# The Moby Project Technical Call Meeting Notes **Scope:** the purpose of this meeting is to discuss technical aspects of the Moby Project including, technical direction, PRs, design reviews or security related matters. - **:link: Meeting link**: https://docker.zoom.us/j/611824439 - **:date: Date:** Weekly on Thursday at 19:00 (GMT) - **:world_map: GitHub Project Board:** https://github.com/orgs/moby/projects/32, add to this to highlight discussion items and promote pre-reading :smile: ## 2025-07-10 Present: Seb, Derek, Cesar, Brian, Cory, Rob, Paweł - [moby#550043](https://github.com/moby/moby/issues/50043) - Decision to error out when trying to `docker run` an image that does not match the native architecture. This would require users to explicitly specify a `--platform` flag to run a non-native image. Best-match for situations where there are subvariants (ex: `--platform linux/arm` would match to `linux/arm/v5` if that is the best fit); also possible to be more generic and just specific the os (ex: `--platform linux`) - Related: https://github.com/moby/moby/issues/48197 - [moby$50281](https://github.com/moby/moby/pull/50281) - Cory/Seb to respond to contributor, only provide in when the API version is ok, include unconditionally if it is present ("none") if the container is not being health checked/running/etc. ## 2025-05-29 Present: Austin, Cory, Jonathan, Rob, Tonis, Paweł, Brian, Derek - overlay network driver PRs for 28.3 (Cory) - go-archive has an outstanding issues (security?) that needs to be addressed - regression in moby 28.2.1 in docker/buildx for dangling images [ref](https://github.com/docker/buildx/pull/3210/files) - potential remediation: revert dangling image changeset (SELECTED) ## 2025-05-15 Present: Derek, Seb, Andrey, Drew, Cory, Austin, Rob, Tonis, Paweł - [builder-next: add buildkit executor for wcow](https://github.com/moby/moby/pull/49740); need help getting this and c8d support over the finish line - [AMD and the gpus flag](https://github.com/moby/moby/pull/49952) - We need a tracking issue for the work around moving `--gpus` flag to CDI - Discussion on keeping the `--gpus` flag; [OG discussion](https://github.com/docker/cli/issues/1200); is this an auto-detect? - Time to fast-track the `gpu` --> CDI device? - Usage of CDI `os_features` moving forward? - [CDI as default](https://github.com/moby/moby/pull/49963) - Possible future work - add a smaller endpoint that returns just the CDI devices found, this would potentially lighter; info could also call this to avoid duplication and keep info at it's current size - [libnetwork/networkdb](https://github.com/moby/moby/pull/49932) fix logical race conditions needs review - [Remove support for pulling v2 schema1 #42300](https://github.com/moby/moby/pull/42300) will be required for moving to containerd v2.1; remove in buildkit first and then moby/moby - Name change? docker/docker -> moby/engine (`dockerd` -> `mobyd`) ## 2025-05-08 Present: Derek, Seb, Andrey, Drew, Cory, Austin, Rob - Add Image Pull Metrics - https://github.com/moby/moby/pull/49926 - Containerd has metrics for `cri`, it might be good to add metrics at the containerd level for the long term (possibly in the transfer service) - Going to release a CVE (9.6) for https://github.com/moby/moby/pull/49325#issuecomment-2672109034 - Request to [replace or update grpc endpoint](https://github.com/moby/moby/issues/49836), might be good to add a new socket... - Does moving to go 1.24 break anything that tests this? ## 2025-05-01 Present: Tianon, Derek, Austin, Rob, Andrey, Cory, Jonathan - cli #5995 ready to merge (thanks Andrey) - ADM GPU support conversation on-going, waiting on input from AMD - Metrics from the engine would be nice - containerd-as-default v29 (present epic issue) - Possible concerns aroudn Docker Content Trust - Disussion on https://github.com/moby/moby/issues/45458 - (1) update graphdriver to warn and consume the ... - (2) allow `docker run` to run with the ... ## 2025-04-24 Present: Sebastiaan, Tianon, Derek, Paweł, Rob, Brian, Andrey, Cory, Jonathan - `--gpus` support for AMD with @Sudheendra Gopinath (AMD) - @Cory to add suggested approach to [existing issue](https://github.com/moby/moby/issues/49824) - We'll need to make CDI default via [issue](https://github.com/moby/moby/issues/45192) - Mark legacy `--gpus` features as deprecated, have opt-in to legacy features and then remove at a later date - containerd as default for Moby v29 (verbal) ## 2025-04-17 Present: Sebastiaan, Bjorn, Tianon, Derek, Paweł, Rob, Brian, Andrey, Cory, Jonathan, Austin, Cory - Cory