From 493d83dc2f29d125b65c65fd71f7a9b7b3de2d9f Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 6 Sep 2018 20:26:53 +0000 Subject: [PATCH 1/2] app-emulation/docker: Backport patch to fix volume labels --- ...8.06.1.ebuild => docker-18.06.1-r1.ebuild} | 0 .../app-emulation/docker/docker-9999.ebuild | 4 +- .../docker-18.06.1-fix-mount-labels.patch | 39 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-18.06.1.ebuild => docker-18.06.1-r1.ebuild} (100%) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker-18.06.1-fix-mount-labels.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-18.06.1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-18.06.1-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-18.06.1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-18.06.1-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index bd89b444f0..40958e4410 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -76,7 +76,9 @@ RESTRICT="installsources strip" S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}" -ENGINE_PATCHES=() +ENGINE_PATCHES=( + "${FILESDIR}/${P}-fix-mount-labels.patch" +) # see "contrib/check-config.sh" from upstream's sources CONFIG_CHECK=" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker-18.06.1-fix-mount-labels.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker-18.06.1-fix-mount-labels.patch new file mode 100644 index 0000000000..1dbccfff30 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker-18.06.1-fix-mount-labels.patch @@ -0,0 +1,39 @@ +From 27d9030b2371aa4a6b167fded6b8dc25987a0af7 Mon Sep 17 00:00:00 2001 +From: Kir Kolyshkin +Date: Thu, 30 Aug 2018 15:32:14 -0700 +Subject: [PATCH] Fix relabeling local volume source dir + +In case a volume is specified via Mounts API, and SELinux is enabled, +the following error happens on container start: + +> $ docker volume create testvol +> $ docker run --rm --mount source=testvol,target=/tmp busybox true +> docker: Error response from daemon: error setting label on mount +> source '': no such file or directory. + +The functionality to relabel the source of a local mount specified via +Mounts API was introduced in commit 5bbf5cc and later broken by commit +e4b6adc, which removed setting mp.Source field. + +With the current data structures, the host dir is already available in +v.Mountpoint, so let's just use it. + +Fixes: e4b6adc +Signed-off-by: Kir Kolyshkin +--- + daemon/volumes.go | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/daemon/volumes.go b/daemon/volumes.go +index d1c98d0a4fae..ad3c96a94599 100644 +--- a/daemon/volumes.go ++++ b/daemon/volumes.go +@@ -210,6 +210,8 @@ func (daemon *Daemon) registerMountPoints(container *container.Container, hostCo + mp.Name = v.Name + mp.Driver = v.Driver + ++ // need to selinux-relabel local mounts ++ mp.Source = v.Mountpoint + if mp.Driver == volume.DefaultDriverName { + setBindModeIfNull(mp) + } From 728d55b5ec1d8e1a3f3cb73256418d3c173e13f2 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 6 Sep 2018 20:27:30 +0000 Subject: [PATCH 2/2] app-torcx/docker: Bump the Docker package in the torcx image --- .../coreos-overlay/app-torcx/docker/docker-18.06.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-18.06.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-18.06.ebuild index ad39a84373..e2f930cfb4 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-18.06.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-18.06.ebuild @@ -11,7 +11,7 @@ KEYWORDS="amd64 arm64" # Explicitly list all packages that will be built into the image. RDEPEND=" - =app-emulation/docker-18.06.1 + =app-emulation/docker-18.06.1-r1 =app-emulation/containerd-1.1.2 =app-emulation/docker-proxy-0.8.0_p20180709 =app-emulation/docker-runc-1.0.0_rc5_p19