docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances
(cherry picked from commit b78a50c378d2ccef2254cf694991f4d52eec1fe9)
If image pull fails of context canceled, image layer will perform a
rollback operation. When image layer is released, the diff folder of layer
will be removed first, and then the digest folder will be removed.
If the diff folder fails to be removed, such as operation not permitted or
interrupted by others, both the digest folder and diff folder will remain
on the disk, this will cause image not be complete and not repairable.
So we should remove the digest folder first for image layers rollback
and ensure image can be re-pulled completely.
(cherry picked from commit 54c9d1260f3b7756794a8b8c13e0080831c29203)
After kernel upgrade to 5.10, clone3 is defined. But if clone3 is not
added to docker seccomp whitelist, clone3 calling will be rejected in
container, which causes some commands like curl returns error.
Signed-off-by: xiadanni <xiadanni1@huawei.com>
reason: when mirror is matched, only matched mirror endpoint is added to endpoint list, but the hostname itself is not in the list, which is not compatible with the case of docker.io, docker.io will be appended to the last of the endpoint list.
