From 1cc08b4ce3ff13624e1282c216306ac54967cea4 Mon Sep 17 00:00:00 2001 From: zhaixiaojuan Date: Sat, 15 Jun 2024 10:30:35 +0800 Subject: [PATCH] Add loongarch64 seccomp support --- 0003-add-loongarch64-seccomp-support.patch | 91 ++++++++++++++++++++++ moby.spec | 7 +- 2 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 0003-add-loongarch64-seccomp-support.patch diff --git a/0003-add-loongarch64-seccomp-support.patch b/0003-add-loongarch64-seccomp-support.patch new file mode 100644 index 0000000..e2b320f --- /dev/null +++ b/0003-add-loongarch64-seccomp-support.patch @@ -0,0 +1,91 @@ +diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json +index 8d4d211..b63bfc9 100644 +--- a/oci/fixtures/default.json ++++ b/oci/fixtures/default.json +@@ -47,6 +47,10 @@ + "subArchitectures": [ + "SCMP_ARCH_S390" + ] ++ }, ++ { ++ "architecture": "SCMP_ARCH_LOONGARCH64", ++ "subArchitectures": null + } + ], + "syscalls": [ +@@ -810,4 +814,4 @@ + "excludes": {} + } + ] +-} +\ No newline at end of file ++} +diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json +index c4d9110..3501693 100644 +--- a/profiles/seccomp/default.json ++++ b/profiles/seccomp/default.json +@@ -52,6 +52,10 @@ + { + "architecture": "SCMP_ARCH_RISCV64", + "subArchitectures": null ++ }, ++ { ++ "architecture": "SCMP_ARCH_LOONGARCH64", ++ "subArchitectures": null + } + ], + "syscalls": [ +@@ -830,4 +834,4 @@ + } + } + ] +-} +\ No newline at end of file ++} +diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go +index 09fb337..3834bab 100644 +--- a/profiles/seccomp/default_linux.go ++++ b/profiles/seccomp/default_linux.go +@@ -38,6 +38,10 @@ func arches() []Architecture { + { + Arch: specs.ArchRISCV64, + SubArches: nil, ++ }, ++ { ++ Arch: specs.ArchLOONGARCH64, ++ SubArches: nil, + }, + } + } +diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go +index 4d8fed6..9eb0741 100644 +--- a/profiles/seccomp/seccomp_linux.go ++++ b/profiles/seccomp/seccomp_linux.go +@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{ + "ppc64le": specs.ArchPPC64LE, + "s390": specs.ArchS390, + "s390x": specs.ArchS390X, ++ "loong64": specs.ArchLOONGARCH64, + } + + // GOARCH => libseccomp string +@@ -59,6 +60,7 @@ var goToNative = map[string]string{ + "ppc64le": "ppc64le", + "s390": "s390", + "s390x": "s390x", ++ "loong64": "loong64", + } + + // inSlice tests whether a string is contained in a slice of strings or not. +diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +index 4e7717d..96e04af 100644 +--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go ++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +@@ -741,6 +741,7 @@ const ( + ArchPARISC Arch = "SCMP_ARCH_PARISC" + ArchPARISC64 Arch = "SCMP_ARCH_PARISC64" + ArchRISCV64 Arch = "SCMP_ARCH_RISCV64" ++ ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64" + ) + + // LinuxSeccompAction taken upon Seccomp rule match diff --git a/moby.spec b/moby.spec index 4ff63b8..73c58f3 100644 --- a/moby.spec +++ b/moby.spec @@ -7,7 +7,7 @@ Name: moby Version: 25.0.3 -Release: 5 +Release: 6 Summary: The open-source application container engine License: ASL 2.0 URL: https://www.docker.com @@ -22,6 +22,7 @@ Source4: docker.socket Source5: docker.sysconfig Patch0000: 0001-fix-cve-2024-29018.patch Patch0001: 0002-fix-cve-2024-32473.patch +Patch0002: 0003-add-loongarch64-seccomp-support.patch Requires: %{name}-engine = %{version}-%{release} @@ -91,6 +92,7 @@ Docker client binary and related utilities %setup -q -T -n %{_source_engine} -b 1 %patch0000 -p1 %patch0001 -p1 +%patch0002 -p1 %setup -q -T -n %{_source_docker_init} -b 2 %build @@ -192,6 +194,9 @@ fi %systemd_postun_with_restart docker.service %changelog +* Fri Jun 14 2024 zhaixiaojuan - 25.0.3-6 +- DESC:add loongarch64 seccomp support + * Tue May 14 2024 wanglimin - 25.0.3-5 - DESC:clean dependency between engine and cli -- Gitee