@@ -17,7 +17,7 @@ type execBackend interface {

 	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)

 	ContainerExecInspect(id string) (*backend.ExecInspect, error)

 	ContainerExecResize(name string, height, width int) error

-	ContainerExecStart(name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error

+	ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error

 	ExecExists(name string) (bool, error)

 }

@@ -106,7 +106,8 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res

 	}

 	// Now run the user process in container.

-	if err := s.backend.ContainerExecStart(execName, stdin, stdout, stderr); err != nil {

+	// Maybe we should we pass ctx here if we're not detaching?

+	if err := s.backend.ContainerExecStart(context.Background(), execName, stdin, stdout, stderr); err != nil {

 		if execStartCheck.Detach {

 			return err

 		}

@@ -22,15 +22,16 @@ import (

 )

 var validCommitCommands = map[string]bool{

-	"cmd":        true,

-	"entrypoint": true,

-	"env":        true,

-	"expose":     true,

-	"label":      true,

-	"onbuild":    true,

-	"user":       true,

-	"volume":     true,

-	"workdir":    true,

+	"cmd":         true,

+	"entrypoint":  true,

+	"healthcheck": true,

+	"env":         true,

+	"expose":      true,

+	"label":       true,

+	"onbuild":     true,

+	"user":        true,

+	"volume":      true,

+	"workdir":     true,

 }

 // BuiltinAllowedBuildArgs is list of built-in allowed build args

@@ -3,40 +3,42 @@ package command

 // Define constants for the command strings

 const (

-	Env        = "env"

-	Label      = "label"

-	Maintainer = "maintainer"

-	Add        = "add"

-	Copy       = "copy"

-	From       = "from"

-	Onbuild    = "onbuild"

-	Workdir    = "workdir"

-	Run        = "run"

-	Cmd        = "cmd"

-	Entrypoint = "entrypoint"

-	Expose     = "expose"

-	Volume     = "volume"

-	User       = "user"

-	StopSignal = "stopsignal"

-	Arg        = "arg"

+	Env         = "env"

+	Label       = "label"

+	Maintainer  = "maintainer"

+	Add         = "add"

+	Copy        = "copy"

+	From        = "from"

+	Onbuild     = "onbuild"

+	Workdir     = "workdir"

+	Run         = "run"

+	Cmd         = "cmd"

+	Entrypoint  = "entrypoint"

+	Expose      = "expose"

+	Volume      = "volume"

+	User        = "user"

+	StopSignal  = "stopsignal"

+	Arg         = "arg"

+	Healthcheck = "healthcheck"

 )

 // Commands is list of all Dockerfile commands

 var Commands = map[string]struct{}{

-	Env:        {},

-	Label:      {},

-	Maintainer: {},

-	Add:        {},

-	Copy:       {},

-	From:       {},

-	Onbuild:    {},

-	Workdir:    {},

-	Run:        {},

-	Cmd:        {},

-	Entrypoint: {},

-	Expose:     {},

-	Volume:     {},

-	User:       {},

-	StopSignal: {},

-	Arg:        {},

+	Env:         {},

+	Label:       {},

+	Maintainer:  {},

+	Add:         {},

+	Copy:        {},

+	From:        {},

+	Onbuild:     {},

+	Workdir:     {},

+	Run:         {},

+	Cmd:         {},

+	Entrypoint:  {},

+	Expose:      {},

+	Volume:      {},

+	User:        {},

+	StopSignal:  {},

+	Arg:         {},

+	Healthcheck: {},

 }

@@ -12,7 +12,9 @@ import (

 	"regexp"

 	"runtime"

 	"sort"

+	"strconv"

 	"strings"

+	"time"

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/docker/api"

@@ -426,6 +428,111 @@ func cmd(b *Builder, args []string, attributes map[string]bool, original string)

 	return nil

 }

+// parseOptInterval(flag) is the duration of flag.Value, or 0 if

+// empty. An error is reported if the value is given and is not positive.

