forked from pool/docker
- Update to 1.10.0 version
Add usernamespace support
Add support for custom seccomp profiles
Improvements in network and volume management
detailed changelog in
590d5108bb/CHANGELOG.md
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=58
This commit is contained in:
parent
9dce1f84b9
commit
64062d332d
4
_service
4
_service
@ -3,8 +3,8 @@
|
|||||||
<param name="url">https://github.com/docker/docker.git</param>
|
<param name="url">https://github.com/docker/docker.git</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="exclude">.git</param>
|
<param name="exclude">.git</param>
|
||||||
<param name="versionformat">1.9.1</param>
|
<param name="versionformat">1.10.0</param>
|
||||||
<param name="revision">v1.9.1</param>
|
<param name="revision">v1.10.0</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="recompress" mode="disabled">
|
<service name="recompress" mode="disabled">
|
||||||
<param name="file">docker-*.tar</param>
|
<param name="file">docker-*.tar</param>
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
Subject: add bolt arm64
|
|
||||||
Date: Fri, 04 Dec 2015 17:07:22 +0100
|
|
||||||
|
|
||||||
add bolt arm64
|
|
||||||
|
|
||||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
---
|
|
||||||
vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
|
||||||
@@ -0,0 +1,4 @@
|
|
||||||
+package bolt
|
|
||||||
+
|
|
||||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
|
||||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
|
@ -1,23 +0,0 @@
|
|||||||
---
|
|
||||||
vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++
|
|
||||||
vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++
|
|
||||||
2 files changed, 8 insertions(+)
|
|
||||||
|
|
||||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
|
||||||
@@ -0,0 +1,4 @@
|
|
||||||
+package bolt
|
|
||||||
+
|
|
||||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
|
||||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
|
||||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
|
||||||
@@ -0,0 +1,4 @@
|
|
||||||
+package bolt
|
|
||||||
+
|
|
||||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
|
||||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:edb9bdbcce529e4170b6ad8a14643b12f176c8d2b1690f182f29bc79e3dde3c0
|
|
||||||
size 6283244
|
|
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com
|
||||||
|
|
||||||
|
- Update to 1.10.0 version
|
||||||
|
|
||||||
|
Add usernamespace support
|
||||||
|
Add support for custom seccomp profiles
|
||||||
|
Improvements in network and volume management
|
||||||
|
|
||||||
|
detailed changelog in
|
||||||
|
|
||||||
|
https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com
|
Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com
|
||||||
|
|
||||||
|
47
docker.spec
47
docker.spec
@ -16,10 +16,10 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%define git_version a34a1d5
|
%define git_version 590d510
|
||||||
%define go_arches %ix86 x86_64
|
%define go_arches %ix86 x86_64
|
||||||
Name: docker
|
Name: docker
|
||||||
Version: 1.9.1
|
Version: 1.10.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The Linux container runtime
|
Summary: The Linux container runtime
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -41,34 +41,16 @@ Source7: README_SUSE.md
|
|||||||
Source8: docker-audit.rules
|
Source8: docker-audit.rules
|
||||||
# TODO: remove once we figure out what is wrong with iptables on ppc64le
|
# TODO: remove once we figure out what is wrong with iptables on ppc64le
|
||||||
Source100: sysconfig.docker.ppc64le
|
Source100: sysconfig.docker.ppc64le
|
||||||
Patch0: fix-docker-init.patch
|
Patch0: fix_platform_type_arm.patch
|
||||||
# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor
|
Patch1: gcc5_socket_workaround.patch
|
||||||
Patch1: libcontainer-apparmor-fixes.patch
|
Patch100: gcc-go-patches.patch
|
||||||
# fix regexp in apparmor default profile. This is already fixed upstream so in version > 1.9.1 it should be already fixed
