aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-02-22 12:55:39 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-02-22 21:22:39 +0000
commit8eadc208e15023d9fa92cf08ff03c29ac55bf183 (patch)
treedef82eff864a01acb1e623aa15317006d207c0d5
parent6a4fcb168a47b0419b7a5cef48e3c7d0b42a9438 (diff)
downloadpodman-8eadc208e15023d9fa92cf08ff03c29ac55bf183.tar.gz
podman-8eadc208e15023d9fa92cf08ff03c29ac55bf183.tar.bz2
podman-8eadc208e15023d9fa92cf08ff03c29ac55bf183.zip
Remove No New Privs from DB as it's already in the spec
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #383 Approved by: rhatdan
-rw-r--r--libpod/container.go2
-rw-r--r--libpod/container_ffjson.go58
-rw-r--r--libpod/sql_state.go2
-rw-r--r--libpod/sql_state_internal.go8
-rw-r--r--libpod/test_common.go5
5 files changed, 7 insertions, 68 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 6a515a3e8..57b894b26 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -176,8 +176,6 @@ type ContainerConfig struct {
// Security Config
// Whether the container is privileged
Privileged bool `json:"privileged"`
- // Whether to set the No New Privileges flag
- NoNewPrivs bool `json:"noNewPrivs"`
// SELinux process label for container
ProcessLabel string `json:"ProcessLabel,omitempty"`
// SELinux mount label for root filesystem
diff --git a/libpod/container_ffjson.go b/libpod/container_ffjson.go
index 20cf69ba1..93a3bee20 100644
--- a/libpod/container_ffjson.go
+++ b/libpod/container_ffjson.go
@@ -106,11 +106,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
} else {
buf.WriteString(`"privileged":false`)
}
- if j.NoNewPrivs {
- buf.WriteString(`,"noNewPrivs":true`)
- } else {
- buf.WriteString(`,"noNewPrivs":false`)
- }
buf.WriteByte(',')
if len(j.ProcessLabel) != 0 {
buf.WriteString(`"ProcessLabel":`)
@@ -343,8 +338,6 @@ const (
ffjtContainerConfigPrivileged
- ffjtContainerConfigNoNewPrivs
-
ffjtContainerConfigProcessLabel
ffjtContainerConfigMountLabel
@@ -416,8 +409,6 @@ var ffjKeyContainerConfigMounts = []byte("mounts")
var ffjKeyContainerConfigPrivileged = []byte("privileged")
-var ffjKeyContainerConfigNoNewPrivs = []byte("noNewPrivs")
-
var ffjKeyContainerConfigProcessLabel = []byte("ProcessLabel")
var ffjKeyContainerConfigMountLabel = []byte("MountLabel")
@@ -649,11 +640,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
- } else if bytes.Equal(ffjKeyContainerConfigNoNewPrivs, kn) {
- currentKey = ffjtContainerConfigNoNewPrivs
- state = fflib.FFParse_want_colon
- goto mainparse
-
} else if bytes.Equal(ffjKeyContainerConfigNetNsCtr, kn) {
currentKey = ffjtContainerConfigNetNsCtr
state = fflib.FFParse_want_colon
@@ -887,12 +873,6 @@ mainparse:
goto mainparse
}
- if fflib.EqualFoldRight(ffjKeyContainerConfigNoNewPrivs, kn) {
- currentKey = ffjtContainerConfigNoNewPrivs
- state = fflib.FFParse_want_colon
- goto mainparse
- }
-
if fflib.SimpleLetterEqualFold(ffjKeyContainerConfigPrivileged, kn) {
currentKey = ffjtContainerConfigPrivileged
state = fflib.FFParse_want_colon
@@ -1018,9 +998,6 @@ mainparse:
case ffjtContainerConfigPrivileged:
goto handle_Privileged
- case ffjtContainerConfigNoNewPrivs:
- goto handle_NoNewPrivs
-
case ffjtContainerConfigProcessLabel:
goto handle_ProcessLabel
@@ -1480,41 +1457,6 @@ handle_Privileged:
state = fflib.FFParse_after_value
goto mainparse
