main/docker/openrc-fixes.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

--- a/contrib/init/openrc/docker.initd	2015-02-10 17:14:37.000000000 -0100
+++ b/contrib/init/openrc/docker.initd	2015-03-31 10:17:15.500070311 -0200
@@ -8,11 +8,18 @@
 DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker}
 DOCKER_OPTS=${DOCKER_OPTS:-}
 
+grsecdir=/proc/sys/kernel/grsecurity
+
 start() {
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+	for i in $disable_grsec; do
+		if [ -e "$grsecdir/$i" ]; then
+			einfo " Disabling $i"
+			echo 0 > "$grsecdir/$i"
+		fi
+	done
 
 	ulimit -n 1048576
-	ulimit -u 1048576
 
 	ebegin "Starting docker daemon"
 	start-stop-daemon --start --background \
--- a/contrib/init/openrc/docker.confd	2015-02-10 17:14:37.000000000 -0100
+++ b/contrib/init/openrc/docker.confd	2015-03-31 14:52:47.323685914 -0200
@@ -11,3 +11,6 @@
 
 # any other random options you want to pass to docker
 DOCKER_OPTS=""
+
+# disable grsecurity features
+#disable_grsec="chroot_deny_chmod chroot_deny_mknod"