+func parseOptInterval(f *Flag) (time.Duration, error) {

+	s := f.Value

+	if s == "" {

+		return 0, nil

+	}

+	d, err := time.ParseDuration(s)

+	if err != nil {

+		return 0, err

+	}

+	if d <= 0 {

+		return 0, fmt.Errorf("Interval %#v must be positive", f.name)

+	}

+	return d, nil

+}

+

+// HEALTHCHECK foo

+//

+// Set the default healthcheck command to run in the container (which may be empty).

+// Argument handling is the same as RUN.

+//

+func healthcheck(b *Builder, args []string, attributes map[string]bool, original string) error {

+	if len(args) == 0 {

+		return fmt.Errorf("HEALTHCHECK requires an argument")

+	}

+	typ := strings.ToUpper(args[0])

+	args = args[1:]

+	if typ == "NONE" {

+		if len(args) != 0 {

+			return fmt.Errorf("HEALTHCHECK NONE takes no arguments")

+		}

+		test := strslice.StrSlice{typ}

+		b.runConfig.Healthcheck = &container.HealthConfig{

+			Test: test,

+		}

+	} else {

+		if b.runConfig.Healthcheck != nil {

+			oldCmd := b.runConfig.Healthcheck.Test

+			if len(oldCmd) > 0 && oldCmd[0] != "NONE" {

+				fmt.Fprintf(b.Stdout, "Note: overriding previous HEALTHCHECK: %v\n", oldCmd)

+			}

+		}

+

+		healthcheck := container.HealthConfig{}

+

+		flInterval := b.flags.AddString("interval", "")

+		flTimeout := b.flags.AddString("timeout", "")

+		flRetries := b.flags.AddString("retries", "")

+

+		if err := b.flags.Parse(); err != nil {

+			return err

+		}

+

+		switch typ {

+		case "CMD":

+			cmdSlice := handleJSONArgs(args, attributes)

+			if len(cmdSlice) == 0 {

+				return fmt.Errorf("Missing command after HEALTHCHECK CMD")

+			}

+

+			if !attributes["json"] {

+				typ = "CMD-SHELL"

+			}

+

+			healthcheck.Test = strslice.StrSlice(append([]string{typ}, cmdSlice...))

+		default:

+			return fmt.Errorf("Unknown type %#v in HEALTHCHECK (try CMD)", typ)

+		}

+

+		interval, err := parseOptInterval(flInterval)

+		if err != nil {

+			return err

+		}

+		healthcheck.Interval = interval

+

+		timeout, err := parseOptInterval(flTimeout)

+		if err != nil {

+			return err

+		}

+		healthcheck.Timeout = timeout

+

+		if flRetries.Value != "" {

+			retries, err := strconv.ParseInt(flRetries.Value, 10, 32)

+			if err != nil {

+				return err

+			}

+			if retries < 1 {

+				return fmt.Errorf("--retries must be at least 1 (not %d)", retries)

+			}

+			healthcheck.Retries = int(retries)

+		} else {

+			healthcheck.Retries = 0

+		}

+

+		b.runConfig.Healthcheck = &healthcheck

+	}

+

+	if err := b.commit("", b.runConfig.Cmd, fmt.Sprintf("HEALTHCHECK %q", b.runConfig.Healthcheck)); err != nil {

+		return err

+	}

+

+	return nil

+}

+

 // ENTRYPOINT /usr/sbin/nginx

 //

 // Set the entrypoint (which defaults to sh -c on linux, or cmd /S /C on Windows) to

@@ -58,22 +58,23 @@ var evaluateTable map[string]func(*Builder, []string, map[string]bool, string) e

 func init() {

 	evaluateTable = map[string]func(*Builder, []string, map[string]bool, string) error{

