En

Docker官网普通更新(2018-05-17)

来源:Docker官网 发布日期:2018-05-17 阅读次数:1168 评论:0

基本信息

发布日期:2018-05-17(官方当地时间)

更新类型:普通更新

更新版本:17.06.2-ee-11

感知时间:2019-12-05 19:41:37

风险等级:未知

情报贡献:TSRC

更新标题

Docker官网版本更新,17.06.2-ee-11版本发布

更新详情



Client


Fix presentation of published “random” host ports. docker/cli#404


Networking


Fix concurrent CreateNetwork in bridge driver. docker/libnetwork#2127


Runtime


Use rslave propagation for mounts from daemon root. moby/moby#36055
Use rslave instead of rprivate in choortarchive. moby/moby#35217
Set daemon root to use shared propagation. moby/moby#36096
Windows: Increase container default shutdown timeout. moby/moby#35184
Avoid using all system memory with authz plugins. moby/moby#36595
Daemon/stats: more resilient cpu sampling. moby/moby#36519


Known issues


When all Swarm managers are stopped at the same time, the swarm might end up in a
split-brain scenario. Learn more.
Under certain conditions, swarm leader re-election may timeout
prematurely. During this period, docker commands may fail. Also during
this time, creation of globally-scoped networks may be unstable. As a
workaround, wait for leader election to complete before issuing commands
to the cluster.
It’s recommended that users create overlay networks with /24 blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm moby/moby#30820. Users should not work around this by increasing the IP block size. To work around this limitation, either use dnsrr endpoint-mode or use multiple smaller overlay networks.
Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for failed to allocate network IP for task messages in the Docker logs.
SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.
If a container is spawned on node A, using the same IP of a container destroyed
on nodeB within 5 min from the time that it exit, the container on node A is
not reachable until one of these 2 conditions happens:



Container on A sends a packet out,
The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).


As a workaround, send at least a packet out from each container like
(ping, GARP, etc).

软件描述

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。 [1]

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入