From 7dff9a25eefaea1bfb13da873dc70d8fd613ffa4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 17 2017 20:36:07 +0000 Subject: import docker-latest-1.12.5-14.el7 --- diff --git a/.docker-latest.metadata b/.docker-latest.metadata index fd62e1d..82fd783 100644 --- a/.docker-latest.metadata +++ b/.docker-latest.metadata @@ -1,5 +1,5 @@ -8fc56455907050789e020786df5e52641eaec5ba SOURCES/containerd-b818e74.tar.gz -5e7b051912347159ae4c4f49db2f3de61eff8034 SOURCES/docker-0e5a8b1.tar.gz -69c5ba21f0de4b6c39ccb905dc27df5a03e69765 SOURCES/docker-storage-setup-c9faba1.tar.gz -66fa30802244a12e8364828ba4be2d31bd9d1f4f SOURCES/runc-f509e50.tar.gz +d735e338ba341bfe9bc47e35ae1940b5b24549d9 SOURCES/containerd-471f03c.tar.gz +fef132ee1f672519a219910a809bd141d2a98c64 SOURCES/docker-047e51b.tar.gz +5b62e3b095cc0a7cc4b198546e2f955100b70f94 SOURCES/docker-storage-setup-6709fe6.tar.gz +5d246c0acb58daba296a01cf097b9c69e56913c8 SOURCES/runc-b8dbc3b.tar.gz ea4b3d96c46fccb6781d66a6c53c087b179c80fe SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/.gitignore b/.gitignore index 2d15137..a18c1b3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ -SOURCES/containerd-b818e74.tar.gz -SOURCES/docker-0e5a8b1.tar.gz -SOURCES/docker-storage-setup-c9faba1.tar.gz -SOURCES/runc-f509e50.tar.gz +SOURCES/containerd-471f03c.tar.gz +SOURCES/docker-047e51b.tar.gz +SOURCES/docker-storage-setup-6709fe6.tar.gz +SOURCES/runc-b8dbc3b.tar.gz SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/SOURCES/0001-Set-init-processes-as-non-dumpable.patch b/SOURCES/0001-Set-init-processes-as-non-dumpable.patch new file mode 100644 index 0000000..937ba38 --- /dev/null +++ b/SOURCES/0001-Set-init-processes-as-non-dumpable.patch @@ -0,0 +1,111 @@ +From 50a19c6ff828c58e5dab13830bd3dacde268afe5 Mon Sep 17 00:00:00 2001 +From: Michael Crosby +Date: Wed, 7 Dec 2016 15:05:51 -0800 +Subject: [PATCH] Set init processes as non-dumpable + +This sets the init processes that join and setup the container's +namespaces as non-dumpable before they setns to the container's pid (or +any other ) namespace. + +This settings is automatically reset to the default after the Exec in +the container so that it does not change functionality for the +applications that are running inside, just our init processes. + +This prevents parent processes, the pid 1 of the container, to ptrace +the init process before it drops caps and other sets LSMs. + +This patch also ensures that the stateDirFD being used is still closed +prior to exec, even though it is set as O_CLOEXEC, because of the order +in the kernel. + +https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 + +The order during the exec syscall is that the process is set back to +dumpable before O_CLOEXEC are processed. + +Signed-off-by: Michael Crosby +--- + libcontainer/init_linux.go | 3 ++- + libcontainer/nsenter/nsexec.c | 5 +++++ + libcontainer/setns_init_linux.go | 7 ++++++- + libcontainer/standard_init_linux.go | 3 +++ + 4 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go +index b1e6762..4043d51 100644 +--- a/libcontainer/init_linux.go ++++ b/libcontainer/init_linux.go +@@ -77,7 +77,8 @@ func newContainerInit(t initType, pipe *os.File, stateDirFD int) (initer, error) + switch t { + case initSetns: + return &linuxSetnsInit{ +- config: config, ++ config: config, ++ stateDirFD: