summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-10-30 11:41:00 +0100
committerValentin Rothberg <rothberg@redhat.com>2019-10-30 11:43:29 +0100
commitfb5367f29510d2f82ffb834dcf5a422495d5b99b (patch)
tree11a5315a061dea56005561c563f105565853bc51
parente7540d0406c49b22de245246d16ebc6e1778df37 (diff)
downloadpodman-fb5367f29510d2f82ffb834dcf5a422495d5b99b.tar.gz
podman-fb5367f29510d2f82ffb834dcf5a422495d5b99b.tar.bz2
podman-fb5367f29510d2f82ffb834dcf5a422495d5b99b.zip
seccomp: use github.com/seccomp/containers-golang
Use the github.com/seccomp/containers-golang library instead of the docker package. The docker package has changed and silently broke on F31. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--go.mod2
-rw-r--r--pkg/spec/config_linux_cgo.go2
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go74
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go56
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go35
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go51
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go17
-rw-r--r--vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go18
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/default.json798
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/generate.go32
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp.go189
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go674
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go12
-rw-r--r--vendor/golang.org/x/sys/windows/registry/key.go198
-rw-r--r--vendor/golang.org/x/sys/windows/registry/mksyscall.go9
-rw-r--r--vendor/golang.org/x/sys/windows/registry/syscall.go32
-rw-r--r--vendor/golang.org/x/sys/windows/registry/value.go387
-rw-r--r--vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go120
-rw-r--r--vendor/modules.txt7
19 files changed, 4 insertions, 2709 deletions
diff --git a/go.mod b/go.mod
index 9bd6c21b0..af1be72aa 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
github.com/pkg/errors v0.8.1
github.com/pkg/profile v1.3.0
github.com/pmezard/go-difflib v1.0.0
- github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f // indirect
+ github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f
github.com/sirupsen/logrus v1.4.2
github.com/spf13/cobra v0.0.5
github.com/spf13/pflag v1.0.5
diff --git a/pkg/spec/config_linux_cgo.go b/pkg/spec/config_linux_cgo.go
index e6e92a7cc..a1527752a 100644
--- a/pkg/spec/config_linux_cgo.go
+++ b/pkg/spec/config_linux_cgo.go
@@ -5,9 +5,9 @@ package createconfig
import (
"io/ioutil"
- "github.com/docker/docker/profiles/seccomp"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
+ seccomp "github.com/seccomp/containers-golang"
)
func getSeccompConfig(config *CreateConfig, configSpec *spec.Spec) (*spec.LinuxSeccomp, error) {
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
deleted file mode 100644
index 94780ef61..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go
+++ /dev/null
@@ -1,74 +0,0 @@
-// +build !windows
-
-// Package kernel provides helper function to get, parse and compare kernel
-// versions for different platforms.
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
- "errors"
- "fmt"
-)
-
-// VersionInfo holds information about the kernel.
-type VersionInfo struct {
- Kernel int // Version of the kernel (e.g. 4.1.2-generic -> 4)
- Major int // Major part of the kernel version (e.g. 4.1.2-generic -> 1)
- Minor int // Minor part of the kernel version (e.g. 4.1.2-generic -> 2)
- Flavor string // Flavor of the kernel version (e.g. 4.1.2-generic -> generic)
-}
-
-func (k *VersionInfo) String() string {
- return fmt.Sprintf("%d.%d.%d%s", k.Kernel, k.Major, k.Minor, k.Flavor)
-}
-
-// CompareKernelVersion compares two kernel.VersionInfo structs.
-// Returns -1 if a < b, 0 if a == b, 1 it a > b
-func CompareKernelVersion(a, b VersionInfo) int {
- if a.Kernel < b.Kernel {
- return -1
- } else if a.Kernel > b.Kernel {
- return 1
- }
-
- if a.Major < b.Major {
- return -1
- } else if a.Major > b.Major {
- return 1
- }
-
- if a.Minor < b.Minor {
- return -1
- } else if a.Minor > b.Minor {
- return 1
- }
-
- return 0
-}
-
-// ParseRelease parses a string and creates a VersionInfo based on it.
-func ParseRelease(release string) (*VersionInfo, error) {
- var (
- kernel, major, minor, parsed int
- flavor, partial string
- )
-
- // Ignore error from Sscanf to allow an empty flavor. Instead, just
- // make sure we got all the version numbers.
- parsed, _ = fmt.Sscanf(release, "%d.%d%s", &kernel, &major, &partial)
- if parsed < 2 {
- return nil, errors.New("Can't parse kernel version " + release)
- }
-
- // sometimes we have 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64
- parsed, _ = fmt.Sscanf(partial, ".%d%s", &minor, &flavor)
- if parsed < 1 {
- flavor = partial
- }
-
- return &VersionInfo{
- Kernel: kernel,
- Major: major,
- Minor: minor,
- Flavor: flavor,
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
deleted file mode 100644
index 6a302dcee..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// +build darwin
-
-// Package kernel provides helper function to get, parse and compare kernel
-// versions for different platforms.
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
- "fmt"
- "os/exec"
- "strings"
-
- shellwords "github.com/mattn/go-shellwords"
-)
-
-// GetKernelVersion gets the current kernel version.
-func GetKernelVersion() (*VersionInfo, error) {
- release, err := getRelease()
- if err != nil {
- return nil, err
- }
-
- return ParseRelease(release)
-}
-
-// getRelease uses `system_profiler SPSoftwareDataType` to get OSX kernel version
-func getRelease() (string, error) {
- cmd := exec.Command("system_profiler", "SPSoftwareDataType")
- osName, err := cmd.Output()
- if err != nil {
- return "", err
- }
-
- var release string
- data := strings.Split(string(osName), "\n")
- for _, line := range data {
- if strings.Contains(line, "Kernel Version") {
- // It has the format like ' Kernel Version: Darwin 14.5.0'
- content := strings.SplitN(line, ":", 2)
- if len(content) != 2 {
- return "", fmt.Errorf("Kernel Version is invalid")
- }
-
- prettyNames, err := shellwords.Parse(content[1])
- if err != nil {
- return "", fmt.Errorf("Kernel Version is invalid: %s", err.Error())
- }
-
- if len(prettyNames) != 2 {
- return "", fmt.Errorf("Kernel Version needs to be 'Darwin x.x.x' ")
- }
- release = prettyNames[1]
- }
- }
-
- return release, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
deleted file mode 100644
index 8a9aa3122..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// +build linux freebsd openbsd
-
-// Package kernel provides helper function to get, parse and compare kernel
-// versions for different platforms.
