FEDORA-2016-6a0d540088

security update in Fedora 23 for docker

Status: stable 2 years ago

This update has been submitted for testing by runcom.

2 years ago

This update has obsoleted docker-1.10.3-23.gitf476348.fc23, and has inherited its bugs and notes.

2 years ago

This update has been pushed to testing.

2 years ago

derekwaynecarr 2 years ago

I tested this with a Kubernetes 1.3 cluster and verified it was functional.

karma: +1

runcom edited this update.

2 years ago

derekwaynecarr 2 years ago

Installed on a vanilla F23 box and did not edit any unit files, and get following error:

sudo systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2016-06-08 15:58:16 EDT; 7s ago Docs: http://docs.docker.com Process: 16020 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $INSECURE_REGISTRY (code=exited, status=125) Main PID: 16020 (code=exited, status=125)

Jun 08 15:58:16 localhost.localdomain systemd[1]: Started Docker Application Container Engine. Jun 08 15:58:16 localhost.localdomain systemd[1]: Starting Docker Application Container Engine... Jun 08 15:58:16 localhost.localdomain docker[16020]: flag provided but not defined: -d Jun 08 15:58:16 localhost.localdomain docker[16020]: See '/usr/bin/docker --help'. Jun 08 15:58:16 localhost.localdomain systemd[1]: docker.service: Main process exited, code=exited, status=125/n/a Jun 08 15:58:16 localhost.localdomain systemd[1]: docker.service: Unit entered failed state. Jun 08 15:58:16 localhost.localdomain systemd[1]: docker.service: Failed with result 'exit-code'.

it looks like the unit should have docker daemon \ and not docker -d \

karma: -1

runcom 2 years ago

derek - that unit file with "/usr/bin/docker -d" is not in the fedora dist-git at all - I'm not sure how you're getting it on a fresh fedora f23 installation - there's not even forward-journald in there (it's just wrong) This is the current unit shipped with this update:

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service

[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/bin/sh -c '/usr/bin/docker daemon \
          --exec-opt native.cgroupdriver=systemd \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $INSECURE_REGISTRY \
          2>&1 | /usr/bin/forward-journald -tag docker'
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
MountFlags=slave
StandardOutput=null
StandardError=null
TimeoutStartSec=0
Restart=on-abnormal

[Install]
WantedBy=multi-user.target

derekwaynecarr 2 years ago

Apologies, user error on my part.

karma: +1

lsm5 2 years ago

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by runcom.

2 years ago

This update has been pushed to stable.

2 years ago

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

Text fields in Bodhi2 support an enhanced version of markdown. This is a cheat sheet for your reference.

You can do headers by underlining or by prefixing with the # character:

This is an H1
=============

This is an H2
-------------

# This is another H1

## This is another H2

You can do blockquotes using email-style prefixes with the > character:

> This is a quotation
> over many lines
> > and it can be nested(!)

Lists work like you'd expect, by prefixing with any of the *, +, or - characters:

Check out this list:

* This
* is
* a list..

You need a blank line between a paragraph and the start of a list for the renderer to pick up on it.

Emphasis can be added like this:

*italics*
_italics_
**bold**
__bold__

You can save your code references from being misinterpreted as emphasis by surrounding them with backtick characters (`):

Use `the_best_function()` and _not_ that crummy one.

Links look like this:

[text](http://getfedora.org)

..but we also support bare links if you just provide a URL.

You can create code blocks by indenting every line of the block by at least 4 spaces or 1 tab.

Here is a code block:

    for i in range(4):
        print i
    print "done."

You can reference bug reports by simply writing something of the form tracker#ticketid.

This fixes PHP#1234 and Python#2345

... we will automatically generate links to the tickets in the appropriate trackers in place.

The supported bug tracker prefixes are: (these are all case-insensitive)

Fedora, RHBZ and RH (all point to the Red Hat Bugzilla)
GNOME
KDE
PEAR
PHP
Python

And you can refer to other users by prefixing their username with the @ symbol.

Thanks @mattdm!

This will generate a link to their profile, but it won't necessarily send them a notification unless they have a special FMN rule set up to catch it.

Lastly, you can embed inline images with syntax like this:

![Alt text](/path/to/img.jpg)

-1	0	+1	Feedback Guidelines
			Is the update generally functional? (karma) You need to be logged in to add karma!
			#1254694 "man docker-login" incorrectly claims that you can "docker login" to Docker Hub as non-root user
			#1269602 Secrets patch does not work in Fedora
			#1289851 Docker.service does not require docker.socket which can lead to Docker crash when docker.sock is host mounted
			#1289963 docker push not working in 1.9.1
			#1303105 Docker does not own /usr/lib/docker-storage-setup
			#1312934 "docker images" command returns all the repositories prepended with the "docker.io/" string
			#1326110 Unable to create containers with Kubernetes master and Docker 1.9.1-9
			#1329454 CVE-2016-3697 docker: privilege escalation via confusion of usernames and UIDs [fedora-all]
			#1335649 Enable use of Red Hat subscriptions in docker containers on Fedora
			#1340921 "Failed to get pwuid struct: user: unknown userid " log spam

Content Type

RPM

Status

stable

Test Gating

Submitted by

runcom

Update Type

security

Update Severity

unspecified

Karma

Autopush

Disabled

Dates

submitted	2 years ago
in testing	2 years ago
in stable	2 years ago
modified	2 years ago

FEDORA-2016-6a0d540088

security update in Fedora 23 for docker

How to install

Comments 12

Add Comment & Feedback
Toggle Preview

Related Bugs 10

Automated Test Results

FEDORA-2016-6a0d540088

security update in Fedora 23 for docker

How to install

Comments 12

Add Comment & Feedback Toggle Preview

Related Bugs 10

Automated Test Results

Add Comment & Feedback
Toggle Preview