From b2568eff64e63c6123701c8bfeec72f560206eba Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Wed, 10 Aug 2016 18:27:30 -0700 Subject: [PATCH 1/5] app-emulation/runc: bump to the commit docker 1.12.0 uses live ebuild is dropped and commit hash from https://github.com/docker/docker/blob/v1.12.0/Dockerfile#L236 is used in place of a tag. --- .../app-emulation/runc/Manifest | 2 +- ...ebuild => runc-1.0.0_rc1_p20160615.ebuild} | 38 +++++++++++-------- 2 files changed, 24 insertions(+), 16 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/runc/{runc-0.1.0.ebuild => runc-1.0.0_rc1_p20160615.ebuild} (56%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/Manifest index 6a23ea9eac..6f96bd8062 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/Manifest @@ -1 +1 @@ -DIST runc-0.1.0.tar.gz 496358 SHA256 681d6d89541ae2e06757f999a242a1f97bbcb1ad6e10f4cdee287ec4a9d2bff9 SHA512 8a9ff02b0161eda0a730194b0fbf7ad76e8f379992e74061ef49302da3492fd0c53f06db9153ded4d934d67bbf6f4291d6154254f1b924ef73c97c44cd14ffcf WHIRLPOOL 81f488a4f1e23e8704a9fa8404965b2f12f74a875ba8e67dc15de93f43b075dc538cd0d89c7a1187cb74ac6320317b5985855945fb8bf8f749d6736df47b844a +DIST runc-1.0.0_rc1_p20160615.tar.gz 535401 SHA256 196b78c6caf1a4c6257314b393381baffa7c82bb2690ac02a7b3d6cd6cfe7776 SHA512 0bf8ce3bb15caaf09214f23a411003fd5b660d291662ad513c3d944647a0fa9b270d18902706b7e6aa3c30eb0f676e73af46b8249d1e2484e1dc40d6ffd5a80d WHIRLPOOL 9d15d069e00fe38e2bbda84b477dc0cf9f3431d3587919a80164d550a6d882d8742a5c2a8cdb7645509dec8d55b545912c0287785d0ca7e79acc0a08eace6f47 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-0.1.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-1.0.0_rc1_p20160615.ebuild similarity index 56% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-0.1.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-1.0.0_rc1_p20160615.ebuild index 97810fc889..c30b31e983 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-0.1.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/runc/runc-1.0.0_rc1_p20160615.ebuild @@ -1,31 +1,36 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2016 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ +# $Header: $ EAPI=5 GITHUB_URI="github.com/opencontainers/runc" COREOS_GO_PACKAGE="${GITHUB_URI}" +# the commit of runc that docker uses. +# see https://github.com/docker/docker/blob/v1.12.0/Dockerfile#L236 +COMMIT_ID="cc29e3dded8e27ba8f65738f40d251c885030a28" -inherit eutils multilib coreos-go +inherit eutils multilib coreos-go vcs-snapshot DESCRIPTION="runc container cli tools" HOMEPAGE="http://runc.io" -if [[ ${PV} == *9999* ]]; then - EGIT_REPO_URI="git://${GITHUB_URI}.git" - inherit git-r3 -else - SRC_URI="https://${GITHUB_URI}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="amd64 arm64" -fi +SRC_URI="https://${GITHUB_URI}/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz" +KEYWORDS="amd64 arm64" LICENSE="Apache-2.0" SLOT="0" -IUSE="+seccomp" +IUSE="apparmor +seccomp" -DEPEND=">=dev-lang/go-1.4:=" -RDEPEND="seccomp? ( sys-libs/libseccomp )" +DEPEND="" +RDEPEND=" + apparmor? ( sys-libs/libapparmor ) + seccomp? ( sys-libs/libseccomp ) +" + +src_prepare() { + eapply_user +} src_compile() { # fix up cross-compiling variables @@ -45,9 +50,12 @@ src_compile() { export GOPATH="${PWD}/.gopath:${PWD}/vendor" # build up optional flags - local options=( $(usex seccomp "seccomp") ) + local options=( + $(usex apparmor 'apparmor') + $(usex seccomp 'seccomp') + ) - emake BUILDTAGS="${options[@]}" + emake BUILDTAGS="${options[*]}" } src_install() { From b0fa16618dd0c1875c4e1523336b5d8f4718ffe1 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Thu, 18 Aug 2016 15:13:22 -0700 Subject: [PATCH 2/5] Revert "Revert "app-emulation/containerd: bump to v0.2.3"" This reverts commit 1b19251401f4f7558843ef40f06189e9981fb855. go back to containerd v0.2.3 for docker 1.12.0. --- .../coreos-overlay/app-emulation/containerd/Manifest | 2 +- .../{containerd-0.2.2-r1.ebuild => containerd-0.2.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/{containerd-0.2.2-r1.ebuild => containerd-0.2.3.