From 64062d332d26398a0e64a05e62a8b6c3ca684fb5673edb99e49778c529c0fb34 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 5 Feb 2016 09:21:26 +0000 Subject: [PATCH] - Update to 1.10.0 version Add usernamespace support Add support for custom seccomp profiles Improvements in network and volume management detailed changelog in https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=58 --- _service | 4 +- add_bolt_arm64.patch | 20 ------- add_bolt_ppc64.patch | 23 -------- docker-1.9.1.tar.xz | 3 - docker.changes | 45 +++++++++------ docker.spec | 47 +++------------- fix-docker-init.patch | 10 ---- fix-ppc64le.patch | 8 +-- fix_bnc_958255.patch | 13 ----- fix_cgroup.parent_path_sanitisation.patch | 67 ----------------------- fix_platform_type_arm.patch | 20 +++++++ gcc-go-patches.patch | 31 ++++------- ignore-dockerinit-checksum.patch | 12 ---- libcontainer-apparmor-fixes.patch | 11 ---- use_fs_cgroups_by_default.patch | 51 ----------------- 15 files changed, 75 insertions(+), 290 deletions(-) delete mode 100644 add_bolt_arm64.patch delete mode 100644 add_bolt_ppc64.patch delete mode 100644 docker-1.9.1.tar.xz delete mode 100644 fix-docker-init.patch delete mode 100644 fix_bnc_958255.patch delete mode 100644 fix_cgroup.parent_path_sanitisation.patch create mode 100644 fix_platform_type_arm.patch delete mode 100644 ignore-dockerinit-checksum.patch delete mode 100644 libcontainer-apparmor-fixes.patch delete mode 100644 use_fs_cgroups_by_default.patch diff --git a/_service b/_service index 6454f97..399611a 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.9.1 - v1.9.1 + 1.10.0 + v1.10.0 docker-*.tar diff --git a/add_bolt_arm64.patch b/add_bolt_arm64.patch deleted file mode 100644 index 731efa3..0000000 --- a/add_bolt_arm64.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Michel Normand -Subject: add bolt arm64 -Date: Fri, 04 Dec 2015 17:07:22 +0100 - -add bolt arm64 - -Signed-off-by: Michel Normand ---- - vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/add_bolt_ppc64.patch b/add_bolt_ppc64.patch deleted file mode 100644 index 3db9b71..0000000 --- a/add_bolt_ppc64.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- - vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++ - vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++ - 2 files changed, 8 insertions(+) - -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/docker-1.9.1.tar.xz b/docker-1.9.1.tar.xz deleted file mode 100644 index acdcd5c..0000000 --- a/docker-1.9.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:edb9bdbcce529e4170b6ad8a14643b12f176c8d2b1690f182f29bc79e3dde3c0 -size 6283244 diff --git a/docker.changes b/docker.changes index 8766a73..435c4bf 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com + +- Update to 1.10.0 version + + Add usernamespace support + Add support for custom seccomp profiles + Improvements in network and volume management + +detailed changelog in + +https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md + ------------------------------------------------------------------- Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com @@ -16,8 +29,8 @@ Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com Thus, we need to workaround the workaroundn in tumbleweed - There was an error in one of the file list - - + + ------------------------------------------------------------------- Wed Dec 23 10:47:04 UTC 2015 - fcastelli@suse.com @@ -181,11 +194,11 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.2 + https://github.com/docker/docker/releases/tag/v1.8.2 fix bsc#946653 update do docker 1.8.2 -- devicemapper: fix zero-sized field access +- devicemapper: fix zero-sized field access Fix issue #15279: does not build with Go 1.5 tip Due to golang/go@7904946 the devices field is dropped. @@ -193,7 +206,7 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com This solution works on go1.4 and go1.5 See more in https://github.com/docker/docker/pull/15404 - + This fix was not included in v1.8.2. See previous link on why. @@ -221,9 +234,9 @@ Thu Aug 13 09:00:25 UTC 2015 - jmassaguerpla@suse.com - Update to docker 1.8.0: see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.0 + https://github.com/docker/docker/releases/tag/v1.8.0 -- remove docker-netns-aarch64.patch: This patch was adding +- remove docker-netns-aarch64.patch: This patch was adding vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go which is now included upstream, so we don't need this patch anymore @@ -233,7 +246,7 @@ Fri Jul 24 14:24:16 UTC 2015 - jmassaguerpla@suse.com - Exclude archs where docker does not build. Otherwise it gets into and infinite loop when building. - We'll fix that later if we want to release for those archs. + We'll fix that later if we want to release for those archs. ------------------------------------------------------------------- Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com @@ -262,18 +275,18 @@ Distribution Fix pulling private images Fix fallback between registry V2 and V1 - + ------------------------------------------------------------------- Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com -- Exclude init scripts other than systemd from the test-package +- Exclude init scripts other than systemd from the test-package ------------------------------------------------------------------- Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com - Exclude intel 32 bits arch. Docker does not built on that. Let's - make it explicit. + make it explicit. ------------------------------------------------------------------- Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com @@ -325,7 +338,7 @@ Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com ------------------------------------------------------------------- Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com -- Add test subpackage and fix line numbers in patches +- Add test subpackage and fix line numbers in patches ------------------------------------------------------------------- Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com @@ -498,7 +511,7 @@ Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - - Add support for `ENV` in Dockerfile of the form: + - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field @@ -976,7 +989,7 @@ Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com - Fix broken images API for version less than 1.7 - Use the right encoding for all API endpoints which return JSON - Move remote api client to api/ - - Queue calls to the API using generic socket wait + - Queue calls to the API using generic socket wait * Runtime: - Fix the use of custom settings for bridges and custom bridges - Refactor the devicemapper code to avoid many mount/unmount race @@ -1099,7 +1112,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com * Do not add hostname when networking is disabled * Return most recent image from the cache by date * Return all errors from docker wait - * Add Content-Type Header "application/json" to GET /version and /info responses + * Add Content-Type Header "application/json" to GET /version and /info responses * Other: - Update DCO to version 1.1 - Update Makefile to use "docker:GIT_BRANCH" as the generated image name @@ -1118,7 +1131,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com - Fix for wrong version warning on master instead of latest * Runtime: - Only get the image's rootfs when we need to calculate the image size - - Correctly handle unmapping UDP ports + - Correctly handle unmapping UDP ports - Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build - Fix login message to say pull instead of push - Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN diff --git a/docker.spec b/docker.spec index 99d73c2..250ee91 100644 --- a/docker.spec +++ b/docker.spec @@ -16,10 +16,10 @@ # -%define git_version a34a1d5 +%define git_version 590d510 %define go_arches %ix86 x86_64 Name: docker -Version: 1.9.1 +Version: 1.10.0 Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -41,34 +41,16 @@ Source7: README_SUSE.md Source8: docker-audit.rules # TODO: remove once we figure out what is wrong with iptables on ppc64le Source100: sysconfig.docker.ppc64le -Patch0: fix-docker-init.patch -# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor -Patch1: libcontainer-apparmor-fixes.patch -# fix regexp in