[El-errata] ELBA-2016-3630 Oracle Linux 7 docker-engine docker-engine-selinux bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Oct 26 09:16:09 PDT 2016


Oracle Linux Bug Fix Advisory ELBA-2016-3630

http://linux.oracle.com/errata/ELBA-2016-3630.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
docker-engine-1.12.2-1.0.1.el7.x86_64.rpm
docker-engine-selinux-1.12.2-1.0.1.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/docker-engine-1.12.2-1.0.1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/docker-engine-selinux-1.12.2-1.0.1.el7.src.rpm



Description of changes:

docker-engine
[1.12.2-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]

[1.12.2]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Fix a panic due to a race condition filtering docker ps 
[#26049](https://github.com/docker/docker/pull/26049)
- Implement retry logic to prevent "Unable to remove filesystem" errors 
when using the aufs storage driver 
[#26536](https://github.com/docker/docker/pull/26536)
- Prevent devicemapper from removing device symlinks if 
dm.use_deferred_removal is enabled 
[#24740](https://github.com/docker/docker/pull/24740)
- Fix an issue where the CLI did not return correct exit codes if a 
command was run with invalid options 
[#26777](https://github.com/docker/docker/pull/26777)
- Fix a panic due to a bug in stdout / stderr processing in health 
checks [#26507](https://github.com/docker/docker/pull/26507)
- Fix exec's children handling 
[#26874](https://github.com/docker/docker/pull/26874)
- Fix exec form of HEALTHCHECK CMD 
[#26208](https://github.com/docker/docker/pull/26208)
- Fix a daemon start panic on armv5 
[#24315](https://github.com/docker/docker/issues/24315)
- Vendor libnetwork 
[#26879](https://github.com/docker/docker/pull/26879) 
[#26953](https://github.com/docker/docker/pull/26953)
- Avoid returning early on agent join failures 
[docker/libnetwork#1473](https://github.com/docker/libnetwork/pull/1473)
- Fix service published port cleanup issues 
[docker/libetwork#1432](https://github.com/docker/libnetwork/pull/1432) 
[docker/libnetwork#1433](https://github.com/docker/libnetwork/pull/1433)
- Recover properly from transient gossip failures 
[docker/libnetwork#1446](https://github.com/docker/libnetwork/pull/1446)
- Disambiguate node names known to gossip cluster to avoid node name 
collision 
[docker/libnetwork#1451](https://github.com/docker/libnetwork/pull/1451)
- Honor user provided listen address for gossip 
[docker/libnetwork#1460](https://github.com/docker/libnetwork/pull/1460)
- Allow reachability via published port across services on the same host 
[docker/libnetwork#1398](https://github.com/docker/libnetwork/pull/1398)
- Change the ingress sandbox name from random id to just ingress_sbox 
[docker/libnetwork#1449](https://github.com/docker/libnetwork/pull/1449)
- Disable service discovery in ingress network 
[docker/libnetwork#1489](https://github.com/docker/libnetwork/pull/1489)
- Fix remote detection of a node's address when it joins the cluster 
[#26211](https://github.com/docker/docker/pull/26211)
- Vendor SwarmKit [#26765](https://github.com/docker/docker/pull/26765)
- Bounce session after failed status update 
[docker/swarmkit#1539](https://github.com/docker/swarmkit/pull/1539)
- Fix possible raft deadlocks 
[docker/swarmkit#1537](https://github.com/docker/swarmkit/pull/1537)
- Fix panic and endpoint leak when a service is updated with no 
endpoints 
[docker/swarmkit#1481](https://github.com/docker/swarmkit/pull/1481)
- Produce an error if the same port is published twice on service create 
or service update 
[docker/swarmkit#1495](https://github.com/docker/swarmkit/pull/1495)
- Fix an issue where changes to a service were not detected, resulting 
in the service not being updated 
[docker/swarmkit#1497](https://github.com/docker/swarmkit/pull/1497)
- Do not allow service creation on ingress network 
[docker/swarmkit#1600](https://github.com/docker/swarmkit/pull/1600)
- Update the debian sysv-init script to use dockerd instead of docker 
daemon [#25869](https://github.com/docker/docker/pull/25869)
- Improve stability when running the docker client on MacOS Sierra 
[#26875](https://github.com/docker/docker/pull/26875)
- Fix installation on debian stretch 
[#27184](https://github.com/docker/docker/pull/27184)
- Fix an issue where arrow-navigation did not work when running the 
docker client in ConEmu 
[#25578](https://github.com/docker/docker/pull/25578)