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
- "bytes"
-
- "github.com/sirupsen/logrus"
-)
-
-// GetKernelVersion gets the current kernel version.
-func GetKernelVersion() (*VersionInfo, error) {
- uts, err := uname()
- if err != nil {
- return nil, err
- }
-
- // Remove the \x00 from the release for Atoi to parse correctly
- return ParseRelease(string(uts.Release[:bytes.IndexByte(uts.Release[:], 0)]))
-}
-
-// CheckKernelVersion checks if current kernel is newer than (or equal to)
-// the given version.
-func CheckKernelVersion(k, major, minor int) bool {
- if v, err := GetKernelVersion(); err != nil {
- logrus.Warnf("error getting kernel version: %s", err)
- } else {
- if CompareKernelVersion(*v, VersionInfo{Kernel: k, Major: major, Minor: minor}) < 0 {
- return false
- }
- }
- return true
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
deleted file mode 100644
index a04763872..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_windows.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
- "fmt"
-
- "golang.org/x/sys/windows"
- "golang.org/x/sys/windows/registry"
-)
-
-// VersionInfo holds information about the kernel.
-type VersionInfo struct {
- kvi string // Version of the kernel (e.g. 6.1.7601.17592 -> 6)
- major int // Major part of the kernel version (e.g. 6.1.7601.17592 -> 1)
- minor int // Minor part of the kernel version (e.g. 6.1.7601.17592 -> 7601)
- build int // Build number of the kernel version (e.g. 6.1.7601.17592 -> 17592)
-}
-
-func (k *VersionInfo) String() string {
- return fmt.Sprintf("%d.%d %d (%s)", k.major, k.minor, k.build, k.kvi)
-}
-
-// GetKernelVersion gets the current kernel version.
-func GetKernelVersion() (*VersionInfo, error) {
-
- KVI := &VersionInfo{"Unknown", 0, 0, 0}
-
- k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
- if err != nil {
- return KVI, err
- }
- defer k.Close()
-
- blex, _, err := k.GetStringValue("BuildLabEx")
- if err != nil {
- return KVI, err
- }
- KVI.kvi = blex
-
- // Important - dockerd.exe MUST be manifested for this API to return
- // the correct information.
- dwVersion, err := windows.GetVersion()
- if err != nil {
- return KVI, err
- }
-
- KVI.major = int(dwVersion & 0xFF)
- KVI.minor = int((dwVersion & 0xFF00) >> 8)
- KVI.build = int((dwVersion & 0xFFFF0000) >> 16)
-
- return KVI, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
deleted file mode 100644
index 212ff4502..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_linux.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import "golang.org/x/sys/unix"
-
-// Utsname represents the system name structure.
-// It is passthrough for unix.Utsname in order to make it portable with
-// other platforms where it is not available.
-type Utsname unix.Utsname
-
-func uname() (*unix.Utsname, error) {
- uts := &unix.Utsname{}
-
- if err := unix.Uname(uts); err != nil {
- return nil, err
- }
- return uts, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
deleted file mode 100644
index 97906e4cd..000000000
--- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// +build !linux
-
-package kernel // import "github.com/docker/docker/pkg/parsers/kernel"
-
-import (
- "errors"
-)
-
-// Utsname represents the system name structure.
-// It is defined here to make it portable as it is available on linux but not
-// on windows.
-type Utsname struct {
- Release [65]byte
-}
-
-func uname() (*Utsname, error) {
- return nil, errors.New("Kernel version detection is available only on linux")
-}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default.json b/vendor/github.com/docker/docker/profiles/seccomp/default.json
deleted file mode 100644
index 71ac412df..000000000
--- a/vendor/github.com/docker/docker/profiles/seccomp/default.json
+++ /dev/null
@@ -1,798 +0,0 @@
-{
- "defaultAction": "SCMP_ACT_ERRNO",
- "archMap": [
- {
- "architecture": "SCMP_ARCH_X86_64",
- "subArchitectures": [
- "SCMP_ARCH_X86",
- "SCMP_ARCH_X32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_AARCH64",
- "subArchitectures": [
- "SCMP_ARCH_ARM"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_S390X",
- "subArchitectures": [
- "SCMP_ARCH_S390"
- ]
- }
- ],
- "syscalls": [
- {
- "names": [
- "accept",
- "accept4",
- "access",
- "adjtimex",
- "alarm",
- "bind",
- "brk",
- "capget",
- "capset",
- "chdir",
- "chmod",
- "chown",
- "chown32",
- "clock_getres",
- "clock_gettime",
- "clock_nanosleep",
- "close",
- "connect",
- "copy_file_range",
- "creat",
- "dup",
- "dup2",
- "dup3",
- "epoll_create",
- "epoll_create1",
- "epoll_ctl",
- "epoll_ctl_old",
- "epoll_pwait",
- "epoll_wait",
- "epoll_wait_old",
- "eventfd",
- "eventfd2",
- "execve",
- "execveat",
- "exit",
- "exit_group",
- "faccessat",
- "fadvise64",
- "fadvise64_64",
- "fallocate",
- "fanotify_mark",
- "fchdir",
- "fchmod",
- "fchmodat",
- "fchown",
- "fchown32",
- "fchownat",
- "fcntl",
- "fcntl64",
- "fdatasync",
- "fgetxattr",
- "flistxattr",
- "flock",
- "fork",
- "fremovexattr",
- "fsetxattr",
- "fstat",
- "fstat64",
- "fstatat64",
- "fstatfs",
- "fstatfs64",
- "fsync",
- "ftruncate",
- "ftruncate64",
- "futex",
- "futimesat",
- "getcpu",
- "getcwd",
- "getdents",
- "getdents64",
- "getegid",
- "getegid32",
- "geteuid",
- "geteuid32",
- "getgid",
- "getgid32",
- "getgroups",
- "getgroups32",
- "getitimer",
- "getpeername",
- "getpgid",
- "getpgrp",
- "getpid",
- "getppid",
- "getpriority",
- "getrandom",
- "getresgid",
- "getresgid32",
- "getresuid",