apparmor default profile. This is already fixed upstream so in version > 1.9.1 it should be already fixed -Patch2: fix_bnc_958255.patch -# fix default cgroups. This is fixed upstream, too. -Patch3: use_fs_cgroups_by_default.patch -# fix an issue with cgroups. This is fixed upstream, too. -Patch4: fix_cgroup.parent_path_sanitisation.patch -# fix an issue with JSON and containers not starting. This is fixed upstream, too. -Patch5: fix_json_econnreset_bug.patch -# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time -# We cannot do that, right now a quick and really dirty way to get it running is -# to simply disable this check -# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -Patch6: gcc5_socket_workaround.patch -Patch100: ignore-dockerinit-checksum.patch -Patch101: gcc-go-patches.patch -Patch102: add_bolt_ppc64.patch -Patch105: add_bolt_arm64.patch -Patch108: fix-ppc64le.patch +Patch0: fix_platform_type_arm.patch +Patch1: gcc5_socket_workaround.patch +Patch100: gcc-go-patches.patch +Patch101: fix-ppc64le.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static %ifarch %go_arches -BuildRequires: go >= 1.4 +BuildRequires: go >= 1.5 BuildRequires: go-go-md2man %else BuildRequires: gcc5-go >= 5.0 @@ -156,11 +138,6 @@ Test package for docker. It contains the source code and the tests. %prep %setup -q -n docker-%{version} %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 # 1330 is Tumbleweed after leap has been released # gcc5-go in Tumbleweed includes this commit # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb @@ -169,14 +146,11 @@ Test package for docker. It contains the source code and the tests. # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 -%patch6 -p1 +%patch1 -p1 %endif %ifnarch %go_arches %patch100 -p1 -%patch101 -p0 -%patch102 -p1 -%patch105 -p1 -%patch108 -p1 +%patch101 -p1 %endif cp %{SOURCE7} . @@ -213,10 +187,8 @@ install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} %ifarch %go_arches install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} -install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %else install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} -install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %endif install -d %{buildroot}/%{_prefix}/lib/docker install -Dd -m 0755 \ @@ -284,7 +256,6 @@ groupadd -r docker 2>/dev/null || : %{_bindir}/docker %{_sbindir}/rcdocker %{_prefix}/lib/docker/ -%{_prefix}/lib/docker/dockerinit %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %config %{_sysconfdir}/audit/rules.d/%{name}.rules diff --git a/fix-docker-init.patch b/fix-docker-init.patch deleted file mode 100644 index d20346b..0000000 --- a/fix-docker-init.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit ---- a/hack/make/.dockerinit 2015-08-11 18:35:27.000000000 +0200 -+++ b/hack/make/.dockerinit 2015-08-12 18:14:25.743452565 +0200 -@@ -29,5 +29,6 @@ - exit 1 - fi - -+/usr/bin/strip -s $DEST/dockerinit-$VERSION - # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another - export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) diff --git a/fix-ppc64le.patch b/fix-ppc64le.patch index a4c7a40..fd5afb1 100644 --- a/fix-ppc64le.patch +++ b/fix-ppc64le.patch @@ -1,3 +1,4 @@ + Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go @@ -5,9 +6,9 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build arm ppc64 ppc64le +// +build arm ppc64,!ppc64le - + package bridge - + Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go @@ -15,6 +16,5 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build !arm,!ppc64,!ppc64le +// +build !arm,!ppc64 ppc64le - + package bridge - diff --git a/fix_bnc_958255.patch b/fix_bnc_958255.patch deleted file mode 100644 index aa436c1..0000000 --- a/fix_bnc_958255.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go -index 3aaba98..06babd3 100644 ---- a/daemon/execdriver/native/apparmor.go -+++ b/daemon/execdriver/native/apparmor.go -@@ -40,7 +40,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { - file, - umount, - -- deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx, -+ deny @{PROC}/{*,**^[0-9]*,sys/kernel/shm*} wkx, - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, - deny @{PROC}/kmem rwklx, diff --git a/fix_cgroup.parent_path_sanitisation.patch b/fix_cgroup.parent_path_sanitisation.patch deleted file mode 100644 index c1e6500..0000000 --- a/fix_cgroup.parent_path_sanitisation.