diff options
Diffstat (limited to 'community/docker/docker-openrc-fixes.patch')
| -rw-r--r-- | community/docker/docker-openrc-fixes.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/community/docker/docker-openrc-fixes.patch b/community/docker/docker-openrc-fixes.patch new file mode 100644 index 0000000000..f350daaf93 --- /dev/null +++ b/community/docker/docker-openrc-fixes.patch @@ -0,0 +1,34 @@ +diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd +index 26fa8ef..ea8a3b2 100644 +--- a/contrib/init/openrc/docker.initd ++++ b/contrib/init/openrc/docker.initd +@@ -9,11 +9,18 @@ DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}" + start_stop_daemon_args="--background \ + --stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\"" + ++grsecdir=/proc/sys/kernel/grsecurity ++ + start_pre() { + checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" ++ for i in $disable_grsec; do ++ if [ -e "$grsecdir/$i" ]; then ++ einfo " Disabling $i" ++ echo 0 > "$grsecdir/$i" ++ fi ++ done + + ulimit -n 1048576 +- ulimit -u 1048576 + + return 0 + } + +--- a/contrib/init/openrc/docker.confd 2015-02-10 17:14:37.000000000 -0100 ++++ b/contrib/init/openrc/docker.confd 2015-03-31 14:52:47.323685914 -0200 +@@ -11,3 +11,6 @@ + + # any other random options you want to pass to docker + DOCKER_OPTS="" ++ ++# disable grsecurity features ++#disable_grsec="chroot_deny_chmod chroot_deny_mknod" |