Home Explore Blog CI



docker

41th chunk of `content/manuals/engine/release-notes/prior-releases.md`
cd47e287d41c9486df559dd18e1fb859f90f8b4adfcaab820000000100000fc4
+ Container block IO can be controlled in `docker run` using`--blkio-weight`
+ ZFS support
+ The `docker logs` command supports a `--since` argument
+ UTS namespace can be shared with the host with `docker run --uts=host`

### Quality
* Networking stack was entirely rewritten as part of the libnetwork effort
* Engine internals refactoring
* Volumes code was entirely rewritten to support the plugins effort
+ Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting

### Build
+ Support ${variable:-value} and ${variable:+value} syntax for environment variables
+ Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
+ git context changes with branches and directories
* The .dockerignore file support exclusion rules

### Distribution
+ Client support for v2 mirroring support for the official registry

### Bugfixes
* Firewalld is now supported and will automatically be used when available
* mounting --device recursively

## 1.6.2 (2015-05-13)

### Runtime
- Revert change prohibiting mounting into /sys

## 1.6.1 (2015-05-07)

### Security
- Fix read/write /proc paths (CVE-2015-3630)
- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
- Fix opening of file-descriptor 1 (CVE-2015-3627)
- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
- Prohibit mount of /sys

### Runtime
- Update AppArmor policy to not allow mounts

## 1.6.0 (2015-04-07)

### Builder
+ Building images from an image ID
+ Build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
+ Builds no longer continue in the background when canceled with CTRL-C

### Client
+ Windows Support

### Runtime
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)

## 1.5.0 (2015-02-10)

### Builder
+ Dockerfile to use for a given `docker build` can be specified with the `-f` flag
* Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache
* ADD and COPY instructions accept relative paths
* Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier
* Improve performance when exposing a large number of ports

### Hack
+ Allow client-side only integration tests for Windows
* Include docker-py integration tests against Docker daemon as part of our test suites

### Packaging
+ Support for the new version of the registry HTTP API
* Speed up `docker push` for images with a majority of already existing layers
- Fixed contacting a private registry through a proxy

### Remote API
+ A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command
+ Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command
* Container `inspect` endpoint show the ID of `exec` commands running in this container
* Container `inspect` endpoint show the number of times Docker auto-restarted the container
* New types of event can be streamed by the `events` endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start'
- Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes

### Runtime
+ Docker daemon has full IPv6 support
+ The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools

Title: Docker Updates: 1.6.2, 1.6.1, 1.6.0, 1.5.0 - Security Patches, Runtime Enhancements, Build Features, and API Improvements
Summary
This text covers updates across Docker versions 1.6.2, 1.6.1, 1.6.0, and 1.5.0, focusing on security fixes, runtime enhancements, build improvements, client features, and API updates. Version 1.6.2 reverts a change prohibiting mounting into /sys. Version 1.6.1 addresses several security vulnerabilities related to /proc paths, file descriptor handling, symlink traversal, and AppArmor policies. Version 1.6.0 introduces builder enhancements like building images from IDs, resource constraints, commit/import changes, client-side Windows support, and runtime features such as container labels, cgroup-parent specification, logging drivers, ulimit settings. Version 1.5.0 enhances the builder with Dockerfile specification, .dockerignore improvements, relative paths, and improved performance. It also introduces API updates like live container resource metrics, container renaming, inspect enhancements, new event types, and runtime features including IPv6 support and the `--pid=host` flag.