* [PATCH 1/2] runc: allow enabling seccomp
@ 2018-05-25 13:58 Pascal Bach
2018-05-25 13:58 ` [PATCH 2/2] docker: " Pascal Bach
2018-05-29 14:25 ` [PATCH 1/2] runc: " Bruce Ashfield
0 siblings, 2 replies; 9+ messages in thread
From: Pascal Bach @ 2018-05-25 13:58 UTC (permalink / raw)
To: meta-virtualization
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
---
recipes-containers/runc/runc.inc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc
index 9199cef..6d11a6e 100644
--- a/recipes-containers/runc/runc.inc
+++ b/recipes-containers/runc/runc.inc
@@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
inherit go
inherit goarch
+inherit pkgconfig
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
RRECOMMENDS_${PN} = "lxc docker"
PROVIDES += "virtual/runc"
@@ -22,7 +26,7 @@ GO_IMPORT = "import"
LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
do_configure[noexec] = "1"
-EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
+EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
do_compile() {
# Set GOPATH. See 'PACKAGERS.md'. Don't rely on
--
2.11.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/2] docker: allow enabling seccomp
2018-05-25 13:58 [PATCH 1/2] runc: allow enabling seccomp Pascal Bach
@ 2018-05-25 13:58 ` Pascal Bach
2018-05-29 14:26 ` Bruce Ashfield
2018-05-29 14:25 ` [PATCH 1/2] runc: " Bruce Ashfield
1 sibling, 1 reply; 9+ messages in thread
From: Pascal Bach @ 2018-05-25 13:58 UTC (permalink / raw)
To: meta-virtualization
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
---
recipes-containers/docker/docker_git.bb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/recipes-containers/docker/docker_git.bb b/recipes-containers/docker/docker_git.bb
index e055a4f..790170e 100644
--- a/recipes-containers/docker/docker_git.bb
+++ b/recipes-containers/docker/docker_git.bb
@@ -62,6 +62,9 @@ DEPENDS = " \
libtool \
"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
+
PACKAGES =+ "${PN}-contrib"
DEPENDS_append_class-target = " lvm2"
@@ -105,7 +108,7 @@ do_compile() {
export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
# in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056
- export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
+ export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper ${PACKAGECONFIG_CONFARGS}'
export DISABLE_WARN_OUTSIDE_CONTAINER=1
--
2.11.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-25 13:58 [PATCH 1/2] runc: allow enabling seccomp Pascal Bach
2018-05-25 13:58 ` [PATCH 2/2] docker: " Pascal Bach
@ 2018-05-29 14:25 ` Bruce Ashfield
2018-05-29 14:33 ` akuster808
1 sibling, 1 reply; 9+ messages in thread
From: Bruce Ashfield @ 2018-05-29 14:25 UTC (permalink / raw)
To: Pascal Bach; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 1478 bytes --]
merged.
Bruce
On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com>
wrote:
> This requires libseccomp from meta-security so it is not enabled by
> default.
>
> Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> ---
> recipes-containers/runc/runc.inc | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/
> runc.inc
> index 9199cef..6d11a6e 100644
> --- a/recipes-containers/runc/runc.inc
> +++ b/recipes-containers/runc/runc.inc
> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>
> inherit go
> inherit goarch
> +inherit pkgconfig
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>
> RRECOMMENDS_${PN} = "lxc docker"
> PROVIDES += "virtual/runc"
> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
>
> do_configure[noexec] = "1"
> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>
> do_compile() {
> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
> --
> 2.11.0
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
--
"Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end"
[-- Attachment #2: Type: text/html, Size: 2546 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] docker: allow enabling seccomp
2018-05-25 13:58 ` [PATCH 2/2] docker: " Pascal Bach
@ 2018-05-29 14:26 ` Bruce Ashfield
0 siblings, 0 replies; 9+ messages in thread
From: Bruce Ashfield @ 2018-05-29 14:26 UTC (permalink / raw)
To: Pascal Bach; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 1706 bytes --]
merged.
Bruce
On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com>
wrote:
> This requires libseccomp from meta-security so it is not enabled by
> default.
