[packages/docker-ce] upstream fix for missing setsockopt syscall on x86 (32bit)

atler atler at pld-linux.org
Mon Feb 24 19:23:05 CET 2025 

commit b9d40e036e297e2835ba41b33e99b01afff9248b
Author: Jan Palus <atler at pld-linux.org>
Date:   Mon Feb 24 19:01:01 2025 +0100

    upstream fix for missing setsockopt syscall on x86 (32bit)

 docker-ce.spec       |   2 +
 setsockopt-x86.patch | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+)
---
diff --git a/docker-ce.spec b/docker-ce.spec
index 455b7f1..dd83839 100644
--- a/docker-ce.spec
+++ b/docker-ce.spec
@@ -11,6 +11,7 @@ Source1:	dockerd.sh
 Source2:	docker.init
 Source3:	docker.sysconfig
 Patch0:		systemd.patch
+Patch1:		setsockopt-x86.patch
 URL:		https://www.docker.com/
 BuildRequires:	golang >= 1.21
 BuildRequires:	linux-libc-headers >= 7:4.12
@@ -69,6 +70,7 @@ databases.
 %prep
 %setup -q -n moby-%{version}
 %patch -P0 -p1
+%patch -P1 -p1
 
 %build
 export VERSION=%{version}
diff --git a/setsockopt-x86.patch b/setsockopt-x86.patch
new file mode 100644
index 0000000..23240d7
--- /dev/null
+++ b/setsockopt-x86.patch
@@ -0,0 +1,102 @@
+From 73f2a5336d8af70e6676d2bea2b321ea62fbfe26 Mon Sep 17 00:00:00 2001
+From: Albin Kerouanton <albinker at gmail.com>
+Date: Sun, 23 Feb 2025 11:24:50 +0100
+Subject: [PATCH] libnet/d/bridge: fix compilation on i386
+
+On i386, Linux doesn't provide direct socket syscall but instead
+multiplexes them through the socketcall syscall (see `man 2 socketcall`).
+This commit fixes compilation for i386 by wrapping the offending syscall
+in a new function that uses the socketcall syscall on i386, and
+the `setsockopt` syscall on other archs.
+
+Signed-off-by: Albin Kerouanton <albinker at gmail.com>
+---
+ .../drivers/bridge/port_mapping_linux.go      | 10 +--------
+ .../drivers/bridge/port_mapping_linux_386.go  | 21 +++++++++++++++++++
+ .../bridge/port_mapping_linux_others.go       | 21 +++++++++++++++++++
+ 3 files changed, 43 insertions(+), 9 deletions(-)
+ create mode 100644 libnetwork/drivers/bridge/port_mapping_linux_386.go
+ create mode 100644 libnetwork/drivers/bridge/port_mapping_linux_others.go
+
+diff --git a/libnetwork/drivers/bridge/port_mapping_linux.go b/libnetwork/drivers/bridge/port_mapping_linux.go
+index d4c5e46056c69..285d2a3b00563 100644
+--- a/libnetwork/drivers/bridge/port_mapping_linux.go
++++ b/libnetwork/drivers/bridge/port_mapping_linux.go
+@@ -13,7 +13,6 @@ import (
+ 	"slices"
+ 	"strconv"
+ 	"syscall"
+-	"unsafe"
+ 
+ 	"github.com/containerd/log"
+ 	"github.com/docker/docker/libnetwork/iptables"
+@@ -675,14 +674,7 @@ func bindSCTP(cfg portBindingReq, port int) (_ portBinding, retErr error) {
+ 		syscall.SetsockoptInt(sd, syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY, 1)
+ 	}
+ 
+-	options := sctp.InitMsg{NumOstreams: sctp.SCTP_MAX_STREAM}
+-	if _, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT,
+-		uintptr(sd),
+-		sctp.SOL_SCTP,
+-		sctp.SCTP_INITMSG,
+-		uintptr(unsafe.Pointer(&options)), // #nosec G103 -- Ignore "G103: Use of unsafe calls should be audited"
+-		unsafe.Sizeof(options),
+-		0); errno != 0 {
++	if errno := setSCTPInitMsg(sd, sctp.InitMsg{NumOstreams: sctp.SCTP_MAX_STREAM}); errno != 0 {
+ 		return portBinding{}, errno
+ 	}
+ 
+diff --git a/libnetwork/drivers/bridge/port_mapping_linux_386.go b/libnetwork/drivers/bridge/port_mapping_linux_386.go
+new file mode 100644
+index 0000000000000..4c7ece4030d1a
+--- /dev/null
++++ b/libnetwork/drivers/bridge/port_mapping_linux_386.go
+@@ -0,0 +1,21 @@
++package bridge
++
++import (
++	"syscall"
++	"unsafe"
++
++	"github.com/ishidawataru/sctp"
++)
++
++const sysSetsockopt = 14 // See https://elixir.bootlin.com/linux/v6.13.3/source/include/uapi/linux/net.h#L40
++
++func setSCTPInitMsg(sd int, options sctp.InitMsg) syscall.Errno {
++	_, _, errno := syscall.Syscall6(syscall.SYS_SOCKETCALL, // See `man 2 socketcall`
++		sysSetsockopt,
++		uintptr(sd),
++		sctp.SOL_SCTP,
++		sctp.SCTP_INITMSG,
++		uintptr(unsafe.Pointer(&options)), // #nosec G103 -- Ignore "G103: Use of unsafe calls should be audited"
++		unsafe.Sizeof(options))
++	return errno
++}
+diff --git a/libnetwork/drivers/bridge/port_mapping_linux_others.go b/libnetwork/drivers/bridge/port_mapping_linux_others.go
+new file mode 100644
+index 0000000000000..d94ad0e54ad17
+--- /dev/null
++++ b/libnetwork/drivers/bridge/port_mapping_linux_others.go
+@@ -0,0 +1,21 @@
++//go:build linux && !386
++
++package bridge
++
++import (
++	"syscall"
++	"unsafe"
++
++	"github.com/ishidawataru/sctp"
++)
++
++func setSCTPInitMsg(sd int, options sctp.InitMsg) syscall.Errno {
++	_, _, errno := syscall.Syscall6(syscall.SYS_SETSOCKOPT,
++		uintptr(sd),
++		sctp.SOL_SCTP,
++		sctp.SCTP_INITMSG,
++		uintptr(unsafe.Pointer(&options)), // #nosec G103 -- Ignore "G103: Use of unsafe calls should be audited"
++		unsafe.Sizeof(options),
++		0)
++	return errno
++}
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/docker-ce.git/commitdiff/b9d40e036e297e2835ba41b33e99b01afff9248b

More information about the pld-cvs-commit mailing list