commit: 5a3e7e3633c960e57ed08f27ca9edad244244dfd Author: Brahmajit Das <listout <AT> listout <DOT> xyz> AuthorDate: Thu Dec 4 14:19:12 2025 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Fri Jan 23 07:17:51 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a3e7e36
app-containers/runc: add kernel config checks Taken from upstream check-config.sh, https://github.com/opencontainers/runc/blob/main/script/check-config.sh Closes: https://bugs.gentoo.org/958647 Signed-off-by: Brahmajit Das <listout <AT> listout.xyz> Part-of: https://github.com/gentoo/gentoo/pull/42794 Closes: https://github.com/gentoo/gentoo/pull/42794 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> app-containers/runc/runc-1.3.3.ebuild | 87 +++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 3 deletions(-) diff --git a/app-containers/runc/runc-1.3.3.ebuild b/app-containers/runc/runc-1.3.3.ebuild index 19f660567b00..626b23f604b6 100644 --- a/app-containers/runc/runc-1.3.3.ebuild +++ b/app-containers/runc/runc-1.3.3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,8 +9,6 @@ inherit go-module linux-info # https://github.com/opencontainers/runc RUNC_COMMIT=d842d7719497cc3b774fd71620278ac9e17710e0 -CONFIG_CHECK="~USER_NS" - DESCRIPTION="runc container cli tools" HOMEPAGE="https://github.com/opencontainers/runc/"; MY_PV="${PV/_/-}" @@ -38,6 +36,89 @@ BDEPEND=" # majority of tests pass RESTRICT+=" test" +# Please refer: +# https://github.com/opencontainers/runc/blob/main/script/check-config.sh +pkg_setup() { + CONFIG_CHECK=" + ~NAMESPACES + ~NET_NS + ~PID_NS + ~IPC_NS + ~UTS_NS + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG + ~KEYS + ~VETH + ~BRIDGE + ~BRIDGE_NETFILTER + ~IP_NF_FILTER + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~IP_NF_NAT + ~NF_NAT + ~POSIX_MQUEUE + ~OVERLAY_FS + " + + CONFIG_CHECK+=" + ~USER_NS + " + + use seccomp && CONFIG_CHECK+=" + ~SECCOMP + ~SECCOMP_FILTER + " + WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature" + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature" + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP + ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH + ~FAIR_GROUP_SCHED + ~RT_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + ~CHECKPOINT_RESTORE + ~CGROUP_NET_PRIO + " + + use selinux && CONFIG_CHECK+=" + ~SECURITY_SELINUX" + + use apparmor && CONFIG_CHECK+=" + ~SECURITY_APPARMOR" + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + src_compile() { # build up optional flags local options=(