-		command.Env:        env,

-		command.Label:      label,

-		command.Maintainer: maintainer,

-		command.Add:        add,

-		command.Copy:       dispatchCopy, // copy() is a go builtin

-		command.From:       from,

-		command.Onbuild:    onbuild,

-		command.Workdir:    workdir,

-		command.Run:        run,

-		command.Cmd:        cmd,

-		command.Entrypoint: entrypoint,

-		command.Expose:     expose,

-		command.Volume:     volume,

-		command.User:       user,

-		command.StopSignal: stopSignal,

-		command.Arg:        arg,

+		command.Env:         env,

+		command.Label:       label,

+		command.Maintainer:  maintainer,

+		command.Add:         add,

+		command.Copy:        dispatchCopy, // copy() is a go builtin

+		command.From:        from,

+		command.Onbuild:     onbuild,

+		command.Workdir:     workdir,

+		command.Run:         run,

+		command.Cmd:         cmd,

+		command.Entrypoint:  entrypoint,

+		command.Expose:      expose,

+		command.Volume:      volume,

+		command.User:        user,

+		command.StopSignal:  stopSignal,

+		command.Arg:         arg,

+		command.Healthcheck: healthcheck,

 	}

 }

@@ -329,3 +329,32 @@ func parseMaybeJSONToList(rest string) (*Node, map[string]bool, error) {

 	return parseStringsWhitespaceDelimited(rest)

 }

+

+// The HEALTHCHECK command is like parseMaybeJSON, but has an extra type argument.

+func parseHealthConfig(rest string) (*Node, map[string]bool, error) {

+	// Find end of first argument

+	var sep int

+	for ; sep < len(rest); sep++ {

+		if unicode.IsSpace(rune(rest[sep])) {

+			break

+		}

+	}

+	next := sep

+	for ; next < len(rest); next++ {

+		if !unicode.IsSpace(rune(rest[next])) {

+			break

+		}

+	}

+

+	if sep == 0 {

+		return nil, nil, nil

+	}

+

+	typ := rest[:sep]

+	cmd, attrs, err := parseMaybeJSON(rest[next:])

+	if err != nil {

+		return nil, nil, err

+	}

+

+	return &Node{Value: typ, Next: cmd, Attributes: attrs}, nil, err

+}

@@ -66,22 +66,23 @@ func init() {

 	// functions. Errors are propagated up by Parse() and the resulting AST can

 	// be incorporated directly into the existing AST as a next.

 	dispatch = map[string]func(string) (*Node, map[string]bool, error){

-		command.User:       parseString,

-		command.Onbuild:    parseSubCommand,

-		command.Workdir:    parseString,

-		command.Env:        parseEnv,

-		command.Label:      parseLabel,

-		command.Maintainer: parseString,

-		command.From:       parseString,

-		command.Add:        parseMaybeJSONToList,

-		command.Copy:       parseMaybeJSONToList,

-		command.Run:        parseMaybeJSON,

-		command.Cmd:        parseMaybeJSON,

-		command.Entrypoint: parseMaybeJSON,

-		command.Expose:     parseStringsWhitespaceDelimited,

-		command.Volume:     parseMaybeJSONToList,

-		command.StopSignal: parseString,

-		command.Arg:        parseNameOrNameVal,

+		command.User:        parseString,

+		command.Onbuild:     parseSubCommand,

+		command.Workdir:     parseString,

+		command.Env:         parseEnv,

+		command.Label:       parseLabel,

+		command.Maintainer:  parseString,

+		command.From:        parseString,

+		command.Add:         parseMaybeJSONToList,

+		command.Copy:        parseMaybeJSONToList,

+		command.Run:         parseMaybeJSON,

+		command.Cmd:         parseMaybeJSON,

+		command.Entrypoint:  parseMaybeJSON,

+		command.Expose:      parseStringsWhitespaceDelimited,

+		command.Volume:      parseMaybeJSONToList,

+		command.StopSignal:  parseString,

+		command.Arg:         parseNameOrNameVal,

+		command.Healthcheck: parseHealthConfig,

 	}

 }

new file mode 100644

@@ -0,0 +1,10 @@

+FROM debian

+ADD check.sh main.sh /app/

+CMD /app/main.sh

+HEALTHCHECK

+HEALTHCHECK --interval=5s --timeout=3s --retries=1 \

+  CMD /app/check.sh --quiet

+HEALTHCHECK CMD

+HEALTHCHECK   CMD   a b

+HEALTHCHECK --timeout=3s CMD ["foo"]

+HEALTHCHECK CONNECT TCP 7000

new file mode 100644

@@ -0,0 +1,9 @@

+(from "debian")

+(add "check.sh" "main.sh" "/app/")

+(cmd "/app/main.sh")

+(healthcheck)

