Accepting request 1224334 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/1224334
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=155

docker.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Nov 12 06:34:28 UTC 2024 - Aleksa Sarai <asarai@suse.com>
+
+- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
+  sysconfig a long time ago, and apparently this causes issues with systemd in
+  some cases.
+
 -------------------------------------------------------------------
 Wed Oct 16 22:24:52 UTC 2024 - Aleksa Sarai <asarai@suse.com>
 
@@ -17,6 +24,7 @@ Tue Oct 15 04:58:46 UTC 2024 - Aleksa Sarai <asarai@suse.com>
 
 - Allow users to disable SUSE secrets support by setting
   DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
+  bsc#1232999
 
 -------------------------------------------------------------------
 Wed Sep 18 13:47:45 UTC 2024 - Ana Guerrero <ana.guerrero@suse.com>
@@ -64,8 +72,8 @@ Wed Jul 31 04:58:15 UTC 2024 - Aleksa Sarai <asarai@suse.com>
   <https://docs.docker.com/engine/release-notes/25.0/#2506>
 - This update includes fixes for:
   * CVE-2024-41110. bsc#1228324
-  * CVE-2023-47108. bsc#1217070
+  * CVE-2023-47108. bsc#1217070 bsc#1229806
-  * CVE-2023-45142. bsc#1228553
+  * CVE-2023-45142. bsc#1228553 bsc#1229806
 - Rebase patches:
   * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
   * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch

docker.service

@@ -16,7 +16,7 @@ EnvironmentFile=/etc/sysconfig/docker
 # enabled by default because enabling socket activation means that on boot your
 # containers won't start until someone tries to administer the Docker daemon.
 Type=notify
-ExecStart=/usr/bin/dockerd --add-runtime oci=/usr/sbin/runc $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS
+ExecStart=/usr/bin/dockerd --add-runtime oci=/usr/sbin/runc $DOCKER_OPTS
 ExecReload=/bin/kill -s HUP $MAINPID
 
 # Having non-zero Limit*s causes performance problems due to accounting overhead

docker.spec

@@ -16,12 +16,13 @@
 #
 # nodebuginfo
 
+
+%bcond_without  apparmor
+
 # The flavour is defined with a macro to try to keep docker and docker-stable
 # as similar as possible, to make maintenance a little easier.
 %define flavour %{nil}
 
-%bcond_without  apparmor
-
 # Where important update information will be stored, such that an administrator
 # is guaranteed to see the relevant warning.
 %define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
@@ -96,18 +97,18 @@ BuildRequires:  fdupes
 %if %{with apparmor}
 BuildRequires:  libapparmor-devel
 %endif
+BuildRequires:  fish
+BuildRequires:  go-go-md2man
 BuildRequires:  libbtrfs-devel >= 3.8
 BuildRequires:  libseccomp-devel >= 2.2
 BuildRequires:  libtool
 BuildRequires:  linux-glibc-devel
 BuildRequires:  procps
 BuildRequires:  sqlite3-devel
-BuildRequires:  zsh
-BuildRequires:  fish
-BuildRequires:  go-go-md2man
-BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  sysuser-tools
+BuildRequires:  zsh
 BuildRequires:  golang(API) = 1.21
+BuildRequires:  pkgconfig(libsystemd)
 %if %{with apparmor}
 %if 0%{?sle_version} >= 150000
 # This conditional only works on rpm>=4.13, which SLE 12 doesn't have. But we
@@ -163,8 +164,8 @@ Requires(post): shadow
 # configured to use lvm and the user doesn't explicitly provide a
 # different storage-driver than devicemapper
 Recommends:     lvm2 >= 2.2.89
-Recommends:     git-core >= 1.7
 Recommends:     %{name}-rootless-extras
+Recommends:     git-core >= 1.7
 ExcludeArch:    s390 ppc
 
 %description
@@ -209,9 +210,9 @@ Key features:
 Summary:        Rootless support for Docker
 Group:          System/Management
 Requires:       %{name} = %{docker_version}
-Requires:       slirp4netns >= 0.4
 Requires:       fuse-overlayfs >= 0.7
 Requires:       rootlesskit
+Requires:       slirp4netns >= 0.4
 BuildArch:      noarch
 # docker-stable cannot be used alongside docker.
 %if "%{name}" == "docker-stable"