Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2018-04-22 14:35:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Sun Apr 22 14:35:27 2018 rev:73 rq:598552 version:17.09.1_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2018-04-17 11:13:16.234359837 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2018-04-22 14:35:29.157986242 +0200 @@ -1,0 +2,7 @@ +Thu Apr 19 11:23:32 UTC 2018 - [email protected] + +- Fix up the AppArmor 'docker kill' patch to work on older AppArmor versions. + boo#1089732 + * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch ++++++ --- /var/tmp/diff_new_pack.FAI9lp/_old 2018-04-22 14:35:29.873960332 +0200 +++ /var/tmp/diff_new_pack.FAI9lp/_new 2018-04-22 14:35:29.873960332 +0200 @@ -1,4 +1,4 @@ -From c11493737b4a5ffd59d635650f3a0d45f220ad2b Mon Sep 17 00:00:00 2001 +From fb59d17b2617ebee34f91786428f63571a19bb74 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <[email protected]> Date: Sun, 8 Apr 2018 20:21:30 +1000 Subject: [PATCH] apparmor: allow receiving of signals from 'docker kill' @@ -7,22 +7,25 @@ container because the signal originated from outside of that AppArmor profile. Correct this by allowing all unconfined signals to be received. -SUSE-Bug: bsc#1073877 +SUSE-Bugs: bsc#1073877 boo#1089732 Signed-off-by: Goldwyn Rodrigues <[email protected]> Signed-off-by: Aleksa Sarai <[email protected]> --- - components/engine/profiles/apparmor/template.go | 1 + - 1 file changed, 1 insertion(+) + components/engine/profiles/apparmor/template.go | 4 ++++ + 1 file changed, 4 insertions(+) diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go -index c5ea4584de6b..4830ac440645 100644 +index c5ea4584de6b..47c1b0659a15 100644 --- a/components/engine/profiles/apparmor/template.go +++ b/components/engine/profiles/apparmor/template.go -@@ -17,6 +17,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { +@@ -17,6 +17,10 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { capability, file, umount, ++{{if ge .Version 208096}} ++{{/* Allow 'docker kill' to actually send signals to container processes. */}} + signal (receive) peer=unconfined, ++{{end}} deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir) # deny write to files not in /proc/<number>/** or /proc/sys/**
