app-emulation/docker: remove unused patch(es)

Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/11816
Signed-off-by: Aaron Bauman <bman@gentoo.org>

1 files changed, 0 insertions, 72 deletions

diff --git a/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch b/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch
deleted file mode 100644
index fd365425fb95..000000000000
--- a/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4822fb1e2423d88cdf0ad5d039b8fd3274b05401 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Sun, 8 Apr 2018 20:21:30 +1000
-Subject: [PATCH] apparmor: allow receiving of signals from 'docker kill'
-
-In newer kernels, AppArmor will reject attempts to send signals to a
-container because the signal originated from outside of that AppArmor
-profile. Correct this by allowing all unconfined signals to be received.
-
-Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- profiles/apparmor/apparmor.go | 21 +++++++++++++++++++++
- profiles/apparmor/template.go |  6 ++++++
- 2 files changed, 27 insertions(+)
-
-diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
-index b021668c8e4c..2f58ee852cab 100644
---- a/components/engine/profiles/apparmor/apparmor.go
-+++ b/components/engine/profiles/apparmor/apparmor.go
-@@ -23,6 +23,8 @@ var (
- type profileData struct {
- 	// Name is profile name.
- 	Name string
-+	// DaemonProfile is the profile name of our daemon.
-+	DaemonProfile string
- 	// Imports defines the apparmor functions to import, before defining the profile.
- 	Imports []string
- 	// InnerImports defines the apparmor functions to import in the profile.
-@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
- 		Name: name,
- 	}
- 
-+	// Figure out the daemon profile.
-+	currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
-+	if err != nil {
-+		// If we couldn't get the daemon profile, assume we are running
-+		// unconfined which is generally the default.
-+		currentProfile = nil
-+	}
-+	daemonProfile := string(currentProfile)
-+	// Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
-+	// profiles cannot contain spaces so this doesn't restrict daemon profile
-+	// names.
-+	if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
-+		daemonProfile = parts[0]
-+	}
-+	if daemonProfile == "" {
-+		daemonProfile = "unconfined"
-+	}
-+	p.DaemonProfile = daemonProfile
-+
- 	// Install to a temporary directory.
- 	f, err := ioutil.TempFile("", name)
- 	if err != nil {
-diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
-index c00a3f70e993..400b3bd50a11 100644
---- a/components/engine/profiles/apparmor/template.go
-+++ b/components/engine/profiles/apparmor/template.go
-@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
-   capability,
-   file,
-   umount,
-+{{if ge .Version 208096}}
-+{{/* Allow 'docker kill' to actually send signals to container processes. */}}
-+  signal (receive) peer={{.DaemonProfile}},
-+{{/* Allow container processes to send signals amongst themselves. */}}
-+  signal (send,receive) peer={{.Name}},
-+{{end}}
- 
-   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
-   # deny write to files not in /proc/<number>/** or /proc/sys/**