@@ -1,6 +1,7 @@

 package container

 import (

+	"bytes"

 	"encoding/json"

 	"fmt"

 	"io"

@@ -14,8 +15,6 @@ import (

 	"syscall"

 	"time"

-	"golang.org/x/net/context"

-

 	"github.com/Sirupsen/logrus"

 	containertypes "github.com/docker/docker/api/types/container"

 	mounttypes "github.com/docker/docker/api/types/mount"

@@ -45,7 +44,7 @@ import (

 	"github.com/docker/libnetwork/options"

 	"github.com/docker/libnetwork/types"

 	agentexec "github.com/docker/swarmkit/agent/exec"

-	"github.com/opencontainers/selinux/go-selinux/label"

+	"golang.org/x/net/context"

 )

 const configFileName = "config.v2.json"

@@ -152,41 +151,51 @@ func (container *Container) FromDisk() error {

 		container.Platform = runtime.GOOS

 	}

-	if err := label.ReserveLabel(container.ProcessLabel); err != nil {

-		return err

-	}

 	return container.readHostConfig()

 }

-// ToDisk saves the container configuration on disk.

-func (container *Container) ToDisk() error {

+// toDisk saves the container configuration on disk and returns a deep copy.

+func (container *Container) toDisk() (*Container, error) {

+	var (

+		buf      bytes.Buffer

+		deepCopy Container

+	)

 	pth, err := container.ConfigPath()

 	if err != nil {

-		return err

+		return nil, err

 	}

-	jsonSource, err := ioutils.NewAtomicFileWriter(pth, 0644)

+	// Save container settings

+	f, err := ioutils.NewAtomicFileWriter(pth, 0644)

 	if err != nil {

-		return err

+		return nil, err

 	}

-	defer jsonSource.Close()

+	defer f.Close()

-	enc := json.NewEncoder(jsonSource)

+	w := io.MultiWriter(&buf, f)

+	if err := json.NewEncoder(w).Encode(container); err != nil {

+		return nil, err

+	}

-	// Save container settings

-	if err := enc.Encode(container); err != nil {

-		return err

+	if err := json.NewDecoder(&buf).Decode(&deepCopy); err != nil {

+		return nil, err

+	}

+	deepCopy.HostConfig, err = container.WriteHostConfig()

+	if err != nil {

+		return nil, err

 	}

-	return container.WriteHostConfig()

+	return &deepCopy, nil

 }

-// ToDiskLocking saves the container configuration on disk in a thread safe way.

-func (container *Container) ToDiskLocking() error {

-	container.Lock()

-	err := container.ToDisk()

-	container.Unlock()

-	return err

+// CheckpointTo makes the Container's current state visible to queries, and persists state.

+// Callers must hold a Container lock.

+func (container *Container) CheckpointTo(store ViewDB) error {

+	deepCopy, err := container.toDisk()

+	if err != nil {

+		return err

+	}

+	return store.Save(deepCopy)

 }

 // readHostConfig reads the host configuration from disk for the container.

@@ -218,20 +227,34 @@ func (container *Container) readHostConfig() error {

 	return nil

 }

-// WriteHostConfig saves the host configuration on disk for the container.

-func (container *Container) WriteHostConfig() error {

+// WriteHostConfig saves the host configuration on disk for the container,

+// and returns a deep copy of the saved object. Callers must hold a Container lock.

+func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error) {

+	var (

+		buf      bytes.Buffer

+		deepCopy containertypes.HostConfig

+	)

+

 	pth, err := container.HostConfigPath()

 	if err != nil {

-		return err

+		return nil, err

 	}

 	f, err := ioutils.NewAtomicFileWriter(pth, 0644)

 	if err != nil {

-		return err

+		return nil, err

 	}

 	defer f.Close()

-	return json.NewEncoder(f).Encode(&container.HostConfig)

+	w := io.MultiWriter(&buf, f)

+	if err := json.NewEncoder(w).Encode(&container.HostConfig); err != nil {

+		return nil, err

+	}

+

+	if err := json.NewDecoder(&buf).Decode(&deepCopy); err != nil {

+		return nil, err

+	}

+	return &deepCopy, nil

 }

 // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir

@@ -10,6 +10,7 @@ import (

 	"strings"

 	"github.com/Sirupsen/logrus"

+	"github.com/docker/docker/api/types"

 	containertypes "github.com/docker/docker/api/types/container"

 	mounttypes "github.com/docker/docker/api/types/mount"

 	"github.com/docker/docker/pkg/chrootarchive"

@@ -261,11 +262,8 @@ func (container *Container) ConfigMounts() []Mount {

 	return mounts

 }

-// UpdateContainer updates configuration of a container.