stateDirFD, + }, nil + case initStandard: + return &linuxStandardInit{ +diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c +index b93f827..4b5398b 100644 +--- a/libcontainer/nsenter/nsexec.c ++++ b/libcontainer/nsenter/nsexec.c +@@ -408,6 +408,11 @@ void nsexec(void) + if (pipenum == -1) + return; + ++ /* make the process non-dumpable */ ++ if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) { ++ bail("failed to set process as non-dumpable"); ++ } ++ + /* Parse all of the netlink configuration. */ + nl_parse(pipenum, &config); + +diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go +index 2a8f345..7f5f182 100644 +--- a/libcontainer/setns_init_linux.go ++++ b/libcontainer/setns_init_linux.go +@@ -5,6 +5,7 @@ package libcontainer + import ( + "fmt" + "os" ++ "syscall" + + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/keys" +@@ -16,7 +17,8 @@ import ( + // linuxSetnsInit performs the container's initialization for running a new process + // inside an existing container. + type linuxSetnsInit struct { +- config *initConfig ++ config *initConfig ++ stateDirFD int + } + + func (l *linuxSetnsInit) getSessionRingName() string { +@@ -49,5 +51,8 @@ func (l *linuxSetnsInit) Init() error { + if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil { + return err + } ++ // close the statedir fd before exec because the kernel resets dumpable in the wrong order ++ // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 ++ syscall.Close(l.stateDirFD) + return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ()) + } +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go +index 2104f1a..6a65154 100644 +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go +@@ -171,6 +171,9 @@ func (l *linuxStandardInit) Init() error { + return newSystemErrorWithCause(err, "init seccomp") + } + } ++ // close the statedir fd before exec because the kernel resets dumpable in the wrong order ++ // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 ++ syscall.Close(l.stateDirFD) + if err := syscall.Exec(name, l.config.Args[0:], os.Environ()); err != nil { + return newSystemErrorWithCause(err, "exec user process") + } +-- +2.11.0 + diff --git a/SOURCES/docker-latest.service b/SOURCES/docker-latest.service index a5a20a2..d59ca00 100644 --- a/SOURCES/docker-latest.service +++ b/SOURCES/docker-latest.service @@ -3,6 +3,7 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target rhel-push-plugin.socket Wants=docker-latest-storage-setup.service +Requires=rhel-push-plugin.socket [Service] Type=notify @@ -14,9 +15,11 @@ Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin ExecStart=/usr/bin/dockerd-latest \ - --add-runtime docker-runc=/usr/libexec/docker/docker-runc \ + --add-runtime docker-runc=/usr/libexec/docker/docker-runc-latest \ --default-runtime=docker-runc \ + --authorization-plugin=rhel-push-plugin \ --exec-opt native.cgroupdriver=systemd \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ -g /var/lib/docker-latest \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ @@ -25,7 +28,6 @@ ExecStart=/usr/bin/dockerd-latest \ $BLOCK_REGISTRY \ $INSECURE_REGISTRY ExecReload=/bin/kill -s HUP $MAINPID -TasksMax=infinity LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity diff --git a/SOURCES/docker-latest.sysconfig b/SOURCES/docker-latest.sysconfig index c037705..740654e 