Update rancher/docker-from-scratch

2025-07-01 01:01:48 +00:00 · 2016-02-18 16:35:53 -08:00 · 2016-02-18 16:35:53 -08:00 · 90c8de9c0a
commit 90c8de9c0a
parent cd8ab49579
4 changed files with 89 additions and 5 deletions
--- a/trash.yml
+++ b/trash.yml
@ -66,7 +66,7 @@ import:
  version: 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67

 - package: github.com/rancher/docker-from-scratch
-  version: v1.10.1
+  version: 62ceebcf43725e484e598b2879d1aa33b4a5133a

 - package: github.com/rancher/netconf
  version: d7d620ef4ea62a9d04b51c7b3d9dc83fe7ffaa1b
--- a/vendor/github.com/rancher/docker-from-scratch/Dockerfile.dapper
+++ b/vendor/github.com/rancher/docker-from-scratch/Dockerfile.dapper
@ -1,5 +1,6 @@
 FROM golang:1.5.3

+RUN apt-get update && apt-get -y install libselinux-dev pkg-config
 RUN curl -o /usr/local/bin/docker -L https://get.docker.com/builds/Linux/x86_64/docker-1.9.1 && \
    chmod +x /usr/local/bin/docker

--- a/vendor/github.com/rancher/docker-from-scratch/scratch.go
+++ b/vendor/github.com/rancher/docker-from-scratch/scratch.go
@ -14,6 +14,7 @@ import (

 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/resolvconf"
+	"github.com/rancher/docker-from-scratch/selinux"
 	"github.com/rancher/docker-from-scratch/util"
 	"github.com/rancher/netconf"
 )
@ -37,6 +38,9 @@ var (
 		{"none", "/sys", "sysfs", ""},
 		{"none", "/sys/fs/cgroup", "tmpfs", ""},
 	}
+	optionalMounts = [][]string{
+		{"none", "/sys/fs/selinux", "selinuxfs", ""},
+	}
 	systemdMounts = [][]string{
 		{"systemd", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd"},
 	}
@ -56,6 +60,7 @@ type Config struct {
 	EmulateSystemd  bool
 	NoFiles         uint64
 	Environment     []string
+	GraphDirectory  string
 }

 func createMounts(mounts ...[]string) error {
@ -70,6 +75,16 @@ func createMounts(mounts ...[]string) error {
 	return nil
 }

+func createOptionalMounts(mounts ...[]string) {
+	for _, mount := range mounts {
+		log.Debugf("Mounting %s %s %s %s", mount[0], mount[1], mount[2], mount[3])
+		err := util.Mount(mount[0], mount[1], mount[2], mount[3])
+		if err != nil {
+			log.Debugf("Unable to mount %s %s %s %s: %s", mount[0], mount[1], mount[2], mount[3], err)
+		}
+	}
+}
+
 func createDirs(dirs ...string) error {
 	for _, dir := range dirs {
 		if _, err := os.Stat(dir); os.IsNotExist(err) {
@ -213,6 +228,22 @@ func copyDefault(folder, name string) error {
 	return nil
 }

+func copyDefaultFolder(folder string) error {
+	defaultFolder := path.Join(defaultPrefix, folder)
+	files, _ := ioutil.ReadDir(defaultFolder)
+	for _, file := range files {
+		if file.IsDir() {
+			continue
+		}
+
+		if err := copyDefault(folder, file.Name()); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func defaultFiles(files ...string) error {
 	for _, file := range files {
 		dir := path.Dir(file)
@ -225,6 +256,14 @@ func defaultFiles(files ...string) error {
 	return nil
 }

+func defaultFolders(folders ...string) error {
+	for _, folder := range folders {
+		copyDefaultFolder(folder)
+	}
+
+	return nil
+}
+
 func CopyFile(src, folder, name string) error {
 	if _, err := os.Stat(src); os.IsNotExist(err) {
 		return nil
@ -330,6 +369,8 @@ func ParseConfig(config *Config, args ...string) []string {
 			if err != nil {
 				config.BridgeMtu = mtu
 			}
+		} else if strings.HasPrefix(arg, "-g") || strings.HasPrefix(arg, "--graph") {
+			config.GraphDirectory = util.GetValue(i, args)
 		}
 	}

@ -363,11 +404,17 @@ func PrepareFs(config *Config) error {
 		return err
 	}

+	createOptionalMounts(optionalMounts...)
+
 	if err := mountCgroups(config.CgroupHierarchy); err != nil {
 		return err
 	}

-	if err := createLayout(); err != nil {
+	if err := createLayout(config); err != nil {
+		return err
+	}
+
+	if err := firstPrepare(); err != nil {
 		return err
 	}

@ -405,11 +452,23 @@ func touchSockets(args ...string) error {
 	return nil
 }

-func createLayout() error {
+func createLayout(config *Config) error {
 	if err := createDirs("/tmp", "/root/.ssh", "/var"); err != nil {
 		return err
 	}

+	graphDirectory := config.GraphDirectory
+
+	if config.GraphDirectory == "" {
+		graphDirectory = "/var/lib/docker"
+	}
+
+	if err := createDirs(graphDirectory); err != nil {
+		return err
+	}
+
+	selinux.SetFileContext(graphDirectory, "system_u:object_r:var_lib_t:s0")
+
 	return CreateSymlinks([][]string{
 		{"usr/lib", "/lib"},
 		{"usr/sbin", "/sbin"},
@ -417,7 +476,7 @@ func createLayout() error {
 	})
 }

-func prepare(config *Config, docker string, args ...string) error {
+func firstPrepare() error {
 	os.Setenv("PATH", "/sbin:/usr/sbin:/usr/bin")

 	if err := defaultFiles(
@ -428,6 +487,15 @@ func prepare(config *Config, docker string, args ...string) error {
 		return err
 	}

+	if err := defaultFolders(
+		"/etc/selinux",
+		"/etc/selinux/ros",
+		"/etc/selinux/ros/policy",
+		"/etc/selinux/ros/contexts",
+	); err != nil {
+		return err
+	}
+
 	if err := createPasswd(); err != nil {
 		return err
 	}
@ -436,6 +504,11 @@ func prepare(config *Config, docker string, args ...string) error {
 		return err
 	}

+	return nil
+}
+
+func secondPrepare(config *Config, docker string, args ...string) error {
+
 	if err := setupNetworking(config); err != nil {
 		return err
 	}
@ -548,7 +621,7 @@ func setUlimit(cfg *Config) error {
 }

 func runOrExec(config *Config, docker string, args ...string) (*exec.Cmd, error) {
-	if err := prepare(config, docker, args...); err != nil {
+	if err := secondPrepare(config, docker, args...); err != nil {
 		return nil, err
 	}

--- a/vendor/github.com/rancher/docker-from-scratch/selinux/selinux.go
+++ b/vendor/github.com/rancher/docker-from-scratch/selinux/selinux.go
@ -0,0 +1,10 @@
+package selinux
+
+// #cgo pkg-config: libselinux
+// #include <selinux/selinux.h>
+import "C"
+
+func SetFileContext(path string, context string) (int, error) {
+	ret, err := C.setfilecon(C.CString(path), C.CString(context))
+	return int(ret), err
+}