91c98f7c10
- remove docker_remove_jornald....patch because we suse dyngccgo instead of dynbinary - replace gcc-go-bulid-static-libgo.patch by gcc-go-patches which patches dyngccgo instea of dynbinary - add fix-ppc64le.patch to fix ppc64le build - fix_bnc_958255.patch: fix Docker creates strange apparmor profile (bnc#958255) - use_fs_cgroups_by_default.patch: Use fs cgroups by default:419fd7449f- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path sanitisation:bf899fef45OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=51
14 lines
503 B
Diff
14 lines
503 B
Diff
diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go
|
|
index 3aaba98..06babd3 100644
|
|
--- a/daemon/execdriver/native/apparmor.go
|
|
+++ b/daemon/execdriver/native/apparmor.go
|
|
@@ -40,7 +40,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
|
file,
|
|
umount,
|
|
|
|
- deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx,
|
|
+ deny @{PROC}/{*,**^[0-9]*,sys/kernel/shm*} wkx,
|
|
deny @{PROC}/sysrq-trigger rwklx,
|
|
deny @{PROC}/mem rwklx,
|
|
deny @{PROC}/kmem rwklx,
|