MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

oci-systemd-hook: Uprev hook to latest

Browse Source 
The selinux disable patch required changes as more setfilecon
operations were added.

The new upstream work is needed to allow the rootfs specification to
continue working because runc no longer passes the "root" key as a
part of the json configuration which is sent to a hook via stdin.

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This commit is contained in:
Jason Wessel 2017-07-13 10:09:05 -07:00 committed by Bruce Ashfield
parent 3c435ae8f0
commit cc3d8b9268
2 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
View File

@ -5,25 +5,34 @@ Subject: [PATCH] selinux: drop selinux support
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
--- ---
src/systemdhook.c | 9 --------- src/systemdhook.c | 12 ------------
1 file changed, 9 deletions(-) 1 file changed, 12 deletions(-)
diff --git a/src/systemdhook.c b/src/systemdhook.c
index 274e5b910699..b9e8f1be376a 100644
--- a/src/systemdhook.c --- a/src/systemdhook.c
+++ b/src/systemdhook.c +++ b/src/systemdhook.c
@@ -14,7 +14,6 @@ @@ -16,7 +16,6 @@
#include <errno.h> #include <errno.h>
#include <inttypes.h> #include <inttypes.h>
#include <linux/limits.h> #include <linux/limits.h>
-#include <selinux/selinux.h> -#include <selinux/selinux.h>
#include <yajl/yajl_tree.h> #include <yajl/yajl_tree.h>
#include <stdbool.h>
#include "config.h" @@ -129,9 +128,6 @@ static int chperm(const char *path, cons
@@ -538,14 +537,6 @@ static int prestart(const char *rootfs, closedir(dir);
return -1;
}
- if (setfilecon (full_path, label) < 0) {
- pr_perror("Failed to set context %s on %s", label, full_path);
- }
if (doChown) {
/* Change uid and gid to something the container can handle */
@@ -496,14 +492,6 @@ static int prestart(const char *rootfs,
return -1;
} }
} }
-
- if (strcmp("", mount_label)) { - if (strcmp("", mount_label)) {
- rc = setfilecon(journal_dir, (security_context_t)mount_label); - rc = setfilecon(journal_dir, (security_context_t)mount_label);
- if (rc < 0) { - if (rc < 0) {
@ -31,10 +40,6 @@ index 274e5b910699..b9e8f1be376a 100644
- return -1; - return -1;
- } - }
- } - }
-
if (makepath(cont_journal_dir, 0755) == -1) {
if (errno != EEXIST) {
pr_perror("Failed to mkdir container journal dir: %s", cont_journal_dir);
--
2.4.0.53.g8440f74
/* Attempt to creare /var/log/journal inside of rootfs,
if successful, or directory exists, mount tmpfs on top of

2
recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
View File

@ -6,7 +6,7 @@ PRIORITY = "optional"
DEPENDS = "yajl util-linux" DEPENDS = "yajl util-linux"
SRCREV = "ca515c1f399bd0b16e94b7c34aa1ef20498beca6" SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3"
SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \ SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
file://0001-selinux-drop-selinux-support.patch \ file://0001-selinux-drop-selinux-support.patch \
file://0001-configure-drop-selinux-support.patch \ file://0001-configure-drop-selinux-support.patch \