+(healthcheck ["--interval=5s" "--timeout=3s" "--retries=1"] "CMD" "/app/check.sh --quiet")

+(healthcheck "CMD")

+(healthcheck "CMD" "a b")

+(healthcheck ["--timeout=3s"] "CMD" "foo")

+(healthcheck "CONNECT" "TCP 7000")

new file mode 100644

@@ -0,0 +1,49 @@

+package container

+

+import (

+	"github.com/Sirupsen/logrus"

+	"github.com/docker/engine-api/types"

+)

+

+// Health holds the current container health-check state

+type Health struct {

+	types.Health

+	stop chan struct{} // Write struct{} to stop the monitor

+}

+

+// String returns a human-readable description of the health-check state

+func (s *Health) String() string {

+	if s.stop == nil {

+		return "no healthcheck"

+	}

+	switch s.Status {

+	case types.Starting:

+		return "health: starting"

+	default: // Healthy and Unhealthy are clear on their own

+		return s.Status

+	}

+}

+

+// OpenMonitorChannel creates and returns a new monitor channel. If there already is one,

+// it returns nil.

+func (s *Health) OpenMonitorChannel() chan struct{} {

+	if s.stop == nil {

+		logrus.Debugf("OpenMonitorChannel")

+		s.stop = make(chan struct{})

+		return s.stop

+	}

+	return nil

+}

+

+// CloseMonitorChannel closes any existing monitor channel.

+func (s *Health) CloseMonitorChannel() {

+	if s.stop != nil {

+		logrus.Debugf("CloseMonitorChannel: waiting for probe to stop")

+		// This channel does not buffer. Once the write succeeds, the monitor

+		// has read the stop request and will not make any further updates

+		// to c.State.Health.

+		s.stop <- struct{}{}

+		s.stop = nil

+		logrus.Debugf("CloseMonitorChannel done")

+	}

+}

@@ -27,6 +27,7 @@ type State struct {

 	StartedAt         time.Time

 	FinishedAt        time.Time

 	waitChan          chan struct{}

+	Health            *Health

 }

 // NewState creates a default state object with a fresh channel for state changes.

@@ -46,6 +47,9 @@ func (s *State) String() string {

 			return fmt.Sprintf("Restarting (%d) %s ago", s.ExitCode, units.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))

 		}

+		if h := s.Health; h != nil {

+			return fmt.Sprintf("Up %s (%s)", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)), h.String())

+		}

 		return fmt.Sprintf("Up %s", units.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))

 	}

@@ -80,6 +80,25 @@ func merge(userConf, imageConf *containertypes.Config) error {

 			userConf.Entrypoint = imageConf.Entrypoint

 		}

 	}

+	if imageConf.Healthcheck != nil {

+		if userConf.Healthcheck == nil {

+			userConf.Healthcheck = imageConf.Healthcheck

+		} else {

+			if len(userConf.Healthcheck.Test) == 0 {

+				userConf.Healthcheck.Test = imageConf.Healthcheck.Test

+			}

+			if userConf.Healthcheck.Interval == 0 {

+				userConf.Healthcheck.Interval = imageConf.Healthcheck.Interval

+			}

+			if userConf.Healthcheck.Timeout == 0 {

+				userConf.Healthcheck.Timeout = imageConf.Healthcheck.Timeout

+			}

+			if userConf.Healthcheck.Retries == 0 {

+				userConf.Healthcheck.Retries = imageConf.Healthcheck.Retries

+			}

+		}

+	}

+

 	if userConf.WorkingDir == "" {

 		userConf.WorkingDir = imageConf.WorkingDir

 	}

@@ -14,11 +14,15 @@ import (

 	"github.com/docker/docker/errors"

 	"github.com/docker/docker/libcontainerd"

 	"github.com/docker/docker/pkg/pools"

+	"github.com/docker/docker/pkg/signal"

 	"github.com/docker/docker/pkg/term"

 	"github.com/docker/engine-api/types"

 	"github.com/docker/engine-api/types/strslice"

 )

+// Seconds to wait after sending TERM before trying KILL

+const termProcessTimeout = 10

+

 func (d *Daemon) registerExecCommand(container *container.Container, config *exec.Config) {

 	// Storing execs in container in order to kill them gracefully whenever the container is stopped or removed.

 	container.ExecCommands.Add(config.ID, config)

@@ -130,7 +134,8 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str

 // ContainerExecStart starts a previously set up exec instance. The

 // std streams are set up.