- "getresuid32",
- "getrlimit",
- "get_robust_list",
- "getrusage",
- "getsid",
- "getsockname",
- "getsockopt",
- "get_thread_area",
- "gettid",
- "gettimeofday",
- "getuid",
- "getuid32",
- "getxattr",
- "inotify_add_watch",
- "inotify_init",
- "inotify_init1",
- "inotify_rm_watch",
- "io_cancel",
- "ioctl",
- "io_destroy",
- "io_getevents",
- "io_pgetevents",
- "ioprio_get",
- "ioprio_set",
- "io_setup",
- "io_submit",
- "io_uring_enter",
- "io_uring_register",
- "io_uring_setup",
- "ipc",
- "kill",
- "lchown",
- "lchown32",
- "lgetxattr",
- "link",
- "linkat",
- "listen",
- "listxattr",
- "llistxattr",
- "_llseek",
- "lremovexattr",
- "lseek",
- "lsetxattr",
- "lstat",
- "lstat64",
- "madvise",
- "memfd_create",
- "mincore",
- "mkdir",
- "mkdirat",
- "mknod",
- "mknodat",
- "mlock",
- "mlock2",
- "mlockall",
- "mmap",
- "mmap2",
- "mprotect",
- "mq_getsetattr",
- "mq_notify",
- "mq_open",
- "mq_timedreceive",
- "mq_timedsend",
- "mq_unlink",
- "mremap",
- "msgctl",
- "msgget",
- "msgrcv",
- "msgsnd",
- "msync",
- "munlock",
- "munlockall",
- "munmap",
- "nanosleep",
- "newfstatat",
- "_newselect",
- "open",
- "openat",
- "pause",
- "pipe",
- "pipe2",
- "poll",
- "ppoll",
- "prctl",
- "pread64",
- "preadv",
- "preadv2",
- "prlimit64",
- "pselect6",
- "pwrite64",
- "pwritev",
- "pwritev2",
- "read",
- "readahead",
- "readlink",
- "readlinkat",
- "readv",
- "recv",
- "recvfrom",
- "recvmmsg",
- "recvmsg",
- "remap_file_pages",
- "removexattr",
- "rename",
- "renameat",
- "renameat2",
- "restart_syscall",
- "rmdir",
- "rt_sigaction",
- "rt_sigpending",
- "rt_sigprocmask",
- "rt_sigqueueinfo",
- "rt_sigreturn",
- "rt_sigsuspend",
- "rt_sigtimedwait",
- "rt_tgsigqueueinfo",
- "sched_getaffinity",
- "sched_getattr",
- "sched_getparam",
- "sched_get_priority_max",
- "sched_get_priority_min",
- "sched_getscheduler",
- "sched_rr_get_interval",
- "sched_setaffinity",
- "sched_setattr",
- "sched_setparam",
- "sched_setscheduler",
- "sched_yield",
- "seccomp",
- "select",
- "semctl",
- "semget",
- "semop",
- "semtimedop",
- "send",
- "sendfile",
- "sendfile64",
- "sendmmsg",
- "sendmsg",
- "sendto",
- "setfsgid",
- "setfsgid32",
- "setfsuid",
- "setfsuid32",
- "setgid",
- "setgid32",
- "setgroups",
- "setgroups32",
- "setitimer",
- "setpgid",
- "setpriority",
- "setregid",
- "setregid32",
- "setresgid",
- "setresgid32",
- "setresuid",
- "setresuid32",
- "setreuid",
- "setreuid32",
- "setrlimit",
- "set_robust_list",
- "setsid",
- "setsockopt",
- "set_thread_area",
- "set_tid_address",
- "setuid",
- "setuid32",
- "setxattr",
- "shmat",
- "shmctl",
- "shmdt",
- "shmget",
- "shutdown",
- "sigaltstack",
- "signalfd",
- "signalfd4",
- "sigprocmask",
- "sigreturn",
- "socket",
- "socketcall",
- "socketpair",
- "splice",
- "stat",
- "stat64",
- "statfs",
- "statfs64",
- "statx",
- "symlink",
- "symlinkat",
- "sync",
- "sync_file_range",
- "syncfs",
- "sysinfo",
- "tee",
- "tgkill",
- "time",
- "timer_create",
- "timer_delete",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_settime",
- "timer_getoverrun",
- "timer_gettime",
- "timer_settime",
- "times",
- "tkill",
- "truncate",
- "truncate64",
- "ugetrlimit",
- "umask",
- "uname",
- "unlink",
- "unlinkat",
- "utime",
- "utimensat",
- "utimes",
- "vfork",
- "vmsplice",
- "wait4",
- "waitid",
- "waitpid",
- "write",
- "writev"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "ptrace"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": null,
- "comment": "",
- "includes": {
- "minKernel": "4.8"
- },
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 0,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 8,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131072,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131080,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 4294967295,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "sync_file_range2"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "ppc64le"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arm_fadvise64_64",
- "arm_sync_file_range",
- "sync_file_range2",
- "breakpoint",
- "cacheflush",
- "set_tls"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "arm",
- "arm64"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arch_prctl"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "modify_ldt"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32",
- "x86"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "s390_pci_mmio_read",
- "s390_pci_mmio_write",
- "s390_runtime_instr"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "s390",
- "s390x"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "open_by_handle_at"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_DAC_READ_SEARCH"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "bpf",
- "clone",
- "fanotify_init",
- "lookup_dcookie",
- "mount",
- "name_to_handle_at",
- "perf_event_open",
- "quotactl",
- "setdomainname",
- "sethostname",
- "setns",
- "syslog",
- "umount",
- "umount2",
- "unshare"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "clone"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 2114060288,
- "valueTwo": 0,
- "op": "SCMP_CMP_MASKED_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ],
- "arches": [
- "s390",
- "s390x"
- ]
- }
- },
- {
- "names": [
- "clone"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 1,
- "value": 2114060288,
- "valueTwo": 0,
- "op": "SCMP_CMP_MASKED_EQ"
- }
- ],
