summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch26
-rw-r--r--recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch27
-rw-r--r--recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb4
3 files changed, 31 insertions, 26 deletions
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
index 753a77d1..b1299f50 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@@ -1,6 +1,6 @@
1From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001 1From f9c640fa1d4c14dfbd2bc40af91cb446ad373075 Mon Sep 17 00:00:00 2001
2From: Jason Wessel <jason.wessel@windriver.com> 2From: Jason Wessel <jason.wessel@windriver.com>
3Date: Tue, 14 Nov 2017 07:41:41 -0800 3Date: Tue, 2 Jul 2019 20:51:08 +0000
4Subject: [PATCH] Add additional cgroup mounts from root NS automatically 4Subject: [PATCH] Add additional cgroup mounts from root NS automatically
5 5
6Signed-off-by: Jason Wessel <jason.wessel@windriver.com> 6Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
@@ -9,11 +9,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
9 1 file changed, 45 insertions(+) 9 1 file changed, 45 insertions(+)
10 10
11diff --git a/src/systemdhook.c b/src/systemdhook.c 11diff --git a/src/systemdhook.c b/src/systemdhook.c
12index 78575ef..f735484 100644 12index 87a3585..5220c54 100644
13--- a/src/systemdhook.c 13--- a/src/systemdhook.c
14+++ b/src/systemdhook.c 14+++ b/src/systemdhook.c
15@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) { 15@@ -281,6 +281,11 @@ static char *get_process_cgroup_subsystem_path(const char *id, int pid, const ch
16 static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path) 16 static int mount_cgroup(const char *id, const char *rootfs, const char *options, char *systemd_path)
17 { 17 {
18 _cleanup_free_ char *cgroup_path = NULL; 18 _cleanup_free_ char *cgroup_path = NULL;
19+ char *spath, *dpath; 19+ char *spath, *dpath;
@@ -23,9 +23,9 @@ index 78575ef..f735484 100644
23+ int got; 23+ int got;
24 24
25 if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) { 25 if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
26 pr_perror("Failed to create path for %s", CGROUP_ROOT); 26 pr_perror("%s: Failed to create path for %s", id, CGROUP_ROOT);
27@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p 27@@ -290,6 +295,46 @@ static int mount_cgroup(const char *id, const char *rootfs, const char *options,
28 pr_perror("Failed to mkdir new dest: %s", systemd_path); 28 pr_perror("%s: Failed to mkdir new dest: %s", id, cgroup_path);
29 return -1; 29 return -1;
30 } 30 }
31+ /* Create all additional cgroup mounts which are in the root namespace */ 31+ /* Create all additional cgroup mounts which are in the root namespace */
@@ -59,7 +59,7 @@ index 78575ef..f735484 100644
59+ pr_perror("Failed to mkdir new dest: %s", dpath); 59+ pr_perror("Failed to mkdir new dest: %s", dpath);
60+ return -1; 60+ return -1;
61+ } 61+ }
62+ if (bind_mount(spath, dpath, false)) { 62+ if (bind_mount(id, spath, dpath, false)) {
63+ pr_perror("Failed to bind mount %s on %s", spath, dpath); 63+ pr_perror("Failed to bind mount %s on %s", spath, dpath);
64+ return -1; 64+ return -1;
65+ } 65+ }
@@ -68,9 +68,9 @@ index 78575ef..f735484 100644
68+ free(dpath); 68+ free(dpath);
69+ } 69+ }
70+ closedir(dir); 70+ closedir(dir);
71 if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) { 71 /* Mount tmpfs at new cgroup directory */
72 pr_perror("Failed to remount %s readonly", cgroup_path); 72 if (mount("tmpfs", cgroup_path, "tmpfs", MS_NODEV|MS_NOSUID, options) == -1) {
73 return -1; 73 pr_perror("%s: Failed to mount tmpfs at %s", id, cgroup_path);
74-- 74--
752.11.0 752.19.1
76 76
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
index 5016f6e7..a3ec57df 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
@@ -8,9 +8,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
8 src/systemdhook.c | 12 ------------ 8 src/systemdhook.c | 12 ------------
9 1 file changed, 12 deletions(-) 9 1 file changed, 12 deletions(-)
10 10
11--- a/src/systemdhook.c 11Index: git/src/systemdhook.c
12+++ b/src/systemdhook.c 12===================================================================
13@@ -16,7 +16,6 @@ 13--- git.orig/src/systemdhook.c
14+++ git/src/systemdhook.c
15@@ -17,7 +17,6 @@
14 #include <errno.h> 16 #include <errno.h>
15 #include <inttypes.h> 17 #include <inttypes.h>
16 #include <linux/limits.h> 18 #include <linux/limits.h>
@@ -18,25 +20,28 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
18 #include <yajl/yajl_tree.h> 20 #include <yajl/yajl_tree.h>
19 #include <stdbool.h> 21 #include <stdbool.h>
20 22
21@@ -129,9 +128,6 @@ static int chperm(const char *path, cons 23@@ -166,12 +165,6 @@
22 closedir(dir); 24 closedir(dir);
23 return -1; 25 return -1;
24 } 26 }
25- if (setfilecon (full_path, label) < 0) { 27- if (label != NULL && (strcmp("", label))) {
26- pr_perror("Failed to set context %s on %s", label, full_path); 28- if ((is_selinux_enabled() > 0) && (setfilecon (full_path, label) < 0)) {
29- pr_perror("%s: Failed to set context %s on %s", id, label, full_path);
30- }
27- } 31- }
28 32-
29 if (doChown) { 33 if (doChown) {
30 /* Change uid and gid to something the container can handle */ 34 /* Change uid and gid to something the container can handle */
31@@ -496,14 +492,6 @@ static int prestart(const char *rootfs, 35 if (chown(full_path, uid, gid) < 0 ) {
36@@ -557,14 +550,6 @@
32 return -1; 37 return -1;
33 } 38 }
34 } 39 }
35- 40-
36- if (strcmp("", mount_label)) { 41- if (strcmp("", mount_label)) {
37- rc = setfilecon(journal_dir, (security_context_t)mount_label); 42- if ((is_selinux_enabled() > 0) &&
38- if (rc < 0) { 43- (setfilecon(journal_dir, (security_context_t)mount_label) < 0)) {
39- pr_perror("Failed to set journal dir selinux context"); 44- pr_perror("%s: Failed to set journal dir selinux context", id);
40- return -1; 45- return -1;
41- } 46- }
42- } 47- }
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
index e07b7410..6734bffe 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@@ -6,14 +6,14 @@ PRIORITY = "optional"
6 6
7DEPENDS = "yajl util-linux" 7DEPENDS = "yajl util-linux"
8 8
9SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3" 9SRCREV = "05e692346ca73e022754332a7da641230dae2ffe"
10SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \ 10SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
11 file://0001-selinux-drop-selinux-support.patch \ 11 file://0001-selinux-drop-selinux-support.patch \
12 file://0001-configure-drop-selinux-support.patch \ 12 file://0001-configure-drop-selinux-support.patch \
13 file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \ 13 file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \
14" 14"
15 15
16PV = "0.0.1+git${SRCPV}" 16PV = "0.2.0+git${SRCPV}"
17S = "${WORKDIR}/git" 17S = "${WORKDIR}/git"
18 18
19inherit autotools pkgconfig 19inherit autotools pkgconfig
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-19 22:04:40 +0000