From 0c56836084d6bf60df82f6bf578d36c030dcbb3a Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Sun, 8 Jun 2014 11:29:29 -0700 Subject: [PATCH] fix(app-emulation/docker): fix cap_kill problem --- .../app-emulation/docker/docker-9999.ebuild | 1 + ...-CAP_KILL-to-unprivileged-containers.patch | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 622d02a4ce..a70ffb811d 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -133,6 +133,7 @@ pkg_setup() { src_prepare() { epatch "${FILESDIR}"/Disable-timeout-for-push.patch + epatch "${FILESDIR}"/Add-CAP_KILL-to-unprivileged-containers.patch } src_compile() { diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch new file mode 100644 index 0000000000..bd9ba68670 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/Add-CAP_KILL-to-unprivileged-containers.patch @@ -0,0 +1,26 @@ +From fa72eb3a58ebfec8ef1b27d8e7aa8cbdb41733a2 Mon Sep 17 00:00:00 2001 +From: Michael Crosby +Date: Sat, 7 Jun 2014 15:18:18 -0700 +Subject: [PATCH] Add CAP_KILL to unprivileged containers + Docker-DCO-1.1-Signed-off-by: Michael Crosby + (github: crosbymichael) + +--- + daemon/execdriver/native/template/default_template.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go +index e7d3143..3488b20 100644 +--- a/daemon/execdriver/native/template/default_template.go ++++ b/daemon/execdriver/native/template/default_template.go +@@ -21,6 +21,7 @@ func New() *libcontainer.Container { + "SETPCAP", + "NET_BIND_SERVICE", + "SYS_CHROOT", ++ "KILL", + }, + Namespaces: map[string]bool{ + "NEWNS": true, +-- +1.8.1.4 +