[PATCH] gnu: docker: Check for error on XFRM.

  • Done
  • quality assurance status badge
Details
2 participants
  • Danny Milosavljevic
  • Ludovic Courtès
Owner
unassigned
Submitted by
Danny Milosavljevic
Severity
normal

Debbugs page

Danny Milosavljevic wrote 6 years ago
(address . guix-patches@gnu.org)(name . Danny Milosavljevic)(address . dannym@scratchpost.org)
20190411143628.301-1-dannym@scratchpost.org
* gnu/packages/patches/docker-use-fewer-modprobes.patch: Check for error on
XFRM.
---
.../patches/docker-use-fewer-modprobes.patch | 30 +++++++++++++++----
1 file changed, 24 insertions(+), 6 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/patches/docker-use-fewer-modprobes.patch b/gnu/packages/patches/docker-use-fewer-modprobes.patch
index 2779e1be5d..4e4a45b6ce 100644
--- a/gnu/packages/patches/docker-use-fewer-modprobes.patch
+++ b/gnu/packages/patches/docker-use-fewer-modprobes.patch
@@ -103,17 +103,35 @@ See <https://github.com/moby/moby/pull/38930>.
--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go.orig 2019-03-19 11:23:20.738316699 +0100
+++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go 2019-03-19 11:27:57.149753073 +0100
-@@ -100,12 +100,7 @@
+@@ -76,12 +76,8 @@ func NlHandle() *netlink.Handle {
+ func getSupportedNlFamilies() []int {
+ fams := []int{syscall.NETLINK_ROUTE}
+ // NETLINK_XFRM test
+- if err := loadXfrmModules(); err != nil {
+- if checkXfrmSocket() != nil {
+- logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
+- } else {
+- fams = append(fams, syscall.NETLINK_XFRM)
+- }
++ if err := checkXfrmSocket(); err != nil {
++ logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
+ } else {
+ fams = append(fams, syscall.NETLINK_XFRM)
+ }
+@@ -99,16 +95,6 @@ func getSupportedNlFamilies() []int {
+ return fams
}
- func loadXfrmModules() error {
+-func loadXfrmModules() error {
- if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
-+ // Those are automatically loaded when someone opens the socket anyway.
- return nil
- }
-
+- return nil
+-}
+-
+ // API check on required xfrm modules (xfrm_user, xfrm_algo)
+ func checkXfrmSocket() error {
+ fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
Ludovic Courtès wrote 6 years ago
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 35229@debbugs.gnu.org)
87y34ck45y.fsf@gnu.org
Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (3 lines)
> * gnu/packages/patches/docker-use-fewer-modprobes.patch: Check for error on
> XFRM.

I suppose upstream adopted this, right? Go for it!

Ludo’.
Danny Milosavljevic wrote 6 years ago
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 35229-done@debbugs.gnu.org)
20190414190555.38329fda@scratchpost.org
Hi,

On Sun, 14 Apr 2019 17:16:57 +0200
Ludovic Courtès <ludo@gnu.org> wrote:

Toggle quote (7 lines)
> Danny Milosavljevic <dannym@scratchpost.org> skribis:
>
> > * gnu/packages/patches/docker-use-fewer-modprobes.patch: Check for error on
> > XFRM.
>
> I suppose upstream adopted this, right? Go for it!

It was a request for change from them in the pull request. The pull request is
still pending.

But I think it's better to check for errors. So, pushed...
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlyzaHMACgkQ5xo1VCww
uqWRSQf+NiFQrOpW+KnZMqPABb/T5ST1s3MUEkzuzJ80wHcvawndmfIS1g9bQtYg
VtzgN+k14NjI86FH8KqtykHudGui9w41B0H0nAo4ToAFzb2sKvtnBd3oMc0d7611
YWRhyaITGoMfd4+Ges43IGTbrV8CcTpIOdkIFQDivY8lFnRfLwQb+AM0xCVb6VnE
aBLCQORNQPU3r/kX7wDbgjQwoQ6ovNKbccf2m6UpUh9cTQw/jJ3D4EMhVATcnmSj
ZVzsxuf7EwudBMFeDMEkjFWxlbWQyAAtkFU8vl78zj19R35Bq9W1KM/I6XZsUNE6
rcbrNdeJL2zr1ONSmfC35kVFciHT5A==
=erRn
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 35229@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 35229
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help