Browse Source

sysutils/docker-engine: Copy more FreeBSD implementations from linux

master
Bernhard Fröhlich 2 months ago
parent
commit
8a2474c20a
Signed by: Bernhard Froehlich <decke@bluelife.at> GPG Key ID: 4DD88C3F9F3B8333

+ 3
- 30
sysutils/docker-engine/TODO View File

@@ -8,42 +8,12 @@ vendor/github.com/docker/libnetwork/iptables/conntrack.go:57:8: filter.AddIP und
vendor/github.com/docker/libnetwork/iptables/conntrack.go:57:15: undefined: netlink.ConntrackNatAnyIP
vendor/github.com/docker/libnetwork/iptables/conntrack.go:58:35: undefined: netlink.ConntrackTable

# github.com/docker/docker/vendor/github.com/moby/buildkit/executor/oci
vendor/github.com/moby/buildkit/executor/oci/spec_unix.go:52:23: undefined: entitlements.WithInsecureSpec

# github.com/docker/docker/daemon/graphdriver/zfs
daemon/graphdriver/zfs/zfs.go:417:37: undefined: unix.MNT_DETACH

# github.com/docker/docker/libcontainerd/remote
libcontainerd/remote/client.go:69:2: cannot use c (type *client) as type "github.com/docker/docker/libcontainerd/types".Client in return argument:
*client does not implement "github.com/docker/docker/libcontainerd/types".Client (missing UpdateResources method)
libcontainerd/remote/client.go:96:15: c.newDirectIO undefined (type *client has no field or method newDirectIO)
libcontainerd/remote/client.go:133:26: undefined: runtimeName
libcontainerd/remote/client.go:134:3: undefined: WithBundle
libcontainerd/remote/client.go:191:14: undefined: getSpecUser
libcontainerd/remote/client.go:194:13: undefined: newFIFOSet
libcontainerd/remote/client.go:269:11: undefined: newFIFOSet
libcontainerd/remote/client.go:407:13: undefined: summaryFromInterface
libcontainerd/remote/client.go:593:13: c.newDirectIO undefined (type *client has no field or method newDirectIO)
libcontainerd/remote/client.go:678:5: undefined: newFIFOSet
libcontainerd/remote/client.go:678:5: too many errors

# github.com/docker/docker/vendor/github.com/opencontainers/runc/libcontainer/configs
vendor/github.com/opencontainers/runc/libcontainer/configs/config.go:128:11: undefined: Cgroup

# github.com/docker/docker/vendor/github.com/docker/libnetwork/portmapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:20:16: undefined: newProxyCommand
vendor/github.com/docker/libnetwork/portmapper/mapper.go:34:29: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:39:86: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:40:10: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:48:11: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:53:11: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:185:11: undefined: PortMapper
vendor/github.com/docker/libnetwork/portmapper/mapper.go:222:11: undefined: PortMapper

# github.com/docker/docker/daemon/stats
daemon/stats/collector_unix.go:22:33: undefined: system.GetClockTicks

# github.com/docker/docker/libcontainerd/supervisor
libcontainerd/supervisor/remote_daemon.go:84:3: r.setDefaults undefined (type *remote has no field or method setDefaults)
libcontainerd/supervisor/remote_daemon.go:193:20: undefined: containerdSysProcAttr
@@ -51,6 +21,9 @@ libcontainerd/supervisor/remote_daemon.go:239:5: r.stopDaemon undefined (type *r
libcontainerd/supervisor/remote_daemon.go:245:4: r.platformCleanup undefined (type *remote has no field or method platformCleanup)
libcontainerd/supervisor/remote_daemon.go:320:5: r.killDaemon undefined (type *remote has no field or method killDaemon)

# github.com/docker/docker/daemon/stats
daemon/stats/collector_unix.go:22:33: undefined: system.GetClockTicks



### LINKS ###

+ 49
- 0
sysutils/docker-engine/files/patch-vendor_github.com_docker_libnetwork_portmapper_mapper__freebsd.go View File

@@ -0,0 +1,49 @@
--- vendor/github.com/docker/libnetwork/portmapper/mapper_freebsd.go.orig 2019-06-24 18:17:58 UTC
+++ vendor/github.com/docker/libnetwork/portmapper/mapper_freebsd.go
@@ -0,0 +1,46 @@
+package portmapper
+
+import (
+ "net"
+ "sync"
+
+ "github.com/docker/libnetwork/iptables"
+ "github.com/docker/libnetwork/portallocator"
+)
+
+// PortMapper manages the network address translation
+type PortMapper struct {
+ bridgeName string
+
+ // udp:ip:port
+ currentMappings map[string]*mapping
+ lock sync.Mutex
+
+ proxyPath string
+
+ Allocator *portallocator.PortAllocator
+ chain *iptables.ChainInfo
+}
+
+// SetIptablesChain sets the specified chain into portmapper
+func (pm *PortMapper) SetIptablesChain(c *iptables.ChainInfo, bridgeName string) {
+ pm.chain = c
+ pm.bridgeName = bridgeName
+}
+
+// AppendForwardingTableEntry adds a port mapping to the forwarding table
+func (pm *PortMapper) AppendForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ return pm.forward(iptables.Append, proto, sourceIP, sourcePort, containerIP, containerPort)
+}
+
+// DeleteForwardingTableEntry removes a port mapping from the forwarding table
+func (pm *PortMapper) DeleteForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ return pm.forward(iptables.Delete, proto, sourceIP, sourcePort, containerIP, containerPort)
+}
+
+func (pm *PortMapper) forward(action iptables.Action, proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ if pm.chain == nil {
+ return nil
+ }
+ return pm.chain.Forward(action, sourceIP, sourcePort, proto, containerIP, containerPort, pm.bridgeName)
+}

