aboutsummaryrefslogtreecommitdiffstats
path: root/community/docker/docker-openrc-fixes.patch
blob: 49a59cb98e675358ec2aeca9122119dfbb71bad3 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
diff --git a/contrib/init/openrc/docker.confd b/contrib/init/openrc/docker.confd
index 2444031..b5f431c 100644
--- a/contrib/init/openrc/docker.confd
+++ b/contrib/init/openrc/docker.confd
@@ -11,3 +11,6 @@
 
 # any other random options you want to pass to docker
 DOCKER_OPTS=""
+
+# disable grsecurity features
+#disable_grsec="chroot_deny_chmod chroot_deny_mknod"
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
index f2e1536..20de85b 100644
--- a/contrib/init/openrc/docker.initd
+++ b/contrib/init/openrc/docker.initd
@@ -9,9 +9,21 @@
 start_stop_daemon_args="--background \
 	--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
 
+grsecdir=/proc/sys/kernel/grsecurity
+
+depend() {
+	need sysfs cgroups
+}
+
 start_pre() {
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 
+	for i in $disable_grsec; do
+		if [ -e "$grsecdir/$i" ]; then
+			einfo " Disabling $i"
+			echo 0 > "$grsecdir/$i"
+		fi
+	done
 	ulimit -n 1048576
 
 	# Having non-zero limits causes performance problems due to accounting overhead