-handle_NoNewPrivs:
-
- /* handler: j.NoNewPrivs type=bool kind=bool quoted=false*/
-
- {
- if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
- return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
- }
- }
-
- {
- if tok == fflib.FFTok_null {
-
- } else {
- tmpb := fs.Output.Bytes()
-
- if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
-
- j.NoNewPrivs = true
-
- } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
-
- j.NoNewPrivs = false
-
- } else {
- err = errors.New("unexpected bytes for true/false value")
- return fs.WrapErr(err)
- }
-
- }
- }
-
- state = fflib.FFParse_after_value
- goto mainparse
-
handle_ProcessLabel:
/* handler: j.ProcessLabel type=string kind=string quoted=false*/
diff --git a/libpod/sql_state.go b/libpod/sql_state.go
index 9efa12111..cf759d836 100644
--- a/libpod/sql_state.go
+++ b/libpod/sql_state.go
@@ -14,7 +14,7 @@ import (
// DBSchema is the current DB schema version
// Increments every time a change is made to the database's tables
-const DBSchema = 10
+const DBSchema = 11
// SQLState is a state implementation backed by a persistent SQLite3 database
type SQLState struct {
diff --git a/libpod/sql_state_internal.go b/libpod/sql_state_internal.go
index 9cc4cd861..d0771e0d8 100644
--- a/libpod/sql_state_internal.go
+++ b/libpod/sql_state_internal.go
@@ -213,7 +213,6 @@ func prepareDB(db *sql.DB) (err error) {
LogPath TEXT NOT NULL,
Privileged INTEGER NOT NULL,
- NoNewPrivs INTEGER NOT NULL,
ProcessLabel TEXT NOT NULL,
MountLabel TEXT NOT NULL,
User TEXT NOT NULL,
@@ -242,7 +241,6 @@ func prepareDB(db *sql.DB) (err error) {
CHECK (ImageVolumes IN (0, 1)),
CHECK (SHMSize>=0),
CHECK (Privileged IN (0, 1)),
- CHECK (NoNewPrivs IN (0, 1)),
CHECK (CreateNetNS IN (0, 1)),
CHECK (Stdin IN (0, 1)),
CHECK (StopSignal>=0),
@@ -448,7 +446,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
logPath string
privileged int
- noNewPrivs int
processLabel string
mountLabel string
user string
@@ -503,7 +500,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
&logPath,
&privileged,
- &noNewPrivs,
&processLabel,
&mountLabel,
&user,
@@ -566,7 +562,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
ctr.config.LogPath = logPath
ctr.config.Privileged = boolFromSQL(privileged)
- ctr.config.NoNewPrivs = boolFromSQL(noNewPrivs)
ctr.config.ProcessLabel = processLabel
ctr.config.MountLabel = mountLabel
ctr.config.User = user
@@ -753,7 +748,7 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
?, ?, ?, ?, ?,
?, ?, ?, ?, ?,
?, ?, ?, ?, ?,
- ?, ?, ?, ?
+ ?, ?, ?
);`
addCtrState = `INSERT INTO containerState VALUES (
?, ?, ?, ?, ?,
@@ -881,7 +876,6 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
ctr.config.LogPath,
boolToSQL(ctr.config.Privileged),
- boolToSQL(ctr.config.NoNewPrivs),
ctr.config.ProcessLabel,
ctr.config.MountLabel,
ctr.config.User,
diff --git a/libpod/test_common.go b/libpod/test_common.go
index 9e52c74a5..e4a684f87 100644
--- a/libpod/test_common.go
+++ b/libpod/test_common.go
@@ -106,6 +106,11 @@ func testContainersEqual(t *testing.T, a, b *Container) {
assert.NotNil(t, a)
assert.NotNil(t, b)
+ assert.NotNil(t, a.config)
+ assert.NotNil(t, b.config)
+ assert.NotNil(t, a.state)
+ assert.NotNil(t, b.state)
+
aConfig := new(ContainerConfig)
bConfig := new(ContainerConfig)
aState := new(containerState)