+// UpdateContainer updates configuration of a container. Callers must hold a Lock on the Container.

 func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {

-	container.Lock()

-	defer container.Unlock()

-

 	// update resources of container

 	resources := hostConfig.Resources

 	cResources := &container.HostConfig.Resources

@@ -334,11 +332,6 @@ func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfi

 		container.HostConfig.RestartPolicy = hostConfig.RestartPolicy

 	}

-	if err := container.ToDisk(); err != nil {

-		logrus.Errorf("Error saving updated container: %v", err)

-		return err

-	}

-

 	return nil

 }

@@ -462,3 +455,21 @@ func cleanResourcePath(path string) string {

 func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {

 	return false

 }

+

+// GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.

+func (container *Container) GetMountPoints() []types.MountPoint {

+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))

+	for _, m := range container.MountPoints {

+		mountPoints = append(mountPoints, types.MountPoint{

+			Type:        m.Type,

+			Name:        m.Name,

+			Source:      m.Path(),

+			Destination: m.Destination,

+			Driver:      m.Driver,

+			Mode:        m.Mode,

+			RW:          m.RW,

+			Propagation: m.Propagation,

+		})

+	}

+	return mountPoints

+}

@@ -7,6 +7,7 @@ import (

 	"os"

 	"path/filepath"

+	"github.com/docker/docker/api/types"

 	containertypes "github.com/docker/docker/api/types/container"

 	"github.com/docker/docker/pkg/system"

 )

@@ -125,11 +126,8 @@ func (container *Container) TmpfsMounts() ([]Mount, error) {

 	return mounts, nil

 }

-// UpdateContainer updates configuration of a container

+// UpdateContainer updates configuration of a container. Callers must hold a Lock on the Container.

 func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {

-	container.Lock()

-	defer container.Unlock()

-

 	resources := hostConfig.Resources

 	if resources.CPUShares != 0 ||

 		resources.Memory != 0 ||

@@ -194,3 +192,19 @@ func (container *Container) BuildHostnameFile() error {

 func (container *Container) EnableServiceDiscoveryOnDefaultNetwork() bool {

 	return true

 }

+

+// GetMountPoints gives a platform specific transformation to types.MountPoint. Callers must hold a Container lock.

+func (container *Container) GetMountPoints() []types.MountPoint {

+	mountPoints := make([]types.MountPoint, 0, len(container.MountPoints))

+	for _, m := range container.MountPoints {

+		mountPoints = append(mountPoints, types.MountPoint{

+			Type:        m.Type,

+			Name:        m.Name,

+			Source:      m.Path(),

+			Destination: m.Destination,

+			Driver:      m.Driver,

+			RW:          m.RW,

+		})

+	}

+	return mountPoints

+}

@@ -13,9 +13,8 @@ type Health struct {

 // String returns a human-readable description of the health-check state

 func (s *Health) String() string {

-	// This happens when the container is being shutdown and the monitor has stopped

-	// or the monitor has yet to be setup.

-	if s.stop == nil {

+	// This happens when the monitor has yet to be setup.

+	if s.Status == "" {

 		return types.Unhealthy

 	}

@@ -44,6 +43,8 @@ func (s *Health) CloseMonitorChannel() {

 		logrus.Debug("CloseMonitorChannel: waiting for probe to stop")

 		close(s.stop)

 		s.stop = nil

+		// unhealthy when the monitor has stopped for compatibility reasons

+		s.Status = types.Unhealthy

 		logrus.Debug("CloseMonitorChannel done")

 	}

 }

new file mode 100644

@@ -0,0 +1,288 @@

+package container

+

+import (

+	"fmt"

+	"strings"

+	"time"

+

+	"github.com/Sirupsen/logrus"

+	"github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types/network"

+	"github.com/docker/docker/pkg/registrar"

+	"github.com/docker/go-connections/nat"

+	"github.com/hashicorp/go-memdb"

+)

+

+const (

+	memdbTable   = "containers"

+	memdbIDIndex = "id"

+)

+

+// Snapshot is a read only view for Containers. It holds all information necessary to serve container queries in a

+// versioned ACID in-memory store.

