blob: f350daaf93feec2ef0311ce5bc3cd01ba8403d74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
index 26fa8ef..ea8a3b2 100644
--- a/contrib/init/openrc/docker.initd
+++ b/contrib/init/openrc/docker.initd
@@ -9,11 +9,18 @@ DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
start_stop_daemon_args="--background \
--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
+grsecdir=/proc/sys/kernel/grsecurity
+
start_pre() {
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+ for i in $disable_grsec; do
+ if [ -e "$grsecdir/$i" ]; then
+ einfo " Disabling $i"
+ echo 0 > "$grsecdir/$i"
+ fi
+ done
ulimit -n 1048576
- ulimit -u 1048576
return 0
}
--- a/contrib/init/openrc/docker.confd 2015-02-10 17:14:37.000000000 -0100
+++ b/contrib/init/openrc/docker.confd 2015-03-31 14:52:47.323685914 -0200
@@ -11,3 +11,6 @@
# any other random options you want to pass to docker
DOCKER_OPTS=""
+
+# disable grsecurity features
+#disable_grsec="chroot_deny_chmod chroot_deny_mknod"
|