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest index 32ec50c7d1..b10be1a69a 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest @@ -1 +1 @@ -DIST containerd-0.2.2.tar.gz 635882 SHA256 a21efc7ea4bb97306ae9807caadca6782358679f38d3afd606cb599b6853bc52 SHA512 db6111984ccce01e928d46f0a22aaeed8d0eb50c2578df4e0cd5f56f43f8bdea43aad3203c2afb743ccf82908bd5961792681eafe07818a4057ca5f5f31c5396 WHIRLPOOL ce80bf79970faeacc3329cb4e365973a88539508904003da3d0f32afce9966e89bdf13a8894657e1fd983392cf2ab88b053393cbbc2018f509d9cbc57ab835cc +DIST containerd-0.2.3.tar.gz 997239 SHA256 247c459179b451cb235354d3f23876ad1a326a6bda430608f9306beeb0364287 SHA512 f850ea7558a3c772930d42352d7913ec00ec24536676720f8872153ec87b92785259645648d885bb5b27514ca01de7f207a931665c3074e787d8b74b48c51952 WHIRLPOOL ac5f5f38ce874146571017bb5ac0229af43782ccf7eb378c6c39ecfb4725cf6941a12a1b05b9a6840a75c85599a881d429eaea030148356a36d2b401874e01e4 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.2-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.2-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3.ebuild From e1d73ac7bcf5b7a7b369edab11d440f3ce3c7253 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Wed, 10 Aug 2016 18:20:04 -0700 Subject: [PATCH 3/5] app-emulation/docker: bump to 1.12.1 and sync ebuild --- ...-1.11.2-r1.ebuild => docker-1.12.1.ebuild} | 0 .../app-emulation/docker/docker-9999.ebuild | 51 +++++++++++++------ 2 files changed, 36 insertions(+), 15 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.11.2-r1.ebuild => docker-1.12.1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.11.2-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.11.2-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 3a68f46ae0..a871ca8e7c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -12,7 +12,7 @@ if [[ ${PV} == *9999 ]]; then DOCKER_GITCOMMIT="unknown" KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="4a6e2b1e56ecd816ca066f71e7632f8a0171cada" # coreos-1.11.2 + CROS_WORKON_COMMIT="f1e1b832d52e004c1c55406a965265a90e2504f8" # coreos-1.12.1 DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" KEYWORDS="amd64 arm64" fi @@ -66,12 +66,8 @@ RDEPEND=" >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 - >=app-emulation/containerd-0.2.0 - >=app-emulation/runc-0.1.0 - - apparmor? ( - sys-libs/libapparmor[static-libs] - ) + >=app-emulation/containerd-0.2.3[seccomp?] + >=app-emulation/runc-1.0.0_rc1_p20160615[apparmor?,seccomp?] " RESTRICT="installsources strip" @@ -79,26 +75,28 @@ RESTRICT="installsources strip" # see "contrib/check-config.sh" from upstream's sources CONFIG_CHECK=" ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~DEVPTS_MULTIPLE_INSTANCES ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG ~KEYS ~MACVLAN ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_MANGLE ~IP_NF_TARGET_MASQUERADE + ~IP_VS ~IP_VS_RR ~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK ~NETFILTER_XT_TARGET_REDIRECT ~NF_NAT ~NF_NAT_NEEDED ~POSIX_MQUEUE - ~MEMCG_KMEM ~MEMCG_SWAP ~MEMCG_SWAP_ENABLED + ~MEMCG_SWAP ~MEMCG_SWAP_ENABLED ~BLK_CGROUP ~IOSCHED_CFQ ~CGROUP_PERF ~CGROUP_HUGETLB ~NET_CLS_CGROUP ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED + ~XFRM_ALGO ~XFRM_USER " -ERROR_KEYS="CONFIG_KEYS: is mandatory, see bug 581348" -ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" +ERROR_KEYS="CONFIG_KEYS: is mandatory" ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" @@ -106,6 +104,8 @@ ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gather ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering" ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering" +ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks" +ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks" pkg_setup() { if kernel_is lt 3 10; then @@ -145,6 +145,19 @@ pkg_setup() { " fi + if kernel_is lt 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" + fi + + if kernel_is lt 4 7; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi + if use aufs; then CONFIG_CHECK+=" ~AUFS_FS @@ -214,8 +227,11 @@ src_compile() { grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary || die - grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed' + -i hack/make/dynbinary-client || die + sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ + -i hack/make/dynbinary-daemon || die + grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' + grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed' fi # let's set up some optional features :) @@ -260,7 +276,12 @@ src_compile() { src_install() { VERSION="$(cat VERSION)" - newbin "bundles/$VERSION/dynbinary/docker-$VERSION" docker + newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker + newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd + newbin "bundles/$VERSION/dynbinary-daemon/docker-proxy-$VERSION" docker-proxy + dosym containerd /usr/bin/docker-containerd + dosym containerd-shim /usr/bin/docker-containerd-shim + dosym runc /usr/bin/docker-runc newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker From e58c75a8beeaa3e1fc4c5396ee85dfd2ea999fe8 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Thu, 11 Aug 2016 15:00:59 -0700 Subject: [PATCH 4/5] app-emulation/docker: invoke dockerd, not docker-daemon --- .../docker/{docker-1.12.1.ebuild => docker-1.12.1-r1.ebuild} | 0 .../coreos-overlay/app-emulation/docker/files/docker.service | 2 +- .../coreos-overlay/app-emulation/docker/files/dockerd | 2 +- .../app-emulation/docker/files/early-docker.service | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.12.1.ebuild => docker-1.12.1-r1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 90fe9a7386..eda71c70bb 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -9,7 +9,7 @@ EnvironmentFile=-/run/flannel_docker_opts.env MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 -ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ +ExecStart=/usr/lib/coreos/dockerd --host=fd:// $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd index 4b4f58767f..9260e127d8 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd @@ -87,4 +87,4 @@ if [[ -z "${ARG_SELINUX}" ]]; then maybe_enable_selinux fi -exec docker "$@" ${USE_SELINUX} +exec dockerd "$@" ${USE_SELINUX} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service index d2876a1bb8..8693a84a03 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service @@ -9,7 +9,7 @@ Environment=TMPDIR=/var/tmp MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 -ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid $DOCKER_OPTS $DOCKER_CGROUPS +ExecStart=/usr/lib/coreos/dockerd --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid $DOCKER_OPTS $DOCKER_CGROUPS [Install] WantedBy=early-docker.target From 8fc569eafa0e7a6c9bd739b94f85a04b4a25c502 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Thu, 11 Aug 2016 15:08:11 -0700 Subject: [PATCH 5/5] app-emulation/docker: sync systemd services with upstream --- ....12.1-r1.ebuild => docker-1.12.1-r2.ebuild} | 0 .../app-emulation/docker/files/docker.service | 18 ++++++++++++++++-- .../docker/files/early-docker.service | 18 ++++++++++++++++-- 3 files changed, 32 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.12.1-r1.ebuild => docker-1.12.1-r2.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index eda71c70bb..3b283f1205 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -5,11 +5,25 @@ After=docker.socket early-docker.target network.target Requires=docker.socket early-docker.target [Service] +Type=notify EnvironmentFile=-/run/flannel_docker_opts.env MountFlags=slave -LimitNOFILE=1048576 -LimitNPROC=1048576 +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/lib/coreos/dockerd --host=fd:// $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service index 8693a84a03..3ff77d4eeb 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service @@ -5,11 +5,25 @@ After=early-docker.socket Requires=early-docker.socket [Service] +Type=notify Environment=TMPDIR=/var/tmp MountFlags=slave -LimitNOFILE=1048576 -LimitNPROC=1048576 +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/lib/coreos/dockerd --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid $DOCKER_OPTS $DOCKER_CGROUPS +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes [Install] WantedBy=early-docker.target