summaryrefslogtreecommitdiffstats
path: root/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook
diff options
context:
space:
mode:
Diffstat (limited to 'external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook')
-rw-r--r--external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch24
-rw-r--r--external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch27
2 files changed, 28 insertions, 23 deletions
diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
index 753a77d1..34f0c09e 100644
--- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
+++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@@ -1,6 +1,6 @@
-From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001
+From 12d92162c449d51f4ffa482f7daaeb42c4135937 Mon Sep 17 00:00:00 2001
From: Jason Wessel <jason.wessel@windriver.com>
-Date: Tue, 14 Nov 2017 07:41:41 -0800
+Date: Tue, 2 Jul 2019 20:51:08 +0000
Subject: [PATCH] Add additional cgroup mounts from root NS automatically
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
@@ -9,11 +9,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
1 file changed, 45 insertions(+)
diff --git a/src/systemdhook.c b/src/systemdhook.c
-index 78575ef..f735484 100644
+index c2cb2b9..f9ec9f2 100644
--- a/src/systemdhook.c
+++ b/src/systemdhook.c
-@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) {
- static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path)
+@@ -274,6 +274,11 @@ static char *get_process_cgroup_subsystem_path(const char *id, int pid, const ch
+ static int mount_cgroup(const char *id, const char *rootfs, const char *options, char *systemd_path)
{
_cleanup_free_ char *cgroup_path = NULL;
+ char *spath, *dpath;
@@ -23,9 +23,9 @@ index 78575ef..f735484 100644
+ int got;
if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
- pr_perror("Failed to create path for %s", CGROUP_ROOT);
-@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p
- pr_perror("Failed to mkdir new dest: %s", systemd_path);
+ pr_perror("%s: Failed to create path for %s", id, CGROUP_ROOT);
+@@ -292,6 +297,46 @@ static int mount_cgroup(const char *id, const char *rootfs, const char *options,
+ pr_perror("%s: Failed to mkdir new dest: %s", id, systemd_path);
return -1;
}
+ /* Create all additional cgroup mounts which are in the root namespace */
@@ -59,7 +59,7 @@ index 78575ef..f735484 100644
+ pr_perror("Failed to mkdir new dest: %s", dpath);
+ return -1;
+ }
-+ if (bind_mount(spath, dpath, false)) {
++ if (bind_mount(id, spath, dpath, false)) {
+ pr_perror("Failed to bind mount %s on %s", spath, dpath);
+ return -1;
+ }
@@ -68,9 +68,9 @@ index 78575ef..f735484 100644
+ free(dpath);
+ }
+ closedir(dir);
- if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) {
- pr_perror("Failed to remount %s readonly", cgroup_path);
+ if (remount_readonly(id, cgroup_path, cgroup_path) < 0) {
return -1;
+ }
--
-2.11.0
+2.7.4
diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
index 5016f6e7..a3ec57df 100644
--- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
+++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
@@ -8,9 +8,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
src/systemdhook.c | 12 ------------
1 file changed, 12 deletions(-)
---- a/src/systemdhook.c
-+++ b/src/systemdhook.c
-@@ -16,7 +16,6 @@
+Index: git/src/systemdhook.c
+===================================================================
+--- git.orig/src/systemdhook.c
++++ git/src/systemdhook.c
+@@ -17,7 +17,6 @@
#include <errno.h>
#include <inttypes.h>
#include <linux/limits.h>
@@ -18,25 +20,28 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
#include <yajl/yajl_tree.h>
#include <stdbool.h>
-@@ -129,9 +128,6 @@ static int chperm(const char *path, cons
+@@ -166,12 +165,6 @@
closedir(dir);
return -1;
}
-- if (setfilecon (full_path, label) < 0) {
-- pr_perror("Failed to set context %s on %s", label, full_path);
+- if (label != NULL && (strcmp("", label))) {
+- if ((is_selinux_enabled() > 0) && (setfilecon (full_path, label) < 0)) {
+- pr_perror("%s: Failed to set context %s on %s", id, label, full_path);
+- }
- }
-
+-
if (doChown) {
/* Change uid and gid to something the container can handle */
-@@ -496,14 +492,6 @@ static int prestart(const char *rootfs,
+ if (chown(full_path, uid, gid) < 0 ) {
+@@ -557,14 +550,6 @@
return -1;
}
}
-
- if (strcmp("", mount_label)) {
-- rc = setfilecon(journal_dir, (security_context_t)mount_label);
-- if (rc < 0) {
-- pr_perror("Failed to set journal dir selinux context");
+- if ((is_selinux_enabled() > 0) &&
+- (setfilecon(journal_dir, (security_context_t)mount_label) < 0)) {
+- pr_perror("%s: Failed to set journal dir selinux context", id);
- return -1;
- }
- }