Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add note about mount-propagation and engine 18.09+ #8001

Closed
wants to merge 1 commit into from
Closed

Add note about mount-propagation and engine 18.09+ #8001

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion engine/release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,27 @@ consistency and compatibility reasons.
## 18.09.1
2019-01-09

### Security fixes for Docker Engine EE and CE
#### Important notes about this release

In Docker versions prior to 18.09, containerd was managed by the Docker engine
daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
is managed by systemd, any custom configuration to the `docker.service` systemd
configuration which changes mount settings (for example, `MountFlags=slave`) breaks
interactions between the Docker Engine daemon and containerd, and you will not be
able to start containers.

Run the following command to get the current value of the `MountFlags` property
for the `docker.service`:

```bash
sudo systemctl show --property=MountFlags docker.service
MountFlags=
```

Update your configuration if this command prints a non-empty value for `MountFlags`,
and restart the docker service.

### Security fixes for Docker Engine EE and CE
* Upgraded Go language to 1.10.6 to resolve [CVE-2018-16873](https://nvd.nist.gov/vuln/detail/CVE-2018-16873), [CVE-2018-16874](https://nvd.nist.gov/vuln/detail/CVE-2018-16874), and [CVE-2018-16875](https://nvd.nist.gov/vuln/detail/CVE-2018-16875).
* Fixed authz plugin for 0-length content and path validation.
* Added `/proc/asound` to masked paths [docker/engine#126](https://github.com/docker/engine/pull/126)
Expand Down Expand Up @@ -66,6 +86,27 @@ consistency and compatibility reasons.
## 18.09.0
2018-11-08

#### Important notes about this release

In Docker versions prior to 18.09, containerd was managed by the Docker engine
daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd
is managed by systemd, any custom configuration to the `docker.service` systemd
configuration which changes mount settings (for example, `MountFlags=slave`) breaks
interactions between the Docker Engine daemon and containerd, and you will not be
able to start containers.

Run the following command to get the current value of the `MountFlags` property
for the `docker.service`:

```bash
sudo systemctl show --property=MountFlags docker.service
MountFlags=
```

Update your configuration if this command prints a non-empty value for `MountFlags`,
and restart the docker service.


### New features for Docker Engine EE

* [FIPS Compliance added for Windows Server 2016 and later](/install/windows/docker-ee)
Expand Down