- "comment": "s390 parameter ordering for clone is different",
- "includes": {
- "arches": [
- "s390",
- "s390x"
- ]
- },
- "excludes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- }
- },
- {
- "names": [
- "reboot"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_BOOT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "chroot"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_CHROOT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "delete_module",
- "init_module",
- "finit_module",
- "query_module"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_MODULE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "acct"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PACCT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "kcmp",
- "process_vm_readv",
- "process_vm_writev",
- "ptrace"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PTRACE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "iopl",
- "ioperm"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_RAWIO"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "settimeofday",
- "stime",
- "clock_settime"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TIME"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "vhangup"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TTY_CONFIG"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "get_mempolicy",
- "mbind",
- "set_mempolicy"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_NICE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "syslog"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYSLOG"
- ]
- },
- "excludes": {}
- }
- ]
-} \ No newline at end of file
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/generate.go b/vendor/github.com/docker/docker/profiles/seccomp/generate.go
deleted file mode 100644
index 32f22bb37..000000000
--- a/vendor/github.com/docker/docker/profiles/seccomp/generate.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// +build ignore
-
-package main
-
-import (
- "encoding/json"
- "io/ioutil"
- "os"
- "path/filepath"
-
- "github.com/docker/docker/profiles/seccomp"
-)
-
-// saves the default seccomp profile as a json file so people can use it as a
-// base for their own custom profiles
-func main() {
- wd, err := os.Getwd()
- if err != nil {
- panic(err)
- }
- f := filepath.Join(wd, "default.json")
-
- // write the default profile to the file
- b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t")
- if err != nil {
- panic(err)
- }
-
- if err := ioutil.WriteFile(f, b, 0644); err != nil {
- panic(err)
- }
-}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
deleted file mode 100644
index 12721a120..000000000
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
+++ /dev/null
@@ -1,189 +0,0 @@
-// +build linux
-
-package seccomp // import "github.com/docker/docker/profiles/seccomp"
-
-import (
- "encoding/json"
- "errors"
- "fmt"
-
- "github.com/docker/docker/api/types"
- "github.com/docker/docker/pkg/parsers/kernel"
- specs "github.com/opencontainers/runtime-spec/specs-go"
- libseccomp "github.com/seccomp/libseccomp-golang"
-)
-
-//go:generate go run -tags 'seccomp' generate.go
-
-// GetDefaultProfile returns the default seccomp profile.
-func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) {
- return setupSeccomp(DefaultProfile(), rs)
-}
-
-// LoadProfile takes a json string and decodes the seccomp profile.
-func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
- var config types.Seccomp
- if err := json.Unmarshal([]byte(body), &config); err != nil {
- return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
- }
- return setupSeccomp(&config, rs)
-}
-
-var nativeToSeccomp = map[string]types.Arch{
- "amd64": types.ArchX86_64,
- "arm64": types.ArchAARCH64,
- "mips64": types.ArchMIPS64,
- "mips64n32": types.ArchMIPS64N32,
- "mipsel64": types.ArchMIPSEL64,
- "mipsel64n32": types.ArchMIPSEL64N32,
- "s390x": types.ArchS390X,
-}
-
-// inSlice tests whether a string is contained in a slice of strings or not.
-// Comparison is case sensitive
-func inSlice(slice []string, s string) bool {
- for _, ss := range slice {
- if s == ss {
- return true
- }
- }
- return false
-}
-
-func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
- if config == nil {
- return nil, nil
- }
-
- // No default action specified, no syscalls listed, assume seccomp disabled
- if config.DefaultAction == "" && len(config.Syscalls) == 0 {
- return nil, nil
- }
-
- newConfig := &specs.LinuxSeccomp{}
-
- var arch string
- var native, err = libseccomp.GetNativeArch()
- if err == nil {
- arch = native.String()
- }
-
- if len(config.Architectures) != 0 && len(config.ArchMap) != 0 {
- return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
- }
-
- // if config.Architectures == 0 then libseccomp will figure out the architecture to use
- if len(config.Architectures) != 0 {
- for _, a := range config.Architectures {
- newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a))
- }
- }
-
- if len(config.ArchMap) != 0 {
- for _, a := range config.ArchMap {
- seccompArch, ok := nativeToSeccomp[arch]
- if ok {
- if a.Arch == seccompArch {
- newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch))
- for _, sa := range a.SubArches {
- newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa))
- }
- break
- }
- }
- }
- }
-
- newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction)
-
-Loop:
- // Loop through all syscall blocks and convert them to libcontainer format after filtering them
