diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-31 14:56:34 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-31 14:56:34 +0200 |
| commit | 3d3d5b5eb3e8da030d0211d7b82b7572ce9d332f (patch) | |
| tree | 93c8186ddbd0a5d79b85a3188a083bc7f518de96 /main/docker/openrc-fixes.patch | |
| parent | 5bfe5fdb8a077fc40eddcb2348f53eca7c62496f (diff) | |
| download | aports-3d3d5b5eb3e8da030d0211d7b82b7572ce9d332f.tar.bz2 aports-3d3d5b5eb3e8da030d0211d7b82b7572ce9d332f.tar.xz | |
main/docker: support disabling grsec chroot restrictions
Diffstat (limited to 'main/docker/openrc-fixes.patch')
| -rw-r--r-- | main/docker/openrc-fixes.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/main/docker/openrc-fixes.patch b/main/docker/openrc-fixes.patch new file mode 100644 index 0000000000..701459910b --- /dev/null +++ b/main/docker/openrc-fixes.patch @@ -0,0 +1,31 @@ +--- a/contrib/init/openrc/docker.initd 2015-02-10 17:14:37.000000000 -0100 ++++ b/contrib/init/openrc/docker.initd 2015-03-31 10:17:15.500070311 -0200 +@@ -8,11 +8,18 @@ + DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker} + DOCKER_OPTS=${DOCKER_OPTS:-} + ++grsecdir=/proc/sys/kernel/grsecurity ++ + start() { + checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" ++ for i in $disable_grsec; do ++ if [ -e "$grsecdir/$i" ]; then ++ einfo " Disabling $i" ++ echo 0 > "$grsecdir/$i" ++ fi ++ done + + ulimit -n 1048576 +- ulimit -u 1048576 + + ebegin "Starting docker daemon" + start-stop-daemon --start --background \ +--- a/contrib/init/openrc/docker.confd 2015-02-10 17:14:37.000000000 -0100 ++++ b/contrib/init/openrc/docker.confd 2015-03-31 14:52:47.323685914 -0200 +@@ -11,3 +11,6 @@ + + # any other random options you want to pass to docker + DOCKER_OPTS="" ++ ++# disable grsecurity features ++#disable_grsec="chroot_deny_chmod chroot_deny_mknod" |