-func (d *Daemon) ContainerExecStart(name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) (err error) {

+// If ctx is cancelled, the process is terminated.

+func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) (err error) {

 	var (

 		cStdin           io.ReadCloser

 		cStdout, cStderr io.Writer

@@ -197,15 +202,28 @@ func (d *Daemon) ContainerExecStart(name string, stdin io.ReadCloser, stdout io.

 		return nil

 	}

-	attachErr := container.AttachStreams(context.Background(), ec.StreamConfig, ec.OpenStdin, true, ec.Tty, cStdin, cStdout, cStderr, ec.DetachKeys)

+	attachErr := container.AttachStreams(ctx, ec.StreamConfig, ec.OpenStdin, true, ec.Tty, cStdin, cStdout, cStderr, ec.DetachKeys)

 	if err := d.containerd.AddProcess(c.ID, name, p); err != nil {

 		return err

 	}

-	err = <-attachErr

-	if err != nil {

-		return fmt.Errorf("attach failed with error: %v", err)

+	select {

+	case <-ctx.Done():

+		logrus.Debugf("Sending TERM signal to process %v in container %v", name, c.ID)

+		d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["TERM"]))

+		select {

+		case <-time.After(termProcessTimeout * time.Second):

+			logrus.Infof("Container %v, process %v failed to exit within %d seconds of signal TERM - using the force", c.ID, name, termProcessTimeout)

+			d.containerd.SignalProcess(c.ID, name, int(signal.SignalMap["KILL"]))

+		case <-attachErr:

+			// TERM signal worked

+		}

+		return fmt.Errorf("context cancelled")

+	case err := <-attachErr:

+		if err != nil {

+			return fmt.Errorf("attach failed with error: %v", err)

+		}

 	}

 	return nil

 }

new file mode 100644

@@ -0,0 +1,314 @@

+package daemon

+

+import (

+	"bytes"

+	"fmt"

+	"runtime"

+	"strings"

+	"time"

+

+	"golang.org/x/net/context"

+

+	"github.com/Sirupsen/logrus"

+	"github.com/docker/docker/container"

+	"github.com/docker/docker/daemon/exec"

+	"github.com/docker/engine-api/types"

+	"github.com/docker/engine-api/types/strslice"

+)

+

+const (

+	// Longest healthcheck probe output message to store. Longer messages will be truncated.

+	maxOutputLen = 4096

+

+	// Default interval between probe runs (from the end of the first to the start of the second).

+	// Also the time before the first probe.

+	defaultProbeInterval = 30 * time.Second

+

+	// The maximum length of time a single probe run should take. If the probe takes longer

+	// than this, the check is considered to have failed.

+	defaultProbeTimeout = 30 * time.Second

+

+	// Shut down a container if it becomes Unhealthy.

+	defaultExitOnUnhealthy = true

+

+	// Maximum number of entries to record

+	maxLogEntries = 5

+)

+

+const (

+	// Exit status codes that can be returned by the probe command.

+

+	exitStatusHealthy   = 0 // Container is healthy

+	exitStatusUnhealthy = 1 // Container is unhealthy

+	exitStatusStarting  = 2 // Container needs more time to start

+)

+

+// probe implementations know how to run a particular type of probe.

+type probe interface {

+	// Perform one run of the check. Returns the exit code and an optional

+	// short diagnostic string.

+	run(context.Context, *Daemon, *container.Container) (*types.HealthcheckResult, error)

+}

+

+// cmdProbe implements the "CMD" probe type.

+type cmdProbe struct {

+	// Run the command with the system's default shell instead of execing it directly.

+	shell bool

+}

+

+// exec the healthcheck command in the container.

+// Returns the exit code and probe output (if any)

+func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Container) (*types.HealthcheckResult, error) {

+	cmdSlice := strslice.StrSlice(container.Config.Healthcheck.Test)[1:]

+	if p.shell {

+		if runtime.GOOS != "windows" {

+			cmdSlice = append([]string{"/bin/sh", "-c"}, cmdSlice...)

