1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
| | This patch makes docker find out whether a filesystem type is supported
by trying to mount a filesystem of that type rather than invoking "modprobe".
See <https://github.com/moby/moby/pull/38930>.
--- docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go.orig 1970-01-01 01:00:00.000000000 +0100
+++ docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go 2019-03-19 09:16:03.487087490 +0100
@@ -8,7 +8,6 @@
"io"
"io/ioutil"
"os"
- "os/exec"
"path"
"path/filepath"
"strconv"
@@ -201,9 +200,16 @@
}
func supportsOverlay() error {
- // We can try to modprobe overlay first before looking at
- // proc/filesystems for when overlay is supported
- exec.Command("modprobe", "overlay").Run()
+ // Access overlay filesystem so that Linux loads it (if possible).
+ mountTarget, err := ioutil.TempDir("", "supportsOverlay")
+ if err != nil {
+ logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
+ return graphdriver.ErrNotSupported
+ } else {
+ /* The mounting will fail--after the module has been loaded.*/
+ defer os.RemoveAll(mountTarget)
+ unix.Mount("overlay", mountTarget, "overlay", 0, "")
+ }
f, err := os.Open("/proc/filesystems")
if err != nil {
--- docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go.orig 2019-03-18 23:42:23.728525231 +0100
+++ docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go 2019-03-19 08:54:31.411906113 +0100
@@ -10,7 +10,6 @@
"io"
"io/ioutil"
"os"
- "os/exec"
"path"
"path/filepath"
"strconv"
@@ -261,9 +260,16 @@
}
func supportsOverlay() error {
- // We can try to modprobe overlay first before looking at
- // proc/filesystems for when overlay is supported
- exec.Command("modprobe", "overlay").Run()
+ // Access overlay filesystem so that Linux loads it (if possible).
+ mountTarget, err := ioutil.TempDir("", "supportsOverlay2")
+ if err != nil {
+ logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
+ return graphdriver.ErrNotSupported
+ } else {
+ /* The mounting will fail--after the module has been loaded.*/
+ defer os.RemoveAll(mountTarget)
+ unix.Mount("overlay", mountTarget, "overlay", 0, "")
+ }
f, err := os.Open("/proc/filesystems")
if err != nil {
--- docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go.orig 2019-03-19 09:19:16.592844887 +0100
+++ docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go 2019-03-19 09:21:18.019361761 +0100
@@ -540,8 +539,14 @@
return err // error text is descriptive enough
}
- // Check if kernel supports xfs filesystem or not.
- exec.Command("modprobe", "xfs").Run()
+ mountTarget, err := ioutil.TempDir("", "supportsXFS")
+ if err != nil {
+ return errors.Wrapf(err, "error checking for xfs support")
+ } else {
+ /* The mounting will fail--after the module has been loaded.*/
+ defer os.RemoveAll(mountTarget)
+ unix.Mount("none", mountTarget, "xfs", 0, "")
+ }
f, err := os.Open("/proc/filesystems")
if err != nil {
--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go.orig 2019-03-19 09:47:19.430111170 +0100
+++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go 2019-03-19 10:38:01.445136177 +0100
@@ -72,11 +71,12 @@
}
func probe() {
- if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {
- logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+ path, err := exec.LookPath("iptables")
+ if err != nil {
+ return
}
- if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {
- logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+ if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
+ logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
}
}
--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go.orig 2019-03-19 11:23:20.738316699 +0100
+++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go 2019-03-19 11:27:57.149753073 +0100
@@ -76,12 +76,8 @@ func NlHandle() *netlink.Handle {
func getSupportedNlFamilies() []int {
fams := []int{syscall.NETLINK_ROUTE}
// NETLINK_XFRM test
- if err := loadXfrmModules(); err != nil {
- if checkXfrmSocket() != nil {
- logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
- } else {
- fams = append(fams, syscall.NETLINK_XFRM)
- }
+ if err := checkXfrmSocket(); err != nil {
+ logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
} else {
fams = append(fams, syscall.NETLINK_XFRM)
}
@@ -99,16 +95,6 @@ func getSupportedNlFamilies() []int {
return fams
}
-func loadXfrmModules() error {
- if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- return nil
-}
-
// API check on required xfrm modules (xfrm_user, xfrm_algo)
func checkXfrmSocket() error {
fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
|