+type Snapshot struct {

+	types.Container

+

+	// additional info queries need to filter on

+	// preserve nanosec resolution for queries

+	CreatedAt    time.Time

+	StartedAt    time.Time

+	Name         string

+	Pid          int

+	ExitCode     int

+	Running      bool

+	Paused       bool

+	Managed      bool

+	ExposedPorts nat.PortSet

+	PortBindings nat.PortSet

+	Health       string

+	HostConfig   struct {

+		Isolation string

+	}

+}

+

+// ViewDB provides an in-memory transactional (ACID) container Store

+type ViewDB interface {

+	Snapshot(nameIndex *registrar.Registrar) View

+	Save(*Container) error

+	Delete(*Container) error

+}

+

+// View can be used by readers to avoid locking

+type View interface {

+	All() ([]Snapshot, error)

+	Get(id string) (*Snapshot, error)

+}

+

+var schema = &memdb.DBSchema{

+	Tables: map[string]*memdb.TableSchema{

+		memdbTable: {

+			Name: memdbTable,

+			Indexes: map[string]*memdb.IndexSchema{

+				memdbIDIndex: {

+					Name:    memdbIDIndex,

+					Unique:  true,

+					Indexer: &containerByIDIndexer{},

+				},

+			},

+		},

+	},

+}

+

+type memDB struct {

+	store *memdb.MemDB

+}

+

+// NewViewDB provides the default implementation, with the default schema

+func NewViewDB() (ViewDB, error) {

+	store, err := memdb.NewMemDB(schema)

+	if err != nil {

+		return nil, err

+	}

+	return &memDB{store: store}, nil

+}

+

+// Snapshot provides a consistent read-only View of the database

+func (db *memDB) Snapshot(index *registrar.Registrar) View {

+	return &memdbView{

+		txn:       db.store.Txn(false),

+		nameIndex: index.GetAll(),

+	}

+}

+

+// Save atomically updates the in-memory store state for a Container.

+// Only read only (deep) copies of containers may be passed in.

+func (db *memDB) Save(c *Container) error {

+	txn := db.store.Txn(true)

+	defer txn.Commit()

+	return txn.Insert(memdbTable, c)

+}

+

+// Delete removes an item by ID

+func (db *memDB) Delete(c *Container) error {

+	txn := db.store.Txn(true)

+	defer txn.Commit()

+	return txn.Delete(memdbTable, NewBaseContainer(c.ID, c.Root))

+}

+

+type memdbView struct {

+	txn       *memdb.Txn

+	nameIndex map[string][]string

+}

+

+// All returns a all items in this snapshot. Returned objects must never be modified.

+func (v *memdbView) All() ([]Snapshot, error) {

+	var all []Snapshot

+	iter, err := v.txn.Get(memdbTable, memdbIDIndex)

+	if err != nil {

+		return nil, err

+	}

+	for {

+		item := iter.Next()

+		if item == nil {

+			break

+		}

+		snapshot := v.transform(item.(*Container))

+		all = append(all, *snapshot)

+	}

+	return all, nil

+}

+

+// Get returns an item by id. Returned objects must never be modified.

+func (v *memdbView) Get(id string) (*Snapshot, error) {

+	s, err := v.txn.First(memdbTable, memdbIDIndex, id)

+	if err != nil {

+		return nil, err

+	}

+	return v.transform(s.(*Container)), nil

+}

+

+// transform maps a (deep) copied Container object to what queries need.

+// A lock on the Container is not held because these are immutable deep copies.