>
> Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
> ---
> recipes-containers/docker/docker_git.bb | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-containers/docker/docker_git.bb
> b/recipes-containers/docker/docker_git.bb
> index e055a4f..790170e 100644
> --- a/recipes-containers/docker/docker_git.bb
> +++ b/recipes-containers/docker/docker_git.bb
> @@ -62,6 +62,9 @@ DEPENDS = " \
> libtool \
> "
>
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
> +
> PACKAGES =+ "${PN}-contrib"
>
> DEPENDS_append_class-target = " lvm2"
> @@ -105,7 +108,7 @@ do_compile() {
> export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
> export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
> # in order to exclude devicemapper and btrfs -
> https://github.com/docker/docker/issues/14056
> - export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs
> exclude_graphdriver_devicemapper'
> + export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs
> exclude_graphdriver_devicemapper ${PACKAGECONFIG_CONFARGS}'
>
> export DISABLE_WARN_OUTSIDE_CONTAINER=1
>
> --
> 2.11.0
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
--
"Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end"
[-- Attachment #2: Type: text/html, Size: 3105 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-29 14:25 ` [PATCH 1/2] runc: " Bruce Ashfield
@ 2018-05-29 14:33 ` akuster808
2018-05-29 14:45 ` Bruce Ashfield
0 siblings, 1 reply; 9+ messages in thread
From: akuster808 @ 2018-05-29 14:33 UTC (permalink / raw)
To: Bruce Ashfield, Pascal Bach; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 2047 bytes --]
On 05/29/2018 07:25 AM, Bruce Ashfield wrote:
> merged.
>
> Bruce
>
> On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com
> <mailto:pascal.bach@siemens.com>> wrote:
>
> This requires libseccomp from meta-security so it is not enabled
> by default.
>
will there be a patch to add this dependency to the layer.conf ?
- armin
>
>
> Signed-off-by: Pascal Bach <pascal.bach@siemens.com
> <mailto:pascal.bach@siemens.com>>
> ---
> recipes-containers/runc/runc.inc | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-containers/runc/runc.inc
> b/recipes-containers/runc/runc.inc
> index 9199cef..6d11a6e 100644
> --- a/recipes-containers/runc/runc.inc
> +++ b/recipes-containers/runc/runc.inc
> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>
> inherit go
> inherit goarch
> +inherit pkgconfig
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>
> RRECOMMENDS_${PN} = "lxc docker"
> PROVIDES += "virtual/runc"
> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer
> <http://github.com/opencontainers/runc/libcontainer>"
>
> do_configure[noexec] = "1"
> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>
> do_compile() {
> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
> --
> 2.11.0
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> <mailto:meta-virtualization@yoctoproject.org>
> https://lists.yoctoproject.org/listinfo/meta-virtualization
> <https://lists.yoctoproject.org/listinfo/meta-virtualization>
>
>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end"
>
>
[-- Attachment #2: Type: text/html, Size: 4456 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-29 14:33 ` akuster808
@ 2018-05-29 14:45 ` Bruce Ashfield
2018-05-29 14:56 ` akuster808
2018-05-30 7:31 ` Pascal Bach
0 siblings, 2 replies; 9+ messages in thread
From: Bruce Ashfield @ 2018-05-29 14:45 UTC (permalink / raw)
To: akuster808; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 2117 bytes --]
On Tue, May 29, 2018 at 10:33 AM, akuster808 <akuster808@gmail.com> wrote:
>
>
> On 05/29/2018 07:25 AM, Bruce Ashfield wrote:
>
> merged.
>
> Bruce
>
> On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com>
> wrote:
>
>> This requires libseccomp from meta-security so it is not enabled by
>> default.
>>
>
> will there be a patch to add this dependency to the layer.conf ?
>
We just tweaked it, but yes it will need another patch.
But that dependency is conditional, do we have examples of how to make the
layer.conf dependency conditional ? We may need a distro or other feature,
I suppose.
Bruce
>
> - armin
>
>
>> Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
>> ---
>> recipes-containers/runc/runc.inc | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/recipes-containers/runc/runc.inc
>> b/recipes-containers/runc/runc.inc
>> index 9199cef..6d11a6e 100644
>> --- a/recipes-containers/runc/runc.inc
>> +++ b/recipes-containers/runc/runc.inc
>> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>>
>> inherit go
>> inherit goarch
>> +inherit pkgconfig
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>>
>> RRECOMMENDS_${PN} = "lxc docker"
>> PROVIDES += "virtual/runc"
>> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
>> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
>>
>> do_configure[noexec] = "1"
>> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
>> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>>
>> do_compile() {
>> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization@yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>>
>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await thee
> at its end"
>
>
>
>
--
"Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end"
[-- Attachment #2: Type: text/html, Size: 5267 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-29 14:45 ` Bruce Ashfield
@ 2018-05-29 14:56 ` akuster808
2018-05-29 15:00 ` Bruce Ashfield
2018-05-30 7:31 ` Pascal Bach
1 sibling, 1 reply; 9+ messages in thread
From: akuster808 @ 2018-05-29 14:56 UTC (permalink / raw)
To: Bruce Ashfield, akuster808; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 2988 bytes --]
On 05/29/2018 07:45 AM, Bruce Ashfield wrote:
>
>
> On Tue, May 29, 2018 at 10:33 AM, akuster808 <akuster808@gmail.com
> <mailto:akuster808@gmail.com>> wrote:
>
>
>
> On 05/29/2018 07:25 AM, Bruce Ashfield wrote:
>> merged.