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -index a0a93a4..da31d06 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -@@ -216,12 +216,39 @@ func (m *Manager) GetPids() ([]int, error) { - return cgroups.GetPids(dir) - } - -+// pathClean makes a path safe for use with filepath.Join. This is done by not -+// only cleaning the path, but also (if the path is relative) adding a leading -+// '/' and cleaning it (then removing the leading '/'). This ensures that a -+// path resulting from prepending another path will always resolve to lexically -+// be a subdirectory of the prefixed path. This is all done lexically, so paths -+// that include symlinks won't be safe as a result of using pathClean. -+func pathClean(path string) string { -+ // Ensure that all paths are cleaned (especially problematic ones like -+ // "/../../../../../" which can cause lots of issues). -+ path = filepath.Clean(path) -+ -+ // If the path isn't absolute, we need to do more processing to fix paths -+ // such as "../../../..//some/path". We also shouldn't convert absolute -+ // paths to relative ones. -+ if !filepath.IsAbs(path) { -+ path = filepath.Clean(string(os.PathSeparator) + path) -+ // This can't fail, as (by definition) all paths are relative to root. -+ path, _ = filepath.Rel(string(os.PathSeparator), path) -+ } -+ -+ // Clean the path again for good measure. -+ return filepath.Clean(path) -+} -+ - func getCgroupData(c *configs.Cgroup, pid int) (*data, error) { - root, err := getCgroupRoot() - if err != nil { - return nil, err - } - -+ // Clean the parent slice path. -+ c.Parent = pathClean(c.Parent) -+ - cgroup := c.Name - if c.Parent != "" { - cgroup = filepath.Join(c.Parent, cgroup) -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -index f3ec2c3..0b13115 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -@@ -4,6 +4,7 @@ package fs - - import ( - "bytes" -+ "fmt" - "io/ioutil" - "os" - "path/filepath" -@@ -92,6 +93,10 @@ func (s *CpusetGroup) ensureParent(current, root string) error { - if filepath.Clean(parent) == root { - return nil - } -+ // Avoid infinite recursion. -+ if parent == current { -+ return fmt.Errorf("cpuset: cgroup parent path outside cgroup root") -+ } - if err := s.ensureParent(parent, root); err != nil { - return err - } diff --git a/fix_platform_type_arm.patch b/fix_platform_type_arm.patch new file mode 100644 index 0000000..90598a3 --- /dev/null +++ b/fix_platform_type_arm.patch @@ -0,0 +1,20 @@ +diff --git a/pkg/platform/utsname_int8.go b/pkg/platform/utsname_int8.go +index 5dcbadf..a022a35 100644 +--- a/pkg/platform/utsname_int8.go ++++ b/pkg/platform/utsname_int8.go +@@ -1,4 +1,4 @@ +-// +build linux,386 linux,amd64 linux,arm64 ++// +build linux,386 linux,amd64 + // see golang's sources src/syscall/ztypes_linux_*.go that use int8 + + package platform +diff --git a/pkg/platform/utsname_uint8.go b/pkg/platform/utsname_uint8.go +index c9875cf..0ee937a 100644 +--- a/pkg/platform/utsname_uint8.go ++++ b/pkg/platform/utsname_uint8.go +@@ -1,4 +1,4 @@ +-// +build linux,arm linux,ppc64 linux,ppc64le s390x ++// +build linux,arm linux,ppc64 linux,ppc64le s390x linux,arm64 linux,aarch64 + // see golang's sources src/syscall/ztypes_linux_*.go that use uint8 + + package platform diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch index 67dbcd8..b063c9e 100644 --- a/gcc-go-patches.patch +++ b/gcc-go-patches.patch @@ -1,33 +1,24 @@ -Index: hack/make/.dockerinit-gccgo -=================================================================== ---- hack/make/.dockerinit-gccgo.orig -+++ hack/make/.dockerinit-gccgo +diff --git a/hack/make/gccgo b/hack/make/gccgo +index 878c814..84b7f69 100644 +--- a/hack/make/gccgo ++++ b/hack/make/gccgo @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -ex - - IAMSTATIC="true" - source "${MAKEDIR}/.go-autogen" -Index: hack/make/gccgo -=================================================================== ---- hack/make/gccgo.orig -+++ hack/make/gccgo -@@ -1,5 +1,5 @@ - #!