100644 --- a/SOURCES/docker-latest.sysconfig +++ b/SOURCES/docker-latest.sysconfig @@ -1,14 +1,14 @@ -# /etc/sysconfig/docker +# /etc/sysconfig/docker-latest # Modify these options if you want to change the way the docker daemon runs -OPTIONS='--selinux-enabled --log-driver=journald' +OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false' DOCKER_CERT_PATH=/etc/docker # If you want to add your own registry to be used for docker search and docker # pull use the #ADD_REGISTRY option to list a set of registries, each prepended # with --add-registry flag. The first registry added will be the first registry # searched. -#ADD_REGISTRY='--add-registry registry.access.redhat.com' +ADD_REGISTRY='--add-registry registry.access.redhat.com' # If you want to block registries from being used, uncomment the BLOCK_REGISTRY # option and give it a set of registries, each prepended with --block-registry diff --git a/SPECS/docker-latest.spec b/SPECS/docker-latest.spec index c21e5e8..f96a932 100644 --- a/SPECS/docker-latest.spec +++ b/SPECS/docker-latest.spec @@ -28,20 +28,19 @@ # macros for 'docker' package VR %global docker_epoch 2 -%global docker_ver 1.10.3 -%global docker_rel 58 -%global with_diff_docker 1 +%global docker_ver 1.12.5 +%global docker_rel 14 # docker %global git0 https://github.com/projectatomic/%{repo} -%global commit0 0e5a8b1aca91821971e556fef2fb0e50fcca5470 +%global commit0 047e51b797564227b0bf26f3aa448f563bea5c71 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # docker_branch used in %%check -%global docker_branch docker-1.12.3 +%global docker_branch docker-1.12.5 # d-s-s %global git1 https://github.com/projectatomic/%{repo}-storage-setup/ -%global commit1 c9faba1908b8e77f7c7c443f26e3b3cb1450d1a0 +%global commit1 6709fe6c6b0d154063799364eb1a944d065bab93 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup @@ -52,17 +51,15 @@ %global shortcommit2 %(c=%{commit2}; echo ${c:0:7}) %endif # with_migrator -%if 0%{with_diff_docker} # docker-runc %global git8 https://github.com/projectatomic/runc -%global commit8 f509e5094de84a919e2e8ae316373689fb66c513 +%global commit8 b8dbc3b8e8d868723aec2fd5082e6547ec66cf58 %global shortcommit8 %(c=%{commit8}; echo ${c:0:7}) # docker-containerd -%global git9 https://github.com/docker/containerd -%global commit9 b818e749726ba18e430bb825396c85408dfaf2a4 +%global git9 https://github.com/projectatomic/containerd +%global commit9 471f03c11413d9ab1523de24d3e79ae3a7b8126e %global shortcommit9 %(c=%{commit9}; echo ${c:0:7}) -%endif # with_diff_docker # Version of SELinux %if 0%{?fedora} >= 22 @@ -72,8 +69,8 @@ %endif Name: %{repo}-latest -Version: 1.12.3 -Release: 10%{?dist} +Version: 1.12.5 +Release: 14%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{provider}.%{provider_tld}/projectatomic/%{repo} @@ -90,14 +87,13 @@ Source7: %{name}-storage.sysconfig Source8: %{name}-logrotate.sh Source9: README.