From patchwork Tue Mar 19 18:26:48 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Danny Milosavljevic <dannym@scratchpost.org>
X-Patchwork-Id: 1500
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 8D63B16D59; Tue, 19 Mar 2019 18:38:58 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTP id 4C82816D46
	for <patchwork@mira.cbaines.net>; Tue, 19 Mar 2019 18:38:57 +0000 (GMT)
Received: from localhost ([127.0.0.1]:33285 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1h6JdX-00051v-QX
	for patchwork@mira.cbaines.net; Tue, 19 Mar 2019 14:38:55 -0400
Received: from eggs.gnu.org ([209.51.188.92]:36299)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h6JdU-0004qu-Mc
	for guix-patches@gnu.org; Tue, 19 Mar 2019 14:38:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h6JS6-0006CN-PA
	for guix-patches@gnu.org; Tue, 19 Mar 2019 14:27:08 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:37303)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1h6JS2-00068v-F7
	for guix-patches@gnu.org; Tue, 19 Mar 2019 14:27:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h6JS2-0007kg-7m
	for guix-patches@gnu.org; Tue, 19 Mar 2019 14:27:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#34917] [PATCH v2] gnu: docker: Use fewer modprobes.
Resent-From: Danny Milosavljevic <dannym@scratchpost.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 19 Mar 2019 18:27:02 +0000
Resent-Message-ID: <handler.34917.B34917.155302002129795@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 34917
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 34917@debbugs.gnu.org
Received: via spool by 34917-submit@debbugs.gnu.org id=B34917.155302002129795
	(code B ref 34917); Tue, 19 Mar 2019 18:27:02 +0000
Received: (at 34917) by debbugs.gnu.org; 19 Mar 2019 18:27:01 +0000
Received: from localhost ([127.0.0.1]:50847 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1h6JS1-0007kQ-0L
	for submit@debbugs.gnu.org; Tue, 19 Mar 2019 14:27:01 -0400
Received: from dd26836.kasserver.com ([85.13.145.193]:57996)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <dannym@scratchpost.org>) id 1h6JRy-0007kG-3s
	for 34917@debbugs.gnu.org; Tue, 19 Mar 2019 14:26:58 -0400
Received: from dayas.3.home (178.113.144.60.wireless.dyn.drei.com
	[178.113.144.60])
	by dd26836.kasserver.com (Postfix) with ESMTPSA id 4F2233360F53;
	Tue, 19 Mar 2019 19:26:56 +0100 (CET)
From: Danny Milosavljevic <dannym@scratchpost.org>
Date: Tue, 19 Mar 2019 19:26:48 +0100
Message-Id: <20190319182648.20666-1-dannym@scratchpost.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190319182053.20524-1-dannym@scratchpost.org>
References: <20190319182053.20524-1-dannym@scratchpost.org>
MIME-Version: 1.0
Tags: patch
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.51.188.43
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
	<guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

Fixes <https://bugs.gnu.org/34333>.
Reported by Allan Adair <allan@adair.io>.

* gnu/packages/patches/docker-use-fewer-modprobes.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/docker.scm (docker)[source]: Use it.
---
 gnu/local.mk                                  |   1 +
 gnu/packages/docker.scm                       |   5 +-
 .../patches/docker-use-fewer-modprobes.patch  | 116 ++++++++++++++++++
 3 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/docker-use-fewer-modprobes.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0a7e9bbc6..46bd83e50 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -723,6 +723,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/docker-engine-test-noinstall.patch	\
   %D%/packages/patches/docker-fix-tests.patch			\
+  %D%/packages/patches/docker-use-fewer-modprobes.patch		\
   %D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch	\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/dropbear-CVE-2018-15599.patch		\
diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm
index 88fc7fc6e..a11ce266d 100644
--- a/gnu/packages/docker.scm
+++ b/gnu/packages/docker.scm
@@ -227,6 +227,8 @@ network attachments.")
     (home-page "http://containerd.io/")
     (license license:asl2.0)))
 