+ 41
- 0
sysutils/docker-engine/files/patch-vendor_github.com_docker_libnetwork_portmapper_proxy__freebsd.go View File

@@ -0,0 +1,41 @@
--- vendor/github.com/docker/libnetwork/portmapper/proxy_freebsd.go.orig 2019-06-24 18:17:46 UTC
+++ vendor/github.com/docker/libnetwork/portmapper/proxy_freebsd.go
@@ -0,0 +1,38 @@
+package portmapper
+
+import (
+ "net"
+ "os/exec"
+ "strconv"
+ "syscall"
+)
+
+func newProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int, proxyPath string) (userlandProxy, error) {
+ path := proxyPath
+ if proxyPath == "" {
+ cmd, err := exec.LookPath(userlandProxyCommandName)
+ if err != nil {
+ return nil, err
+ }
+ path = cmd
+ }
+
+ args := []string{
+ path,
+ "-proto", proto,
+ "-host-ip", hostIP.String(),
+ "-host-port", strconv.Itoa(hostPort),
+ "-container-ip", containerIP.String(),
+ "-container-port", strconv.Itoa(containerPort),
+ }
+
+ return &proxyCommand{
+ cmd: &exec.Cmd{
+ Path: path,
+ Args: args,
+ SysProcAttr: &syscall.SysProcAttr{
+ Pdeathsig: syscall.SIGTERM, // send a sigterm to the proxy if the daemon process dies
+ },
+ },
+ }, nil
+}

+ 70
- 0
sysutils/docker-engine/files/patch-vendor_github.com_moby_buildkit_util_entitlements_security__freebsd.go View File

@@ -0,0 +1,70 @@
--- vendor/github.com/moby/buildkit/util/entitlements/security_freebsd.go.orig 2019-06-24 18:24:33 UTC
+++ vendor/github.com/moby/buildkit/util/entitlements/security_freebsd.go
@@ -0,0 +1,67 @@
+package entitlements
+
+import (
+ "context"
+
+ "github.com/containerd/containerd/containers"
+ "github.com/containerd/containerd/oci"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// WithInsecureSpec sets spec with All capability.
+func WithInsecureSpec() oci.SpecOpts {
+ return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+ addCaps := []string{
+ "CAP_FSETID",
+ "CAP_KILL",
+ "CAP_FOWNER",
+ "CAP_MKNOD",
+ "CAP_CHOWN",
+ "CAP_DAC_OVERRIDE",
+ "CAP_NET_RAW",
+ "CAP_SETGID",
+ "CAP_SETUID",
+ "CAP_SETPCAP",
+ "CAP_SETFCAP",
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_CHROOT",
+ "CAP_AUDIT_WRITE",
+ "CAP_MAC_ADMIN",
+ "CAP_MAC_OVERRIDE",
+ "CAP_DAC_READ_SEARCH",
+ "CAP_SYS_PTRACE",
+ "CAP_SYS_MODULE",
+ "CAP_SYSLOG",
+ "CAP_SYS_RAWIO",
+ "CAP_SYS_ADMIN",
+ "CAP_LINUX_IMMUTABLE",
+ "CAP_SYS_BOOT",
+ "CAP_SYS_NICE",
+ "CAP_SYS_PACCT",
+ "CAP_SYS_TTY_CONFIG",
+ "CAP_SYS_TIME",
+ "CAP_WAKE_ALARM",
+ "CAP_AUDIT_READ",
+ "CAP_AUDIT_CONTROL",
+ "CAP_SYS_RESOURCE",
+ "CAP_BLOCK_SUSPEND",
+ "CAP_IPC_LOCK",
+ "CAP_IPC_OWNER",
+ "CAP_LEASE",
+ "CAP_NET_ADMIN",
+ "CAP_NET_BROADCAST",
+ }
+ for _, cap := range addCaps {
+ s.Process.Capabilities.Bounding = append(s.Process.Capabilities.Bounding, cap)
+ s.Process.Capabilities.Ambient = append(s.Process.Capabilities.Ambient, cap)
+ s.Process.Capabilities.Effective = append(s.Process.Capabilities.Effective, cap)
+ s.Process.Capabilities.Inheritable = append(s.Process.Capabilities.Inheritable, cap)
+ s.Process.Capabilities.Permitted = append(s.Process.Capabilities.Permitted, cap)
+ }
+ s.Linux.ReadonlyPaths = []string{}
+ s.Linux.MaskedPaths = []string{}
+ s.Process.ApparmorProfile = ""
+
+ return nil
+ }
+}

Loading…
Cancel
Save