+		} else {

+			cmdSlice = append([]string{"cmd", "/S", "/C"}, cmdSlice...)

+		}

+	}

+	entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmdSlice)

+	execConfig := exec.NewConfig()

+	execConfig.OpenStdin = false

+	execConfig.OpenStdout = true

+	execConfig.OpenStderr = true

+	execConfig.ContainerID = container.ID

+	execConfig.DetachKeys = []byte{}

+	execConfig.Entrypoint = entrypoint

+	execConfig.Args = args

+	execConfig.Tty = false

+	execConfig.Privileged = false

+	execConfig.User = container.Config.User

+

+	d.registerExecCommand(container, execConfig)

+	d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " "))

+

+	output := &limitedBuffer{}

+	err := d.ContainerExecStart(ctx, execConfig.ID, nil, output, output)

+	if err != nil {

+		return nil, err

+	}

+	info, err := d.getExecConfig(execConfig.ID)

+	if err != nil {

+		return nil, err

+	}

+	if info.ExitCode == nil {

+		return nil, fmt.Errorf("Healthcheck has no exit code!")

+	}

+	// Note: Go's json package will handle invalid UTF-8 for us

+	out := output.String()

+	return &types.HealthcheckResult{

+		End:      time.Now(),

+		ExitCode: *info.ExitCode,

+		Output:   out,

+	}, nil

+}

+

+// Update the container's Status.Health struct based on the latest probe's result.

+func handleProbeResult(d *Daemon, c *container.Container, result *types.HealthcheckResult) {

+	c.Lock()

+	defer c.Unlock()

+

+	retries := c.Config.Healthcheck.Retries

+	if retries <= 0 {

+		retries = 1 // Default if unset or set to an invalid value

+	}

+

+	h := c.State.Health

+	oldStatus := h.Status

+

+	if len(h.Log) >= maxLogEntries {

+		h.Log = append(h.Log[len(h.Log)+1-maxLogEntries:], result)

+	} else {

+		h.Log = append(h.Log, result)

+	}

+

+	if result.ExitCode == exitStatusHealthy {

+		h.FailingStreak = 0

+		h.Status = types.Healthy

+	} else if result.ExitCode == exitStatusStarting && c.State.Health.Status == types.Starting {

+		// The container is not ready yet. Remain in the starting state.

+	} else {

+		// Failure (incuding invalid exit code)

+		h.FailingStreak++

+		if c.State.Health.FailingStreak >= retries {

+			h.Status = types.Unhealthy

+		}

+		// Else we're starting or healthy. Stay in that state.

+	}

+

+	if oldStatus != h.Status {

+		d.LogContainerEvent(c, "health_status: "+h.Status)

+	}

+}

+

+// Run the container's monitoring thread until notified via "stop".

+// There is never more than one monitor thread running per container at a time.

+func monitor(d *Daemon, c *container.Container, stop chan struct{}, probe probe) {

+	probeTimeout := timeoutWithDefault(c.Config.Healthcheck.Timeout, defaultProbeTimeout)

+	probeInterval := timeoutWithDefault(c.Config.Healthcheck.Interval, defaultProbeInterval)

+	for {

+		select {

+		case <-stop:

+			logrus.Debugf("Stop healthcheck monitoring (received while idle)")

+			return

+		case <-time.After(probeInterval):

+			logrus.Debugf("Running health check...")

+			startTime := time.Now()

+			ctx, cancelProbe := context.WithTimeout(context.Background(), probeTimeout)

+			results := make(chan *types.HealthcheckResult)

+			go func() {

+				result, err := probe.run(ctx, d, c)

+				if err != nil {

+					logrus.Warnf("Health check error: %v", err)

+					results <- &types.HealthcheckResult{

+						ExitCode: -1,

+						Output:   err.Error(),

+						Start:    startTime,

+						End:      time.Now(),

+					}

+				} else {

+					result.Start = startTime

+					logrus.Debugf("Health check done (exitCode=%d)", result.ExitCode)

+					results <- result

+				}

+				close(results)

+			}()

+			select {

+			case <-stop:

+				logrus.Debugf("Stop healthcheck monitoring (received while probing)")

+				// Stop timeout and kill probe, but don't wait for probe to exit.

