From b1076881c402449233b02368216fe2f5eeda9071 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Thu, 5 Oct 2017 15:23:41 -0700 Subject: [PATCH] app-emulation/docker: drop overlay ebusy patch Since we're picking up a kernel change that solves the same problem (see previous commit), it's safe to not include this patch and wait on upstream to pick it up. This bumps the commit for 17.03 to remove that patch, and stops applying it to 17.09. 1.12 never had it. --- ...7.03.2.ebuild => docker-17.03.2-r1.ebuild} | 2 +- ...7.09.0.ebuild => docker-17.09.0-r1.ebuild} | 0 .../app-emulation/docker/docker-9999.ebuild | 6 +- ...revert-make-overlay-home-dir-private.patch | 111 ------------------ .../app-torcx/docker/docker-17.03.ebuild | 2 +- .../app-torcx/docker/docker-17.09.ebuild | 2 +- 6 files changed, 5 insertions(+), 118 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-17.03.2.ebuild => docker-17.03.2-r1.ebuild} (99%) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-17.09.0.ebuild => docker-17.09.0-r1.ebuild} (100%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/engine/revert-make-overlay-home-dir-private.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2-r1.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2-r1.ebuild index 6ef3ede90f..ba66913717 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2-r1.ebuild @@ -12,7 +12,7 @@ if [[ ${PV} == *9999 ]]; then DOCKER_GITCOMMIT="unknown" KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="a662a4c026af44b573f6f7851ae467d8e86f2162" # coreos-17.03.2-ce + CROS_WORKON_COMMIT="236043027bc7199ec691f98c49bb2f0ec6a316d5" # coreos-17.03.2-ce DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" KEYWORDS="amd64 arm64" fi diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 5b7d221118..ce331a74c3 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -74,9 +74,7 @@ RESTRICT="installsources strip" S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}" -ENGINE_PATCHES=( - "${FILESDIR}/patches/engine/revert-make-overlay-home-dir-private.patch" -) +ENGINE_PATCHES=() # see "contrib/check-config.sh" from upstream's sources CONFIG_CHECK=" @@ -212,7 +210,7 @@ src_unpack() { DOCKER_GITCOMMIT=$(git -C "${S}" rev-parse HEAD | head -c 7) DOCKER_BUILD_DATE=$(git -C "${S}" log -1 --format="%ct") fi - eapply -d"${S}"/components/engine "${ENGINE_PATCHES[@]}" + [ "${#ENGINE_PATCHES[@]}" -gt 0 ] && eapply -d"${S}"/components/engine "${ENGINE_PATCHES[@]}" } src_compile() { diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/engine/revert-make-overlay-home-dir-private.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/engine/revert-make-overlay-home-dir-private.patch deleted file mode 100644 index 7a21b2c3ff..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/engine/revert-make-overlay-home-dir-private.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 699fab4877c3ff5d7f935bd3977e413c31269c7c Mon Sep 17 00:00:00 2001 -From: Euan Kemp -Date: Fri, 22 Sep 2017 12:01:04 -0700 -Subject: [PATCH] Revert "Make overlay home dir Private mount" - -This reverts commit e076bccb458aeadab9380ce0636456ad6317a85f. -It also reverts it for the overlay2 package, which didn't exist at the -time the commit was made but is a direct successor with copy-pasted -code. - -The original commit was meant to fix a bug whereby `docker cp` -(implemented via chrootarchive) could inadvertantly lead to shared -mounts getting unmounted on the host too. - -The fix, however, had side effects. It results in overlay mounts being -private, and thus being quite easy to leak copies that are hard to -umount into other mount namespaces on the box. - -This hasn't been noticed until now because on kernels prior to v4.13, -temporarily leaking overlayfs mounts to other namespaces didn't have any -ill effects. - -Starting with v4.13, setting the mount to private and thus leaking -mounts results in errors. See https://github.com/moby/moby/issues/34672 - -The correct fix for the original issue was implemented later in -https://github.com/moby/moby/pull/27609, and since that code is now -merged we can safely throw away this less ideal fix. - -Signed-off-by: Euan Kemp ---- - daemon/graphdriver/overlay/overlay.go | 12 +++--------- - daemon/graphdriver/overlay2/overlay.go | 12 +++--------- - 2 files changed, 6 insertions(+), 18 deletions(-) - -diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go -index 9012722c20d..8ed51e6c384 100644 ---- a/daemon/graphdriver/overlay/overlay.go -+++ b/daemon/graphdriver/overlay/overlay.go -@@ -19,7 +19,6 @@ import ( - "github.com/docker/docker/pkg/fsutils" - "github.com/docker/docker/pkg/idtools" - "github.com/docker/docker/pkg/locker" -- "github.com/docker/docker/pkg/mount" - "github.com/docker/docker/pkg/system" - "github.com/opencontainers/selinux/go-selinux/label" - "github.com/sirupsen/logrus" -@@ -139,10 +138,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap - return nil, err - } - -- if err := mount.MakePrivate(home); err != nil { -- return nil, err -- } -- - supportsDType, err := fsutils.SupportsDType(home) - if err != nil { - return nil, err -@@ -227,11 +222,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { - return metadata, nil - } - --// Cleanup any state created by overlay which should be cleaned when daemon --// is being shutdown. For now, we just have to unmount the bind mounted --// we had created. -+// Cleanup simply returns nil and do not change the existing filesystem. -+// This is required to satisfy the graphdriver.Driver interface. - func (d *Driver) Cleanup() error { -- return mount.Unmount(d.home) -+ return nil - } - - // CreateReadWrite creates a layer that is writable for use as a container -diff --git a/daemon/graphdriver/overlay2/overlay.go b/daemon/graphdriver/overlay2/overlay.go -index f350ca9c0b8..5aaf8c0cefe 100644 ---- a/daemon/graphdriver/overlay2/overlay.go -+++ b/daemon/graphdriver/overlay2/overlay.go -@@ -28,7 +28,6 @@ import ( - "github.com/docker/docker/pkg/fsutils" - "github.com/docker/docker/pkg/idtools" - "github.com/docker/docker/pkg/locker" -- "github.com/docker/docker/pkg/mount" - "github.com/docker/docker/pkg/parsers" - "github.com/docker/docker/pkg/parsers/kernel" - "github.com/docker/docker/pkg/system" -@@ -175,10 +174,6 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap - return nil, err - } - -- if err := mount.MakePrivate(home); err != nil { -- return nil, err -- } -- - supportsDType, err := fsutils.SupportsDType(home) - if err != nil { - return nil, err -@@ -314,11 +309,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { - return metadata, nil - } - --// Cleanup any state created by overlay which should be cleaned when daemon --// is being shutdown. For now, we just have to unmount the bind mounted --// we had created. -+// Cleanup simply returns nil and do not change the existing filesystem. -+// This is required to satisfy the graphdriver.Driver interface. - func (d *Driver) Cleanup() error { -- return mount.Unmount(d.home) -+ return nil - } - - // CreateReadWrite creates a layer that is writable for use as a container diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild index 0cb31a14d9..f91bb94d2e 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild @@ -11,7 +11,7 @@ KEYWORDS="amd64 arm64" # Explicitly list all packages that will be built into the image. RDEPEND=" - =app-emulation/docker-17.03.2 + =app-emulation/docker-17.03.2-r1 =app-emulation/containerd-0.2.6 =app-emulation/docker-proxy-0.8.0_p20161019 =app-emulation/docker-runc-1.0.0_rc2_p136 diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild index 5766885de9..2d71774bc1 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild @@ -11,7 +11,7 @@ KEYWORDS="amd64 arm64" # Explicitly list all packages that will be built into the image. RDEPEND=" - =app-emulation/docker-17.09.0 + =app-emulation/docker-17.09.0-r1 =app-emulation/containerd-0.2.9_p27 =app-emulation/docker-proxy-0.8.0_p20170917 =app-emulation/docker-runc-1.0.0_rc4_p25