[Buildroot] [PATCH] docker: add AppArmor support

Stefan Agner stefan at agner.ch
Mon Dec 28 14:06:18 UTC 2020


Hi Yann,

On 2020-12-25 19:01, Yann E. MORIN wrote:
> Stefan, All,
> 
> On 2020-12-23 11:13 +0100, Stefan Agner spake thusly:
>> From: Pascal Vizeli <pvizeli at syshack.ch>
> 
> So, does that mean that Pascal is the original author of that patch? If
> that is so, then you should have carried his authorship when propagating
> the patch. You can fix that by amending your commit:
> 
>     $ git commit --amend --author="Pascal Vizeli <pvizeli at syshack.ch>"
> 

Yes, Pascal was the original author, and he is the git author in my git
history. When doing "git format-patch", git creates a mbox file with the
From: line. Once sending out, a proper email requires to send it from my
email, but the From: is retained above in the message. This is not me,
that is just "git format-patch" and "git send-email" doing what it is
doing... When you download the mbox file and use "git am", it will
pickup the last From: and restore Pascal Vizeli as author.

>> Signed-off-by: Pascal Vizeli <pvizeli at syshack.ch>
>> Signed-off-by: Stefan Agner <stefan at agner.ch>
> 
> However, adding your SoB after theirs is perfect, thanks.
> 
>> ---
>>  package/docker-containerd/docker-containerd.mk | 5 +++++
>>  package/docker-engine/docker-engine.mk         | 5 +++++
>>  package/runc/runc.mk                           | 5 +++++
> 
> Do we really need to add AppArmor in those three at the same time?
> 
> Usually, we try to limit the changes to the minimal. i.e. one change per
> package, unless the change must be done at the same time (e.g. otherwise
> it fails to build or run).

Uh, I did not test what would happen if you run this components
with/without apparmor, but I don't think that is what one typically
wants.

> 
> If the change must be done in one patch, the commit log should explain
> why.
> 
> Care to resend, with proper authorship, and by either splitting the
> patch or adding the explanation in the commit log?

Sure, can resend in a splitted version.

--
Stefan

> 
> Regards,
> Yann E. MORIN.
> 
>>  3 files changed, 15 insertions(+)
>>
>> diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
>> index d9a0eb28a6..c68e3818a8 100644
>> --- a/package/docker-containerd/docker-containerd.mk
>> +++ b/package/docker-containerd/docker-containerd.mk
>> @@ -18,6 +18,11 @@ DOCKER_CONTAINERD_BUILD_TARGETS = cmd/ctr cmd/containerd cmd/containerd-shim
>>
>>  DOCKER_CONTAINERD_INSTALL_BINS = containerd containerd-shim
>>
>> +ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
>> +DOCKER_CONTAINERD_DEPENDENCIES += libapparmor
>> +DOCKER_CONTAINERD_TAGS += apparmor
>> +endif
>> +
>>  ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
>>  DOCKER_CONTAINERD_DEPENDENCIES += libseccomp host-pkgconf
>>  DOCKER_CONTAINERD_TAGS += seccomp
>> diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
>> index 8cedf307ba..7f898680b7 100644
>> --- a/package/docker-engine/docker-engine.mk
>> +++ b/package/docker-engine/docker-engine.mk
>> @@ -20,6 +20,11 @@ DOCKER_ENGINE_LDFLAGS = \
>>  DOCKER_ENGINE_TAGS = cgo exclude_graphdriver_zfs autogen
>>  DOCKER_ENGINE_BUILD_TARGETS = cmd/dockerd
>>
>> +ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
>> +DOCKER_ENGINE_DEPENDENCIES += libapparmor
>> +DOCKER_ENGINE_TAGS += apparmor
>> +endif
>> +
>>  ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
>>  DOCKER_ENGINE_TAGS += seccomp
>>  DOCKER_ENGINE_DEPENDENCIES += libseccomp
>> diff --git a/package/runc/runc.mk b/package/runc/runc.mk
>> index 3d177d23d5..c559244e83 100644
>> --- a/package/runc/runc.mk
>> +++ b/package/runc/runc.mk
>> @@ -12,6 +12,11 @@ RUNC_LICENSE_FILES = LICENSE
>>  RUNC_LDFLAGS = -X main.gitCommit=$(RUNC_VERSION)
>>  RUNC_TAGS = cgo static_build
>>
>> +ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
>> +RUNC_DEPENDENCIES += libapparmor
>> +RUNC_TAGS += apparmor
>> +endif
>> +
>>  ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
>>  RUNC_TAGS += seccomp
>>  RUNC_DEPENDENCIES += libseccomp host-pkgconf
>> --
>> 2.29.2
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot



More information about the buildroot mailing list