From e3a25bbf5be2fc720b4362f9ed310b33fc80d6b8 Mon Sep 17 00:00:00 2001
From: Magnus Skjegstad <magnus@skjegstad.com>
Date: Thu, 15 Jun 2017 19:25:08 +0100
Subject: [PATCH 1/2] pkg/docker-ce: add vpnkit-expose-port

vpnkit-expose-port is the dockerd userland proxy used to expose
forwarding ports with vpnkit. This adds the binary to the image in
/usr/bin/vpnkit-expose-port, but does not enable it by default.

Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
---
 pkg/docker-ce/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile
index 639156913..cf5f235c7 100644
--- a/pkg/docker-ce/Dockerfile
+++ b/pkg/docker-ce/Dockerfile
@@ -17,8 +17,10 @@ RUN apk add --no-cache --initdb -p /out \
 	xz
 RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 
+FROM linuxkit/vpnkit-forwarder:883de832c2c3cb72cd9b01e3f7bd788649e0f2c2 AS vpnkit
 FROM scratch
 COPY --from=mirror /out/ /
+COPY --from=vpnkit /vpnkit-expose-port /usr/bin/vpnkit-expose-port
 
 # set up Docker group
 # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box

From cc59b458f13d16f078fec9b7979224d3d4109b4e Mon Sep 17 00:00:00 2001
From: Magnus Skjegstad <magnus@skjegstad.com>
Date: Thu, 15 Jun 2017 21:43:50 +0100
Subject: [PATCH 2/2] Update to latest pkg/docker-ce

Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
---
 examples/docker.yml                                            | 2 +-
 projects/compose/compose-dynamic.yml                           | 2 +-
 projects/compose/compose-static.yml                            | 2 +-
 projects/kubernetes/image-cache/Dockerfile                     | 2 +-
 projects/kubernetes/kube-master.yml                            | 2 +-
 projects/kubernetes/kube-node.yml                              | 2 +-
 test/cases/030_security/000_docker-bench/test-docker-bench.yml | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/examples/docker.yml b/examples/docker.yml
index 199defd70..c669c08e0 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -30,7 +30,7 @@ services:
   - name: ntpd
     image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host
diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml
index 2ec0ce2bb..aff359fed 100644
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@@ -27,7 +27,7 @@ services:
   - name: ntpd
     image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host
diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml
index 8d818ba73..59dd920f2 100644
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@@ -27,7 +27,7 @@ services:
   - name: ntpd
     image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host
diff --git a/projects/kubernetes/image-cache/Dockerfile b/projects/kubernetes/image-cache/Dockerfile
index dfbc6eb30..0e3d7455f 100644
--- a/projects/kubernetes/image-cache/Dockerfile
+++ b/projects/kubernetes/image-cache/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59
+FROM linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848
 ADD . /images
 ENTRYPOINT [ "/bin/sh", "-c" ]
 CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml
index 3e701397f..a043163eb 100644
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@@ -38,7 +38,7 @@ services:
   - name: sshd
     image: "linuxkit/sshd:abc1f5e096982ebc3fb61c506aed3ac9c2ae4d55"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host
diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml
index 99ebd21a8..7ade0cfc6 100644
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@@ -38,7 +38,7 @@ services:
   - name: sshd
     image: "linuxkit/sshd:abc1f5e096982ebc3fb61c506aed3ac9c2ae4d55"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host
diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
index 897e7c1fb..c92e029bb 100644
--- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml
+++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
@@ -24,7 +24,7 @@ services:
   - name: dhcpcd
     image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
   - name: docker
-    image: "linuxkit/docker-ce:668d62da6e3da081a8f8aca7db3e2a98adf5da59"
+    image: "linuxkit/docker-ce:dda71ff9fe5ebbfa794b98c57c32df286b212848"
     capabilities:
      - all
     net: host