>>
>> Bruce
>>
>> On Fri, May 25, 2018 at 9:58 AM, Pascal Bach
>> <pascal.bach@siemens.com <mailto:pascal.bach@siemens.com>> wrote:
>>
>> This requires libseccomp from meta-security so it is not
>> enabled by default.
>>
>
> will there be a patch to add this dependency to the layer.conf ?
>
>
>
> We just tweaked it, but yes it will need another patch.
>
> But that dependency is conditional, do we have examples of how to make
> the layer.conf dependency conditional ? We may need a distro or other
> feature, I suppose.
or we just move libseccomp to meta-oe and call it a day ; ) ( something
I have been thinking about for a while)
- armin
>
> Bruce
>
>
>
> - armin
>
>>
>> Signed-off-by: Pascal Bach <pascal.bach@siemens.com
>> <mailto:pascal.bach@siemens.com>>
>> ---
>> recipes-containers/runc/runc.inc | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/recipes-containers/runc/runc.inc
>> b/recipes-containers/runc/runc.inc
>> index 9199cef..6d11a6e 100644
>> --- a/recipes-containers/runc/runc.inc
>> +++ b/recipes-containers/runc/runc.inc
>> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>>
>> inherit go
>> inherit goarch
>> +inherit pkgconfig
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>>
>> RRECOMMENDS_${PN} = "lxc docker"
>> PROVIDES += "virtual/runc"
>> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
>> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer
>> <http://github.com/opencontainers/runc/libcontainer>"
>>
>> do_configure[noexec] = "1"
>> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
>> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>>
>> do_compile() {
>> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization@yoctoproject.org
>> <mailto:meta-virtualization@yoctoproject.org>
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>> <https://lists.yoctoproject.org/listinfo/meta-virtualization>
>>
>>
>>
>>
>> --
>> "Thou shalt not follow the NULL pointer, for chaos and madness
>> await thee at its end"
>>
>>
>
>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end"
>
>
[-- Attachment #2: Type: text/html, Size: 8875 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-29 14:56 ` akuster808
@ 2018-05-29 15:00 ` Bruce Ashfield
0 siblings, 0 replies; 9+ messages in thread
From: Bruce Ashfield @ 2018-05-29 15:00 UTC (permalink / raw)
To: akuster808; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 2641 bytes --]
On Tue, May 29, 2018 at 10:56 AM, akuster808 <akuster808@gmail.com> wrote:
>
>
> On 05/29/2018 07:45 AM, Bruce Ashfield wrote:
>
>
>
> On Tue, May 29, 2018 at 10:33 AM, akuster808 <akuster808@gmail.com> wrote:
>
>>
>>
>> On 05/29/2018 07:25 AM, Bruce Ashfield wrote:
>>
>> merged.
>>
>> Bruce
>>
>> On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com>
>> wrote:
>>
>>> This requires libseccomp from meta-security so it is not enabled by
>>> default.
>>>
>>
>> will there be a patch to add this dependency to the layer.conf ?
>>
>
>
> We just tweaked it, but yes it will need another patch.
>
> But that dependency is conditional, do we have examples of how to make the
> layer.conf dependency conditional ? We may need a distro or other feature,
> I suppose.
>
> or we just move libseccomp to meta-oe and call it a day ; ) ( something I
> have been thinking about for a while)
>
No objections here!
