From: Danny Milosavljevic <dannym@scratchpost.org>
To: 34917@debbugs.gnu.org
Subject: [bug#34917] [PATCH v2] gnu: docker: Use fewer modprobes.
Date: Tue, 19 Mar 2019 19:26:48 +0100 [thread overview]
Message-ID: <20190319182648.20666-1-dannym@scratchpost.org> (raw)
In-Reply-To: <20190319182053.20524-1-dannym@scratchpost.org>
Fixes <https://bugs.gnu.org/34333>.
Reported by Allan Adair <allan@adair.io>.
* gnu/packages/patches/docker-use-fewer-modprobes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/docker.scm (docker)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/docker.scm | 5 +-
.../patches/docker-use-fewer-modprobes.patch | 116 ++++++++++++++++++
3 files changed, 121 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/docker-use-fewer-modprobes.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0a7e9bbc6..46bd83e50 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -723,6 +723,7 @@ dist_patch_DATA = \
%D%/packages/patches/doc++-segfault-fix.patch \
%D%/packages/patches/docker-engine-test-noinstall.patch \
%D%/packages/patches/docker-fix-tests.patch \
+ %D%/packages/patches/docker-use-fewer-modprobes.patch \
%D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch \
%D%/packages/patches/doxygen-test.patch \
%D%/packages/patches/dropbear-CVE-2018-15599.patch \
diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm
index 88fc7fc6e..a11ce266d 100644
--- a/gnu/packages/docker.scm
+++ b/gnu/packages/docker.scm
@@ -227,6 +227,8 @@ network attachments.")
(home-page "http://containerd.io/")
(license license:asl2.0)))
+;; TODO: Patch out modprobes for ip_vs, nf_conntrack,
+;; brige, nf_conntrack_netlink, aufs.
(define-public docker
(package
(name "docker")
@@ -242,7 +244,8 @@ network attachments.")
(base32 "06yr5xwr181lalh8z1lk07nxlp7hn38aq8cyqjk617dfy4lz0ixx"))
(patches
(search-patches "docker-engine-test-noinstall.patch"
- "docker-fix-tests.patch"))))
+ "docker-fix-tests.patch"
+ "docker-use-fewer-modprobes.patch"))))
(build-system gnu-build-system)
(arguments
`(#:modules
diff --git a/gnu/packages/patches/docker-use-fewer-modprobes.patch b/gnu/packages/patches/docker-use-fewer-modprobes.patch
new file mode 100644
index 000000000..ebee83329
--- /dev/null
+++ b/gnu/packages/patches/docker-use-fewer-modprobes.patch
@@ -0,0 +1,116 @@
+This patch makes docker find out whether a filesystem type is supported
+by trying to mount a filesystem of that type rather than invoking "modprobe".
+--- docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go.orig 1970-01-01 01:00:00.000000000 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go 2019-03-19 09:16:03.487087490 +0100
+@@ -8,7 +8,6 @@
+ "io"
+ "io/ioutil"
+ "os"
+- "os/exec"
+ "path"
+ "path/filepath"
+ "strconv"
+@@ -201,9 +200,16 @@
+ }
+
+ func supportsOverlay() error {
+- // We can try to modprobe overlay first before looking at
+- // proc/filesystems for when overlay is supported
+- exec.Command("modprobe", "overlay").Run()
++ // Access overlay filesystem so that Linux loads it (if possible).
++ mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++ if err != nil {
++ logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
++ return graphdriver.ErrNotSupported
++ } else {
++ /* The mounting will fail--after the module has been loaded.*/
++ defer os.RemoveAll(mountTarget)
++ unix.Mount("overlay", mountTarget, "overlay", 0, "")
++ }
+
+ f, err := os.Open("/proc/filesystems")
+ if err != nil {
+--- docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go.orig 2019-03-18 23:42:23.728525231 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go 2019-03-19 08:54:31.411906113 +0100
+@@ -10,7 +10,6 @@
+ "io"
+ "io/ioutil"
+ "os"
+- "os/exec"
+ "path"
+ "path/filepath"
+ "strconv"
+@@ -261,9 +260,16 @@
+ }
+
+ func supportsOverlay() error {
+- // We can try to modprobe overlay first before looking at
+- // proc/filesystems for when overlay is supported
+- exec.Command("modprobe", "overlay").Run()
++ // Access overlay filesystem so that Linux loads it (if possible).
++ mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++ if err != nil {
++ logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
++ return graphdriver.ErrNotSupported
++ } else {
++ /* The mounting will fail--after the module has been loaded.*/
++ defer os.RemoveAll(mountTarget)
++ unix.Mount("overlay", mountTarget, "overlay", 0, "")
++ }
+
+ f, err := os.Open("/proc/filesystems")
+ if err != nil {
+--- docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go.orig 2019-03-19 09:19:16.592844887 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go 2019-03-19 09:21:18.019361761 +0100
+@@ -540,8 +539,14 @@
+ return err // error text is descriptive enough
+ }
+
+- // Check if kernel supports xfs filesystem or not.
+- exec.Command("modprobe", "xfs").Run()
++ mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++ if err != nil {
++ return errors.Wrapf(err, "error checking for xfs support")
++ } else {
++ /* The mounting will fail--after the module has been loaded.*/
++ defer os.RemoveAll(mountTarget)
++ unix.Mount("none", mountTarget, "xfs", 0, "")
++ }
+
+ f, err := os.Open("/proc/filesystems")
+ if err != nil {
+--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go.orig 2019-03-19 09:47:19.430111170 +0100
++++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go 2019-03-19 10:38:01.445136177 +0100
+@@ -72,11 +71,12 @@
+ }
+
+ func probe() {
+- if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {
+- logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
++ path, err := exec.LookPath("iptables")
++ if err != nil {
++ return
+ }
+- if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {
+- logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
++ if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
++ logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+ }
+ }
+
+--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go.orig 2019-03-19 11:23:20.738316699 +0100
++++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go 2019-03-19 11:27:57.149753073 +0100
+@@ -100,12 +100,7 @@
+ }
+
+ func loadXfrmModules() error {
+- if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
+- return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+- }
+- if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
+- return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+- }
++ // Those are automatically loaded when someone opens the socket anyway.
+ return nil
+ }
+
next prev parent reply other threads:[~2019-03-19 18:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 18:20 [bug#34917] [PATCH] gnu: docker: Use fewer modprobes Danny Milosavljevic
2019-03-19 18:26 ` Danny Milosavljevic [this message]
2019-03-22 21:48 ` [bug#34917] [PATCH v2] " Ludovic Courtès
2019-03-25 19:27 ` Danny Milosavljevic
2019-03-25 21:27 ` Ludovic Courtès
2019-03-30 10:41 ` bug#34917: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190319182648.20666-1-dannym@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=34917@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).