Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574664 - app-emulation/docker-1.7.1 + grsec
Summary: app-emulation/docker-1.7.1 + grsec
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Tianon
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-13 23:14 UTC by Walter
Modified: 2018-08-19 17:32 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Walter 2016-02-13 23:14:54 UTC 
All docker users pull images from public repositories. When pulling such an image, it is necessary to mknod and chmod within the container image. The grsec options 'CONFIG_GRKERNSEC_CHROOT_MKNOD' and 'CONFIG_GRKERNSEC_CHROOT_CHMOD' are thus incompatible with all versions of docker. They *can* be compiled in if grsec's sysctl support 'CONFIG_GRKERNSEC_SYSCTL' is enabled, but in that case for docker to work the sysctls must be used to disable these features prior to running docker, ie.

echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_mknod
echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_chmod
Comment 1 Walter 2016-02-13 23:48:36 UTC 
Related docker bug @ https://github.com/docker/docker/issues/20303
Comment 2 Manuel Rüger (RETIRED) gentoo-dev 2016-11-11 15:25:12 UTC 
Is this still valid? Seems like the upstream bug has seen some comments and got eventually closed.
Comment 3 Manuel Rüger (RETIRED) gentoo-dev 2017-07-02 23:57:12 UTC 
No reply, closing.