+func (v *memdbView) transform(container *Container) *Snapshot {

+	snapshot := &Snapshot{

+		Container: types.Container{

+			ID:      container.ID,

+			Names:   v.nameIndex[container.ID],

+			ImageID: container.ImageID.String(),

+			Ports:   []types.Port{},

+			Mounts:  container.GetMountPoints(),

+			State:   container.State.StateString(),

+			Status:  container.State.String(),

+			Created: container.Created.Unix(),

+		},

+		CreatedAt:    container.Created,

+		StartedAt:    container.StartedAt,

+		Name:         container.Name,

+		Pid:          container.Pid,

+		Managed:      container.Managed,

+		ExposedPorts: make(nat.PortSet),

+		PortBindings: make(nat.PortSet),

+		Health:       container.HealthString(),

+		Running:      container.Running,

+		Paused:       container.Paused,

+		ExitCode:     container.ExitCode(),

+	}

+

+	if snapshot.Names == nil {

+		// Dead containers will often have no name, so make sure the response isn't null

+		snapshot.Names = []string{}

+	}

+

+	if container.HostConfig != nil {

+		snapshot.Container.HostConfig.NetworkMode = string(container.HostConfig.NetworkMode)

+		snapshot.HostConfig.Isolation = string(container.HostConfig.Isolation)

+		for binding := range container.HostConfig.PortBindings {

+			snapshot.PortBindings[binding] = struct{}{}

+		}

+	}

+

+	if container.Config != nil {

+		snapshot.Image = container.Config.Image

+		snapshot.Labels = container.Config.Labels

+		for exposed := range container.Config.ExposedPorts {

+			snapshot.ExposedPorts[exposed] = struct{}{}

+		}

+	}

+

+	if len(container.Args) > 0 {

+		args := []string{}

+		for _, arg := range container.Args {

+			if strings.Contains(arg, " ") {

+				args = append(args, fmt.Sprintf("'%s'", arg))

+			} else {

+				args = append(args, arg)

+			}

+		}

+		argsAsString := strings.Join(args, " ")

+		snapshot.Command = fmt.Sprintf("%s %s", container.Path, argsAsString)

+	} else {

+		snapshot.Command = container.Path

+	}

+

+	snapshot.Ports = []types.Port{}

+	networks := make(map[string]*network.EndpointSettings)

+	if container.NetworkSettings != nil {

+		for name, netw := range container.NetworkSettings.Networks {

+			if netw == nil || netw.EndpointSettings == nil {

+				continue

+			}

+			networks[name] = &network.EndpointSettings{

+				EndpointID:          netw.EndpointID,

+				Gateway:             netw.Gateway,

+				IPAddress:           netw.IPAddress,

+				IPPrefixLen:         netw.IPPrefixLen,

+				IPv6Gateway:         netw.IPv6Gateway,

+				GlobalIPv6Address:   netw.GlobalIPv6Address,

+				GlobalIPv6PrefixLen: netw.GlobalIPv6PrefixLen,

+				MacAddress:          netw.MacAddress,

+				NetworkID:           netw.NetworkID,

+			}

+			if netw.IPAMConfig != nil {

+				networks[name].IPAMConfig = &network.EndpointIPAMConfig{

+					IPv4Address: netw.IPAMConfig.IPv4Address,

+					IPv6Address: netw.IPAMConfig.IPv6Address,

+				}

+			}

+		}

+		for port, bindings := range container.NetworkSettings.Ports {

+			p, err := nat.ParsePort(port.Port())

+			if err != nil {

+				logrus.Warnf("invalid port map %+v", err)

+				continue

+			}

+			if len(bindings) == 0 {

+				snapshot.Ports = append(snapshot.Ports, types.Port{

+					PrivatePort: uint16(p),

+					Type:        port.Proto(),

+				})

+				continue

+			}

+			for _, binding := range bindings {

+				h, err := nat.ParsePort(binding.HostPort)

+				if err != nil {

+					logrus.Warnf("invalid host port map %+v", err)

+					continue

+				}

+				snapshot.Ports = append(snapshot.Ports, types.Port{

+					PrivatePort: uint16(p),

+					PublicPort:  uint16(h),

+					Type:        port.Proto(),

+					IP:          binding.HostIP,

+				})

+			}

+		}

+	}

+	snapshot.NetworkSettings = &types.SummaryNetworkSettings{Networks: networks}

+

+	return snapshot

+}

+

+// containerByIDIndexer is used to extract the ID field from Container types.

