Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

[18.09 backport] apparmor: allow receiving of signals from 'docker kill' #116

Merged
merged 1 commit into from
Nov 27, 2018
Merged

[18.09 backport] apparmor: allow receiving of signals from 'docker kill' #116

merged 1 commit into from
Nov 27, 2018

Conversation

thaJeztah
Copy link
Member

backport of moby#37831 for 18.09
Carry https://github.com/moby/moby/pull/#36822
Fixes https://github.com/moby/moby/issues/#36809

git checkout -b 18.09_backport_apparmor_external_templates ce-engine/18.09
git cherry-pick -s -S -x 4822fb1e2423d88cdf0ad5d039b8fd3274b05401
git push -u origin

cherry-pick was clean; no conflicts

In newer kernels, AppArmor will reject attempts to send signals to a
container because the signal originated from outside of that AppArmor
profile. Correct this by allowing all unconfined signals to be received.

@thaJeztah thaJeztah added this to the 18.09.1 milestone Nov 14, 2018
@cyphar @thaJeztah
apparmor: allow receiving of signals from 'docker kill'
67c602c 
In newer kernels, AppArmor will reject attempts to send signals to a
container because the signal originated from outside of that AppArmor
profile. Correct this by allowing all unconfined signals to be received.

Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 4822fb1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the 18.09_backport_apparmor_external_templates branch from d41203c to 67c602c Compare November 21, 2018 21:14
@thaJeztah
Copy link
Member Author

pushed again because CI results were purged

andrewhsu
andrewhsu approved these changes Nov 27, 2018
View reviewed changes
Copy link

@andrewhsu andrewhsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewhsu andrewhsu merged commit 12b8ec4 into docker-archive:18.09 Nov 27, 2018
@thaJeztah thaJeztah deleted the 18.09_backport_apparmor_external_templates branch November 27, 2018 18:04
@thaJeztah thaJeztah mentioned this pull request Jan 3, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@andrewhsu andrewhsu andrewhsu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
18.09.1
Development

Successfully merging this pull request may close these issues.
3 participants
@thaJeztah @andrewhsu @cyphar