- for _, call := range config.Syscalls {
- if len(call.Excludes.Arches) > 0 {
- if inSlice(call.Excludes.Arches, arch) {
- continue Loop
- }
- }
- if len(call.Excludes.Caps) > 0 {
- for _, c := range call.Excludes.Caps {
- if inSlice(rs.Process.Capabilities.Bounding, c) {
- continue Loop
- }
- }
- }
- if call.Excludes.MinKernel != "" {
- if ok, err := kernelGreaterEqualThan(call.Excludes.MinKernel); err != nil {
- return nil, err
- } else if ok {
- continue Loop
- }
- }
- if len(call.Includes.Arches) > 0 {
- if !inSlice(call.Includes.Arches, arch) {
- continue Loop
- }
- }
- if len(call.Includes.Caps) > 0 {
- for _, c := range call.Includes.Caps {
- if !inSlice(rs.Process.Capabilities.Bounding, c) {
- continue Loop
- }
- }
- }
- if call.Includes.MinKernel != "" {
- if ok, err := kernelGreaterEqualThan(call.Includes.MinKernel); err != nil {
- return nil, err
- } else if !ok {
- continue Loop
- }
- }
-
- if call.Name != "" && len(call.Names) != 0 {
- return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
- }
-
- if call.Name != "" {
- newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall([]string{call.Name}, call.Action, call.Args))
- } else {
- newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Names, call.Action, call.Args))
- }
- }
-
- return newConfig, nil
-}
-
-func createSpecsSyscall(names []string, action types.Action, args []*types.Arg) specs.LinuxSyscall {
- newCall := specs.LinuxSyscall{
- Names: names,
- Action: specs.LinuxSeccompAction(action),
- }
-
- // Loop through all the arguments of the syscall and convert them
- for _, arg := range args {
- newArg := specs.LinuxSeccompArg{
- Index: arg.Index,
- Value: arg.Value,
- ValueTwo: arg.ValueTwo,
- Op: specs.LinuxSeccompOperator(arg.Op),
- }
-
- newCall.Args = append(newCall.Args, newArg)
- }
- return newCall
-}
-
-var currentKernelVersion *kernel.VersionInfo
-
-func kernelGreaterEqualThan(v string) (bool, error) {
- version, err := kernel.ParseRelease(v)
- if err != nil {
- return false, err
- }
- if currentKernelVersion == nil {
- currentKernelVersion, err = kernel.GetKernelVersion()
- if err != nil {
- return false, err
- }
- }
- return kernel.CompareKernelVersion(*version, *currentKernelVersion) <= 0, nil
-}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
deleted file mode 100644
index 16148b408..000000000
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
+++ /dev/null
@@ -1,674 +0,0 @@
-// +build linux,seccomp
-
-package seccomp // import "github.com/docker/docker/profiles/seccomp"
-
-import (
- "github.com/docker/docker/api/types"
- "golang.org/x/sys/unix"
-)
-
-func arches() []types.Architecture {
- return []types.Architecture{
- {
- Arch: types.ArchX86_64,
- SubArches: []types.Arch{types.ArchX86, types.ArchX32},
- },
- {
- Arch: types.ArchAARCH64,
- SubArches: []types.Arch{types.ArchARM},
- },
- {
- Arch: types.ArchMIPS64,
- SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32},
- },
- {
- Arch: types.ArchMIPS64N32,
- SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64},
- },
- {
- Arch: types.ArchMIPSEL64,
- SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32},
- },
- {
- Arch: types.ArchMIPSEL64N32,
- SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64},
- },
- {
- Arch: types.ArchS390X,
- SubArches: []types.Arch{types.ArchS390},
- },
- }
-}
-
-// DefaultProfile defines the whitelist for the default seccomp profile.
-func DefaultProfile() *types.Seccomp {
- syscalls := []*types.Syscall{
- {
- Names: []string{
- "accept",
- "accept4",
- "access",
- "adjtimex",
- "alarm",
- "bind",
- "brk",
- "capget",
- "capset",
- "chdir",
- "chmod",
- "chown",
- "chown32",
- "clock_getres",
- "clock_gettime",
- "clock_nanosleep",
- "close",
- "connect",
- "copy_file_range",
- "creat",
- "dup",
- "dup2",
- "dup3",
- "epoll_create",
- "epoll_create1",
- "epoll_ctl",
- "epoll_ctl_old",
- "epoll_pwait",
- "epoll_wait",
- "epoll_wait_old",
- "eventfd",
- "eventfd2",
- "execve",
- "execveat",
- "exit",
- "exit_group",
- "faccessat",
- "fadvise64",
- "fadvise64_64",
- "fallocate",
- "fanotify_mark",
- "fchdir",
- "fchmod",
- "fchmodat",
- "fchown",
- "fchown32",
- "fchownat",
- "fcntl",
- "fcntl64",
- "fdatasync",
- "fgetxattr",
- "flistxattr",
- "flock",
- "fork",
- "fremovexattr",
- "fsetxattr",
- "fstat",
- "fstat64",
- "fstatat64",
- "fstatfs",
- "fstatfs64",
- "fsync",
- "ftruncate",
- "ftruncate64",
- "futex",
- "futimesat",
- "getcpu",
- "getcwd",
- "getdents",
- "getdents64",
- "getegid",
- "getegid32",
- "geteuid",
- "geteuid32",
- "getgid",
- "getgid32",
- "getgroups",
- "getgroups32",
- "getitimer",
- "getpeername",
- "getpgid",
- "getpgrp",
- "getpid",
- "getppid",
- "getpriority",
- "getrandom",
- "getresgid",
- "getresgid32",
- "getresuid",
- "getresuid32",
- "getrlimit",
- "get_robust_list",
- "getrusage",
- "getsid",
- "getsockname",
- "getsockopt",
- "get_thread_area",
- "gettid",
- "gettimeofday",
- "getuid",
- "getuid32",
- "getxattr",
- "inotify_add_watch",
- "inotify_init",
- "inotify_init1",
- "inotify_rm_watch",
- "io_cancel",
- "ioctl",
- "io_destroy",
- "io_getevents",
- "io_pgetevents",
- "ioprio_get",
- "ioprio_set",
- "io_setup",
- "io_submit",
- "io_uring_enter",
- "io_uring_register",
- "io_uring_setup",
- "ipc",
- "kill",
- "lchown",
- "lchown32",
- "lgetxattr",
- "link",
- "linkat",
- "listen",
- "listxattr",
- "llistxattr",
- "_llseek",
- "lremovexattr",
- "lseek",
- "lsetxattr",
- "lstat",
- "lstat64",