+// memdb.StringFieldIndex can not be used since ID is a field from an embedded struct.

+type containerByIDIndexer struct{}

+

+// FromObject implements the memdb.SingleIndexer interface for Container objects

+func (e *containerByIDIndexer) FromObject(obj interface{}) (bool, []byte, error) {

+	c, ok := obj.(*Container)

+	if !ok {

+		return false, nil, fmt.Errorf("%T is not a Container", obj)

+	}

+	// Add the null character as a terminator

+	v := c.ID + "\x00"

+	return true, []byte(v), nil

+}

+

+// FromArgs implements the memdb.Indexer interface

+func (e *containerByIDIndexer) FromArgs(args ...interface{}) ([]byte, error) {

+	if len(args) != 1 {

+		return nil, fmt.Errorf("must provide only a single argument")

+	}

+	arg, ok := args[0].(string)

+	if !ok {

+		return nil, fmt.Errorf("argument must be a string: %#v", args[0])

+	}

+	// Add the null character as a terminator

+	arg += "\x00"

+	return []byte(arg), nil

+}

new file mode 100644

@@ -0,0 +1,106 @@

+package container

+

+import (

+	"io/ioutil"

+	"os"

+	"path/filepath"

+	"testing"

+

+	containertypes "github.com/docker/docker/api/types/container"

+	"github.com/docker/docker/pkg/registrar"

+	"github.com/pborman/uuid"

+)

+

+var root string

+

+func TestMain(m *testing.M) {

+	var err error

+	root, err = ioutil.TempDir("", "docker-container-test-")

+	if err != nil {

+		panic(err)

+	}

+	defer os.RemoveAll(root)

+

+	os.Exit(m.Run())

+}

+

+func newContainer(t *testing.T) *Container {

+	var (

+		id    = uuid.New()

+		cRoot = filepath.Join(root, id)

+	)

+	if err := os.MkdirAll(cRoot, 0755); err != nil {

+		t.Fatal(err)

+	}

+	c := NewBaseContainer(id, cRoot)

+	c.HostConfig = &containertypes.HostConfig{}

+	return c

+}

+

+func TestViewSaveDelete(t *testing.T) {

+	db, err := NewViewDB()

+	if err != nil {

+		t.Fatal(err)

+	}

+	c := newContainer(t)

+	if err := c.CheckpointTo(db); err != nil {

+		t.Fatal(err)

+	}

+	if err := db.Delete(c); err != nil {

+		t.Fatal(err)

+	}

+}

+

+func TestViewAll(t *testing.T) {

+	var (

+		db, _ = NewViewDB()

+		names = registrar.NewRegistrar()

+		one   = newContainer(t)

+		two   = newContainer(t)

+	)

+	one.Pid = 10

+	if err := one.CheckpointTo(db); err != nil {

+		t.Fatal(err)

+	}

+	two.Pid = 20

+	if err := two.CheckpointTo(db); err != nil {

+		t.Fatal(err)

+	}

+

+	all, err := db.Snapshot(names).All()

+	if err != nil {

+		t.Fatal(err)

+	}

+	if l := len(all); l != 2 {

+		t.Fatalf("expected 2 items, got %d", l)

+	}

+	byID := make(map[string]Snapshot)

+	for i := range all {

+		byID[all[i].ID] = all[i]

+	}

+	if s, ok := byID[one.ID]; !ok || s.Pid != 10 {

+		t.Fatalf("expected something different with for id=%s: %v", one.ID, s)

+	}

+	if s, ok := byID[two.ID]; !ok || s.Pid != 20 {

+		t.Fatalf("expected something different with for id=%s: %v", two.ID, s)

+	}

+}

+

+func TestViewGet(t *testing.T) {

+	var (

+		db, _ = NewViewDB()

+		names = registrar.NewRegistrar()

+		one   = newContainer(t)

+	)

+	one.ImageID = "some-image-123"

+	if err := one.CheckpointTo(db); err != nil {

+		t.Fatal(err)

+	}

+	s, err := db.Snapshot(names).Get(one.ID)

+	if err != nil {

+		t.Fatal(err)

+	}

+	if s == nil || s.ImageID != "some-image-123" {

+		t.Fatalf("expected ImageID=some-image-123. Got: %v", s)

