Browse Source

load the patched seccomp profile only on arm

master
Robert Kaussow 9 months ago
parent
commit
b1959299c7
No known key found for this signature in database GPG Key ID: 65362AE74AF98B61
3 changed files with 4 additions and 19 deletions
  1. +4
    -1
      docker.go
  2. +0
    -9
      docker/docker/Dockerfile.linux.amd64
  3. +0
    -9
      docker/docker/Dockerfile.linux.arm64

+ 4
- 1
docker.go View File

@ -341,7 +341,10 @@ func commandDaemon(daemon Daemon) *exec.Cmd {
args := []string{
"--data-root", daemon.StoragePath,
"--host=unix:///var/run/docker.sock",
"--seccomp-profile=/etc/docker/default.json",
}
if _, err := os.Stat("/etc/docker/default.json"); err == nil {
args = append(args, "--seccomp-profile=/etc/docker/default.json")
}
if daemon.StorageDriver != "" {


+ 0
- 9
docker/docker/Dockerfile.linux.amd64 View File

@ -2,14 +2,5 @@ FROM docker:19.03.8-dind
ENV DOCKER_HOST=unix:///var/run/docker.sock
RUN apk --update add --virtual .build-deps curl && \
mkdir -p /etc/docker/ && \
curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
chmod 600 /etc/docker/default.json && \
apk del .build-deps && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/*
ADD release/linux/amd64/drone-docker /bin/
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]

+ 0
- 9
docker/docker/Dockerfile.linux.arm64 View File

@ -2,14 +2,5 @@ FROM arm64v8/docker:19.03.8-dind
ENV DOCKER_HOST=unix:///var/run/docker.sock
RUN apk --update add --virtual .build-deps curl && \
mkdir -p /etc/docker/ && \
curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
chmod 600 /etc/docker/default.json && \
apk del .build-deps && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/*
ADD release/linux/arm64/drone-docker /bin/
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]

Loading…
Cancel
Save