Since there are no USE flag dependencies on ws4py (and it's unclear
if anything uses it at all), disable client and server to limit its
already numerous dependencies.
This script had two main functions:
1. Select the graphdriver
This functionality is now handled in the docker daemon. It defaults to
overlay2 on recent docker versions, and does its own fs detection for
btrfs etc.
We carry a patch for 1.12.6 now to prefer overlay to devicemapper
2. Avoid enabling selinux on btrfs
This no longer matters since as of v1.10, selinux on btrfs is supported.
See moby/moby#16452
This PR replaces that original functionality with a simpler systemd environment variable, which is also more in-line with what we do for other similar choices.
The environment variable is also more discoverable and easier for users to edit.
Note: for backwards compatibility with
DOCKER_OPTS=--selinux-enabled=false (to make that take precedent), we
intentionally put the environment variable as the first option.
However, for backwards compatibility with older units, we also retain
the script. We are able to remove the graphdriver detection/selection
since that behavior now happens appropriately in docker, but we need to
keep the selinux defaulting so that people who are executing the script
and expecting selinux to work (e.g. if they copied an old
docker.service) will continue to get selinux as expected.
This also syncs a few other small changes from upstream.
See https://github.com/moby/moby/pull/30210 for the network-online
change / bugs references.
There doesn't appear to be a reason the socket's user differed from
upstream, so there's no intended meaning to that change beyond syncing
with upstream.
Notable changes:
1.12.6:
* Bump to go 1.7
* Remove go1.6-specific cflags workaround
17.04:
* Remove go1.6-specific cflags workaround
* Fix docker-init in the docker-17.04 ebuild
* Sync with upstream a bit
SLAB_FREELIST_RANDOM: Randomize slab allocator freelist order,
c7ce4f60ac199fb3521c5fcd64da21cee801ec2b
IO_STRICT_DEVMEM: Disallow access to /dev/mem regions that are bound
to a kernel driver, 90a545e981267e917b9d698ce07affd69787db87
HARDENED_USERCOPY: Add more address range checks to copy_{from,to}_user(),
f5509cc18daa7f82bcc553be70df2117c8eedc16
By default, the wrapper uses /var/lib/etcd which was created by the etcd
ebuild. Now that it's being removed, this ebuild needs to explicitly
create it.