- "madvise",
- "memfd_create",
- "mincore",
- "mkdir",
- "mkdirat",
- "mknod",
- "mknodat",
- "mlock",
- "mlock2",
- "mlockall",
- "mmap",
- "mmap2",
- "mprotect",
- "mq_getsetattr",
- "mq_notify",
- "mq_open",
- "mq_timedreceive",
- "mq_timedsend",
- "mq_unlink",
- "mremap",
- "msgctl",
- "msgget",
- "msgrcv",
- "msgsnd",
- "msync",
- "munlock",
- "munlockall",
- "munmap",
- "nanosleep",
- "newfstatat",
- "_newselect",
- "open",
- "openat",
- "pause",
- "pipe",
- "pipe2",
- "poll",
- "ppoll",
- "prctl",
- "pread64",
- "preadv",
- "preadv2",
- "prlimit64",
- "pselect6",
- "pwrite64",
- "pwritev",
- "pwritev2",
- "read",
- "readahead",
- "readlink",
- "readlinkat",
- "readv",
- "recv",
- "recvfrom",
- "recvmmsg",
- "recvmsg",
- "remap_file_pages",
- "removexattr",
- "rename",
- "renameat",
- "renameat2",
- "restart_syscall",
- "rmdir",
- "rt_sigaction",
- "rt_sigpending",
- "rt_sigprocmask",
- "rt_sigqueueinfo",
- "rt_sigreturn",
- "rt_sigsuspend",
- "rt_sigtimedwait",
- "rt_tgsigqueueinfo",
- "sched_getaffinity",
- "sched_getattr",
- "sched_getparam",
- "sched_get_priority_max",
- "sched_get_priority_min",
- "sched_getscheduler",
- "sched_rr_get_interval",
- "sched_setaffinity",
- "sched_setattr",
- "sched_setparam",
- "sched_setscheduler",
- "sched_yield",
- "seccomp",
- "select",
- "semctl",
- "semget",
- "semop",
- "semtimedop",
- "send",
- "sendfile",
- "sendfile64",
- "sendmmsg",
- "sendmsg",
- "sendto",
- "setfsgid",
- "setfsgid32",
- "setfsuid",
- "setfsuid32",
- "setgid",
- "setgid32",
- "setgroups",
- "setgroups32",
- "setitimer",
- "setpgid",
- "setpriority",
- "setregid",
- "setregid32",
- "setresgid",
- "setresgid32",
- "setresuid",
- "setresuid32",
- "setreuid",
- "setreuid32",
- "setrlimit",
- "set_robust_list",
- "setsid",
- "setsockopt",
- "set_thread_area",
- "set_tid_address",
- "setuid",
- "setuid32",
- "setxattr",
- "shmat",
- "shmctl",
- "shmdt",
- "shmget",
- "shutdown",
- "sigaltstack",
- "signalfd",
- "signalfd4",
- "sigprocmask",
- "sigreturn",
- "socket",
- "socketcall",
- "socketpair",
- "splice",
- "stat",
- "stat64",
- "statfs",
- "statfs64",
- "statx",
- "symlink",
- "symlinkat",
- "sync",
- "sync_file_range",
- "syncfs",
- "sysinfo",
- "tee",
- "tgkill",
- "time",
- "timer_create",
- "timer_delete",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_settime",
- "timer_getoverrun",
- "timer_gettime",
- "timer_settime",
- "times",
- "tkill",
- "truncate",
- "truncate64",
- "ugetrlimit",
- "umask",
- "uname",
- "unlink",
- "unlinkat",
- "utime",
- "utimensat",
- "utimes",
- "vfork",
- "vmsplice",
- "wait4",
- "waitid",
- "waitpid",
- "write",
- "writev",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- },
- {
- Names: []string{"ptrace"},
- Action: types.ActAllow,
- Includes: types.Filter{
- MinKernel: "4.8",
- },
- },
- {
- Names: []string{"personality"},
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: 0x0,
- Op: types.OpEqualTo,
- },
- },
- },
- {
- Names: []string{"personality"},
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: 0x0008,
- Op: types.OpEqualTo,
- },
- },
- },
- {
- Names: []string{"personality"},
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: 0x20000,
- Op: types.OpEqualTo,
- },
- },
- },
- {
- Names: []string{"personality"},
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: 0x20008,
- Op: types.OpEqualTo,
- },
- },
- },
- {
- Names: []string{"personality"},
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: 0xffffffff,
- Op: types.OpEqualTo,
- },
- },
- },
- {
- Names: []string{
- "sync_file_range2",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Arches: []string{"ppc64le"},
- },
- },
- {
- Names: []string{
- "arm_fadvise64_64",
- "arm_sync_file_range",
- "sync_file_range2",
- "breakpoint",
- "cacheflush",
- "set_tls",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Arches: []string{"arm", "arm64"},
- },
- },
- {
- Names: []string{
- "arch_prctl",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Arches: []string{"amd64", "x32"},
- },
- },
- {
- Names: []string{
- "modify_ldt",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Arches: []string{"amd64", "x32", "x86"},
- },
- },
- {
- Names: []string{
- "s390_pci_mmio_read",
- "s390_pci_mmio_write",
- "s390_runtime_instr",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Arches: []string{"s390", "s390x"},
- },
- },
- {
- Names: []string{
- "open_by_handle_at",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_DAC_READ_SEARCH"},
- },
- },
- {
- Names: []string{
- "bpf",
- "clone",
- "fanotify_init",
- "lookup_dcookie",
- "mount",
- "name_to_handle_at",
- "perf_event_open",
- "quotactl",
- "setdomainname",
- "sethostname",
- "setns",
- "syslog",
- "umount",
- "umount2",
- "unshare",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_ADMIN"},
- },
- },
- {
- Names: []string{
- "clone",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 0,
- Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
- ValueTwo: 0,
- Op: types.OpMaskedEqual,
- },
- },
- Excludes: types.Filter{
- Caps: []string{"CAP_SYS_ADMIN"},
- Arches: []string{"s390", "s390x"},
- },
- },
- {
- Names: []string{
- "clone",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{
- {
- Index: 1,
- Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET | unix.CLONE_NEWCGROUP,
- ValueTwo: 0,
- Op: types.OpMaskedEqual,
- },
- },
- Comment: "s390 parameter ordering for clone is different",
- Includes: types.Filter{
