mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
68bda672dc
Fixes #20550 This update to libseccomp supports the new versions of socket system calls that can be called directly rather than via the socketcall syscall in kernel versions 4.3 or later with new glibc. Note this library version now supports s390x and ppc64le, so seccomp can be potentially be enabled for these architectures now. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
80 lines
2.1 KiB
Text
80 lines
2.1 KiB
Text
# This file describes the standard way to build Docker, using docker
|
|
#
|
|
# Usage:
|
|
#
|
|
# # Assemble the full dev environment. This is slow the first time.
|
|
# docker build -t docker -f Dockerfile.gccgo .
|
|
#
|
|
|
|
FROM gcc:5.3
|
|
|
|
# Packaged dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
apparmor \
|
|
aufs-tools \
|
|
btrfs-tools \
|
|
build-essential \
|
|
curl \
|
|
git \
|
|
iptables \
|
|
jq \
|
|
net-tools \
|
|
libapparmor-dev \
|
|
libcap-dev \
|
|
libsqlite3-dev \
|
|
mercurial \
|
|
net-tools \
|
|
parallel \
|
|
python-dev \
|
|
python-mock \
|
|
python-pip \
|
|
python-websocket \
|
|
--no-install-recommends
|
|
|
|
# Get lvm2 source for compiling statically
|
|
RUN git clone -b v2_02_103 https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2
|
|
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
|
|
|
|
# Compile and install lvm2
|
|
RUN cd /usr/local/lvm2 \
|
|
&& ./configure --enable-static_link \
|
|
&& make device-mapper \
|
|
&& make install_device-mapper
|
|
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
|
|
|
|
# install seccomp: the version shipped in jessie is too old
|
|
ENV SECCOMP_VERSION v2.3.0
|
|
RUN set -x \
|
|
&& export SECCOMP_PATH=$(mktemp -d) \
|
|
&& git clone https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
|
|
&& ( \
|
|
cd "$SECCOMP_PATH" \
|
|
&& git checkout "$SECCOMP_VERSION" \
|
|
&& ./autogen.sh \
|
|
&& ./configure --prefix=/usr \
|
|
&& make \
|
|
&& make install \
|
|
) \
|
|
&& rm -rf "$SECCOMP_PATH"
|
|
|
|
ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
|
|
|
|
# Get the "docker-py" source so we can run their integration tests
|
|
ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
|
|
RUN git clone https://github.com/docker/docker-py.git /docker-py \
|
|
&& cd /docker-py \
|
|
&& git checkout -q $DOCKER_PY_COMMIT
|
|
|
|
# Add an unprivileged user to be used for tests which need it
|
|
RUN groupadd -r docker
|
|
RUN useradd --create-home --gid docker unprivilegeduser
|
|
|
|
VOLUME /var/lib/docker
|
|
WORKDIR /go/src/github.com/docker/docker
|
|
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
|
|
|
|
# Wrap all commands in the "docker-in-docker" script to allow nested containers
|
|
ENTRYPOINT ["hack/dind"]
|
|
|
|
# Upload docker source
|
|
COPY . /go/src/github.com/docker/docker
|