pool/docker
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6e5b54a6a2
docker/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Aleksa Sarai 9c7edd7eef - Update to Docker v17.09.1_ce. Upstream changelog: 
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
- Removed patches (merged upstream):
  - bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  - bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
  - bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Update to Docker v17.09.0_ce. Upstream changelog:
  https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
- Rebased patches:
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
  - bsc1064781-0001-Allow-to-override-build-date.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=228
2017-12-19 03:42:51 +00:00

75 lines
2.6 KiB
Diff
Raw Blame History

From 5022c3554723040682444e324cd26ec8e2500131 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 954c194ea836..3ef1e0262edc 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
package daemon
import (
+ "bytes"
"context"
"fmt"
"io/ioutil"
@@ -13,6 +14,7 @@ import (
"github.com/docker/docker/container"
"github.com/docker/docker/daemon/links"
+ "github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/mount"
"github.com/docker/docker/pkg/stringid"
@@ -216,9 +218,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
if err != nil {
return errors.Wrap(err, "unable to get secret from secret store")
}
- if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
- return errors.Wrap(err, "error injecting secret")
- }
uid, err := strconv.Atoi(s.File.UID)
if err != nil {
@@ -229,6 +228,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
return err
}
+ if s.File.Mode.IsDir() {
+ if err := os.Mkdir(fPath, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error creating secretdir")
+ }
+ if secret.Spec.Data != nil {
+ // If the "file" is a directory, then s.File.Data is actually a tar
+ // archive of the directory. So we just do a tar extraction here.
+ if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{
+ UIDMaps: daemon.idMappings.UIDs(),
+ GIDMaps: daemon.idMappings.GIDs(),
+ }); err != nil {
+ return errors.Wrap(err, "error injecting secretdir")
+ }
+ }
+ } else {
+ if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error injecting secret")
+ }
+ }
if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.15.1
Reference in New Issue View Git Blame Copy Permalink