SHA256
1
0
forked from pool/docker
docker/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
Aleksa Sarai 1d3bce0fc6 Accepting request 653738 from home:cyphar:containers:docker_18.09
- Add backports of https://github.com/docker/docker/pull/37302 and
  https://github.com/docker/cli/pull/1130, which allow for users to explicitly
  specify the NIS domainname of a container. bsc#1001161
  + bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
  + bsc1001161-0002-cli-add-a-separate-domainname-flag.patch

OBS-URL: https://build.opensuse.org/request/show/653738
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=273
2018-12-04 04:34:12 +00:00

67 lines
2.6 KiB
Diff

From 244ae6114d89a495f1f2b4cf98eb5979fe1381b0 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 17 Jun 2018 17:05:54 +1000
Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
The OCI doesn't have a specific field for an NIS domainname[1] (mainly
because FreeBSD and Solaris appear to have a similar concept but it is
configured entirely differently).
However, on Linux, the NIS domainname can be configured through both the
setdomainname(2) syscall but also through the "kernel.domainname"
sysctl. Since the OCI has a way of injecting sysctls this means we don't
need to have any OCI changes to support NIS domainnames (and we can
always switch if the OCI picks up such support in the future).
It should be noted that because we have to generate this each spec
creation we also have to make sure that it's not clobbered by the
HostConfig. I'm pretty sure making this change generic (so that
HostConfig will not clobber any pre-set sysctls) will not cause other
issues to crop up.
[1]: https://github.com/opencontainers/runtime-spec/issues/592
SUSE-Bugs: bsc#1001161
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 7611fc054d13..d5838623528e 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
s.Process.Cwd = cwd
s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
s.Process.Terminal = c.Config.Tty
- s.Hostname = c.FullHostname()
+
+ s.Hostname = c.Config.Hostname
+ // There isn't a field in the OCI for the NIS domainname, but luckily there
+ // is a sysctl which has an identical effect to setdomainname(2) so there's
+ // no explicit need for runtime support.
+ s.Linux.Sysctl = make(map[string]string)
+ if c.Config.Domainname != "" {
+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
+ }
return nil
}
@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
if err := setResources(&s, c.HostConfig.Resources); err != nil {
return nil, fmt.Errorf("linux runtime spec resources: %v", err)
}
- s.Linux.Sysctl = c.HostConfig.Sysctls
+ // We merge the sysctls injected above with the HostConfig (latter takes
+ // precedence for backwards-compatibility reasons).
+ for k, v := range c.HostConfig.Sysctls {
+ s.Linux.Sysctl[k] = v
+ }
p := s.Linux.CgroupsPath
if useSystemd {
--
2.19.2