-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
package/runc: add missing patch to fix device permissions update
The rebased patch series in original PR [1] that was used here after update to v1.2.5 were missing the last patch from the old patch series that changes the behavior to add/remove permissions incrementally instead of replacing them. This caused regression described in [2]. With the missing patch added, the permissions are added correctly for all new devices. [1] opencontainers/runc#3402 [2] home-assistant/operating-system#3915 Signed-off-by: Jan Čermák <[email protected]>
- Loading branch information
Showing
5 changed files
with
33 additions
and
8 deletions.
There are no files selected for viewing
4 changes: 2 additions & 2 deletions
4
package/runc/0001-Separate-Device-handling-for-default-AllowDevices.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From c40c8446567dae76840b240b415bf11caefc5399 Mon Sep 17 00:00:00 2001 | ||
| From 1b693e2ef1548df6e66639785812f235642ab715 Mon Sep 17 00:00:00 2001 | ||
| From: Stefan Agner <[email protected]> | ||
| Date: Thu, 3 Mar 2022 14:24:37 +0100 | ||
| Subject: [PATCH 1/4] Separate Device handling for default AllowDevices | ||
| Subject: [PATCH 1/5] Separate Device handling for default AllowDevices | ||
|
|
||
| Signed-off-by: Stefan Agner <[email protected]> | ||
| --- | ||
|
|
||
4 changes: 2 additions & 2 deletions
4
package/runc/0002-Implement-common-function-to-create-DeviceCgroup-rul.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From 9457c2515372e10d883042709f306c33db131fe3 Mon Sep 17 00:00:00 2001 | ||
| From 29f032b3562d160c83bcaa678251150102e94d45 Mon Sep 17 00:00:00 2001 | ||
| From: Stefan Agner <[email protected]> | ||
| Date: Thu, 3 Mar 2022 14:55:53 +0100 | ||
| Subject: [PATCH 2/4] Implement common function to create DeviceCgroup rules | ||
| Subject: [PATCH 2/5] Implement common function to create DeviceCgroup rules | ||
|
|
||
| Signed-off-by: Stefan Agner <[email protected]> | ||
| --- | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From c31304323218d3c6667c21d8454729f2ee8e38be Mon Sep 17 00:00:00 2001 | ||
| From 3fb407533e67043eb4b330b6dbf5e5e73079b843 Mon Sep 17 00:00:00 2001 | ||
| From: Stefan Agner <[email protected]> | ||
| Date: Thu, 3 Mar 2022 15:43:10 +0100 | ||
| Subject: [PATCH 3/4] Implement Device Resources updates | ||
| Subject: [PATCH 3/5] Implement Device Resources updates | ||
|
|
||
| Add support to update Device Resources with runc update. | ||
|
|
||
|
|
||
4 changes: 2 additions & 2 deletions
4
package/runc/0004-Add-integration-tests-for-device-updates.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| From cce77c93e4dce47fd22fced5e71a8a1acc045ae9 Mon Sep 17 00:00:00 2001 | ||
| From 18a44099acf8ddd13cc5f1bca1d4d52931c6e12c Mon Sep 17 00:00:00 2001 | ||
| From: Stefan Agner <[email protected]> | ||
| Date: Fri, 5 Aug 2022 13:03:21 +0200 | ||
| Subject: [PATCH 4/4] Add integration tests for device updates | ||
| Subject: [PATCH 4/5] Add integration tests for device updates | ||
|
|
||
| Signed-off-by: Stefan Agner <[email protected]> | ||
| --- | ||
|
|
||
25 changes: 25 additions & 0 deletions
25
package/runc/0005-Incremental-update-device-permission.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| From a2210d008b96f20b39a6e2075b2702bfe24da2a0 Mon Sep 17 00:00:00 2001 | ||
| From: Stefan Agner <[email protected]> | ||
| Date: Mon, 8 Aug 2022 13:39:26 +0200 | ||
| Subject: [PATCH 5/5] Incremental update device permission | ||
|
|
||
| --- | ||
| update.go | 5 +---- | ||
| 1 file changed, 1 insertion(+), 4 deletions(-) | ||
|
|
||
| diff --git a/update.go b/update.go | ||
| index fca14968..794cc905 100644 | ||
| --- a/update.go | ||
| +++ b/update.go | ||
| @@ -342,10 +342,7 @@ other options are ignored. | ||
| config.Cgroups.Resources.Unified = r.Unified | ||
|
|
||
| if len(r.Devices) > 0 { | ||
| - config.Cgroups.Resources.Devices = nil | ||
| - defaultAllowedDevices := specconv.CreateDefaultDevicesCgroups(&config) | ||
| - | ||
| - err = specconv.CreateCgroupDeviceConfig(config.Cgroups.Resources, &r, defaultAllowedDevices) | ||
| + err = specconv.CreateCgroupDeviceConfig(config.Cgroups.Resources, &r, nil) | ||
| if err != nil { | ||
| return err | ||
| } |