%{name}-logrotate Source10: %{name}-network.sysconfig -%if 0%{with_diff_docker} Source11: %{git8}/archive/%{commit8}/runc-%{shortcommit8}.tar.gz Source12: %{git9}/archive/%{commit9}/containerd-%{shortcommit9}.tar.gz +Patch0: 0001-Set-init-processes-as-non-dumpable.patch #Source13: %%{repo}-containerd.service -%endif # with_diff_docker BuildRequires: git BuildRequires: glibc-static -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2 +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.7.4 BuildRequires: go-md2man BuildRequires: libseccomp-devel BuildRequires: device-mapper-devel @@ -114,9 +110,13 @@ Requires(pre): selinux-policy >= %{selinux_policyver} Requires(pre): container-selinux >= %{docker_epoch}:%{docker_ver}-%{docker_rel} Requires: %{repo}-common >= %{docker_epoch}:%{docker_ver}-%{docker_rel} -#Requires: %{repo}-rhel-push-plugin >= %{docker_epoch}:%{docker_ver}-%{docker_rel} -Requires: oci-register-machine >= 1:0-1.8 -Requires: oci-systemd-hook >= 1:0.1.4-4 +Requires: %{repo}-client-latest = %{version}-%{release} +Requires: %{repo}-rhel-push-plugin >= %{docker_epoch}:%{docker_ver}-%{docker_rel} +Requires: oci-register-machine >= 1:0-1.11 +Requires: oci-systemd-hook >= 1:0.1.4-8 +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd # Resolves: rhbz#1045220 Requires: xz @@ -183,22 +183,31 @@ running and skip checksum calculation on startup. %endif # with_migrator +%package -n %{repo}-client-latest +Summary: Client side files for Docker +License: ASL 2.0 +Requires: %{repo}-common + +%description -n %{repo}-client-latest +%{summary} + %prep -%autosetup -Sgit -n %{repo}-%{commit0} +%setup -q -n %{repo}-%{commit0} # here keep the new line above otherwise autosetup fails when applying patch cp %{SOURCE9} . # rhel debranding for centos -#%if 0%{?centos} -#sed -i 's/ADD_REGISTRY/#ADD_REGISTRY/' %{SOURCE6} -#%endif +%if 0%{?centos} +sed -i 's/ADD_REGISTRY/#ADD_REGISTRY/' %{SOURCE6} +%endif # untar d-s-s tar zxf %{SOURCE1} pushd %{repo}-storage-setup-%{commit1} sed -i 's/%{repo}/%{name}/g' %{repo}-storage-setup* -sed -i 's/%{name}_devmapper_meta_dir/%{repo}_devmapper_meta_dir/g' %{repo}-storage-setup* +rename %{repo} %{name} * +sed -i 's/%{name}_devmapper_meta_dir/%{repo}_devmapper_meta_dir/g' %{name}-storage-setup* popd %if 0%{with_migrator} @@ -206,16 +215,17 @@ popd tar zxf %{SOURCE2} %endif # with_migrator -%if 0%{with_diff_docker} # untar docker-runc tar zxf %{SOURCE11} +pushd runc-%{commit8} +%patch0 -p1 +popd # untar docker-containerd tar zxf %{SOURCE12} # docker-containerd unitfile #cp %%{SOURCE13} . -%endif # with_diff_docker %build # set up temporary build gopath, and put our directory there @@ -229,7 +239,6 @@ export DOCKER_GITCOMMIT="%{shortcommit0}/%{version}" export DOCKER_BUILDTAGS='selinux seccomp' export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} -#sed -i '/LDFLAGS_STATIC/d' hack/make/.dockerinit IAMSTATIC=false DOCKER_DEBUG=1 bash -x hack/make.sh dynbinary man/md2man-all.sh pushd man/man1 @@ -253,7 +262,6 @@ make v1.10-migrator-local popd %endif # with_migrator -%if 0%{with_diff_docker} # build %%{repo}-runc pushd runc-%{commit8} make BUILDTAGS='seccomp selinux' @@ -267,11 +275,11 @@ export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} pushd containerd-%{commit9} make popd -%endif # with_diff_docker %install # install binary install -d %{buildroot}%{_bindir} +install -dp %{buildroot}%{_libexecdir}/%{repo} for x in bundles/latest; do if ! test -d $x/dynbinary-client; then @@ -287,8 +295,8 @@ for x in bundles/latest; do continue fi rm $x/dynbinary-daemon/*.