pool/docker
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 248981 from Virtualization

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/248981
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=7
This commit is contained in:
Stephan Kulow 2014-09-12 15:04:18 +00:00 committed by Git OBS Bridge
parent ac9dff580c
commit 0111d4ef35
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docker.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Sep 12 13:21:40 UTC 2014 - cbosdonnat@suse.com
- Generated AppArmor profile used mount rules which aren't supported
in our version of AppArmor. libcontainer-apparmor-fixes.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 4 15:41:39 UTC 2014 - fcastelli@suse.com Thu Sep 4 15:41:39 UTC 2014 - fcastelli@suse.com

3
docker.spec
View File

@ -33,6 +33,8 @@ Source5: docker.socket
Source6: docker-rpmlintrc Source6: docker-rpmlintrc
Source7: README_SUSE.md Source7: README_SUSE.md
Patch0: 0002-Stripped-dockerinit-binary.patch Patch0: 0002-Stripped-dockerinit-binary.patch
# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor
Patch1: libcontainer-apparmor-fixes.patch
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: device-mapper-devel >= 1.2.68
BuildRequires: glibc-devel-static BuildRequires: glibc-devel-static
@ -91,6 +93,7 @@ Zsh command line completion support for %{name}.
%prep %prep
%setup -q -n docker %setup -q -n docker
%patch0 -p1 %patch0 -p1
%patch1 -p1
cp %{SOURCE7} . cp %{SOURCE7} .
%build %build

34
libcontainer-apparmor-fixes.patch Normal file
View File

@ -0,0 +1,34 @@
Index: docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
===================================================================
--- docker.orig/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
+++ docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go
@@ -25,18 +25,6 @@ profile {{.Name}} flags=(attach_disconne
network,
capability,
file,
- umount,
-
- mount fstype=tmpfs,
- mount fstype=mqueue,
- mount fstype=fuse.*,
- mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
- mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
- mount fstype=fusectl -> /sys/fs/fuse/connections/,
- mount fstype=securityfs -> /sys/kernel/security/,
- mount fstype=debugfs -> /sys/kernel/debug/,
- mount fstype=proc -> /proc/,
- mount fstype=sysfs -> /sys/,
deny @{PROC}/sys/fs/** wklx,
deny @{PROC}/sysrq-trigger rwklx,
@@ -45,10 +33,6 @@ profile {{.Name}} flags=(attach_disconne
deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx,
deny @{PROC}/sys/kernel/*/** wklx,
- deny mount options=(ro, remount) -> /,
- deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/,
- deny mount fstype=devpts,
-
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,