Since there are no USE flag dependencies on ws4py (and it's unclear
if anything uses it at all), disable client and server to limit its
already numerous dependencies.
This script had two main functions:
1. Select the graphdriver
This functionality is now handled in the docker daemon. It defaults to
overlay2 on recent docker versions, and does its own fs detection for
btrfs etc.
We carry a patch for 1.12.6 now to prefer overlay to devicemapper
2. Avoid enabling selinux on btrfs
This no longer matters since as of v1.10, selinux on btrfs is supported.
See moby/moby#16452
This PR replaces that original functionality with a simpler systemd environment variable, which is also more in-line with what we do for other similar choices.
The environment variable is also more discoverable and easier for users to edit.
Note: for backwards compatibility with
DOCKER_OPTS=--selinux-enabled=false (to make that take precedent), we
intentionally put the environment variable as the first option.
However, for backwards compatibility with older units, we also retain
the script. We are able to remove the graphdriver detection/selection
since that behavior now happens appropriately in docker, but we need to
keep the selinux defaulting so that people who are executing the script
and expecting selinux to work (e.g. if they copied an old
docker.service) will continue to get selinux as expected.
This also syncs a few other small changes from upstream.
See https://github.com/moby/moby/pull/30210 for the network-online
change / bugs references.
There doesn't appear to be a reason the socket's user differed from
upstream, so there's no intended meaning to that change beyond syncing
with upstream.
Notable changes:
1.12.6:
* Bump to go 1.7
* Remove go1.6-specific cflags workaround
17.04:
* Remove go1.6-specific cflags workaround
* Fix docker-init in the docker-17.04 ebuild
* Sync with upstream a bit
SLAB_FREELIST_RANDOM: Randomize slab allocator freelist order,
c7ce4f60ac199fb3521c5fcd64da21cee801ec2b
IO_STRICT_DEVMEM: Disallow access to /dev/mem regions that are bound
to a kernel driver, 90a545e981267e917b9d698ce07affd69787db87
HARDENED_USERCOPY: Add more address range checks to copy_{from,to}_user(),
f5509cc18daa7f82bcc553be70df2117c8eedc16
By default, the wrapper uses /var/lib/etcd which was created by the etcd
ebuild. Now that it's being removed, this ebuild needs to explicitly
create it.
Config changes:
- The refreshed Secure Boot patches now use LOCK_DOWN_KERNEL and
EFI_SECURE_BOOT_LOCK_DOWN instead of EFI_SECURE_BOOT_SIG_ENFORCE.
- KPROBE_EVENT and UPROBE_EVENT were pluralized in
6b0b7551428e4caae1e2c023a529465a9a9ae2d4.
- DEBUG_SET_MODULE_RONX was renamed in
0f5bf6d0afe4be6e1391908ff2d6dc9730e91550, but as of
ad21fc4faa2a1f919bac1073b885df9310dbc581 it's mandatory on both supported
arches. Dropped.
- VMXNET3 conflicts with ARM64_64K_PAGES as of
fbdf0e28d061708cf18ba0f8e0db5360dc9a15b9, and likely doesn't make sense on
ARM. Moved to amd64.
- TIMER_STATS was dropped in dfb4357da6ddbdf57d583ba64361c9d792b0e0b1.
- CPU_FREQ_STAT_DETAILS was dropped in
801e0f378fe7d53f87246037bf40567277275418.
See https://github.com/coreos/bugs/issues/1833 where this was requested.
This has become more important with the more recent flannel releases
including kubernetes and becoming larger as well.
The value of 5 minutes is arbitrarily chosen as a reasonable increase
over the default 90s.