|
Patch101: fix-ppc64le.patch
|
||||||
Patch2: fix_bnc_958255.patch
|
|
||||||
# fix default cgroups. This is fixed upstream, too.
|
|
||||||
Patch3: use_fs_cgroups_by_default.patch
|
|
||||||
# fix an issue with cgroups. This is fixed upstream, too.
|
|
||||||
Patch4: fix_cgroup.parent_path_sanitisation.patch
|
|
||||||
# fix an issue with JSON and containers not starting. This is fixed upstream, too.
|
|
||||||
Patch5: fix_json_econnreset_bug.patch
|
|
||||||
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
|
|
||||||
# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
|
|
||||||
# We cannot do that, right now a quick and really dirty way to get it running is
|
|
||||||
# to simply disable this check
|
|
||||||
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
|
|
||||||
Patch6: gcc5_socket_workaround.patch
|
|
||||||
Patch100: ignore-dockerinit-checksum.patch
|
|
||||||
Patch101: gcc-go-patches.patch
|
|
||||||
Patch102: add_bolt_ppc64.patch
|
|
||||||
Patch105: add_bolt_arm64.patch
|
|
||||||
Patch108: fix-ppc64le.patch
|
|
||||||
BuildRequires: audit
|
BuildRequires: audit
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: device-mapper-devel >= 1.2.68
|
BuildRequires: device-mapper-devel >= 1.2.68
|
||||||
BuildRequires: glibc-devel-static
|
BuildRequires: glibc-devel-static
|
||||||
%ifarch %go_arches
|
%ifarch %go_arches
|
||||||
BuildRequires: go >= 1.4
|
BuildRequires: go >= 1.5
|
||||||
BuildRequires: go-go-md2man
|
BuildRequires: go-go-md2man
|
||||||
%else
|
%else
|
||||||
BuildRequires: gcc5-go >= 5.0
|
BuildRequires: gcc5-go >= 5.0
|
||||||
@ -156,11 +138,6 @@ Test package for docker. It contains the source code and the tests.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n docker-%{version}
|
%setup -q -n docker-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
# 1330 is Tumbleweed after leap has been released
|
# 1330 is Tumbleweed after leap has been released
|
||||||
# gcc5-go in Tumbleweed includes this commit
|
# gcc5-go in Tumbleweed includes this commit
|
||||||
# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
|
# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
|
||||||
@ -169,14 +146,11 @@ Test package for docker. It contains the source code and the tests.
|
|||||||
# for that issue.
|
# for that issue.
|
||||||
# Thus, we need to workaround the workaroundn in tumbleweed
|
# Thus, we need to workaround the workaroundn in tumbleweed
|
||||||
%if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1
|
%if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1
|
||||||
%patch6 -p1
|
%patch1 -p1
|
||||||
%endif
|
%endif
|
||||||
%ifnarch %go_arches
|
%ifnarch %go_arches
|
||||||
%patch100 -p1
|
%patch100 -p1
|
||||||
%patch101 -p0
|
%patch101 -p1
|
||||||
%patch102 -p1
|
|
||||||
%patch105 -p1
|
|
||||||
%patch108 -p1
|
|
||||||
%endif
|
%endif
|
||||||
cp %{SOURCE7} .
|
cp %{SOURCE7} .
|
||||||
|
|
||||||
@ -213,10 +187,8 @@ install -d %{buildroot}%{go_contribdir}
|
|||||||
install -d %{buildroot}%{_bindir}
|
install -d %{buildroot}%{_bindir}
|
||||||
%ifarch %go_arches
|
%ifarch %go_arches
|
||||||
install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
|
install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
|
||||||
install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
|
|
||||||
%else
|
%else
|
||||||
install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
|
install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
|
||||||
install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
|
|
||||||
%endif
|
%endif
|
||||||
install -d %{buildroot}/%{_prefix}/lib/docker
|
install -d %{buildroot}/%{_prefix}/lib/docker
|
||||||
install -Dd -m 0755 \
|
install -Dd -m 0755 \
|
||||||
@ -284,7 +256,6 @@ groupadd -r docker 2>/dev/null || :
|
|||||||
%{_bindir}/docker
|
%{_bindir}/docker
|
||||||
%{_sbindir}/rcdocker
|
%{_sbindir}/rcdocker
|
||||||
%{_prefix}/lib/docker/
|
%{_prefix}/lib/docker/
|
||||||
%{_prefix}/lib/docker/dockerinit
|
|
||||||
%{_unitdir}/%{name}.service
|
%{_unitdir}/%{name}.service
|
||||||
%{_unitdir}/%{name}.socket
|
%{_unitdir}/%{name}.socket
|
||||||
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
|
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit
|
|
||||||
--- a/hack/make/.dockerinit 2015-08-11 18:35:27.000000000 +0200
|
|
||||||
