RHBA-2015:0759 - Bug Fix Advisory

Topic

Updated docker packages that fix several bugs are now available for Red Hat
Enterprise Linux 7.

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.

This update fixes the following bugs:

• When running the docker client, the client attempts to create a .docker directory in the directory indicated by the $HOME environment variable and write certificate data into it. If the $HOME environment variable is not set, docker attempts to create /.docker. On an Atomic Host, the / directory is not writeable, so the service failed with a permission denied error message. With this update, the docker client attempts to write to its configuration data to the home directory for the executing user if $HOME is not set. If that fails, the docker client will fall back to trying the /etc/docker directory. (BZ#1198599)
• Previously, the docker service put the 80-docker.rules file in the /etc/udev/rules.d/ directory. This directory is used for the administrator’s udev rules. This update fixes the location, and the 80-docker.rules file is now correctly stored in the /usr/lib/udev/rules.d/ directory. (BZ#1199433)
• When docker images have directories specified as "externally mounted" (that is, the VOLUME keyword is present in a Dockerfile, and the {{.ContainerConfig.Volumes}} entry in docker inspect), the SELinux policy for /var/lib/docker/vfs/dir/* files was set incorrectly. As a consequence,

the containers could not store data on these volumes. This update adds the correct SELinux policy for the files in /var/lib/docker/vfs/dir/*, and the containers can now store data as intended. (BZ#1193700)

• Previously, if a host volume was mounted after starting the docker service and then the mapping was carried out inside the container, the volume failed to mount. In addition, if the volume was unmounted on the host, docker daemon still reported the mounted files. For both of these scenarios, restarting the docker service after mounting the volume led to correct mapping inside the docker container. The incorrect behavior of the docker daemon, which changed the mount namespaces and ignored the host, has been fixed, and the host volume is now correctly mounted in the described situations. (BZ#1180718)

Users of docker are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server from RHUI 7 x86_64

Fixes

• BZ - 1097189 - docker fail to start because of existing container id
• BZ - 1113085 - `docker run` doesn't exit properly in interactive mode
• BZ - 1169327 - docker run fails with "SQL error or missing database: no such table: entity"
• BZ - 1188318 - atomic run fedora /bin/sh is broken
• BZ - 1192312 - Wrong versions of docker 1.5.0-1 sub rpm
• BZ - 1194445 - docker-python in RHEL 7.1 does not work with version of python-requests shipped in RHEL7.1
• BZ - 1196709 - docker run -it --rm empty fatal error
• BZ - 1197158 - ADD_REGISTRY support is broken in 1.5.0-6
• BZ - 1198599 - docker command will not execute within a systemd unit file on a atomic host
• BZ - 1198630 - docker doesn't work for images from docker.io
• BZ - 1199433 - 80-docker.rules should be in /usr/lib/udev/rules.d/
• BZ - 1200023 - docker 1.5.0 is available
• BZ - 1200104 - dns resolution is broken inside containers with selinux enforced
• BZ - 1200394 - "atomic run --spc" fails in latest docker builds due to problems mapping /run/ into container
• BZ - 1202517 - docker fd leak
• BZ - 1204576 - docker-fetch isn't buildable

CVEs

(none)

References

(none)