commit docker for openSUSE:Factory
Hello community,
here is the log from the commit of package docker for openSUSE:Factory checked in at 2018-07-02 23:29:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/docker (Old)
and /work/SRC/openSUSE:Factory/.docker.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker"
Mon Jul 2 23:29:24 2018 rev:78 rq:619750 version:17.09.1_ce
Changes:
--------
--- /work/SRC/openSUSE:Factory/docker/docker.changes 2018-06-22 13:15:22.691048985 +0200
+++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2018-07-02 23:29:29.565543925 +0200
@@ -1,0 +2,9 @@
+Fri Jun 29 08:35:56 UTC 2018 - asarai@suse.com
+
+- Update the AppArmor patchset again to fix a separate issue where changed
+ AppArmor profiles don't actually get applied on Docker daemon reboot.
+ bsc#1099277
+ * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+ + bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
+
+-------------------------------------------------------------------
New:
----
bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ docker.spec ++++++
--- /var/tmp/diff_new_pack.xZorMf/_old 2018-07-02 23:29:30.749542452 +0200
+++ /var/tmp/diff_new_pack.xZorMf/_new 2018-07-02 23:29:30.749542452 +0200
@@ -68,6 +68,8 @@
Patch401: bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/36822. bsc#1073877
Patch402: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277
+Patch403: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@@ -198,6 +200,8 @@
%patch401 -p1
# bsc#1073877
%patch402 -p1
+# bsc#1099277
+%patch403 -p1
cp %{SOURCE7} .
cp %{SOURCE9} .
++++++ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch ++++++
--- /var/tmp/diff_new_pack.xZorMf/_old 2018-07-02 23:29:30.829542353 +0200
+++ /var/tmp/diff_new_pack.xZorMf/_new 2018-07-02 23:29:30.833542348 +0200
@@ -1,7 +1,7 @@
From 2cc9da975798847cd0a37d1571d8a0f1d72b522d Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
From 8edc54753ab5ea9294c55ec32b49c9eb7cdf3892 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai
Date: Fri, 29 Jun 2018 17:59:30 +1000 Subject: [PATCH 2/2] apparmor: clobber docker-default profile on start
In the process of making docker-default reloading far less expensive,
567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
profiles") mistakenly made the initial profile load at dockerd start-up
lazy. As a result, if you have a running Docker daemon and upgrade it to
a new one with an updated AppArmor profile the new profile will not take
effect (because the old one is still loaded). The fix for this is quite
trivial, and just requires us to clobber the profile on start-up.
Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles")
SUSE-Bugs: bsc#1099277
Signed-off-by: Aleksa Sarai
participants (1)
-
root