diff options
Diffstat (limited to 'app-emulation/docker/files')
-rw-r--r-- | app-emulation/docker/files/7179-add-audit_write-cap.patch | 29 | ||||
-rw-r--r-- | app-emulation/docker/files/docker-r2.confd | 18 | ||||
-rwxr-xr-x | app-emulation/docker/files/docker-r2.initd | 54 | ||||
-rw-r--r-- | app-emulation/docker/files/docker-r3.confd | 13 | ||||
-rwxr-xr-x | app-emulation/docker/files/docker-r3.initd | 31 | ||||
-rwxr-xr-x | app-emulation/docker/files/docker.initd | 31 | ||||
-rw-r--r-- | app-emulation/docker/files/docker.service | 12 |
7 files changed, 188 insertions, 0 deletions
diff --git a/app-emulation/docker/files/7179-add-audit_write-cap.patch b/app-emulation/docker/files/7179-add-audit_write-cap.patch new file mode 100644 index 000000000000..6263698cea22 --- /dev/null +++ b/app-emulation/docker/files/7179-add-audit_write-cap.patch @@ -0,0 +1,29 @@ +From 29ecc95c31ecfe15e3b3d8db94cea1c555e526a3 Mon Sep 17 00:00:00 2001 +From: Alexandr Morozov <lk4d4math@gmail.com> +Date: Wed, 23 Jul 2014 09:57:41 +0400 +Subject: [PATCH] Add AUDIT_WRITE cap + +Fixes #6345 + +Thanks @larsks for outstanding investigation + +Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4) +--- + daemon/execdriver/native/template/default_template.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go +index cc5cc4f..be3dd5a 100644 +--- a/daemon/execdriver/native/template/default_template.go ++++ b/daemon/execdriver/native/template/default_template.go +@@ -23,6 +23,7 @@ func New() *libcontainer.Config { + "NET_BIND_SERVICE", + "SYS_CHROOT", + "KILL", ++ "AUDIT_WRITE", + }, + Namespaces: map[string]bool{ + "NEWNS": true, +-- +2.0.3 + diff --git a/app-emulation/docker/files/docker-r2.confd b/app-emulation/docker/files/docker-r2.confd new file mode 100644 index 000000000000..5436b2339d99 --- /dev/null +++ b/app-emulation/docker/files/docker-r2.confd @@ -0,0 +1,18 @@ +# /etc/conf.d/docker: config file for /etc/init.d/docker + +# where the docker daemon output gets piped +#DOCKER_LOGFILE="/var/log/docker.log" + +# where docker's pid get stored +#DOCKER_PIDFILE="/run/docker.pid" + +# where the docker daemon itself is run from +#DOCKER_BINARY="/usr/bin/docker" + +# uncomment this for a simple workaround to +# https://github.com/dotcloud/docker/issues/1422 +#DOCKER_WORKAROUND_1422="1" + +# if you find that the default DOCKER_WORKAROUND_1422 delay of one second +# is not sufficient, try uncommenting and increasing this value +#DOCKER_WORKAROUND_1422_DELAY="1" diff --git a/app-emulation/docker/files/docker-r2.initd b/app-emulation/docker/files/docker-r2.initd new file mode 100755 index 000000000000..b081d9c77094 --- /dev/null +++ b/app-emulation/docker/files/docker-r2.initd @@ -0,0 +1,54 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +DOCKER_LOGFILE=${DOCKER_LOGFILE:-/var/log/${SVCNAME}.log} +DOCKER_PIDFILE=${DOCKER_PIDFILE:-/run/${SVCNAME}.pid} +DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker} +DOCKER_WORKAROUND_1422=${DOCKER_WORKAROUND_1422:-0} +DOCKER_WORKAROUND_1422_DELAY=${DOCKER_WORKAROUND_1422_DELAY:-1} + +start() { + checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" + + ebegin "Starting docker daemon" + start-stop-daemon --start --background \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" \ + --stdout "$DOCKER_LOGFILE" \ + --stderr "$DOCKER_LOGFILE" \ + -- -d -p "$DOCKER_PIDFILE" + eend $? + ret=$? + + if [ $ret -eq 0 ] \ + && [ "$DOCKER_WORKAROUND_1422" ] \ + && [ "$DOCKER_WORKAROUND_1422" -gt 0 ] \ + ; then + # see https://github.com/dotcloud/docker/issues/1422 + ewarn "Working around gh#1422 (via busybox image); this may take a moment" + + # we were calling "docker run" more quickly than "docker -d" could get + # fired up, so our workaround wasn't successful without a short delay + sleep $DOCKER_WORKAROUND_1422_DELAY + + # TODO when we get https://github.com/dotcloud/docker/pull/1589, these + # both need -rm so we clean up after ourselves (thanks, @eliasp!) + docker run -i -t busybox true &> /dev/null || true + # first run will fail, so we ignore its output and result and run again + docker run -i -t busybox true + + ewend $? + fi + + return $ret +} + +stop() { + ebegin "Stopping docker daemon" + start-stop-daemon --stop \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" + eend $? +} diff --git a/app-emulation/docker/files/docker-r3.confd b/app-emulation/docker/files/docker-r3.confd new file mode 100644 index 000000000000..ae247c007e33 --- /dev/null +++ b/app-emulation/docker/files/docker-r3.confd @@ -0,0 +1,13 @@ +# /etc/conf.d/docker: config file for /etc/init.d/docker + +# where the docker daemon output gets piped +#DOCKER_LOGFILE="/var/log/docker.log" + +# where docker's pid get stored +#DOCKER_PIDFILE="/run/docker.pid" + +# where the docker daemon itself is run from +#DOCKER_BINARY="/usr/bin/docker" + +# any other random options you want to pass to docker +DOCKER_OPTS="" diff --git a/app-emulation/docker/files/docker-r3.initd b/app-emulation/docker/files/docker-r3.initd new file mode 100755 index 000000000000..a30318509c4b --- /dev/null +++ b/app-emulation/docker/files/docker-r3.initd @@ -0,0 +1,31 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +DOCKER_LOGFILE=${DOCKER_LOGFILE:-/var/log/${SVCNAME}.log} +DOCKER_PIDFILE=${DOCKER_PIDFILE:-/run/${SVCNAME}.pid} +DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker} +DOCKER_OPTS=${DOCKER_OPTS:-} + +start() { + checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" + + ebegin "Starting docker daemon" + start-stop-daemon --start --background \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" \ + --stdout "$DOCKER_LOGFILE" \ + --stderr "$DOCKER_LOGFILE" \ + -- -d -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS + eend $? +} + +stop() { + ebegin "Stopping docker daemon" + start-stop-daemon --stop \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" + eend $? +} diff --git a/app-emulation/docker/files/docker.initd b/app-emulation/docker/files/docker.initd new file mode 100755 index 000000000000..18ca8ab9d764 --- /dev/null +++ b/app-emulation/docker/files/docker.initd @@ -0,0 +1,31 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +DOCKER_LOGFILE=${DOCKER_LOGFILE:-/var/log/${SVCNAME}.log} +DOCKER_PIDFILE=${DOCKER_PIDFILE:-/run/${SVCNAME}.pid} +DOCKER_BINARY=${DOCKER_BINARY:-/usr/bin/docker} + +start() { + touch "$DOCKER_LOGFILE" + chown root:docker "$DOCKER_LOGFILE" + chmod 0644 "$DOCKER_LOGFILE" + + ebegin "Starting docker daemon" + start-stop-daemon --start --background \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" \ + --stdout "$DOCKER_LOGFILE" \ + --stderr "$DOCKER_LOGFILE" \ + -- -d -p "$DOCKER_PIDFILE" + eend $? +} + +stop() { + ebegin "Stopping docker daemon" + start-stop-daemon --stop \ + --exec "$DOCKER_BINARY" \ + --pidfile "$DOCKER_PIDFILE" + eend $? +} diff --git a/app-emulation/docker/files/docker.service b/app-emulation/docker/files/docker.service new file mode 100644 index 000000000000..dde89a214adb --- /dev/null +++ b/app-emulation/docker/files/docker.service @@ -0,0 +1,12 @@ +[Unit] +Description=Easily create lightweight, portable, self-sufficient containers from any application! +Requires=network.target +After=multi-user.target + +[Service] +Type=simple +ExecStartPre=/bin/mount --make-rprivate / +ExecStart=/usr/bin/docker -d + +[Install] +WantedBy=multi-user.target |