[1.12.1]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Add Joined at information in node inspect --pretty 
[#25512](https://github.com/docker/docker/pull/25512)
- Fix a crash on service inspect 
[#25454](https://github.com/docker/docker/pull/25454)
- Fix issue preventing service update --env-add to work as intended 
[#25427](https://github.com/docker/docker/pull/25427)
- Fix issue preventing service update --publish-add to work as intended 
[#25428](https://github.com/docker/docker/pull/25428)
- Remove service update --network-add and service update --network-rm flags
- Official ARM installation for Debian Jessie, Ubuntu Trusty, and 
Raspbian Jessie [#24815](https://github.com/docker/docker/pull/24815) 
[#25591](https://github.com/docker/docker/pull/25637)
- Add selinux policy per distro/version, fixing issue preventing 
successful installation on Fedora 24, and Oracle Linux 
[#25334](https://github.com/docker/docker/pull/25334) 
[#25593](https://github.com/docker/docker/pull/25593)
- Fix issue that prevented containers to be accessed by hostname with 
Docker overlay driver in Swarm Mode 
[#25603](https://github.com/docker/docker/pull/25603) 
[#25648](https://github.com/docker/docker/pull/25648)
- Fix random network issues on service with published port 
[#25603](https://github.com/docker/docker/pull/25603)
- Fix unreliable inter-service communication after scaling down and up 
[#25603](https://github.com/docker/docker/pull/25603)
- Fix issue where removing all tasks on a node and adding them back 
breaks connectivity with other services 
[#25603](https://github.com/docker/docker/pull/25603)
- Fix issue where a task that fails to start results in a race, causing 
a network xxx not found error that masks the actual error 
[#25550](https://github.com/docker/docker/pull/25550)
- Relax validation of SRV records for external services that use SRV 
records not formatted according to RFC 2782 
[#25739](https://github.com/docker/docker/pull/25739)
- Make daemon events listen for plugin lifecycle events 
[#24760](https://github.com/docker/docker/pull/24760)
- Check for plugin state before enabling plugin 
[#25033](https://github.com/docker/docker/pull/25033)
- Remove plugin root from filesystem on plugin rm 
[#25187](https://github.com/docker/docker/pull/25187)
- Prevent deadlock when more than one plugin is installed 
[#25384](https://github.com/docker/docker/pull/25384)
- Mask join tokens in daemon logs 
[#25346](https://github.com/docker/docker/pull/25346)
- Fix docker ps --filter causing the results to no longer be sorted by 
creation time [#25387](https://github.com/docker/docker/pull/25387)
- Fix various crashes [#25053](https://github.com/docker/docker/pull/25053)
- Add /proc/timer_list to the masked paths list to prevent information 
leak from the host [#25630](https://github.com/docker/docker/pull/25630)
- Allow systemd to run with only --cap-add SYS_ADMIN rather than having 
to also add --cap-add DAC_READ_SEARCH or disabling seccomp filtering 
[#25567](https://github.com/docker/docker/pull/25567)
- Fix an issue where the swarm can get stuck electing a new leader after 
quorum is lost [#25055](https://github.com/docker/docker/issues/25055)
- Fix unwanted rescheduling of containers after a leader failover 
[#25017](https://github.com/docker/docker/issues/25017)
- Change swarm root CA key to P256 curve 
[swarmkit#1376](https://github.com/docker/swarmkit/pull/1376)
- Allow forced removal of a node from a swarm 
[#25159](https://github.com/docker/docker/pull/25159)
- Fix connection leak when a node leaves a swarm 
[swarmkit/#1277](https://github.com/docker/swarmkit/pull/1277)
- Backdate swarm certificates by one hour to tolerate more clock skew 
[swarmkit/#1243](https://github.com/docker/swarmkit/pull/1243)
- Avoid high CPU use with many unschedulable tasks 
[swarmkit/#1287](https://github.com/docker/swarmkit/pull/1287)
- Fix issue with global tasks not starting up 
[swarmkit/#1295](https://github.com/docker/swarmkit/pull/1295)
- Garbage collect raft logs 
[swarmkit/#1327](https://github.com/docker/swarmkit/pull/1327)
- Persist local volume options after a daemon restart 
[#25316](https://github.com/docker/docker/pull/25316)
- Fix an issue where the mount ID was not returned on volume unmount 
[#25333](https://github.com/docker/docker/pull/25333)
- Fix an issue where a volume mount could inadvertently create a bind 
mount [#25309](https://github.com/docker/docker/pull/25309)
- docker service create --mount type=bind,... now correctly validates if 
the source path exists, instead of creating it 
[#25494](https://github.com/docker/docker/pull/25494)

docker-engine-selinux
[1.12.2-1.0.1]
- Oracle build




More information about the El-errata mailing list