{md5,sha256} + install -p -m 755 $x/dynbinary-daemon/%{repo}-proxy-* %{buildroot}%{_libexecdir}/%{repo}/%{repo}-proxy-latest install -p -m 755 $x/dynbinary-daemon/%{repo}d-* %{buildroot}%{_bindir}/%{repo}d-latest - install -p -m 755 $x/dynbinary-daemon/%{repo}d-* %{buildroot}%{_bindir}/%{repo}-proxy break done @@ -333,11 +341,11 @@ install -p contrib/udev/80-%{repo}.rules %{buildroot}%{_udevrulesdir}/80-%{name} install -d %{buildroot}%{_sharedstatedir}/%{name} # install secret patch directory -#install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management -#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo mkdir -p %{buildroot}%{_sysconfdir}/%{name}/certs.d/redhat.{com,io} ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt @@ -382,17 +390,7 @@ install -dp %{buildroot}%{_sysconfdir}/%{name} # install d-s-s pushd %{repo}-storage-setup-%{commit1} -install -d %{buildroot}%{_bindir} -install -p -m 755 %{repo}-storage-setup.sh %{buildroot}%{_bindir}/%{name}-storage-setup -install -d %{buildroot}%{_unitdir} -install -p -m 644 %{repo}-storage-setup.service %{buildroot}%{_unitdir}/%{name}-storage-setup.service -install -d %{buildroot}%{dss_libdir} -install -p -m 644 %{repo}-storage-setup.conf %{buildroot}%{dss_libdir}/%{name}-storage-setup -install -p -m 755 libdss.sh %{buildroot}%{dss_libdir} -install -d %{buildroot}%{_mandir}/man1 -install -p -m 644 %{repo}-storage-setup.1 %{buildroot}%{_mandir}/man1/%{name}-storage-setup.1 -install -d %{buildroot}%{_sysconfdir}/sysconfig -install -p -m 644 %{repo}-storage-setup-override.conf %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage-setup +make install DESTDIR=%{buildroot} DOCKER=%{name} DSSLIBDIR=%{buildroot}%{dss_libdir} popd %if 0%{with_migrator} @@ -404,19 +402,16 @@ install -p -m 700 v1.10-migrator-%{commit2}/v1.10-migrator-local %{buildroot}%{_ install -p -m 700 %{SOURCE3} %{buildroot}%{_bindir}/%{name}-v1.10-migrator-helper %endif # with_migrator -%if 0%{with_diff_docker} # install docker-runc install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 runc-%{commit8}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc +install -p -m 755 runc-%{commit8}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc-latest #install docker-containerd -install -d %%{buildroot}%%{_libexecdir}/%%{repo} -install -p -m 755 containerd-%{commit9}/bin/containerd %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd -install -p -m 755 containerd-%{commit9}/bin/containerd-shim %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd-shim -install -p -m 755 containerd-%{commit9}/bin/ctr %{buildroot}%{_libexecdir}/%{repo}/%{repo}-ctr +install -p -m 755 containerd-%{commit9}/bin/containerd %{buildroot}%{_bindir}/%{repo}-containerd-latest +install -p -m 755 containerd-%{commit9}/bin/containerd-shim %{buildroot}%{_bindir}/%{repo}-containerd-shim-latest +install -p -m 755 containerd-%{commit9}/bin/ctr %{buildroot}%{_bindir}/%{repo}-ctr-latest # docker-containerd unitfile #install -p -m 644 %%{SOURCE13} %%{buildroot}%%{_unitdir} -%endif # with_diff_docker %check [ ! -w /run/%{name}.sock ] || { @@ -452,15 +447,16 @@ exit 0 %{_mandir}/man1/%{name}*.1.gz %{_mandir}/man5/Dockerfile-latest.5.gz %{_mandir}/man8/%{repo}d-latest.8.gz -%{_bindir}/%{name} -%{_bindir}/%{repo}-proxy %{_bindir}/%{repo}d-latest +%{_bindir}/%{repo}-containerd-latest +%{_bindir}/%{repo}-containerd-shim-latest +%{_bindir}/%{repo}-ctr-latest %{_bindir}/%{name}-storage-setup %{_unitdir}/%{name}.service %{_unitdir}/%{name}-storage-setup.service %{_datadir}/bash-completion/completions/%{name} -#%dir %{_datadir}/rhel -#%{_datadir}/rhel/* +%dir %{_datadir}/rhel +%{_datadir}/rhel/* %dir %{_sharedstatedir}/%{name} %{_udevrulesdir}/80-%{name}.rules %{_sysconfdir}/%{name} @@ -474,12 +470,14 @@ exit 0 %{_datadir}/zsh/site-functions/_%{name} # 1.12 specific %dir %{_libexecdir}/%{repo} -%{_libexecdir}/%{repo}/%{repo}-runc -%{_libexecdir}/%{repo}/%{repo}-containerd -%{_libexecdir}/%{repo}/%{repo}-containerd-shim -%{_libexecdir}/%{repo}/%{repo}-ctr +%{_libexecdir}/%{repo}/%{repo}-runc-latest +%{_libexecdir}/%{repo}/%{repo}-proxy-latest #%%{_unitdir}/%%{repo}-containerd.service +%files -n %{repo}-client-latest +%license LICENSE* +%{_bindir}/%{name} + %if 0%{?with_devel} %files devel %license LICENSE @@ -505,8 +503,70 @@ exit 0 %endif # with_migrator %changelog -* Wed Dec 14 2016 Johnny Hughes - 1.12.3-10 -- Manual CentOS Debranding +* Wed Jan 11 2017 Lokesh Mandvekar - 1.12.5-14 +- keep version-release consistent with docker + +* Wed Jan 11 2017 Lokesh Mandvekar - 1.12.5-13 +- keep version-release consistent with docker (RE: #1412385) + +* Tue Jan 10 2017 Lokesh Mandvekar - 1.12.5-12 +- use container-selinux >= 2:1.12.5-12 - includes relabeling for docker-latest +unitfiles + +* Tue Jan 10 2017 Lokesh Mandvekar - 1.12.5-11 +- enforce min version-release for oci-register-machine and oci-systemd-hook + +* Tue Jan 10 2017 Lokesh Mandvekar - 1.12.5-10 +- Resolves: #1409707 - *CVE-2016-9962* - set init processes as non-dumpable +patch from Michael Crosby + +* Thu Jan 05 2017 Lokesh Mandvekar - 1.12.5-9 +- built docker @projectatomic/docker-1.12.5 commit 047e51b +- built d-s-s commit 6709fe6 +- built v1.10-migrator commit c417a6a +- built docker-runc commit b8dbc3b +- built docker-containerd commit 471f03c + +* Tue Dec 20 2016 Lokesh Mandvekar - 1.12.5-8 +- Resolves: #1403809 - fix packaging bug RE: docker-proxy-latest +- From: Antonio Murdaca +- Resolves: #1402086, #1404309 + +* Tue Dec 20 2016 Lokesh Mandvekar - 1.12.5-7 +- DOCKER_PROXY_BINARY env var removed from docker + +* Tue Dec 20 2016 Lokesh Mandvekar - 1.12.5-6 +- Resolves: #1406500 - correct docker-runc path + +* Tue Dec 20 2016 Lokesh Mandvekar - 1.12.5-5 +- Resolves: #1403809 - add --userland-proxy-path option to unitfile + +* Mon Dec 19 2016 Lokesh Mandvekar - 1.12.5-4 +- keep release tag same as 'docker' when both versions are same + +* Fri Dec 16 2016 Lokesh Mandvekar - 1.12.5-3 +- built docker @projectatomic/docker-1.12.5 commit 6009905 +- built d-s-s commit b7175b4 +- built v1.10-migrator commit c417a6a +- built docker-runc commit b8dbc3b +- built docker-containerd commit 471f03c + +* Fri Dec 16 2016 Lokesh Mandvekar - 1.12.5-1 +- built docker @projectatomic/docker-1.12.5 commit 6009905 +- built d-s-s commit b7175b4 +- built v1.10-migrator commit c417a6a +- built docker-runc commit b8dbc3b +- built docker-containerd commit 471f03c + +* Tue Dec 13 2016 Lokesh Mandvekar - 1.12.4-3 +- use docker 2:1.12.4-3 + +* Tue Dec 13 2016 Lokesh Mandvekar - 1.12.4-2 +- built docker @projectatomic/docker-1.12.4 commit 1b5971a +- built d-s-s commit 0d53efa +- built v1.10-migrator commit c417a6a +- built docker-runc commit b8dbc3b +- built docker-containerd commit 471f03c * Fri Nov 18 2016 Lokesh Mandvekar - 1.12.3-10 - depend on docker-common, container-selinux >= 2:1.10.3-58