+++ b/hack/make/.dockerinit 2015-08-12 18:14:25.743452565 +0200
|
|
||||||
@@ -29,5 +29,6 @@
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
+/usr/bin/strip -s $DEST/dockerinit-$VERSION
|
|
||||||
# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
|
|
||||||
export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)
|
|
@ -1,3 +1,4 @@
|
|||||||
|
|
||||||
Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
||||||
===================================================================
|
===================================================================
|
||||||
--- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
--- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
||||||
@ -17,4 +18,3 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli
|
|||||||
+// +build !arm,!ppc64 ppc64le
|
+// +build !arm,!ppc64 ppc64le
|
||||||
|
|
||||||
package bridge
|
package bridge
|
||||||
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go
|
|
||||||
index 3aaba98..06babd3 100644
|
|
||||||
--- a/daemon/execdriver/native/apparmor.go
|
|
||||||
+++ b/daemon/execdriver/native/apparmor.go
|
|
||||||
@@ -40,7 +40,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
|
||||||
file,
|
|
||||||
umount,
|
|
||||||
|
|
||||||
- deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx,
|
|
||||||
+ deny @{PROC}/{*,**^[0-9]*,sys/kernel/shm*} wkx,
|
|
||||||
deny @{PROC}/sysrq-trigger rwklx,
|
|
||||||
deny @{PROC}/mem rwklx,
|
|
||||||
deny @{PROC}/kmem rwklx,
|
|
@ -1,67 +0,0 @@
|
|||||||
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go
|
|
||||||
index a0a93a4..da31d06 100644
|
|
||||||
--- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go
|
|
||||||
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go
|
|
||||||
@@ -216,12 +216,39 @@ func (m *Manager) GetPids() ([]int, error) {
|
|
||||||
return cgroups.GetPids(dir)
|
|
||||||
}
|
|
||||||
|
|
||||||
+// pathClean makes a path safe for use with filepath.Join. This is done by not
|
|
||||||
+// only cleaning the path, but also (if the path is relative) adding a leading
|
|
||||||
+// '/' and cleaning it (then removing the leading '/'). This ensures that a
|
|
||||||
+// path resulting from prepending another path will always resolve to lexically
|
|
||||||
+// be a subdirectory of the prefixed path. This is all done lexically, so paths
|
|
||||||
+// that include symlinks won't be safe as a result of using pathClean.
|
|
||||||
+func pathClean(path string) string {
|
|
||||||
+ // Ensure that all paths are cleaned (especially problematic ones like
|
|
||||||
+ // "/../../../../../" which can cause lots of issues).
|
|
||||||
+ path = filepath.Clean(path)
|
|
||||||
+
|
|
||||||
+ // If the path isn't absolute, we need to do more processing to fix paths
|
|
||||||
+ // such as "../../../../<etc>/some/path". We also shouldn't convert absolute
|
|
||||||
+ // paths to relative ones.
|
|
||||||
+ if !filepath.IsAbs(path) {
|
|
||||||
+ path = filepath.Clean(string(os.PathSeparator) + path)
|
|
||||||
+ // This can't fail, as (by definition) all paths are relative to root.
|
|
||||||
+ path, _ = filepath.Rel(string(os.PathSeparator), path)
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Clean the path again for good measure.
|
|
||||||
+ return filepath.Clean(path)
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
func getCgroupData(c *configs.Cgroup, pid int) (*data, error) {
|
|
||||||
root, err := getCgroupRoot()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
+ // Clean the parent slice path.
|
|
||||||
+ c.Parent = pathClean(c.Parent)
|
|
||||||
+
|
|
||||||
cgroup := c.Name
|
|
||||||
if c.Parent != "" {
|
|
||||||
cgroup = filepath.Join(c.Parent, cgroup)
|
|
||||||
diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go
|
|
||||||
index f3ec2c3..0b13115 100644
|
|
||||||
--- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go
|
|
||||||
+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go
|
|
||||||
@@ -4,6 +4,7 @@ package fs
|
|
||||||
|
|
||||||
import (
|
|
||||||
"bytes"
|
|
||||||
+ "fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
|
||||||
"path/filepath"
|
|
||||||
@@ -92,6 +93,10 @@ func (s *CpusetGroup) ensureParent(current, root string) error {
|
|
||||||
if filepath.Clean(parent) == root {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
+ // Avoid infinite recursion.
