RHBA-2016:1274 - Bug Fix Advisory

Topic

Updated docker packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras.

Description

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.

The docker packages have been upgraded to upstream version 1.10.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1335597)

This update also fixes the following bugs:

• Previously, the "docker info" command returned an incorrect number of images installed in the docker environment. This bug has been fixed and now "docker info" reports the correct number of images. (BZ#1304808)
• A bug in the way the code got the file descriptor number from an HTTP response caused a substantial number of error messages to be logged from failing to get the correct file descriptor. The way the file descriptor is obtained has now been changed and such error messages are no longer logged. (BZ#1335635)
• In previous versions of docker, you needed to disable SELinux support for container separation if you were using the BTRFS back end. This is no longer required. Having SELinux and BTRFS working together increases the security separation between containers. (BZ#1338894)
• When reading from the sync pipe between docker and libcontainer a new line was left behind unread. As a consequence, containers failed to start with the following error:

"error: read parent: connection reset by peer"

To fix this bug, the code has been changed to read all bytes from the sync pipe, and now containers can be started as usual. (BZ#1339164)

Additionally, this update adds the following enhancement:

• Support for the specific namespaced network sysctl settings for containers has been added to docker. This enhancement allows container orchestration tools to set the sysctl settings before launching processes within the container. (BZ#1260136)

Users of docker are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64

Fixes

• BZ - 1245325 - Cannot link containers
• BZ - 1283891 - When initscripts is installed, systemd in Docker container shows error during systemctl daemon-reload
• BZ - 1286787 - docker should create /etc/machine-id
• BZ - 1304808 - docker info reports wrong image count
• BZ - 1309900 - docker pull wedges, daemon restart required
• BZ - 1317096 - Regression: docker rmi of in-use image erases tagged name
• BZ - 1318690 - Can't use shared volume mounts with docker 1.10
• BZ - 1323819 - docker volumes are blocked even when there is a bind mount over it with --no-volumes
• BZ - 1324150 - [golang 1.6] Provide some mechanism to ignore invalid 'host' headers
• BZ - 1328917 - Problem upgrading from Docker 1.8.2 to 1.9.1: "Could not find container for entity id"
• BZ - 1335597 - [extras-rhel-7.2.5] rebase docker to v1.10.3 + rh patches
• BZ - 1335635 - "Failed to get pwuid struct: user: unknown userid " log spam
• BZ - 1338894 - [RFE] Allow Docker + SELinux + Btrfs
• BZ - 1339146 - [Container Installation only][docker1.10] Downward api volume can not work with docker 1.10
• BZ - 1339164 - HTTP Error" err="Cannot start container <hash>: [8] System error: read parent: connection reset by peer" statusCode=500
• BZ - 1341328 - Include v1.10-migrator-helper script in the docker-v1.10-migrator RPM
• BZ - 1341789 - docker build/run fails after upgrade from docker 1.9.1 to 1.10.3
• BZ - 1341906 - Running kubernetes density e2e causes docker 1.10 to wedge, completely unresponsive.
• BZ - 1342149 - failed to upgrade to docker-1.10 with both docker and docker-latest installed
• BZ - 1342274 - docker-1.10 rpm provides unnecessary plugin files
• BZ - 1343702 - Untar re-exec error: exit status 1: output: operation not supported
• BZ - 1344448 - rhel-push-plugin blocking push to non-docker.io registry - confusing messages

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#normal