fix(app-emulation/docker): fix cap_kill problem

2025-08-22 23:11:07 +02:00 · 2014-06-08 11:29:29 -07:00 · 2014-06-08 11:29:29 -07:00 · 0c56836084
commit 0c56836084
parent 9634c1fdcd
2 changed files with 27 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
@ -133,6 +133,7 @@ pkg_setup() {

 src_prepare() {
 	epatch "${FILESDIR}"/Disable-timeout-for-push.patch
+	epatch "${FILESDIR}"/Add-CAP_KILL-to-unprivileged-containers.patch
 }

 src_compile() {
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch
@ -0,0 +1,26 @@
+From fa72eb3a58ebfec8ef1b27d8e7aa8cbdb41733a2 Mon Sep 17 00:00:00 2001
+From: Michael Crosby <michael@crosbymichael.com>
+Date: Sat, 7 Jun 2014 15:18:18 -0700
+Subject: [PATCH] Add CAP_KILL to unprivileged containers
+ Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
+ (github: crosbymichael)
+
+---
+ daemon/execdriver/native/template/default_template.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go
+index e7d3143..3488b20 100644
+--- a/daemon/execdriver/native/template/default_template.go
+++ b/daemon/execdriver/native/template/default_template.go
+@@ -21,6 +21,7 @@ func New() *libcontainer.Container {
+ 			"SETPCAP",
+ 			"NET_BIND_SERVICE",
+ 			"SYS_CHROOT",
+			"KILL",
+ 		},
+ 		Namespaces: map[string]bool{
+ 			"NEWNS":  true,
+-- 
+1.8.1.4
+