Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2014-09-12 17:04:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2014-09-12 10:04:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2014-09-12 17:06:01.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Sep 12 13:21:40 UTC 2014 - [email protected] + +- Generated AppArmor profile used mount rules which aren't supported + in our version of AppArmor. libcontainer-apparmor-fixes.patch + +------------------------------------------------------------------- New: ---- libcontainer-apparmor-fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.T281KZ/_old 2014-09-12 17:06:02.000000000 +0200 +++ /var/tmp/diff_new_pack.T281KZ/_new 2014-09-12 17:06:02.000000000 +0200 @@ -33,6 +33,8 @@ Source6: docker-rpmlintrc Source7: README_SUSE.md Patch0: 0002-Stripped-dockerinit-binary.patch +# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor +Patch1: libcontainer-apparmor-fixes.patch BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static @@ -91,6 +93,7 @@ %prep %setup -q -n docker %patch0 -p1 +%patch1 -p1 cp %{SOURCE7} . %build ++++++ libcontainer-apparmor-fixes.patch ++++++ Index: docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go =================================================================== --- docker.orig/vendor/src/github.com/docker/libcontainer/apparmor/gen.go +++ docker/vendor/src/github.com/docker/libcontainer/apparmor/gen.go @@ -25,18 +25,6 @@ profile {{.Name}} flags=(attach_disconne network, capability, file, - umount, - - mount fstype=tmpfs, - mount fstype=mqueue, - mount fstype=fuse.*, - mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, - mount fstype=efivarfs -> /sys/firmware/efi/efivars/, - mount fstype=fusectl -> /sys/fs/fuse/connections/, - mount fstype=securityfs -> /sys/kernel/security/, - mount fstype=debugfs -> /sys/kernel/debug/, - mount fstype=proc -> /proc/, - mount fstype=sysfs -> /sys/, deny @{PROC}/sys/fs/** wklx, deny @{PROC}/sysrq-trigger rwklx, @@ -45,10 +33,6 @@ profile {{.Name}} flags=(attach_disconne deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx, deny @{PROC}/sys/kernel/*/** wklx, - deny mount options=(ro, remount) -> /, - deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, - deny mount fstype=devpts, - deny /sys/[^f]*/** wklx, deny /sys/f[^s]*/** wklx, deny /sys/fs/[^c]*/** wklx, -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
