SUSE-RU-2016:0248-1: moderate: Recommended update for Docker

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Jan 26 07:11:21 MST 2016


   SUSE Recommended Update: Recommended update for Docker
______________________________________________________________________________

Announcement ID:    SUSE-RU-2016:0248-1
Rating:             moderate
References:         #954737 #954812 #956434 #958255 #959405 
Affected Products:
                    SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

   An update that has 5 recommended fixes can now be installed.

Description:


   Docker has been updated to version 1.9.1, bringing several fixes,
   enhancements and new features.

   Runtime:

   - Do not prevent daemon from booting if images could not be restored.
   - Force IPC mount to unmount on daemon shutdown/init.
   - Turn IPC unmount errors into warnings.
   - Fix 'docker stats' performance regression.
   - Clarify cryptic error message upon 'docker logs' if '--log-driver=none'.
   - Fix opq whiteouts problems for files with dot prefix.
   - Do not make network calls when normalizing names.
   - Output block IO metrics on 'docker stats'.
   - Detail network stats per interface on 'docker stats'.
   - Add 'ancestor=<image>' filter to 'docker ps --filter' flag to filter
     containers based on their ancestor images.
   - Add 'label=<somelabel>' filter to 'docker ps --filter' to filter
     containers based on label.
   - Add '--kernel-memory' flag to 'docker run'.
   - Add '--message' flag to 'docker import' allowing to specify an optional
     message.
   - Add '--privileged' flag to 'docker exec'.
   - Add '--stop-signal' flag to 'docker run' to replace the container
     process stopping signal.
   - Add a new 'unless-stopped' restart policy.
   - Inspecting an image now returns tags.
   - Add container size information to 'docker inspect'.
   - Add 'RepoTags' and 'RepoDigests' field to '/images/{name:.*}/json'.
   - Remove the deprecated '/container/ps' endpoint from the API.
   - Send and document correct HTTP codes for '/exec/<name>/start'.
   - Share shm and mqueue between containers sharing IPC namespace.
   - Event stream now shows OOM status when '--oom-kill-disable' is set.
   - Ensure special network files (e.g. /etc/hosts) are read-only if
     bind-mounted with 'ro' option.
   - Improve 'rmi' performance.
   - Do not update /etc/hosts for the default bridge network, except for
     links.
   - Fix conflict with duplicate container names.
   - Fix an issue with incorrect template execution in 'docker inspect'.
   - Deprecate '-c' short flag variant for '--cpu-shares' in 'docker run'.
   - Change systemd unit file to no longer use the deprecated "-d" option.
     (bsc#954737)
   - Use file system cgroups by default.

   Client:

   - Fix bug with 'docker inspect' output when not connected to daemon.
   - Fix 'docker inspect -f {{.HostConfig.Dns}} somecontainer'.
   - Allow 'docker import' to import from local files.

   Builder:

   - Fix regression with symlink behavior in ADD/COPY.
   - Add a 'STOPSIGNAL' Dockerfile instruction allowing to set a different
     stop-signal for the container process.
   - Add an 'ARG' Dockerfile instruction and a '--build-arg' flag to 'docker
     build' that allows to add build-time environment variables.
   - Improve cache miss performance.

   Storage:

   - Try defaulting to xfs instead of ext4 for performance reasons.
   - Fix displayed file system in docker info.
   - Implement deferred deletion capability in devicemapper.

   Networking:

   - Promote 'docker network' from experimental to part of the standard
     release.
   - New network top-level concept, with associated subcommands and API.
     WARNING: the API is different from the experimental API.
   - Support for multiple isolated/micro-segmented networks.
   - Built-in multihost networking using VXLAN based overlay driver.
   - Support for third-party network plugins.
   - Ability to dynamically connect containers to multiple networks.
   - Support for user-defined IP address management via pluggable IPAM
     drivers.
   - Allow passing a network ID as an argument for '--net'.
   - Fix connect to host and prevent disconnect from host for 'host' network.
   - Fix '--fixed-cidr' issue when gateway ip falls in ip-range and ip-range
     is not the first block in the network.
   - Restore deterministic 'IPv6' generation from 'MAC' address on default
     'bridge' network.
   - Allow port-mapping only for endpoints created on docker run.
   - Fixed an endpoint delete issue with a possible stale sbox.
   - Add daemon flags '--cluster-store' and '--cluster-advertise' for
     built-in nodes discovery.
   - Add '--cluster-store-opt' for setting up TLS settings.
   - Add '--dns-opt' to the daemon.
   - Deprecate the following container 'NetworkSettings' fields in API v1.21:
     'EndpointID', 'Gateway', 'GlobalIPv6Address', 'GlobalIPv6PrefixLen',
     'IPAddress', 'IPPrefixLen', 'IPv6Gateway' and 'MacAddress'. Those are
     now specific to the 'bridge' network. Use 'NetworkSettings.Networks' to
     inspect the networking settings of a container per network.

   Distribution:

   - Correct parent chain in v2 push when v1Compatibility files on the disk
     are inconsistent.
   - Make 'docker search' work with partial names.
   - Push optimization by avoiding buffering to file.
   - The daemon will display progress for images that were already being
     pulled by another client.
   - Only permissions required for the current action being performed are
     requested.
   - Renaming trust keys (and respective environment variables) from
     'offline' to 'root' and 'tagging' to 'repository'.
   - Deprecate trust key environment variables
     'DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE' and
     'DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE'.

   Volumes:

   - New top-level 'volume' sub-command and API.
   - Move API volume driver settings to host-specific config.
   - Print an error message if volume name is not unique.
   - Ensure volumes created from Dockerfiles always use the local volume
     driver.
   - Deprecate auto-creating missing host paths for bind mounts.

   Logging:

   - Add 'awslogs' logging driver for Amazon CloudWatch.
   - Add generic 'tag' log option to allow customizing container/image
     information passed to driver (e.g. show container names).
   - Implement the 'docker logs' endpoint for the journald driver.
   - Deprecate driver-specific log tags (e.g. 'syslog-tag', etc.).

   Security:

   - Only relabel if user requested so with the 'z' option. (SELinux)
   - Add SELinux profiles to the rpm package.
   - Add AppArmor policy that prevents writing to /proc.
   - Fix creation of AppArmor profiles. (bsc#958255)
   - Add rules for auditd. (bsc#959405)


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Containers 12:

      zypper in -t patch SUSE-SLE-Module-Containers-12-2016-156=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

      docker-1.9.1-58.1
      docker-debuginfo-1.9.1-58.1
      docker-debugsource-1.9.1-58.1


References:

   https://bugzilla.suse.com/954737
   https://bugzilla.suse.com/954812
   https://bugzilla.suse.com/956434
   https://bugzilla.suse.com/958255
   https://bugzilla.suse.com/959405



More information about the sle-updates mailing list