rpm/docker
SHA256
1
0
Fork 0
forked from pool/docker
Code Pull Requests Activity

Accepting request 498958 from home:cyphar:containers

Browse Source 
- Update SUSE secrets patch to correctly handle restarting of containers.
  + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/498958
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=188
This commit is contained in:
Jordi Massaguer 2017-05-29 12:37:19 +00:00 committed by Git OBS Bridge
parent a61156fa80
commit 9fce3cd938
3 changed files with 34 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docker.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon May 29 11:08:44 UTC 2017 - asarai@suse.com
- Update SUSE secrets patch to correctly handle restarting of containers.
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed May 17 14:41:29 UTC 2017 - asarai@suse.com

31
secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
View File

@ -1,4 +1,4 @@
From 36b539ca64d8c47681d5f15689db03751962d496 Mon Sep 17 00:00:00 2001
From 4de0a0a9689c4063d369d54ecc16952241c7f241 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -8,16 +8,17 @@ implementation to return secrets that are actually directories. This is
useful for creating directories and subdirectories of secrets.
Backport: https://github.com/docker/docker/pull/31632
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/container_operations_unix.go | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
daemon/container_operations_unix.go | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 2296045765d4..bb08d3c4a207 100644
index 67b3ee38c0ab..a538ba4e73e8 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -177,11 +177,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
@@ -178,11 +178,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
}
targetPath := filepath.Clean(s.File.Name)
@ -29,23 +30,33 @@ index 2296045765d4..bb08d3c4a207 100644
fPath := filepath.Join(localMountPath, targetPath)
if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
return errors.Wrap(err, "error creating secret mount path")
@@ -195,8 +190,14 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
@@ -196,9 +191,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
if secret == nil {
return fmt.Errorf("unable to get secret from secret store")
}
- if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
- return errors.Wrap(err, "error injecting secret")
- }
uid, err := strconv.Atoi(s.File.UID)
if err != nil {
@@ -208,7 +200,15 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
if err != nil {
return err
}
-
+ if s.File.Mode.IsDir() {
+ if err := os.Mkdir(fPath, s.File.Mode); err != nil {
+ if err := idtools.MkdirAllAs(fPath, s.File.Mode, rootUID+uid, rootGID+gid); err != nil {
+ return errors.Wrap(err, "error injecting secret dir")
+ }
+ } else {
+ if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error injecting secret")
+ }
+ }
if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil {
return errors.Wrap(err, "error setting ownership for secret")
}
uid, err := strconv.Atoi(s.File.UID)
--
2.12.2
2.13.0

12
secrets-0002-SUSE-implement-SUSE-container-secrets.patch
View File

@ -1,4 +1,4 @@
From a7fbdb729255da73e47e77ca37eec0da325356c4 Mon Sep 17 00:00:00 2001
From a6d2f9f43ea02d93534867271f7fa7cf0f77e70c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -18,10 +18,10 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
create mode 100644 daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go
index 6c94fd5482d0..3c06eed778d7 100644
index eddb5d3d5060..eb74e2ab1096 100644
--- a/daemon/start.go
+++ b/daemon/start.go
@@ -146,6 +146,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@@ -141,6 +141,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
return err
}
@ -35,7 +35,7 @@ index 6c94fd5482d0..3c06eed778d7 100644
return err
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
new file mode 100644
index 000000000000..591abc998e67
index 000000000000..99bdbefdebcc
--- /dev/null
+++ b/daemon/suse_secrets.go
@@ -0,0 +1,246 @@
@ -66,8 +66,8 @@ index 000000000000..591abc998e67
+ "syscall"
+
+ "github.com/Sirupsen/logrus"
+ "github.com/opencontainers/go-digest"
+ "github.com/docker/docker/container"
+ "github.com/opencontainers/go-digest"
+
+ swarmtypes "github.com/docker/docker/api/types/swarm"
+ swarmexec "github.com/docker/swarmkit/agent/exec"
@ -286,5 +286,5 @@ index 000000000000..591abc998e67
+ return nil
+}
--
2.12.2
2.13.0