diff options
Diffstat (limited to 'community/docker/docker-openrc-fixes.patch')
| -rw-r--r-- | community/docker/docker-openrc-fixes.patch | 32 |
1 files changed, 4 insertions, 28 deletions
diff --git a/community/docker/docker-openrc-fixes.patch b/community/docker/docker-openrc-fixes.patch index 49a59cb98e..5ac8405238 100644 --- a/community/docker/docker-openrc-fixes.patch +++ b/community/docker/docker-openrc-fixes.patch @@ -1,37 +1,13 @@ -diff --git a/contrib/init/openrc/docker.confd b/contrib/init/openrc/docker.confd -index 2444031..b5f431c 100644 ---- a/contrib/init/openrc/docker.confd -+++ b/contrib/init/openrc/docker.confd -@@ -11,3 +11,6 @@ - - # any other random options you want to pass to docker - DOCKER_OPTS="" -+ -+# disable grsecurity features -+#disable_grsec="chroot_deny_chmod chroot_deny_mknod" -diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd -index f2e1536..20de85b 100644 --- a/contrib/init/openrc/docker.initd +++ b/contrib/init/openrc/docker.initd -@@ -9,9 +9,21 @@ - start_stop_daemon_args="--background \ - --stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\"" +@@ -17,6 +17,10 @@ + + retry="${DOCKER_RETRY:-TERM/60/KILL/10}" -+grsecdir=/proc/sys/kernel/grsecurity -+ +depend() { + need sysfs cgroups +} + start_pre() { checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" - -+ for i in $disable_grsec; do -+ if [ -e "$grsecdir/$i" ]; then -+ einfo " Disabling $i" -+ echo 0 > "$grsecdir/$i" -+ fi -+ done - ulimit -n 1048576 - - # Having non-zero limits causes performance problems due to accounting overhead + } |