[meta-virtualization] [PATCH 06/12] oci-systemd-hook: Uprev hook to latest

Bruce Ashfield bruce.ashfield at windriver.com
Mon Jul 17 13:04:07 PDT 2017


From: Jason Wessel <jason.wessel at windriver.com>

The selinux disable patch required changes as more setfilecon
operations were added.

The new upstream work is needed to allow the rootfs specification to
continue working because runc no longer passes the "root" key as a
part of the json configuration which is sent to a hook via stdin.

Signed-off-by: Jason Wessel <jason.wessel at windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>
---
 .../0001-selinux-drop-selinux-support.patch        | 35 ++++++++++++----------
 .../oci-systemd-hook/oci-systemd-hook_git.bb       |  2 +-
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
index 507cd08e6f8f..5016f6e75d9d 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch
@@ -5,25 +5,34 @@ Subject: [PATCH] selinux: drop selinux support
 
 Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>
 ---
- src/systemdhook.c | 9 ---------
- 1 file changed, 9 deletions(-)
+ src/systemdhook.c |   12 ------------
+ 1 file changed, 12 deletions(-)
 
-diff --git a/src/systemdhook.c b/src/systemdhook.c
-index 274e5b910699..b9e8f1be376a 100644
 --- a/src/systemdhook.c
 +++ b/src/systemdhook.c
-@@ -14,7 +14,6 @@
+@@ -16,7 +16,6 @@
  #include <errno.h>
  #include <inttypes.h>
  #include <linux/limits.h>
 -#include <selinux/selinux.h>
  #include <yajl/yajl_tree.h>
+ #include <stdbool.h>
  
- #include "config.h"
-@@ -538,14 +537,6 @@ static int prestart(const char *rootfs,
+@@ -129,9 +128,6 @@ static int chperm(const char *path, cons
+ 				closedir(dir);
+ 				return -1;
  			}
- 		}
+-			if (setfilecon (full_path, label) < 0) {
+-				pr_perror("Failed to set context %s on %s", label, full_path);
+-			}
  
+ 			if (doChown) {
+ 				/* Change uid and gid to something the container can handle */
+@@ -496,14 +492,6 @@ static int prestart(const char *rootfs,
+ 				return -1;
+ 			}
+ 		}
+-
 -		if (strcmp("", mount_label)) {
 -			rc = setfilecon(journal_dir, (security_context_t)mount_label);
 -			if (rc < 0) {
@@ -31,10 +40,6 @@ index 274e5b910699..b9e8f1be376a 100644
 -				return -1;
 -			}
 -		}
--
- 		if (makepath(cont_journal_dir, 0755) == -1) {
- 			if (errno != EEXIST) {
- 				pr_perror("Failed to mkdir container journal dir: %s", cont_journal_dir);
--- 
-2.4.0.53.g8440f74
-
+ 
+ 		/* Attempt to creare /var/log/journal inside of rootfs,
+ 		   if successful, or directory exists, mount tmpfs on top of
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
index 872872a1106f..fc88905334da 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@@ -6,7 +6,7 @@ PRIORITY = "optional"
 
 DEPENDS = "yajl util-linux"
 
-SRCREV = "ca515c1f399bd0b16e94b7c34aa1ef20498beca6"
+SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3"
 SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
            file://0001-selinux-drop-selinux-support.patch \
            file://0001-configure-drop-selinux-support.patch \
-- 
2.4.0.53.g8440f74



More information about the meta-virtualization mailing list