is back! :tada: - Create PR to add Cory to [committers](https://github.com/moby/moby/pull/49578) - Engine release cadence-ish - Roadmap project? [suggestion] - no opposition :)(https://github.com/orgs/moby/projects/30/views/1) - [AMD GPU Support](https://github.com/moby/moby/issues/49824) - Sunset `--gpus` [flag](https://docs.docker.com/reference/cli/docker/container/run/#gpus)? - Getting [CDI](https://docs.docker.com/reference/cli/docker/container/run/#cdi-devices) out of experimental - There's no [Windows support](https://github.com/cncf-tags/container-device-interface/issues/28) for the [Nvidia](https://nvidia.github.io/nvidia-container-runtime/) container runtime used with the `--gpus` - Current [ollama](https://hub.docker.com/r/ollama/ollama) example for AMD does not use CDI - Decoupling buildkit is almost done :tada: https://github.com/moby/buildkit/pull/5918 - Go module separation discussion, @Derek and @Paweł to draft a plan on moving moby/moby to go modules :pinata: ## 2025-04-10 Present: Sebastiaan, Bjorn, Tianon, Derek, Paweł, Rob, Brian, Andrey, Cory, Jonathan, Austin - Possible watch item for Mirantis, **CSI Volume Plugin Compatibility Issue / Swarmkit's interpretation of CSI spec differs from other COs**: https://github.com/moby/moby/issues/49780; Andrey to field - Possible watch item for Mirantis, **swarm/init: Fix --external-ca ignoring cacert option**: https://github.com/docker/cli/pull/5995; Andrey to field - Needs reviewers: https://github.com/moby/moby/pull/49707 - Dangling image preservation discussion around the items below. Usage of `containerd.io/gc.ref.image` or `containerd.io/gc.expire` from containerd v2.0, possibly using this as the default runtime - https://github.com/moby/moby/issues/48907 - https://github.com/moby/moby/pull/49702 - Containerd labels are available in v1.7, no garbage collection until v2.0+ - Discussion around containerd packaging by moby, shipping engine with containerd, possibly using buildtags to allow consumers to choose - Does https://github.com/moby/moby/pull/49740 now lead to the legacy builder being sunset - Feature parity: https://github.com/moby/moby/issues/40379 - Tianon's wish list: getting a runnable image from an intermediate state; can we get buildkit to expose intermediate objects - Shaun T. to get notes to Jonathan S. - [go-archive](https://github.com/moby/go-archive) to not be merged into the containerd implementation, mostly used by buildkit and legacy builder -- need to evalutate migration, might be some issues given the current usage by buildkit - Sebastiaan has some updates, these should be done before we tag the new repo - Seccomp profile sync with containerd (or make a unified profile and store in containerd) - Podman uses: https://github.com/containers/common/tree/main/pkg/seccomp - Action: move the seccomp profile out to a separate repo in moby OR move to containerd (would require sync). ## 2025-04-03 Present: Sebastiaan, Bjorn, Tianon, Derek, Paweł, Rob, Brian - golang 1.24.x release to address SEGSEV compilation errors for moby :tada: - Breakout of code to `moby/archive` as suggested in [this comment](https://github.com/moby/moby/issues/49069#issuecomment-2767746783) - Alternatives: place into `moby/sys` + optional use of `go work` or create `moby/go-archive` - Windows constants in `moby/buildkit` or `moby/sys` [PR](https://github.com/moby/buildkit/pull/5791); suggestion to move to `iternal/` for buildkit and reference review explaining where the values come from - Engine API extension model discussion (spurred by docker model runner discussion) ## 2024-09-26 Present: Sebastiaan, Cory, Rob, Brian, Derek, Austin, Cristian * ## 2024-08-29 Present: Sebastiaan, Cory, Tianon, Rob, Patrick, Ian, Tonis, Brian, Austin, Derek * Go 1.22/1.23 update * https://github.com/moby/moby/pull/46982 - Go 1.22.6 update * https://github.com/moby/moby/pull/48404 - Go 1.23.0 update * has ARMv5 fix (https://github.com/golang/go/issues/65290) * Can CI set flags [for Go 1.22] CGO flags to workaround? * ```CGO_CFLAGS=-Wno-atomic-alignment CGO_LDFLAGS=-latomic``` * [For master] Let's temporarily disable ARMv5 build and continue with Go 1.22.6 and give Go 1.23.0 a little more bake time. * https://github.com/moby/moby/pull/46982/commits/1aa914fb054e3e9dccb5296416fe980af2e0636e * netlink update * https://github.com/moby/moby/issues/48400 * Found is affecting master branch * https://github.com/moby/moby/actions/runs/10619631522/job/29438014731 * Search for 'interrupted' in raw logs * Fix in netlink library needed * Fix in moby would be messy * Set timeout on file (?) instead of raw socket * Can netlink v1.3.0 be retracted? * Alternative consideration: https://github.com/mdlayher/netlink * https://pkg.go.dev/github.com/mdlayher/netlink#Conn.SetDeadline ## 2022-12-22 Present: Sebastiaan, Bjorn, Cory, Tianon, Bruno, Tonis * Kevin's TARGETPLATFORM PR ([moby#44546](https://github.com/moby/moby/pull/44546)) * Some comments from Cory * Discussion around vestiges form the CLI (pkcs11) * Discussion around go-winio and vendoring in golang.org/x/tools * This happens due to a "best practice" promoted by the Go maintainers * buildkit update/question * 23.0 will ship with the latest stable buildkit (0.10.x) * Discussion of the bump PR ([moby#44686](https://github.com/moby/moby/pull/44686)) * ## 2022-12-15 Present: Sebastiaan, Bjorn, Pawel, Cory, Bruno, Brian, Tianon, Kevin * NSS/glibc defensive lookup ([moby#44540](https://github.com/moby/moby/issues/44540)) * Safe to remove? Never really did what we thought it did. * Won't be triggered without a searchdomain as `localhost` is satisfied by hosts. * `localhost.localdomain` will trigger a DNS lookup only if it's not present in /etc/hosts. * Newer glibc versions include mitigations but we cannot rely on those: * https://sourceware.org/bugzilla/show_bug.cgi?id=28297 * https://sourceware.org/bugzilla/show_bug.cgi?id=27077 * https://sourceware.org/bugzilla/show_bug.cgi?id=12459 * Move to cmd/daemon init instead of package init? * Still a placebo without a domain always resolved via DNS that is NXDOMAIN. * This will lead to user objections/allegations of telemetry. * Passed "smell test" for Sebastiaan and Brian, consult Tonis for more opinions. * Dockerfile x-compile ([moby#44513](https://github.com/moby/moby/pull/44513)) * Needs a second set of eyes, backport will require attention from Sebastiaan * containerd build ([moby#44079](https://github.com/moby/moby/pull/44079)) * Almost there, needs some more work WRT contexts * Sebastiaan's upstreaming of image inspect patches ([moby#44621](https://github.com/moby/moby/pull/44621)) * V2, will squash some patches, but ready for review * Labels broken with containerd integration? ([moby#44646](https://github.com/moby/moby/issues/44646)) * Sidebar on automated suggestion to consult support for downstream projects/packaging * Dropping icon from userland proxy? * Icon weights 100K * Easily done as we already have separate manifests * libnetwork test/soundness PR ([moby#44409](https://github.com/moby/moby/pull/44409)) * Needs eyes * BuildKit vendoring gordian knot? * Next RC today * Should be addressed Monday-ish * go1.20 * Upstream action is broken * Soft fork and try to fix it upstream? * Working around this in the trial PR should be fine * Medium-term centrally declaring the Go version is desirable * Go's not-semver-ish is painful here * Cory has looked at the draft release notes: * recover will never return nil * multierror * Windows os.Open no longer uses FILE_SHARE_DELETE. * This is a problem and has been revisted multiple times upstream. Someone needs to raise it upstream. ## 2022-12-01 Present: Sebastiaan, Bjorn, Tianon, Brian, Kevin, Sam * Private Security Advisories * Bjorn has a call with the PM Monday * Sebastiaan will try it out with admins or maintainers * Do we want to create expectations for who is added to the security manager list? * Discussion over repo permissions vs project roles * Mismatch between project roles and GitHub permissions * Triage+ role for more permissions for those currently with triage? Need a low-privilege role without write still for less-trusted users. * Use of bots instead? Would not solve the issue of editing comments/bodies. * Status of 23.0.0: * `ctr` is broken * `docker-proxy` seems to be dynamically linked on arm64 * There probably is a fix for this in Kevin's massive PR * Windows + macOS downloads are missing CLI plugins * Aside: Brian/Sebastiaan to try to reach out to Go for access to the go-security list * Discussion of download directories on download.docker.com using bad names for ARM * Use `$GOARCH${GOARM}` instead * Also plan for `$GOAMD64` in the future * Eyes on seccomp PR (#44562, blocks AF_VSOCK) * Context aware singleflight (#44558) * Containerd bump to 1.7 (#44531) * Cutting the buildkit gordian knot for 23.0 (#44529) * Broken/naive, needs help from Kevin & Tonis * Remove Dockerfile.e2e (#44526) * Could still have a use? * criu complation PR (#44086) * Not used right now ironically, tests are disabled * Brian would like to see an image * Compile only at test time? * Seperate repo/build infra to provide criu? [dropped] ## Meeting notes