+	}

+}

@@ -18,6 +18,7 @@ import (

 	"github.com/docker/docker/pkg/truncindex"

 	"github.com/docker/docker/runconfig"

 	"github.com/docker/go-connections/nat"

+	"github.com/opencontainers/selinux/go-selinux/label"

 )

 // GetContainer looks for a container using the provided information, which could be

@@ -90,6 +91,9 @@ func (daemon *Daemon) load(id string) (*container.Container, error) {

 	if err := container.FromDisk(); err != nil {

 		return nil, err

 	}

+	if err := label.ReserveLabel(container.ProcessLabel); err != nil {

+		return nil, err

+	}

 	if container.ID != id {

 		return container, fmt.Errorf("Container %s is stored at %s", container.ID, id)

@@ -99,7 +103,7 @@ func (daemon *Daemon) load(id string) (*container.Container, error) {

 }

 // Register makes a container object usable by the daemon as <container.ID>

-func (daemon *Daemon) Register(c *container.Container) {

+func (daemon *Daemon) Register(c *container.Container) error {

 	// Attach to stdout and stderr

 	if c.Config.OpenStdin {

 		c.StreamConfig.NewInputPipes()

@@ -107,8 +111,14 @@ func (daemon *Daemon) Register(c *container.Container) {

 		c.StreamConfig.NewNopInputPipe()

 	}

+	// once in the memory store it is visible to other goroutines

+	// grab a Lock until it has been checkpointed to avoid races

+	c.Lock()

+	defer c.Unlock()

+

 	daemon.containers.Add(c.ID, c)

 	daemon.idIndex.Add(c.ID)

+	return c.CheckpointTo(daemon.containersReplica)

 }

 func (daemon *Daemon) newContainer(name string, platform string, config *containertypes.Config, hostConfig *containertypes.HostConfig, imgID image.ID, managed bool) (*container.Container, error) {

@@ -212,7 +222,7 @@ func (daemon *Daemon) setHostConfig(container *container.Container, hostConfig *

 	runconfig.SetDefaultNetModeIfBlank(hostConfig)

 	container.HostConfig = hostConfig

-	return container.ToDisk()

+	return container.CheckpointTo(daemon.containersReplica)

 }

 // verifyContainerSettings performs validation of the hostconfig and config

@@ -301,7 +311,7 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon

 			return nil, fmt.Errorf("maximum retry count cannot be negative")

 		}

 	case "":

-	// do nothing

+		// do nothing

 	default:

 		return nil, fmt.Errorf("invalid restart policy '%s'", p.Name)

 	}

@@ -44,6 +44,7 @@ func (daemon *Daemon) getDNSSearchSettings(container *container.Container) []str

 	return nil

 }

+

 func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]libnetwork.SandboxOption, error) {

 	var (

 		sboxOptions []libnetwork.SandboxOption

@@ -568,7 +569,7 @@ func (daemon *Daemon) allocateNetwork(container *container.Container) error {

 	}

-	if err := container.WriteHostConfig(); err != nil {

+	if _, err := container.WriteHostConfig(); err != nil {

 		return err

 	}

 	networkActions.WithValues("allocate").UpdateSince(start)

@@ -1005,10 +1006,8 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName

 			return err

 		}

 	}

-	if err := container.ToDisk(); err != nil {

-		return fmt.Errorf("Error saving container to disk: %v", err)

-	}

-	return nil

+

+	return container.CheckpointTo(daemon.containersReplica)

 }

 // DisconnectFromNetwork disconnects container from network n.

@@ -1044,16 +1043,16 @@ func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, netw

 		return err

 	}

-	if err := container.ToDisk(); err != nil {

-		return fmt.Errorf("Error saving container to disk: %v", err)

+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {

+		return err

 	}

 	if n != nil {

-		attributes := map[string]string{

+		daemon.LogNetworkEventWithAttributes(n, "disconnect", map[string]string{

 			"container": container.ID,

-		}

-		daemon.LogNetworkEventWithAttributes(n, "disconnect", attributes)

+		})

 	}

+

 	return nil

 }

@@ -167,12 +167,9 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) (

 	runconfig.SetDefaultNetModeIfBlank(container.HostConfig)

 	daemon.updateContainerNetworkSettings(container, endpointsConfigs)