|
|
||||||
+ if parent == current {
|
|
||||||
+ return fmt.Errorf("cpuset: cgroup parent path outside cgroup root")
|
|
||||||
+ }
|
|
||||||
if err := s.ensureParent(parent, root); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
20
fix_platform_type_arm.patch
Normal file
20
fix_platform_type_arm.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff --git a/pkg/platform/utsname_int8.go b/pkg/platform/utsname_int8.go
|
||||||
|
index 5dcbadf..a022a35 100644
|
||||||
|
--- a/pkg/platform/utsname_int8.go
|
||||||
|
+++ b/pkg/platform/utsname_int8.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,386 linux,amd64 linux,arm64
|
||||||
|
+// +build linux,386 linux,amd64
|
||||||
|
// see golang's sources src/syscall/ztypes_linux_*.go that use int8
|
||||||
|
|
||||||
|
package platform
|
||||||
|
diff --git a/pkg/platform/utsname_uint8.go b/pkg/platform/utsname_uint8.go
|
||||||
|
index c9875cf..0ee937a 100644
|
||||||
|
--- a/pkg/platform/utsname_uint8.go
|
||||||
|
+++ b/pkg/platform/utsname_uint8.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,arm linux,ppc64 linux,ppc64le s390x
|
||||||
|
+// +build linux,arm linux,ppc64 linux,ppc64le s390x linux,arm64 linux,aarch64
|
||||||
|
// see golang's sources src/syscall/ztypes_linux_*.go that use uint8
|
||||||
|
|
||||||
|
package platform
|
@ -1,18 +1,7 @@
|
|||||||
Index: hack/make/.dockerinit-gccgo
|
diff --git a/hack/make/gccgo b/hack/make/gccgo
|
||||||
===================================================================
|
index 878c814..84b7f69 100644
|
||||||
--- hack/make/.dockerinit-gccgo.orig
|
--- a/hack/make/gccgo
|
||||||
+++ hack/make/.dockerinit-gccgo
|
+++ b/hack/make/gccgo
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
#!/bin/bash
|
|
||||||
-set -e
|
|
||||||
+set -ex
|
|
||||||
|
|
||||||
IAMSTATIC="true"
|
|
||||||
source "${MAKEDIR}/.go-autogen"
|
|
||||||
Index: hack/make/gccgo
|
|
||||||
===================================================================
|
|
||||||
--- hack/make/gccgo.orig
|
|
||||||
+++ hack/make/gccgo
|
|
||||||
@@ -1,5 +1,5 @@
|
@@ -1,5 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
-set -e
|
-set -e
|
||||||
@ -20,7 +9,9 @@ Index: hack/make/gccgo
|
|||||||
|
|
||||||
BINARY_NAME="docker-$VERSION"
|
BINARY_NAME="docker-$VERSION"
|
||||||
BINARY_EXTENSION="$(binary_extension)"
|
BINARY_EXTENSION="$(binary_extension)"
|
||||||
@@ -17,6 +17,8 @@ go build -compiler=gccgo \
|
@@ -16,9 +16,11 @@ go build -compiler=gccgo \
|
||||||
|
"${BUILDFLAGS[@]}" \
|
||||||
|
-gccgoflags "
|
||||||
-g
|
-g
|
||||||
+ -Wl,--add-needed -Wl,--no-as-needed
|
+ -Wl,--add-needed -Wl,--no-as-needed
|
||||||
$EXTLDFLAGS_STATIC
|
$EXTLDFLAGS_STATIC
|
||||||
@ -28,6 +19,6 @@ Index: hack/make/gccgo
|
|||||||
-Wl,--no-export-dynamic
|
-Wl,--no-export-dynamic
|
||||||
- -ldl
|
- -ldl
|
||||||
+ -ldl -lselinux -lsystemd
|
+ -ldl -lselinux -lsystemd
|
||||||
|
-pthread
|
||||||
" \
|
" \
|
||||||
./docker
|
./docker
|
||||||
|
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff -Naur a/utils/utils.go b/utils/utils.go
|
|
||||||
--- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200
|
|
||||||
+++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200
|
|
||||||
@@ -76,7 +76,7 @@
|
|
||||||
}
|
|
||||||
return os.SameFile(targetFileInfo, selfPathFileInfo)
|
|
||||||
}
|
|
||||||
- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1
|
|
||||||
