The docker logs command outputs to both stdout and stderr depending upon the type of log entry. Both have to be accounting for in determining the log size
CA currently when installing multiple previously installed apps will copy, modify, and execute a different version of CreateDocker.php to avoid a harmless display error. Minor code adjustment to prevent CA from having to do that (since it may at some point in the future break).
1. get www-authenticate header for realm, service & scope
2. get token from generated url (realm + query args service & scope)
3. get manifest header Docker-Content-Digest
Also allows access to private docker registries
Should make possible to (re)allocate CPU resources across all containers faster. Currently, it requires manual clicking on thread numbers per container individually, which in a large pool of containers can be very repetitive. The change allows for thread numbers to be clickable, doing so enables or disables thread pinning across all containers.
While I think this was a decent idea, in actual practice there are too many possibilities / permutations of quoting etc that can potentially result in a false positive and prevent the user from executing their container. Net result is that the security routine would have to be continually updated as more legit usages com to light.
Since the whole point of the original change was to prevent repository maintainers from maliciously executing arbitrary commands in the docker run and not to impact end-users at all, this will have to be purely enforced on CA's end instead.
Squidly271