commit: 6f78eaca943ed47dbea9a7c44e9f438aa3575438 Author: William Hubbs <williamh <AT> gentoo <DOT> org> AuthorDate: Tue Mar 14 16:44:19 2023 +0000 Commit: William Hubbs <williamh <AT> gentoo <DOT> org> CommitDate: Tue Mar 14 16:49:53 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f78eaca
app-containers/docker: more kernel option fixes - put SECURITY_SELINUX and SECURITY_APPARMOR behind the appropriate use flags - put MEMCG_SWAP and LEGACY_SYSCALL_EMULATE behind kernel version checks Bug: https://bugs.gentoo.org/900845 Signed-off-by: William Hubbs <williamh <AT> gentoo.org> app-containers/docker/docker-23.0.1.ebuild | 37 +++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/app-containers/docker/docker-23.0.1.ebuild b/app-containers/docker/docker-23.0.1.ebuild index d592dae8135b..227d05ce400b 100644 --- a/app-containers/docker/docker-23.0.1.ebuild +++ b/app-containers/docker/docker-23.0.1.ebuild @@ -114,9 +114,14 @@ pkg_setup() { CONFIG_CHECK+=" ~CGROUP_PIDS - ~MEMCG_SWAP " + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + if kernel_is le 5 8; then CONFIG_CHECK+=" ~MEMCG_SWAP_ENABLED @@ -124,10 +129,16 @@ pkg_setup() { fi CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NATIVE - ~LEGACY_VSYSCALL_EMULATE - ~!LEGACY_VSYSCALL_NONE - " + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " WARNING_LEGACY_SYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ Containers with <=glibc-2.13 will not work" @@ -155,9 +166,19 @@ pkg_setup() { ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_RR - ~SECURITY_SELINUX - ~SECURITY_APPARMOR - " + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi # if ! is_set EXT4_USE_FOR_EXT2; then # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
