From 83153bc2797b3bd9510eef243d1027047cdfbf0ea7546fd4363fe1b2fbce3df8 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <valentin@rothberg.email>
Date: Thu, 7 Jun 2018 06:25:06 +0000
Subject: [PATCH] Accepting request 614826 from
 home:cyphar:containers:apparmor_fixup_bsc1073877

- Update to AppArmor patch so that signal mediation also works for signals
  between in-container processes. bsc#1073877
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch

OBS-URL: https://build.opensuse.org/request/show/614826
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=250
---
 ...allow-receiving-of-signals-from-docker-kill.patch | 12 +++++++-----
 docker.changes                                       |  7 +++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch b/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
index f87731d..0586f5e 100644
--- a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+++ b/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
@@ -1,4 +1,4 @@
-From fb59d17b2617ebee34f91786428f63571a19bb74 Mon Sep 17 00:00:00 2001
+From 2cc9da975798847cd0a37d1571d8a0f1d72b522d Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Sun, 8 Apr 2018 20:21:30 +1000
 Subject: [PATCH] apparmor: allow receiving of signals from 'docker kill'
@@ -11,20 +11,22 @@ SUSE-Bugs: bsc#1073877 boo#1089732
 Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
- components/engine/profiles/apparmor/template.go | 4 ++++
- 1 file changed, 4 insertions(+)
+ components/engine/profiles/apparmor/template.go | 6 ++++++
+ 1 file changed, 6 insertions(+)
 
 diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
-index c5ea4584de6b..47c1b0659a15 100644
+index c5ea4584de6b..082638e85903 100644
 --- a/components/engine/profiles/apparmor/template.go
 +++ b/components/engine/profiles/apparmor/template.go
-@@ -17,6 +17,10 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
+@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
    capability,
    file,
    umount,
 +{{if ge .Version 208096}}
 +{{/* Allow 'docker kill' to actually send signals to container processes. */}}
 +  signal (receive) peer=unconfined,
++{{/* And allow signals to be sent inside the container. */}}
++  signal (send,receive) peer={{.Name}},
 +{{end}}
  
    deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
diff --git a/docker.changes b/docker.changes
index 9b8d563..f1c531e 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun  5 11:24:35 UTC 2018 - asarai@suse.com
+
+- Update to AppArmor patch so that signal mediation also works for signals
+  between in-container processes. bsc#1073877
+  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+
 -------------------------------------------------------------------
 Tue Jun  5 06:38:40 UTC 2018 - asarai@suse.com