RHBA-2016:0536 - Bug Fix Advisory

Topic

Updated docker packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras.

Description

Docker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.

The docker packages have been upgraded to upstream version 1.9.1, which provides a number of bug fixes and enhancements over the previous version. (BZ1286806)

This update also fixes the following bugs:

• The docker daemon constantly writes to stdout and stderr inside of its unit file. The systemd-journald writes this stdout and stderr content to the journal. If the journal is restarted, this results in the docker daemon getting a SIGPIPE signal. As a consequence, when the docker daemon receives a SIGPIPE signal it shuts down stopping all containers. To fix this bug, a helper program has been added that will capture stdout and stderr from docker and forward the content to the journal. This helper program has improved handling of the SIGPIPE signal. As a result, if systemd-journal is restarted, then the docker daemon will no longer shut down, stopping all containers. (BZ#1300076)
• In previous versions of the docker packages, the docker daemon could hang when pulling multiple container images in parallel. As a consequence, this caused OpenShift to fail to deploy PODS in production. This bugs has been fixed and now OpenShift is able to deploy all of its POD's images. (BZ#1256877)

Users of docker are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server from RHUI 7 x86_64

Fixes

• BZ - 1256877 - PODs are failing to be deployed because docker couldn’t pull the images
• BZ - 1259342 - docker: Fail to start if selinux is enabled and overlayfs is being used as graph driver
• BZ - 1262374 - docker-selinux: Package upgrade taking a long time and using large amounts of resources
• BZ - 1275399 - docker spam about loginuid and pwuid...
• BZ - 1275554 - Error response from daemon: Relabeling of / is not allowed after upgrading docker
• BZ - 1277867 - yum install docker fails with dependency conflict
• BZ - 1279015 - Docker 1.8.2 fails to set iptables rules
• BZ - 1286765 - docker should not time out on sd_notify
• BZ - 1286806 - [extras-rhel-7.2.2] rebase docker to upstream 1.9.1 + RH patches
• BZ - 1293502 - Docker spawns a docker-proxy process for each port in a container
• BZ - 1298363 - docker: Backport device maper deferred device deletion fix in 1.9
• BZ - 1300076 - Docker command crashes after journald is stopped
• BZ - 1301199 - docker adds distro tag to docker version which causes kubelet to fail
• BZ - 1302411 - Docker 1.9 has issues assigning IP addresses correctly
• BZ - 1302418 - Starting container sometimes fails on Docker 1.9.1-14
• BZ - 1304038 - docker-1.9 is unstable when used with openshift-3.1.
• BZ - 1317627 - cgroups: cpu.shares: no such file or directory error seen during openshift builds
• BZ - 1317662 - manpage for docker-daemon should exist but doesn't
• BZ - 1317991 - cgroups: cgroups.proc no such file or directory error during docker build
• BZ - 1320302 - --cgroup-parent doesn't work correctly in docker 1.9

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal