From e5881026f66b9e04dbcc9328bbb92ea922be4e91 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Thu, 28 Sep 2017 19:13:16 -0700
Subject: [PATCH] app-emulation/docker-runc: Add an ebuild for Docker 17.03

This ebuild is a mix of the upstream ebuild and the existing one.
---
 .../app-emulation/docker-runc/Manifest        |  1 +
 .../docker-runc-1.0.0_rc2_p136.ebuild         | 71 +++++++++++++++++++
 ...ker-runc-1.0.0_rc2-mount-propagation.patch | 41 +++++++++++
 3 files changed, 113 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest
index 04f8342547..ba5a6ef23c 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest
@@ -1 +1,2 @@
+DIST docker-runc-1.0.0_rc2_p136.tar.gz 561705 SHA256 2954cb6b468b3806a08c45656acc2019035bc9994c2a9b4249cfde4d9b3a7c93 SHA512 6052b95042082c3345caf25d3646f47b82c151ff3aca2ca4510dbf72ee80056d8c4077f2a1b48a9f4178c41185835ff51461e52ad47969534ea6febf7cac74f1 WHIRLPOOL ede821987006a54e7a87f88d9a5104d4a4ecc05a614e111fefa669f5ae436c11004debfe919bec0808194f2d96442775718a0208a1a374a9dd56a896f7dd8640
 DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild
new file mode 100644
index 0000000000..c2fc52072f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+GITHUB_URI="github.com/docker/runc"
+COREOS_GO_PACKAGE="${GITHUB_URI}"
+COREOS_GO_VERSION="go1.7"
+# the commit of runc that docker uses.
+# see https://github.com/moby/moby/blob/v17.03.2-ce/hack/dockerfile/binaries-commits#L6
+# Note: this commit is only really present in the `docker/runc` repository.
+# Update the patch number when this commit is changed (i.e. the _p in the ebuild).
+# The patch version is arbitrarily the number of commits since the tag version
+# spcified in the ebuild name. For example:
+# $ git log --oneline v1.0.0-rc2..${COMMIT_ID} | wc -l
+COMMIT_ID="54296cf40ad8143b62dbcaa1d90e520a2136ddfe"
+
+inherit eutils flag-o-matic coreos-go vcs-snapshot
+
+SRC_URI="https://${GITHUB_URI}/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="amd64 arm64"
+
+DESCRIPTION="runc container cli tools (docker fork)"
+HOMEPAGE="http://runc.io"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="apparmor hardened +seccomp selinux"
+
+RDEPEND="
+	apparmor? ( sys-libs/libapparmor )
+	seccomp? ( sys-libs/libseccomp )
+	!app-emulation/runc
+"
+
+S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}
+
+RESTRICT="test"
+
+src_unpack() {
+	mkdir -p "${S}"
+	tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}"
+}
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.0.0_rc2-mount-propagation.patch"
+)
+
+src_compile() {
+	# Taken from app-emulation/docker-1.7.0-r1
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
+		-L${ROOT}/usr/$(get_libdir)"
+
+	# build up optional flags
+	local options=(
+		$(usex apparmor 'apparmor')
+		$(usex seccomp 'seccomp')
+		$(usex selinux 'selinux')
+	)
+
+	# CoreOS: Don't try to install dependencies.
+	sed -i 's/go build -i /go build /' Makefile
+
+	emake BUILDTAGS="${options[*]}" \
+		COMMIT="${COMMIT_ID}"
+}
+
+src_install() {
+	dobin runc
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch
new file mode 100644
index 0000000000..c284e9972d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch
@@ -0,0 +1,41 @@
+From db55cd4f29298ae08b20f92b8953735723ee2167 Mon Sep 17 00:00:00 2001
+From: Euan Kemp <euan.kemp@coreos.com>
+Date: Fri, 22 Sep 2017 02:31:17 -0700
+Subject: [PATCH] libcontainer: default mount propagation correctly
+
+The code in prepareRoot (https://github.com/opencontainers/runc/blob/e385f67a0e45fa1d8ef8154e2aea5128ea1d331b/libcontainer/rootfs_linux.go#L599-L605)
+attempts to default the rootfs mount to `rslave`. However, since the spec
+conversion has already defaulted it to `rprivate`, that code doesn't
+actually ever do anything.
+
+This changes the spec conversion code to accept "" and treat it as 0.
+
+Implicitly, this makes rootfs propagation default to `rslave`, which is
+a part of fixing the moby bug https://github.com/moby/moby/issues/34672
+
+Alternate implementatoins include changing this defaulting to be
+`rslave` and removing the defaulting code in prepareRoot, or skipping
+the mapping entirely for "", but I think this change is the cleanest of
+those options.
+
+Signed-off-by: Euan Kemp <euan.kemp@coreos.com>
+---
+ libcontainer/specconv/spec_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
+index 1575ae03..8a2947f6 100644
+--- a/libcontainer/specconv/spec_linux.go
++++ b/libcontainer/specconv/spec_linux.go
+@@ -36,7 +36,7 @@ var mountPropagationMapping = map[string]int{
+ 	"slave":    syscall.MS_SLAVE,
+ 	"rshared":  syscall.MS_SHARED | syscall.MS_REC,
+ 	"shared":   syscall.MS_SHARED,
+-	"":         syscall.MS_PRIVATE | syscall.MS_REC,
++	"":         0,
+ }
+ 
+ var allowedDevices = []*configs.Device{
+-- 
+2.13.5
+