/bin/bash --set -e -+set -ex - + BINARY_NAME="docker-$VERSION" BINARY_EXTENSION="$(binary_extension)" -@@ -17,6 +17,8 @@ go build -compiler=gccgo \ +@@ -16,9 +16,11 @@ go build -compiler=gccgo \ + "${BUILDFLAGS[@]}" \ + -gccgoflags " -g -+ -Wl,--add-needed -Wl,--no-as-needed ++ -Wl,--add-needed -Wl,--no-as-needed $EXTLDFLAGS_STATIC -+ -static-libgo ++ -static-libgo -Wl,--no-export-dynamic - -ldl + -ldl -lselinux -lsystemd + -pthread " \ ./docker - diff --git a/ignore-dockerinit-checksum.patch b/ignore-dockerinit-checksum.patch deleted file mode 100644 index efa3f76..0000000 --- a/ignore-dockerinit-checksum.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur a/utils/utils.go b/utils/utils.go ---- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200 -+++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200 -@@ -76,7 +76,7 @@ - } - return os.SameFile(targetFileInfo, selfPathFileInfo) - } -- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1 -+ return true - } - - // DockerInitPath figures out the path of our dockerinit (which may be SelfPath()) diff --git a/libcontainer-apparmor-fixes.patch b/libcontainer-apparmor-fixes.patch deleted file mode 100644 index 3300ae9..0000000 --- a/libcontainer-apparmor-fixes.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur a/contrib/apparmor/docker-engine b/contrib/apparmor/docker-engine ---- a/contrib/apparmor/docker-engine 2015-08-11 18:35:27.000000000 +0200 -+++ b/contrib/apparmor/docker-engine 2015-08-12 18:05:07.608444190 +0200 -@@ -13,7 +13,6 @@ - mount -> /sys/**, - mount -> /run/docker/netns/**, - -- umount, - pivot_root, - signal (receive) peer=@{profile_name}, - signal (receive) peer=unconfined, diff --git a/use_fs_cgroups_by_default.patch b/use_fs_cgroups_by_default.patch deleted file mode 100644 index f699da2..0000000 --- a/use_fs_cgroups_by_default.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 419fd7449fe1a984f582731fcd4d9455000846b0 Mon Sep 17 00:00:00 2001 -From: Alexander Morozov -Date: Wed, 4 Nov 2015 13:51:46 -0800 -Subject: [PATCH] Use fs cgroups by default - -Our implementation of systemd cgroups is mixture of systemd api and -plain filesystem api. It's hard to keep it up to date with systemd and -it already contains some nasty bugs with new versions. Ideally it should -be replaced with some daemon flag which will allow to set parent systemd -slice. - -Signed-off-by: Alexander Morozov ---- - daemon/execdriver/native/driver.go | 3 --- - docs/reference/commandline/daemon.md | 8 ++++---- - 2 files changed, 4 insertions(+), 7 deletions(-) - -diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go -index 09171c5..0b6cec3 100644 ---- a/daemon/execdriver/native/driver.go -+++ b/daemon/execdriver/native/driver.go -@@ -74,9 +74,6 @@ func NewDriver(root, initPath string, options []string) (*Driver, error) { - // this makes sure there are no breaking changes to people - // who upgrade from versions without native.cgroupdriver opt - cgm := libcontainer.Cgroupfs -- if systemd.UseSystemd() { -- cgm = libcontainer.SystemdCgroups -- } - - // parse the options - for _, option := range options { -diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md -index 91fd3c6..0721538 100644 ---- a/docs/reference/commandline/daemon.md -+++ b/docs/reference/commandline/daemon.md -@@ -452,11 +452,11 @@ single `native.cgroupdriver` option is available. - - The `native.cgroupdriver` option specifies the management of the container's - cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and --it is not available, the system uses `cgroupfs`. By default, if no option is --specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. --This example sets the execdriver to `cgroupfs`: -+it is not available, the system uses `cgroupfs`. If you omit the -+`native.cgroupdriver` option,` cgroupfs` is used. -+This example sets the `cgroupdriver` to `systemd`: - -- $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs -+ $ sudo docker daemon --exec-opt native.cgroupdriver=systemd - - Setting this option applies to all containers the daemon launches. -