+;; TODO: Patch out modprobes for ip_vs, nf_conntrack,
+;; brige, nf_conntrack_netlink, aufs.
 (define-public docker
   (package
     (name "docker")
@@ -242,7 +244,8 @@ network attachments.")
        (base32 "06yr5xwr181lalh8z1lk07nxlp7hn38aq8cyqjk617dfy4lz0ixx"))
       (patches
        (search-patches "docker-engine-test-noinstall.patch"
-                       "docker-fix-tests.patch"))))
+                       "docker-fix-tests.patch"
+                       "docker-use-fewer-modprobes.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules
diff --git a/gnu/packages/patches/docker-use-fewer-modprobes.patch b/gnu/packages/patches/docker-use-fewer-modprobes.patch
new file mode 100644
index 000000000..ebee83329
--- /dev/null
+++ b/gnu/packages/patches/docker-use-fewer-modprobes.patch
@@ -0,0 +1,116 @@
+This patch makes docker find out whether a filesystem type is supported
+by trying to mount a filesystem of that type rather than invoking "modprobe".
+--- docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go.orig	1970-01-01 01:00:00.000000000 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/overlay/overlay.go	2019-03-19 09:16:03.487087490 +0100
+@@ -8,7 +8,6 @@
+ 	"io"
+ 	"io/ioutil"
+ 	"os"
+-	"os/exec"
+ 	"path"
+ 	"path/filepath"
+ 	"strconv"
+@@ -201,9 +200,16 @@
+ }
+ 
+ func supportsOverlay() error {
+-	// We can try to modprobe overlay first before looking at
+-	// proc/filesystems for when overlay is supported
+-	exec.Command("modprobe", "overlay").Run()
++	// Access overlay filesystem so that Linux loads it (if possible).
++	mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++	if err != nil {
++		logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
++		return graphdriver.ErrNotSupported
++	} else {
++		/* The mounting will fail--after the module has been loaded.*/
++		defer os.RemoveAll(mountTarget)
++		unix.Mount("overlay", mountTarget, "overlay", 0, "")
++	}
+ 
+ 	f, err := os.Open("/proc/filesystems")
+ 	if err != nil {
+--- docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go.orig	2019-03-18 23:42:23.728525231 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/overlay2/overlay.go	2019-03-19 08:54:31.411906113 +0100
+@@ -10,7 +10,6 @@
+ 	"io"
+ 	"io/ioutil"
+ 	"os"
+-	"os/exec"
+ 	"path"
+ 	"path/filepath"
+ 	"strconv"
+@@ -261,9 +260,16 @@
+ }
+ 
+ func supportsOverlay() error {
+-	// We can try to modprobe overlay first before looking at
+-	// proc/filesystems for when overlay is supported
+-	exec.Command("modprobe", "overlay").Run()
++	// Access overlay filesystem so that Linux loads it (if possible).
++	mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++	if err != nil {
++		logrus.WithField("storage-driver", "overlay2").Error("Could not create temporary directory, so assuming that 'overlay' is not supported.")
++		return graphdriver.ErrNotSupported
++	} else {
++		/* The mounting will fail--after the module has been loaded.*/
++		defer os.RemoveAll(mountTarget)
++		unix.Mount("overlay", mountTarget, "overlay", 0, "")
++	}
+ 
+ 	f, err := os.Open("/proc/filesystems")
+ 	if err != nil {
+--- docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go.orig	2019-03-19 09:19:16.592844887 +0100
++++ docker-18.09.0-checkout/daemon/graphdriver/devmapper/deviceset.go	2019-03-19 09:21:18.019361761 +0100
+@@ -540,8 +539,14 @@
+ 		return err // error text is descriptive enough
+ 	}
+ 
+-	// Check if kernel supports xfs filesystem or not.
+-	exec.Command("modprobe", "xfs").Run()
++        mountTarget, err := ioutil.TempDir("", "supportsOverlay")
++        if err != nil {
++		return errors.Wrapf(err, "error checking for xfs support")
++        } else {
++                /* The mounting will fail--after the module has been loaded.*/
++                defer os.RemoveAll(mountTarget)
++                unix.Mount("none", mountTarget, "xfs", 0, "")
++        }
+ 
+ 	f, err := os.Open("/proc/filesystems")
+ 	if err != nil {
+--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go.orig	2019-03-19 09:47:19.430111170 +0100
++++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/iptables/iptables.go	2019-03-19 10:38:01.445136177 +0100
+@@ -72,11 +71,12 @@
+ }
+ 
+ func probe() {
+-	if out, err := exec.Command("modprobe", "-va", "nf_nat").CombinedOutput(); err != nil {
+-		logrus.Warnf("Running modprobe nf_nat failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
++	path, err := exec.LookPath("iptables")
++	if err != nil {
++		return
+ 	}
+-	if out, err := exec.Command("modprobe", "-va", "xt_conntrack").CombinedOutput(); err != nil {
+-		logrus.Warnf("Running modprobe xt_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
++	if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
++		logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+ 	}
+ }
+ 
+--- docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go.orig	2019-03-19 11:23:20.738316699 +0100
++++ docker-18.09.0-checkout/vendor/github.com/docker/libnetwork/ns/init_linux.go	2019-03-19 11:27:57.149753073 +0100
+@@ -100,12 +100,7 @@
+ }
+ 
+ func loadXfrmModules() error {
+-	if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
+-		return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+-	}
+-	if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
+-		return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+-	}
++	// Those are automatically loaded when someone opens the socket anyway.
+ 	return nil
+ }
+