GNU bug report logs -
#35229
[PATCH] gnu: docker: Check for error on XFRM.
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sun, 14 Apr 2019 19:05:55 +0200
with message-id <20190414190555.38329fda <at> scratchpost.org>
and subject line Re: [bug#35229] [PATCH] gnu: docker: Check for error on XFRM.
has caused the debbugs.gnu.org bug report #35229,
regarding [PATCH] gnu: docker: Check for error on XFRM.
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
35229: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35229
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
* gnu/packages/patches/docker-use-fewer-modprobes.patch: Check for error on
XFRM.
---
.../patches/docker-use-fewer-modprobes.patch | 30 +++++++++++++++----
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/gnu/packages/patches/docker-use-fewer-modprobes.patch b/gnu/packages/patches/docker-use-fewer-modprobes.patch
index 2779e1be5d..4e4a45b6ce 100644
--- a/gnu/packages/patches/docker-use-fewer-modprobes.patch
+++ b/gnu/packages/patches/docker-use-fewer-modprobes.patch
@@ -103,17 +103,35 @@ See <https://github.com/moby/moby/pull/38930>.
--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go.orig 2019-03-19 11:23:20.738316699 +0100
+++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go 2019-03-19 11:27:57.149753073 +0100
-@@ -100,12 +100,7 @@
+@@ -76,12 +76,8 @@ func NlHandle() *netlink.Handle {
+ func getSupportedNlFamilies() []int {
+ fams := []int{syscall.NETLINK_ROUTE}
+ // NETLINK_XFRM test
+- if err := loadXfrmModules(); err != nil {
+- if checkXfrmSocket() != nil {
+- logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
+- } else {
+- fams = append(fams, syscall.NETLINK_XFRM)
+- }
++ if err := checkXfrmSocket(); err != nil {
++ logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
+ } else {
+ fams = append(fams, syscall.NETLINK_XFRM)
+ }
+@@ -99,16 +95,6 @@ func getSupportedNlFamilies() []int {
+ return fams
}
- func loadXfrmModules() error {
+-func loadXfrmModules() error {
- if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
-+ // Those are automatically loaded when someone opens the socket anyway.
- return nil
- }
-
+- return nil
+-}
+-
+ // API check on required xfrm modules (xfrm_user, xfrm_algo)
+ func checkXfrmSocket() error {
+ fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
Hi,
On Sun, 14 Apr 2019 17:16:57 +0200
Ludovic Courtès <ludo <at> gnu.org> wrote:
> Danny Milosavljevic <dannym <at> scratchpost.org> skribis:
>
> > * gnu/packages/patches/docker-use-fewer-modprobes.patch: Check for error on
> > XFRM.
>
> I suppose upstream adopted this, right? Go for it!
It was a request for change from them in the pull request. The pull request is
still pending.
But I think it's better to check for errors. So, pushed...
[Message part 5 (application/pgp-signature, inline)]
This bug report was last modified 6 years and 39 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.