Bruce
>
> - armin
>
>
> Bruce
>
>
>>
>> - armin
>>
>>
>>> Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
>>> ---
>>> recipes-containers/runc/runc.inc | 6 +++++-
>>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/recipes-containers/runc/runc.inc
>>> b/recipes-containers/runc/runc.inc
>>> index 9199cef..6d11a6e 100644
>>> --- a/recipes-containers/runc/runc.inc
>>> +++ b/recipes-containers/runc/runc.inc
>>> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>>>
>>> inherit go
>>> inherit goarch
>>> +inherit pkgconfig
>>> +
>>> +PACKAGECONFIG ??= ""
>>> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>>>
>>> RRECOMMENDS_${PN} = "lxc docker"
>>> PROVIDES += "virtual/runc"
>>> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
>>> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
>>>
>>> do_configure[noexec] = "1"
>>> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
>>> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>>>
>>> do_compile() {
>>> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
>>> --
>>> 2.11.0
>>>
>>> --
>>> _______________________________________________
>>> meta-virtualization mailing list
>>> meta-virtualization@yoctoproject.org
>>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>>>
>>
>>
>>
>> --
>> "Thou shalt not follow the NULL pointer, for chaos and madness await thee
>> at its end"
>>
>>
>>
>>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await thee
> at its end"
>
>
>
>
--
"Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end"
[-- Attachment #2: Type: text/html, Size: 8990 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] runc: allow enabling seccomp
2018-05-29 14:45 ` Bruce Ashfield
2018-05-29 14:56 ` akuster808
@ 2018-05-30 7:31 ` Pascal Bach
1 sibling, 0 replies; 9+ messages in thread
From: Pascal Bach @ 2018-05-30 7:31 UTC (permalink / raw)
To: Bruce Ashfield, akuster808; +Cc: meta-virtualization
On 29.05.2018 16:45, Bruce Ashfield wrote:
>
>
> On Tue, May 29, 2018 at 10:33 AM, akuster808 <akuster808@gmail.com <mailto:akuster808@gmail.com>> wrote:
>
>
>
> On 05/29/2018 07:25 AM, Bruce Ashfield wrote:
>> merged.
>>
>> Bruce
>>
>> On Fri, May 25, 2018 at 9:58 AM, Pascal Bach <pascal.bach@siemens.com <mailto:pascal.bach@siemens.com>> wrote:
>>
>> This requires libseccomp from meta-security so it is not enabled by default.
>>
>
> will there be a patch to add this dependency to the layer.conf ?
>
>
>
> We just tweaked it, but yes it will need another patch.
>
> But that dependency is conditional, do we have examples of how to make the layer.conf dependency conditional ? We may need a distro or other feature, I suppose.
>
> Bruce
I did not enable it by default exactly for the reason that I didn't want to include another dependency. We currently add meta-security to our distro layer and just have a bbappnd there that enables seccomp for docker.
But if you would be OK with addind meta-security as a dependency that would be fine with me too ;)
Pascal
>
>
>
> - armin
>
>>
>> Signed-off-by: Pascal Bach <pascal.bach@siemens.com <mailto:pascal.bach@siemens.com>>
>> ---
>> recipes-containers/runc/runc.inc | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc
>> index 9199cef..6d11a6e 100644
>> --- a/recipes-containers/runc/runc.inc
>> +++ b/recipes-containers/runc/runc.inc
>> @@ -12,6 +12,10 @@ PV = "${RUNC_VERSION}+git${SRCPV}"
>>
>> inherit go
>> inherit goarch
>> +inherit pkgconfig
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
>>
>> RRECOMMENDS_${PN} = "lxc docker"
>> PROVIDES += "virtual/runc"
>> @@ -22,7 +26,7 @@ GO_IMPORT = "import"
>> LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer <http://github.com/opencontainers/runc/libcontainer>"
>>
>> do_configure[noexec] = "1"
>> -EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
>> +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
>>
>> do_compile() {
>> # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization@yoctoproject.org <mailto:meta-virtualization@yoctoproject.org>
>> https://lists.yoctoproject.org/listinfo/meta-virtualization <https://lists.yoctoproject.org/listinfo/meta-virtualization>
>>
>>
>>
>>
>> --
>> "Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end"
>>
>>
>
>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end"
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-05-30 7:31 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-25 13:58 [PATCH 1/2] runc: allow enabling seccomp Pascal Bach
2018-05-25 13:58 ` [PATCH 2/2] docker: " Pascal Bach
2018-05-29 14:26 ` Bruce Ashfield
2018-05-29 14:25 ` [PATCH 1/2] runc: " Bruce Ashfield
2018-05-29 14:33 ` akuster808
2018-05-29 14:45 ` Bruce Ashfield
2018-05-29 14:56 ` akuster808
2018-05-29 15:00 ` Bruce Ashfield
2018-05-30 7:31 ` Pascal Bach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.