diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r5.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r4.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r5.ebuild index 1aaa094235..4fd32b6442 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r4.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.6-r5.ebuild @@ -9,7 +9,7 @@ CROS_WORKON_LOCALNAME="docker" CROS_WORKON_REPO="git://github.com" COREOS_GO_VERSION="go1.7" -CROS_WORKON_COMMIT="d5236f0452873048a28c1ecd63d40513efa66542" # coreos-1.12.6 +CROS_WORKON_COMMIT="a82d35e3daba1a2cd48c66e57a4f9975c39c45c6" # coreos-1.12.6 DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" KEYWORDS="amd64 arm64" @@ -270,6 +270,7 @@ src_install() { newconfd contrib/init/openrc/docker.confd docker exeinto /usr/lib/coreos + # Create /usr/lib/coreos/dockerd script for backwards compatibility doexe "${FILESDIR}/dockerd" systemd_dounit "${FILESDIR}/docker.service" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.04.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.04.0-r3.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.04.0-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.04.0-r3.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index c655b638bb..1c690e9451 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -258,6 +258,7 @@ src_install() { newconfd contrib/init/openrc/docker.confd docker exeinto /usr/lib/coreos + # Create /usr/lib/coreos/dockerd for backwards compatibility doexe "${FILESDIR}/dockerd" systemd_dounit "${FILESDIR}/docker.service" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 2b6470ecdd..a8f1bf4ef5 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -8,11 +8,12 @@ Requires=containerd.service docker.socket [Service] Type=notify EnvironmentFile=-/run/flannel/flannel_docker_opts.env +Environment=DOCKER_SELINUX=--selinux-enabled=true # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/lib/coreos/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ +ExecStart=/usr/bin/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_SELINUX $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=1048576 # Having non-zero Limit*s causes performance problems due to accounting overhead diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd index 9260e127d8..2a94d06561 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd @@ -1,5 +1,7 @@ #!/bin/bash -# Wrapper for launching docker daemons with an appropriate backend. +# Wrapper for launching docker daemons with selinux default on +# This wrapper script has been deprecated (euank: 2017-05-09) and is retained +# for backwards compatibility. set -e @@ -16,14 +18,6 @@ parse_docker_args() { fi case "${flag}" in - -g|--graph) - ARG_ROOT="$1" - shift - ;; - -s|--storage-driver) - ARG_DRIVER="$1" - shift - ;; --selinux-enabled) ARG_SELINUX="$1" shift @@ -35,56 +29,13 @@ parse_docker_args() { done } -select_docker_driver() { - local fstype - - # mimic docker's behavior to ensure we stat the right filesystem. - if [[ -L "${ARG_ROOT}" ]]; then - ARG_ROOT="$(readlink -f "${ARG_ROOT}")" - fi - - mkdir --parents --mode=0700 "${ARG_ROOT}" - fstype=$(findmnt --noheadings --output FSTYPE --target "${ARG_ROOT}") - - case "${fstype}" in - btrfs) - export DOCKER_DRIVER=btrfs - ;; - ext4|tmpfs|xfs) # As of 4.1 - export DOCKER_DRIVER=overlay - ;; - *) - # Fall back to whatever docker's default behavior is. - ;; - esac -} - -# Enable selinux except when known to be unsupported (btrfs). -maybe_enable_selinux() { - case "${DOCKER_DRIVER}" in - btrfs) - USE_SELINUX="" - ;; - *) - # Enable for everything else. - USE_SELINUX="--selinux-enabled" - ;; - esac -} - -ARG_ROOT="/var/lib/docker" -ARG_DRIVER="" parse_docker_args "$@" -# Do not override the driver if it is already explicitly configured. -if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then - select_docker_driver -fi - USE_SELINUX="" # Do not override selinux if it is already explicitly configured. if [[ -z "${ARG_SELINUX}" ]]; then - maybe_enable_selinux + # If unspecified, default on + USE_SELINUX="--selinux-enabled" fi exec dockerd "$@" ${USE_SELINUX}