Overview

File _patchinfo of Package patchinfo.1867

<patchinfo incident="1867">
  <issue id="958255" tracker="bnc">Docker creates strange apparmor profile</issue>
  <issue id="954812" tracker="bnc">Please update Docker to 1.9 (as of today)</issue>
  <issue id="956434" tracker="bnc">Upgrade to docker 1.9.1</issue>
  <issue id="954737" tracker="bnc">docker daemon systemd unit uses deprecated -d option</issue>
  <issue id="959405" tracker="bnc">add audit rules for docker daemon</issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>jordimassaguerpla</packager>
  <description>
Docker has been updated to version 1.9.1, bringing several fixes, enhancements
and new features.

Runtime:

- Do not prevent daemon from booting if images could not be restored.
- Force IPC mount to unmount on daemon shutdown/init.
- Turn IPC unmount errors into warnings.
- Fix 'docker stats' performance regression.
- Clarify cryptic error message upon 'docker logs' if '--log-driver=none'.
- Fix opq whiteouts problems for files with dot prefix.
- Do not make network calls when normalizing names.
- Output block IO metrics on 'docker stats'.
- Detail network stats per interface on 'docker stats'.
- Add 'ancestor=&lt;image&gt;' filter to 'docker ps --filter' flag to filter containers
  based on their ancestor images.
- Add 'label=&lt;somelabel&gt;' filter to 'docker ps --filter' to filter containers
  based on label.
- Add '--kernel-memory' flag to 'docker run'.
- Add '--message' flag to 'docker import' allowing to specify an optional message.
- Add '--privileged' flag to 'docker exec'.
- Add '--stop-signal' flag to 'docker run' to replace the container process stopping signal.
- Add a new 'unless-stopped' restart policy.
- Inspecting an image now returns tags.
- Add container size information to 'docker inspect'.
- Add 'RepoTags' and 'RepoDigests' field to '/images/{name:.*}/json'.
- Remove the deprecated '/container/ps' endpoint from the API.
- Send and document correct HTTP codes for '/exec/&lt;name&gt;/start'.
- Share shm and mqueue between containers sharing IPC namespace.
- Event stream now shows OOM status when '--oom-kill-disable' is set.
- Ensure special network files (e.g. /etc/hosts) are read-only if bind-mounted with 'ro' option.
- Improve 'rmi' performance.
- Do not update /etc/hosts for the default bridge network, except for links.
- Fix conflict with duplicate container names.
- Fix an issue with incorrect template execution in 'docker inspect'.
- Deprecate '-c' short flag variant for '--cpu-shares' in 'docker run'.
- Change systemd unit file to no longer use the deprecated "-d" option. (bsc#954737)
- Use file system cgroups by default.

Client:

- Fix bug with 'docker inspect' output when not connected to daemon.
- Fix 'docker inspect -f {{.HostConfig.Dns}} somecontainer'.
- Allow 'docker import' to import from local files.

Builder:

- Fix regression with symlink behavior in ADD/COPY.
- Add a 'STOPSIGNAL' Dockerfile instruction allowing to set a different stop-signal
  for the container process.
- Add an 'ARG' Dockerfile instruction and a '--build-arg' flag to 'docker build'
  that allows to add build-time environment variables.
- Improve cache miss performance.

Storage:

- Try defaulting to xfs instead of ext4 for performance reasons.
- Fix displayed file system in docker info.
- Implement deferred deletion capability in devicemapper.

Networking:

- Promote 'docker network' from experimental to part of the standard release.
- New network top-level concept, with associated subcommands and API.
  WARNING: the API is different from the experimental API.
- Support for multiple isolated/micro-segmented networks.
- Built-in multihost networking using VXLAN based overlay driver.
- Support for third-party network plugins.
- Ability to dynamically connect containers to multiple networks.
- Support for user-defined IP address management via pluggable IPAM drivers.
- Allow passing a network ID as an argument for '--net'.
- Fix connect to host and prevent disconnect from host for 'host' network.
- Fix '--fixed-cidr' issue when gateway ip falls in ip-range and ip-range is not the
  first block in the network.
- Restore deterministic 'IPv6' generation from 'MAC' address on default 'bridge' network.
- Allow port-mapping only for endpoints created on docker run.
- Fixed an endpoint delete issue with a possible stale sbox.
- Add daemon flags '--cluster-store' and '--cluster-advertise' for built-in nodes discovery.
- Add '--cluster-store-opt' for setting up TLS settings.
- Add '--dns-opt' to the daemon.
- Deprecate the following container 'NetworkSettings' fields in API v1.21:
    'EndpointID', 'Gateway', 'GlobalIPv6Address', 'GlobalIPv6PrefixLen', 'IPAddress',
    'IPPrefixLen', 'IPv6Gateway' and 'MacAddress'.
  Those are now specific to the 'bridge' network. Use 'NetworkSettings.Networks' to
  inspect the networking settings of a container per network.

Distribution:

- Correct parent chain in v2 push when v1Compatibility files on the disk are inconsistent.
- Make 'docker search' work with partial names.
- Push optimization by avoiding buffering to file.
- The daemon will display progress for images that were already being pulled by another client.
- Only permissions required for the current action being performed are requested.
- Renaming trust keys (and respective environment variables) from 'offline' to 'root'
  and 'tagging' to 'repository'.
- Deprecate trust key environment variables 'DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE' and
  'DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE'.

Volumes:

- New top-level 'volume' sub-command and API.
- Move API volume driver settings to host-specific config.
- Print an error message if volume name is not unique.
- Ensure volumes created from Dockerfiles always use the local volume driver.
- Deprecate auto-creating missing host paths for bind mounts.

Logging:

- Add 'awslogs' logging driver for Amazon CloudWatch.
- Add generic 'tag' log option to allow customizing container/image information
  passed to driver (e.g. show container names).
- Implement the 'docker logs' endpoint for the journald driver.
- Deprecate driver-specific log tags (e.g. 'syslog-tag', etc.).

Security:

- Only relabel if user requested so with the 'z' option. (SELinux)
- Add SELinux profiles to the rpm package.
- Add AppArmor policy that prevents writing to /proc.
- Fix creation of AppArmor profiles. (bsc#958255)
- Add rules for auditd. (bsc#959405)
</description>
  <summary>Recommended update for Docker</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places