- Arches: []string{"s390", "s390x"},
- },
- Excludes: types.Filter{
- Caps: []string{"CAP_SYS_ADMIN"},
- },
- },
- {
- Names: []string{
- "reboot",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_BOOT"},
- },
- },
- {
- Names: []string{
- "chroot",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_CHROOT"},
- },
- },
- {
- Names: []string{
- "delete_module",
- "init_module",
- "finit_module",
- "query_module",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_MODULE"},
- },
- },
- {
- Names: []string{
- "acct",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_PACCT"},
- },
- },
- {
- Names: []string{
- "kcmp",
- "process_vm_readv",
- "process_vm_writev",
- "ptrace",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_PTRACE"},
- },
- },
- {
- Names: []string{
- "iopl",
- "ioperm",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_RAWIO"},
- },
- },
- {
- Names: []string{
- "settimeofday",
- "stime",
- "clock_settime",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_TIME"},
- },
- },
- {
- Names: []string{
- "vhangup",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_TTY_CONFIG"},
- },
- },
- {
- Names: []string{
- "get_mempolicy",
- "mbind",
- "set_mempolicy",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYS_NICE"},
- },
- },
- {
- Names: []string{
- "syslog",
- },
- Action: types.ActAllow,
- Args: []*types.Arg{},
- Includes: types.Filter{
- Caps: []string{"CAP_SYSLOG"},
- },
- },
- }
-
- return &types.Seccomp{
- DefaultAction: types.ActErrno,
- ArchMap: arches(),
- Syscalls: syscalls,
- }
-}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
deleted file mode 100644
index 67e06401f..000000000
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build linux,!seccomp
-
-package seccomp // import "github.com/docker/docker/profiles/seccomp"
-
-import (
- "github.com/docker/docker/api/types"
-)
-
-// DefaultProfile returns a nil pointer on unsupported systems.
-func DefaultProfile() *types.Seccomp {
- return nil
-}
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
deleted file mode 100644
index c25648343..000000000
--- a/vendor/golang.org/x/sys/windows/registry/key.go
+++ /dev/null
@@ -1,198 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// Package registry provides access to the Windows registry.
-//
-// Here is a simple example, opening a registry key and reading a string value from it.
-//
-// k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
-// if err != nil {
-// log.Fatal(err)
-// }
-// defer k.Close()
-//
-// s, _, err := k.GetStringValue("SystemRoot")
-// if err != nil {
-// log.Fatal(err)
-// }
-// fmt.Printf("Windows system root is %q\n", s)
-//
-package registry
-
-import (
- "io"
- "syscall"
- "time"
-)
-
-const (
- // Registry key security and access rights.
- // See https://msdn.microsoft.com/en-us/library/windows/desktop/ms724878.aspx
- // for details.
- ALL_ACCESS = 0xf003f
- CREATE_LINK = 0x00020
- CREATE_SUB_KEY = 0x00004
- ENUMERATE_SUB_KEYS = 0x00008
- EXECUTE = 0x20019
- NOTIFY = 0x00010
- QUERY_VALUE = 0x00001
- READ = 0x20019
- SET_VALUE = 0x00002
- WOW64_32KEY = 0x00200
- WOW64_64KEY = 0x00100
- WRITE = 0x20006
-)
-
-// Key is a handle to an open Windows registry key.
-// Keys can be obtained by calling OpenKey; there are
-// also some predefined root keys such as CURRENT_USER.
-// Keys can be used directly in the Windows API.
-type Key syscall.Handle
-
-const (
- // Windows defines some predefined root keys that are always open.
- // An application can use these keys as entry points to the registry.
- // Normally these keys are used in OpenKey to open new keys,
- // but they can also be used anywhere a Key is required.
- CLASSES_ROOT = Key(syscall.HKEY_CLASSES_ROOT)
- CURRENT_USER = Key(syscall.HKEY_CURRENT_USER)
- LOCAL_MACHINE = Key(syscall.HKEY_LOCAL_MACHINE)
- USERS = Key(syscall.HKEY_USERS)
- CURRENT_CONFIG = Key(syscall.HKEY_CURRENT_CONFIG)
- PERFORMANCE_DATA = Key(syscall.HKEY_PERFORMANCE_DATA)
-)
-
-// Close closes open key k.
-func (k Key) Close() error {
- return syscall.RegCloseKey(syscall.Handle(k))
-}
-
-// OpenKey opens a new key with path name relative to key k.
-// It accepts any open key, including CURRENT_USER and others,
-// and returns the new key and an error.
-// The access parameter specifies desired access rights to the
-// key to be opened.
-func OpenKey(k Key, path string, access uint32) (Key, error) {
- p, err := syscall.UTF16PtrFromString(path)
- if err != nil {
- return 0, err
- }
- var subkey syscall.Handle
- err = syscall.RegOpenKeyEx(syscall.Handle(k), p, 0, access, &subkey)
- if err != nil {
- return 0, err
- }
- return Key(subkey), nil
-}
-
-// OpenRemoteKey opens a predefined registry key on another
-// computer pcname. The key to be opened is specified by k, but
-// can only be one of LOCAL_MACHINE, PERFORMANCE_DATA or USERS.
-// If pcname is "", OpenRemoteKey returns local computer key.
-func OpenRemoteKey(pcname string, k Key) (Key, error) {
- var err error
- var p *uint16
- if pcname != "" {
- p, err = syscall.UTF16PtrFromString(`\\` + pcname)
- if err != nil {
- return 0, err
- }
- }
- var remoteKey syscall.Handle
- err = regConnectRegistry(p, syscall.Handle(k), &remoteKey)
- if err != nil {
- return 0, err
- }
- return Key(remoteKey), nil
-}
-
-// ReadSubKeyNames returns the names of subkeys of key k.
-// The parameter n controls the number of returned names,
-// analogous to the way os.File.Readdirnames works.
