diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook')
2 files changed, 28 insertions, 23 deletions
diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch index 753a77d1..34f0c09e 100644 --- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch @@ -1,6 +1,6 @@ -From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001 +From 12d92162c449d51f4ffa482f7daaeb42c4135937 Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> -Date: Tue, 14 Nov 2017 07:41:41 -0800 +Date: Tue, 2 Jul 2019 20:51:08 +0000 Subject: [PATCH] Add additional cgroup mounts from root NS automatically Signed-off-by: Jason Wessel <jason.wessel@windriver.com> @@ -9,11 +9,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com> 1 file changed, 45 insertions(+) diff --git a/src/systemdhook.c b/src/systemdhook.c -index 78575ef..f735484 100644 +index c2cb2b9..f9ec9f2 100644 --- a/src/systemdhook.c +++ b/src/systemdhook.c -@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) { - static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path) +@@ -274,6 +274,11 @@ static char *get_process_cgroup_subsystem_path(const char *id, int pid, const ch + static int mount_cgroup(const char *id, const char *rootfs, const char *options, char *systemd_path) { _cleanup_free_ char *cgroup_path = NULL; + char *spath, *dpath; @@ -23,9 +23,9 @@ index 78575ef..f735484 100644 + int got; if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) { - pr_perror("Failed to create path for %s", CGROUP_ROOT); -@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p - pr_perror("Failed to mkdir new dest: %s", systemd_path); + pr_perror("%s: Failed to create path for %s", id, CGROUP_ROOT); +@@ -292,6 +297,46 @@ static int mount_cgroup(const char *id, const char *rootfs, const char *options, + pr_perror("%s: Failed to mkdir new dest: %s", id, systemd_path); return -1; } + /* Create all additional cgroup mounts which are in the root namespace */ @@ -59,7 +59,7 @@ index 78575ef..f735484 100644 + pr_perror("Failed to mkdir new dest: %s", dpath); + return -1; + } -+ if (bind_mount(spath, dpath, false)) { ++ if (bind_mount(id, spath, dpath, false)) { + pr_perror("Failed to bind mount %s on %s", spath, dpath); + return -1; + } @@ -68,9 +68,9 @@ index 78575ef..f735484 100644 + free(dpath); + } + closedir(dir); - if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) { - pr_perror("Failed to remount %s readonly", cgroup_path); + if (remount_readonly(id, cgroup_path, cgroup_path) < 0) { return -1; + } -- -2.11.0 +2.7.4 diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch index 5016f6e7..a3ec57df 100644 --- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch @@ -8,9 +8,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> src/systemdhook.c | 12 ------------ 1 file changed, 12 deletions(-) ---- a/src/systemdhook.c -+++ b/src/systemdhook.c -@@ -16,7 +16,6 @@ +Index: git/src/systemdhook.c +=================================================================== +--- git.orig/src/systemdhook.c ++++ git/src/systemdhook.c +@@ -17,7 +17,6 @@ #include <errno.h> #include <inttypes.h> #include <linux/limits.h> @@ -18,25 +20,28 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> #include <yajl/yajl_tree.h> #include <stdbool.h> -@@ -129,9 +128,6 @@ static int chperm(const char *path, cons +@@ -166,12 +165,6 @@ closedir(dir); return -1; } -- if (setfilecon (full_path, label) < 0) { -- pr_perror("Failed to set context %s on %s", label, full_path); +- if (label != NULL && (strcmp("", label))) { +- if ((is_selinux_enabled() > 0) && (setfilecon (full_path, label) < 0)) { +- pr_perror("%s: Failed to set context %s on %s", id, label, full_path); +- } - } - +- if (doChown) { /* Change uid and gid to something the container can handle */ -@@ -496,14 +492,6 @@ static int prestart(const char *rootfs, + if (chown(full_path, uid, gid) < 0 ) { +@@ -557,14 +550,6 @@ return -1; } } - - if (strcmp("", mount_label)) { -- rc = setfilecon(journal_dir, (security_context_t)mount_label); -- if (rc < 0) { -- pr_perror("Failed to set journal dir selinux context"); +- if ((is_selinux_enabled() > 0) && +- (setfilecon(journal_dir, (security_context_t)mount_label) < 0)) { +- pr_perror("%s: Failed to set journal dir selinux context", id); - return -1; - } - } |