+				cancelProbe()

+				return

+			case result := <-results:

+				handleProbeResult(d, c, result)

+				// Stop timeout

+				cancelProbe()

+			case <-ctx.Done():

+				logrus.Debugf("Health check taking too long")

+				handleProbeResult(d, c, &types.HealthcheckResult{

+					ExitCode: -1,

+					Output:   fmt.Sprintf("Health check exceeded timeout (%v)", probeTimeout),

+					Start:    startTime,

+					End:      time.Now(),

+				})

+				cancelProbe()

+				// Wait for probe to exit (it might take a while to respond to the TERM

+				// signal and we don't want dying probes to pile up).

+				<-results

+			}

+		}

+	}

+}

+

+// Get a suitable probe implementation for the container's healthcheck configuration.

+func getProbe(c *container.Container) probe {

+	config := c.Config.Healthcheck

+	if config == nil || len(config.Test) == 0 {

+		return nil

+	}

+	switch config.Test[0] {

+	case "CMD":

+		return &cmdProbe{shell: false}

+	case "CMD-SHELL":

+		return &cmdProbe{shell: true}

+	default:

+		logrus.Warnf("Unknown healthcheck type '%s' (expected 'CMD')", config.Test[0])

+		return nil

+	}

+}

+

+// Ensure the health-check monitor is running or not, depending on the current

+// state of the container.

+// Called from monitor.go, with c locked.

+func (d *Daemon) updateHealthMonitor(c *container.Container) {

+	h := c.State.Health

+	if h == nil {

+		return // No healthcheck configured

+	}

+

+	probe := getProbe(c)

+	wantRunning := c.Running && !c.Paused && probe != nil

+	if wantRunning {

+		if stop := h.OpenMonitorChannel(); stop != nil {

+			go monitor(d, c, stop, probe)

+		}

+	} else {

+		h.CloseMonitorChannel()

+	}

+}

+

+// Reset the health state for a newly-started, restarted or restored container.

+// initHealthMonitor is called from monitor.go and we should never be running

+// two instances at once.

+// Called with c locked.

+func (d *Daemon) initHealthMonitor(c *container.Container) {

+	if c.Config.Healthcheck == nil {

+		return

+	}

+

+	// This is needed in case we're auto-restarting

+	d.stopHealthchecks(c)

+

+	if c.State.Health == nil {

+		h := &container.Health{}

+		h.Status = types.Starting

+		h.FailingStreak = 0

+		c.State.Health = h

+	}

+

+	d.updateHealthMonitor(c)

+}

+

+// Called when the container is being stopped (whether because the health check is

+// failing or for any other reason).

+func (d *Daemon) stopHealthchecks(c *container.Container) {

+	h := c.State.Health

+	if h != nil {

+		h.CloseMonitorChannel()

+	}

+}

+

+// Buffer up to maxOutputLen bytes. Further data is discarded.

+type limitedBuffer struct {

+	buf       bytes.Buffer

+	truncated bool // indicates that data has been lost

+}

+

+// Append to limitedBuffer while there is room.

+func (b *limitedBuffer) Write(data []byte) (int, error) {

+	bufLen := b.buf.Len()

+	dataLen := len(data)

+	keep := min(maxOutputLen-bufLen, dataLen)

+	if keep > 0 {

+		b.buf.Write(data[:keep])

+	}

+	if keep < dataLen {

+		b.truncated = true

+	}

+	return dataLen, nil

+}

+

+// The contents of the buffer, with "..." appended if it overflowed.

+func (b *limitedBuffer) String() string {

+	out := b.buf.String()

+	if b.truncated {

+		out = out + "..."

+	}

+	return out

+}

+

+// If configuredValue is zero, use defaultValue instead.

+func timeoutWithDefault(configuredValue time.Duration, defaultValue time.Duration) time.Duration {

+	if configuredValue == 0 {

+		return defaultValue

+	}

+	return configuredValue

+}

+

+func min(x, y int) int {

+	if x < y {

+		return x

+	}

+	return y

+}

new file mode 100644