060769c15c
- Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce upgrade. This is a potential security issue (the CRI plugin was enabled by default, which listens on a TCP port bound to 0.0.0.0) that will be fixed upstream in the 18.06.1-ce upgrade. bsc#1102522 + bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch OBS-URL: https://build.opensuse.org/request/show/630750 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=261
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From 7ed2f5078916c4addd321d12bce49f40bf32680e Mon Sep 17 00:00:00 2001
|
|
From: Aleksa Sarai <asarai@suse.de>
|
|
Date: Tue, 21 Aug 2018 19:42:53 +1000
|
|
Subject: [PATCH] 18.06: disable containerd CRI plugin
|
|
|
|
Docker 18.06 does not have a configuration option to disable the CRI
|
|
plugin, and this plugin is not very useful if containerd is not running
|
|
standalone.
|
|
|
|
This patch disables the plugin if containerd is running as child-process
|
|
of dockerd.
|
|
|
|
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
|
---
|
|
components/engine/libcontainerd/remote_daemon_linux.go | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/components/engine/libcontainerd/remote_daemon_linux.go b/components/engine/libcontainerd/remote_daemon_linux.go
|
|
index dc59eb8c14f0..34b04e299acd 100644
|
|
--- a/components/engine/libcontainerd/remote_daemon_linux.go
|
|
+++ b/components/engine/libcontainerd/remote_daemon_linux.go
|
|
@@ -37,6 +37,10 @@ func (r *remote) setDefaults() {
|
|
if r.snapshotter == "" {
|
|
r.snapshotter = "overlay"
|
|
}
|
|
+ // Disable CRI plugin by default if containerd is managed as child-process
|
|
+ // of dockerd. See https://github.com/moby/moby/issues/37507
|
|
+ r.DisabledPlugins = append(r.DisabledPlugins, "cri")
|
|
+ delete(r.pluginConfs.Plugins, "cri")
|
|
}
|
|
|
|
func (r *remote) stopDaemon() {
|
|
--
|
|
2.18.0
|
|
|