-

-	if err := container.ToDisk(); err != nil {

-		logrus.Errorf("Error saving new container to disk: %v", err)

+	if err := daemon.Register(container); err != nil {

 		return nil, err

 	}

-	daemon.Register(container)

 	stateCtr.set(container.ID, "stopped")

 	daemon.LogContainerEvent(container, "create")

 	return container, nil

@@ -83,6 +83,7 @@ type Daemon struct {

 	ID                    string

 	repository            string

 	containers            container.Store

+	containersReplica     container.ViewDB

 	execCommands          *exec.Store

 	downloadManager       *xfer.LayerDownloadManager

 	uploadManager         *xfer.LayerUploadManager

@@ -182,17 +183,20 @@ func (daemon *Daemon) restore() error {

 	activeSandboxes := make(map[string]interface{})

 	for id, c := range containers {

 		if err := daemon.registerName(c); err != nil {

-			logrus.Errorf("Failed to register container %s: %s", c.ID, err)

+			logrus.Errorf("Failed to register container name %s: %s", c.ID, err)

 			delete(containers, id)

 			continue

 		}

-		daemon.Register(c)

-

 		// verify that all volumes valid and have been migrated from the pre-1.7 layout

 		if err := daemon.verifyVolumesInfo(c); err != nil {

 			// don't skip the container due to error

 			logrus.Errorf("Failed to verify volumes for container '%s': %v", c.ID, err)

 		}

+		if err := daemon.Register(c); err != nil {

+			logrus.Errorf("Failed to register container %s: %s", c.ID, err)

+			delete(containers, id)

+			continue

+		}

 		// The LogConfig.Type is empty if the container was created before docker 1.12 with default log driver.

 		// We should rewrite it to use the daemon defaults.

@@ -212,7 +216,7 @@ func (daemon *Daemon) restore() error {

 		go func(c *container.Container) {

 			defer wg.Done()

 			daemon.backportMountSpec(c)

-			if err := c.ToDiskLocking(); err != nil {

+			if err := daemon.checkpointAndSave(c); err != nil {

 				logrus.WithError(err).WithField("container", c.ID).Error("error saving backported mountspec to disk")

 			}

@@ -271,6 +275,7 @@ func (daemon *Daemon) restore() error {

 				}

 			}

+			c.Lock()

 			if c.RemovalInProgress {

 				// We probably crashed in the middle of a removal, reset

 				// the flag.

@@ -281,10 +286,13 @@ func (daemon *Daemon) restore() error {

 				// be removed. So we put the container in the "dead"

 				// state and leave further processing up to them.

 				logrus.Debugf("Resetting RemovalInProgress flag from %v", c.ID)

-				c.ResetRemovalInProgress()

-				c.SetDead()

-				c.ToDisk()

+				c.RemovalInProgress = false

+				c.Dead = true

+				if err := c.CheckpointTo(daemon.containersReplica); err != nil {

+					logrus.Errorf("Failed to update container %s state: %v", c.ID, err)

+				}

 			}

+			c.Unlock()

 		}(c)

 	}

 	wg.Wait()

@@ -755,6 +763,9 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe

 	d.ID = trustKey.PublicKey().KeyID()

 	d.repository = daemonRepo

 	d.containers = container.NewMemoryStore()

+	if d.containersReplica, err = container.NewViewDB(); err != nil {

+		return nil, err

+	}

 	d.execCommands = exec.NewStore()

 	d.trustKey = trustKey

 	d.idIndex = truncindex.NewTruncIndex([]string{})

@@ -1222,3 +1233,13 @@ func CreateDaemonRoot(config *config.Config) error {

 	}

 	return setupDaemonRoot(config, realRoot, idMappings.RootPair())

 }

+

+// checkpointAndSave grabs a container lock to safely call container.CheckpointTo

+func (daemon *Daemon) checkpointAndSave(container *container.Container) error {

+	container.Lock()

+	defer container.Unlock()

+	if err := container.CheckpointTo(daemon.containersReplica); err != nil {

+		return fmt.Errorf("Error saving container state: %v", err)

+	}

+	return nil

+}