[El-errata] ELBA-2015-3083 Oracle Linux 6 docker-engine bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 6 15:16:58 PDT 2015

Oracle Linux Bug Fix Advisory ELBA-2015-3083


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:




Please review Chapter 10.3 Upgrading to Docker Version 1.8.1 and Later 
in the Oracle Linux 6 Administrator's Solutions Guide at 

Description of changes:

- Fixes rare edge case of handling GNU LongLink and LongName entries.
- Fix ^C on docker pull.
- Fix docker pull issues on client disconnection.
- Fix issue that caused the daemon to panic when loggers weren't 
configured properly.
- Fix goroutine leak pulling images from registry V2.
- Fix a bug mounting cgroups for docker daemons running inside docker 
- Initialize log configuration properly.
- Handle -q flag in docker ps properly when there is a default format.
- Fix several corner cases with netlink.
- Fix several issues with bash completion.

- Fix a bug where pushing multiple tags would result in invalid images

- Trusted pull, push and build, disabled by default
- Make tar layers deterministic between registries
- Don't allow deleting the image of running containers
- Check if a tag name to load is a valid digest
- Allow one character repository names
- Add a more accurate error description for invalid tag name
- Make build cache ignore mtime
- Add support for DOCKER_CONFIG/--config to specify config file dir
- Add --type flag  for docker inspect command
- Add formatting options to docker ps with --format
- Replace docker -d with new subcommand docker daemon
- Zsh completion updates and improvements
- Add some missing events to bash completion
- Support daemon urls with base paths in docker -H
- Validate status= filter to docker ps
- Display when a container is in --net=host in docker ps
- Extend docker inspect to export image metadata related to graph driver
- Restore --default-gateway{,-v6} daemon options
- Add missing unpublished ports in docker ps
- Allow duration strings in docker events as --since/--until
- Expose more mounts information in docker inspect
- Add new Fluentd logging driver
- Allow docker import to load from local files
- Add logging driver for GELF via UDP
- Allow to copy files from host to containers with docker cp
- Promote volume drivers from experimental to master
- Add rollover log driver, and --log-driver-opts flag
- Add memory swappiness tuning options
- Remove cgroup read-only flag when privileged
- Make /proc, /sys, & /dev readonly for readonly containers
- Add cgroup bind mount by default
- Overlay: Export metadata for container and image in docker inspect
- Devicemapper: external device activation
- Devicemapper: Compare uuid of base device on startup
- Remove RC4 from the list of registry cipher suites
- Add syslog-facility option
- LXC execdriver compatibility with recent LXC versions
- Mark LXC execriver as deprecated (to be removed with the migration to 
- Separate plugin sockets and specs locations
- Allow TLS connections to plugins
- Add missing 'Names' field to /containers/json API output
- Make docker rmi --dangling safe when pulling
- Devicemapper: Change default basesize to 100G
- Go Scheduler issue with sync.Mutex and gcc
- Fix issue where Search API endpoint would panic due to empty AuthConfig
- Set image canonical names correctly
- Check dockerinit only if lxc driver is used
- Fix ulimit usage of nproc
- Always attach STDIN if -i,--interactive is specified
- Show error messages when saving container state fails
- Fixed incorrect assumption on --bridge=none treated as disable network
- Check for invalid port specifications in host configuration
- Fix endpoint leave failure for --net=host mode
- Fix goroutine leak in the stats API if the container is not running
- Check for apparmor file before reading it
- Fix DOCKER_TLS_VERIFY being ignored
- Set umask to the default on startup
- Correct the message of pause and unpause a non-running container
- Adjust disallowed CpuShares in container creation
- ZFS: correctly apply selinux context
- Display empty string instead of <nil> when IP opt is nil
- docker kill returns error when container is not running
- Fix COPY/ADD quoted/json form
- Fix goroutine leak on logs -f with no output
- Remove panic in nat package on invalid hostport
- Fix container linking in Fedora 22
- Fix error caused using default gateways outside of the allocated range
- Format times in inspect command with a template as RFC3339Nano
- Make registry client to accept 2xx and 3xx http status responses as 
- Fix race issue that caused the daemon to crash with certain layer 
downloads failed in a specific order.
- Fix error when the docker ps format was not valid.
- Remove redundant ip forward check.
- Fix issue trying to push images to repository mirrors.
- Fix error cleaning up network entrypoints when there is an 
initialization issue.

- Fix default user spawning exec process with docker exec
- Make --bridge=none not to configure the network bridge
- Publish networking stats properly
- Fix implicit devicemapper selection with static binaries
- Fix socket connections that hung intermittently
- Fix bridge interface creation on CentOS/RHEL 6.6
- Fix local dns lookups added to resolv.conf
- Fix copy command mounting volumes
- Fix read/write privileges in volumes mounted with --volumes-from
- Fix unmarshalling of Command and Entrypoint
- Set limit for minimum client version supported
- Validate port specification
- Return proper errors when attach/reattach fail
- Fix pulling private images
- Fix fallback between registry V2 and V1

- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the 
daemon’s --userland-proxy=false flag
- The exec command supports the -u|--user flag to specify the new 
process owner
- Default gateway for containers can be specified daemon-wide using the 
--default-gateway and --default-gateway-v6 flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in docker run 
using --cpu-quota
- Container block IO can be controlled in docker run using--blkio-weight
- ZFS support
- The docker logs command supports a --since argument
- UTS namespace can be shared with the host with docker run --uts=host
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without 
- Support ${variable:-value} and ${variable:+value} syntax for 
environment variables
- Support resource management flags --cgroup-parent, --cpu-period, 
--cpu-quota, --cpuset-cpus, --cpuset-mems
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
- Client support for v2 mirroring support for the official registry
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively

- Revert change prohibiting mounting into /sys

More information about the El-errata mailing list