+ return true
|
|
||||||
}
|
|
||||||
|
|
||||||
// DockerInitPath figures out the path of our dockerinit (which may be SelfPath())
|
|
@ -1,11 +0,0 @@
|
|||||||
diff -Naur a/contrib/apparmor/docker-engine b/contrib/apparmor/docker-engine
|
|
||||||
--- a/contrib/apparmor/docker-engine 2015-08-11 18:35:27.000000000 +0200
|
|
||||||
+++ b/contrib/apparmor/docker-engine 2015-08-12 18:05:07.608444190 +0200
|
|
||||||
@@ -13,7 +13,6 @@
|
|
||||||
mount -> /sys/**,
|
|
||||||
mount -> /run/docker/netns/**,
|
|
||||||
|
|
||||||
- umount,
|
|
||||||
pivot_root,
|
|
||||||
signal (receive) peer=@{profile_name},
|
|
||||||
signal (receive) peer=unconfined,
|
|
@ -1,51 +0,0 @@
|
|||||||
From 419fd7449fe1a984f582731fcd4d9455000846b0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexander Morozov <lk4d4@docker.com>
|
|
||||||
Date: Wed, 4 Nov 2015 13:51:46 -0800
|
|
||||||
Subject: [PATCH] Use fs cgroups by default
|
|
||||||
|
|
||||||
Our implementation of systemd cgroups is mixture of systemd api and
|
|
||||||
plain filesystem api. It's hard to keep it up to date with systemd and
|
|
||||||
it already contains some nasty bugs with new versions. Ideally it should
|
|
||||||
be replaced with some daemon flag which will allow to set parent systemd
|
|
||||||
slice.
|
|
||||||
|
|
||||||
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
|
|
||||||
---
|
|
||||||
daemon/execdriver/native/driver.go | 3 ---
|
|
||||||
docs/reference/commandline/daemon.md | 8 ++++----
|
|
||||||
2 files changed, 4 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go
|
|
||||||
index 09171c5..0b6cec3 100644
|
|
||||||
--- a/daemon/execdriver/native/driver.go
|
|
||||||
+++ b/daemon/execdriver/native/driver.go
|
|
||||||
@@ -74,9 +74,6 @@ func NewDriver(root, initPath string, options []string) (*Driver, error) {
|
|
||||||
// this makes sure there are no breaking changes to people
|
|
||||||
// who upgrade from versions without native.cgroupdriver opt
|
|
||||||
cgm := libcontainer.Cgroupfs
|
|
||||||
- if systemd.UseSystemd() {
|
|
||||||
- cgm = libcontainer.SystemdCgroups
|
|
||||||
- }
|
|
||||||
|
|
||||||
// parse the options
|
|
||||||
for _, option := range options {
|
|
||||||
diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md
|
|
||||||
index 91fd3c6..0721538 100644
|
|
||||||
--- a/docs/reference/commandline/daemon.md
|
|
||||||
+++ b/docs/reference/commandline/daemon.md
|
|
||||||
@@ -452,11 +452,11 @@ single `native.cgroupdriver` option is available.
|
|
||||||
|
|
||||||
The `native.cgroupdriver` option specifies the management of the container's
|
|
||||||
cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and
|
|
||||||
-it is not available, the system uses `cgroupfs`. By default, if no option is
|
|
||||||
-specified, the execdriver first tries `systemd` and falls back to `cgroupfs`.
|
|
||||||
-This example sets the execdriver to `cgroupfs`:
|
|
||||||
+it is not available, the system uses `cgroupfs`. If you omit the
|
|
||||||
+`native.cgroupdriver` option,` cgroupfs` is used.
|
|
||||||
+This example sets the `cgroupdriver` to `systemd`:
|
|
||||||
|
|
||||||
- $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs
|
|
||||||
+ $ sudo docker daemon --exec-opt native.cgroupdriver=systemd
|
|
||||||
|
|
||||||
Setting this option applies to all containers the daemon launches.
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user