From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1DC3B15A7D9 for ; Tue, 14 Mar 2023 16:50:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4FCB0E075F; Tue, 14 Mar 2023 16:50:16 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2E50DE075F for ; Tue, 14 Mar 2023 16:50:16 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3C717341087 for ; Tue, 14 Mar 2023 16:50:15 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 89AC87F9 for ; Tue, 14 Mar 2023 16:50:13 +0000 (UTC) From: "William Hubbs" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "William Hubbs" Message-ID: <1678812593.6f78eaca943ed47dbea9a7c44e9f438aa3575438.williamh@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-containers/docker/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-containers/docker/docker-23.0.1.ebuild X-VCS-Directories: app-containers/docker/ X-VCS-Committer: williamh X-VCS-Committer-Name: William Hubbs X-VCS-Revision: 6f78eaca943ed47dbea9a7c44e9f438aa3575438 X-VCS-Branch: master Date: Tue, 14 Mar 2023 16:50:13 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 9ea554ed-eb39-411f-ac05-820f55f47e10 X-Archives-Hash: 8c925a45bc0a699cc22ed81cec5c8a23 commit: 6f78eaca943ed47dbea9a7c44e9f438aa3575438 Author: William Hubbs gentoo org> AuthorDate: Tue Mar 14 16:44:19 2023 +0000 Commit: William Hubbs gentoo org> CommitDate: Tue Mar 14 16:49:53 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f78eaca app-containers/docker: more kernel option fixes - put SECURITY_SELINUX and SECURITY_APPARMOR behind the appropriate use flags - put MEMCG_SWAP and LEGACY_SYSCALL_EMULATE behind kernel version checks Bug: https://bugs.gentoo.org/900845 Signed-off-by: William Hubbs gentoo.org> app-containers/docker/docker-23.0.1.ebuild | 37 +++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/app-containers/docker/docker-23.0.1.ebuild b/app-containers/docker/docker-23.0.1.ebuild index d592dae8135b..227d05ce400b 100644 --- a/app-containers/docker/docker-23.0.1.ebuild +++ b/app-containers/docker/docker-23.0.1.ebuild @@ -114,9 +114,14 @@ pkg_setup() { CONFIG_CHECK+=" ~CGROUP_PIDS - ~MEMCG_SWAP " + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + if kernel_is le 5 8; then CONFIG_CHECK+=" ~MEMCG_SWAP_ENABLED @@ -124,10 +129,16 @@ pkg_setup() { fi CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NATIVE - ~LEGACY_VSYSCALL_EMULATE - ~!LEGACY_VSYSCALL_NONE - " + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " WARNING_LEGACY_SYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ Containers with <=glibc-2.13 will not work" @@ -155,9 +166,19 @@ pkg_setup() { ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_RR - ~SECURITY_SELINUX - ~SECURITY_APPARMOR - " + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi # if ! is_set EXT4_USE_FOR_EXT2; then # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY