarity index 92% rename from patch/0174-docker-do-not-return-when-matched-registry-mirror.patch rename to patch/0181-docker-do-not-return-when-matched-registry-mirror.patch index 20865d7..54b67f3 100644 --- a/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch +++ b/patch/0181-docker-do-not-return-when-matched-registry-mirror.patch @@ -1,18 +1,16 @@ -From 56c1d6c149b18214a8d01ab3f1738cae4792109a Mon Sep 17 00:00:00 2001 -From: f00231050 +From 8cc3f33020152d51d38927593ba49ad3dfacf62e Mon Sep 17 00:00:00 2001 +From: shaobao.feng Date: Mon, 7 Dec 2020 15:30:11 +0800 Subject: [PATCH] docker: do not return when matched registry mirror +Change-Id: I5317b91b60293e1f4c50f5a327790c5509537f9b reason: append hostname itself to make sure the hostname itself will be tried. --- - components/engine/registry/service_v2.go | 86 +++++++++++++++----------------- + components/engine/registry/service_v2.go | 86 +++++++++++------------- 1 file changed, 41 insertions(+), 45 deletions(-) - mode change 100644 => 100755 components/engine/registry/service_v2.go diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go -old mode 100644 -new mode 100755 -index adeb10c..df66cd7 +index adeb10c550..df66cd7451 100644 --- a/components/engine/registry/service_v2.go +++ b/components/engine/registry/service_v2.go @@ -19,8 +19,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp @@ -135,5 +133,5 @@ index adeb10c..df66cd7 if tlsConfig.InsecureSkipVerify { endpoints = append(endpoints, APIEndpoint{ -- -1.8.3.1 +2.17.1 diff --git a/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch b/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch new file mode 100644 index 0000000..5ed2ef1 --- /dev/null +++ b/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch @@ -0,0 +1,29 @@ +From fada5f66fcc555d706603dd3c7832e78e9955501 Mon Sep 17 00:00:00 2001 +From: liuzekun +Date: Thu, 31 Dec 2020 03:07:42 -0500 +Subject: add masked paths pagealloc_module and slaballoc_statistics + +Signed-off-by: liuzekun +--- + components/engine/oci/defaults.go | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/components/engine/oci/defaults.go b/components/engine/oci/defaults.go +index e763cb75..ff027d89 100644 +--- a/components/engine/oci/defaults.go ++++ b/components/engine/oci/defaults.go +@@ -135,9 +135,11 @@ func DefaultLinuxSpec() specs.Spec { + "/proc/oom_extend", + "/proc/pagealloc_statistics", + "/proc/pagealloc_bt", ++ "/proc/pagealloc_module", + "/proc/pin_memory", + "/proc/slaballoc_bt", + "/proc/slaballoc_module", ++ "/proc/slaballoc_statistics", + "/proc/sched_debug", + "/proc/scsi", + "/proc/sig_catch", +-- +2.19.1 + diff --git a/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch b/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch new file mode 100644 index 0000000..c9784dc --- /dev/null +++ b/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch @@ -0,0 +1,48 @@ +From ef64f4dd5d532b550bb68f60e6373e139fdf5382 Mon Sep 17 00:00:00 2001 +From: xiadanni +Date: Fri, 15 Jan 2021 11:23:04 +0800 +Subject: [PATCH] docker: wait io with timeout when process Start failed + +Signed-off-by: xiadanni +--- + .../vendor/github.com/containerd/containerd/process.go | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/components/engine/vendor/github.com/containerd/containerd/process.go b/components/engine/vendor/github.com/containerd/containerd/process.go +index ff7d838..4d0dca9 100644 +--- a/components/engine/vendor/github.com/containerd/containerd/process.go ++++ b/components/engine/vendor/github.com/containerd/containerd/process.go +@@ -26,6 +26,7 @@ import ( + "github.com/containerd/containerd/cio" + "github.com/containerd/containerd/errdefs" + "github.com/pkg/errors" ++ "github.com/sirupsen/logrus" + ) + + // Process represents a system process +@@ -111,9 +112,19 @@ func (p *process) Start(ctx context.Context) error { + ExecID: p.id, + }) + if err != nil { +- p.io.Cancel() +- p.io.Wait() +- p.io.Close() ++ done := make(chan struct{}) ++ go func() { ++ p.io.Cancel() ++ p.io.Wait() ++ p.io.Close() ++ close(done) ++ }() ++ select { ++ case <-time.After(30 * time.Second): ++ logrus.Warnf("process start failed with error %v, wait io close timeout, some fifo io may be dropped.", err) ++ case <-done: ++ // ok ++ } + return errdefs.FromGRPC(err) + } + p.pid = r.Pid +-- +1.8.3.1 + diff --git a/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch b/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch new file mode 100644 index 0000000..bf84f7b --- /dev/null +++ b/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch @@ -0,0 +1,63 @@ +From cfc92becb2605d67a7391c43261e698d0fdd57bd Mon Sep 17 00:00:00 2001 +From: xiadanni +Date: Fri, 15 Jan 2021 15:37:42 +0800 +Subject: [PATCH] docker: delete image reference when failed to get image + configuration to avoid docker pull error + +according to patch 0110-docker-Fix-can-t-pull-image-while-the-image-i.patch, +if the layers of image has been damaged, image reference should be +deleted from repositories.json to avoid docker pull failed. + +however, when imageStore.Get failed, isExist flag has not been set to +false, which cause the image reference has still not been deleted, only +warning is printed. + +flood warnings printed every time user restarts docker daemon, like: +Jan 15 14:09:52 localhost dockerd[3952467]: +time="2021-01-15T14:09:52.705664179+08:00" level=warning msg="Failed to +get image configration for image id +sha256:d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965, +error: failed to get digest +sha256:d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965: +open +/var/lib/docker/image/devicemapper/imagedb/content/sha256/d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965: +no such file or directory" + +so we fix the logic, delete image reference when failed to get image +configuration. + +Signed-off-by: xiadanni +--- + components/engine/daemon/daemon.go | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go +index e826f6a..ed268d2 100644 +--- a/components/engine/daemon/daemon.go ++++ b/components/engine/daemon/daemon.go +@@ -1097,11 +1097,10 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S + return nil, err + } + +- // delete reference of image not nornamlly loaded to imageStore +- var isExist bool ++ // delete reference of image not normally loaded to imageStore + for _, imageID := range rs.List() { ++ isExist := false + if img, err := imageStore.Get(image.ID(imageID)); err == nil { +- isExist = false + if chainID := img.RootFS.ChainID(); chainID != "" { + l, err := layerStores[runtime.GOOS].Get(chainID) + if err == nil { +@@ -1112,7 +1111,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S + isExist = true + } + } else { +- logrus.Warnf("Failed to get image configration for image id %s, error: %s", imageID, err) ++ logrus.Warnf("Failed to get image configuration for image id %s, error: %s", imageID, err) + } + + // If the image not exist locally, delete its reference +-- +1.8.3.1 + diff --git a/series.conf b/series.conf index a24bfef..4828f0b 100644 --- a/series.conf +++ b/series.conf @@ -156,20 +156,33 @@ patch/0157-docker-Support-check-manifest-and-layer-s-DiffID-inf.patch patch/0158-docker-support-private-registry.patch patch/0159-docker-extend-timeout-in-cli-testcases.patch patch/0160-docker-create-a-soft-link-from-runtime-default-to-ru.patch -patch/0161-docker-Delete-stale-containerd-object-on-start-f.patch -patch/0162-docker-delete-event-is-not-need-to-process.patch -patch/0163-docker-stat-process-exit-file-when-kill-process-dire.patch +patch/0161-docker-Delete-stale-containerd-object-on-start-failure.patch +patch/0162-docker-remove-redundant-word-item.patch +patch/0163-docker-delete-event-is-not-need-to-process.patch +patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch patch/0164-docker-use-git-commit-to-store-commit-ID.patch patch/0165-docker-sync-cli-vendor.patch -patch/0167-docker-add-more-messages-for-ops-when-device-not-fo.patch +patch/0167-docker-fix-CVE-2020-13401.patch +patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch patch/0168-docker-do-not-add-w-to-LDFLAGS.patch patch/0169-docker-add-files-in-proc-for-mask.patch patch/0170-docker-fix-docker-load-files-leak.patch patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch patch/0172-docker-fix-panic-on-single-character-volumes.patch -patch/0173-docker-mask-proc-pin_memory.patch -patch/0174-docker-do-not-return-when-matched-registry-mirror.patch +patch/0173-docker-fix-stats-memory-usage-display-error.patch +patch/0175-docker-mask-proc-pin_memory.patch +patch/0175-docker-clean-docker-load-leak-files.patch +patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch +patch/0177-resume-suspend-dm-on-start.patch patch/0175-docker-components-engine-vendor-add-riscv64-config.patch patch/0176-docker-components-engine-vendor-add-new-config-file-for-riscv.patch patch/0177-docker-components-cli-vendor-add-new-config-file-for-riscv.patch +patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch +patch/0179-handle-exit-force.patch +patch/0180-wait-io-with-timeout-in-task-delete.patch +patch/0181-docker-do-not-return-when-matched-registry-mirror.patch +patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch +patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch +patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch + #end -- Gitee