-func (k Key) ReadSubKeyNames(n int) ([]string, error) {
- names := make([]string, 0)
- // Registry key size limit is 255 bytes and described there:
- // https://msdn.microsoft.com/library/windows/desktop/ms724872.aspx
- buf := make([]uint16, 256) //plus extra room for terminating zero byte
-loopItems:
- for i := uint32(0); ; i++ {
- if n > 0 {
- if len(names) == n {
- return names, nil
- }
- }
- l := uint32(len(buf))
- for {
- err := syscall.RegEnumKeyEx(syscall.Handle(k), i, &buf[0], &l, nil, nil, nil, nil)
- if err == nil {
- break
- }
- if err == syscall.ERROR_MORE_DATA {
- // Double buffer size and try again.
- l = uint32(2 * len(buf))
- buf = make([]uint16, l)
- continue
- }
- if err == _ERROR_NO_MORE_ITEMS {
- break loopItems
- }
- return names, err
- }
- names = append(names, syscall.UTF16ToString(buf[:l]))
- }
- if n > len(names) {
- return names, io.EOF
- }
- return names, nil
-}
-
-// CreateKey creates a key named path under open key k.
-// CreateKey returns the new key and a boolean flag that reports
-// whether the key already existed.
-// The access parameter specifies the access rights for the key
-// to be created.
-func CreateKey(k Key, path string, access uint32) (newk Key, openedExisting bool, err error) {
- var h syscall.Handle
- var d uint32
- err = regCreateKeyEx(syscall.Handle(k), syscall.StringToUTF16Ptr(path),
- 0, nil, _REG_OPTION_NON_VOLATILE, access, nil, &h, &d)
- if err != nil {
- return 0, false, err
- }
- return Key(h), d == _REG_OPENED_EXISTING_KEY, nil
-}
-
-// DeleteKey deletes the subkey path of key k and its values.
-func DeleteKey(k Key, path string) error {
- return regDeleteKey(syscall.Handle(k), syscall.StringToUTF16Ptr(path))
-}
-
-// A KeyInfo describes the statistics of a key. It is returned by Stat.
-type KeyInfo struct {
- SubKeyCount uint32
- MaxSubKeyLen uint32 // size of the key's subkey with the longest name, in Unicode characters, not including the terminating zero byte
- ValueCount uint32
- MaxValueNameLen uint32 // size of the key's longest value name, in Unicode characters, not including the terminating zero byte
- MaxValueLen uint32 // longest data component among the key's values, in bytes
- lastWriteTime syscall.Filetime
-}
-
-// ModTime returns the key's last write time.
-func (ki *KeyInfo) ModTime() time.Time {
- return time.Unix(0, ki.lastWriteTime.Nanoseconds())
-}
-
-// Stat retrieves information about the open key k.
-func (k Key) Stat() (*KeyInfo, error) {
- var ki KeyInfo
- err := syscall.RegQueryInfoKey(syscall.Handle(k), nil, nil, nil,
- &ki.SubKeyCount, &ki.MaxSubKeyLen, nil, &ki.ValueCount,
- &ki.MaxValueNameLen, &ki.MaxValueLen, nil, &ki.lastWriteTime)
- if err != nil {
- return nil, err
- }
- return &ki, nil
-}
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
deleted file mode 100644
index cf843ce2b..000000000
--- a/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build generate
-
-package registry
-
-//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall.go
diff --git a/vendor/golang.org/x/sys/windows/registry/syscall.go b/vendor/golang.org/x/sys/windows/registry/syscall.go
deleted file mode 100644
index e66643cba..000000000
--- a/vendor/golang.org/x/sys/windows/registry/syscall.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-package registry
-
-import "syscall"
-
-const (
- _REG_OPTION_NON_VOLATILE = 0
-
- _REG_CREATED_NEW_KEY = 1
- _REG_OPENED_EXISTING_KEY = 2
-
- _ERROR_NO_MORE_ITEMS syscall.Errno = 259
-)
-
-func LoadRegLoadMUIString() error {
- return procRegLoadMUIStringW.Find()
-}
-
-//sys regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) = advapi32.RegCreateKeyExW
-//sys regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) = advapi32.RegDeleteKeyW
-//sys regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) = advapi32.RegSetValueExW
-//sys regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) = advapi32.RegEnumValueW
-//sys regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) = advapi32.RegDeleteValueW
-//sys regLoadMUIString(key syscall.Handle, name *uint16, buf *uint16, buflen uint32, buflenCopied *uint32, flags uint32, dir *uint16) (regerrno error) = advapi32.RegLoadMUIStringW
-//sys regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) = advapi32.RegConnectRegistryW
-
-//sys expandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) = kernel32.ExpandEnvironmentStringsW
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
deleted file mode 100644
index 7487e05f8..000000000
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ /dev/null
@@ -1,387 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-package registry
-
-import (
- "errors"
- "io"
- "syscall"
- "unicode/utf16"
- "unsafe"
-)
-
-const (
- // Registry value types.
- NONE = 0
- SZ = 1
- EXPAND_SZ = 2
- BINARY = 3
- DWORD = 4
- DWORD_BIG_ENDIAN = 5
- LINK = 6
- MULTI_SZ = 7
- RESOURCE_LIST = 8
- FULL_RESOURCE_DESCRIPTOR = 9
- RESOURCE_REQUIREMENTS_LIST = 10
- QWORD = 11
-)
-
-var (
- // ErrShortBuffer is returned when the buffer was too short for the operation.
- ErrShortBuffer = syscall.ERROR_MORE_DATA
-
- // ErrNotExist is returned when a registry key or value does not exist.
- ErrNotExist = syscall.ERROR_FILE_NOT_FOUND
-
- // ErrUnexpectedType is returned by Get*Value when the value's type was unexpected.
- ErrUnexpectedType = errors.New("unexpected key value type")
-)
-
-// GetValue retrieves the type and data for the specified value associated
-// with an open key k. It fills up buffer buf and returns the retrieved
-// byte count n. If buf is too small to fit the stored value it returns
-// ErrShortBuffer error along with the required buffer size n.
-// If no buffer is provided, it returns true and actual buffer size n.
-// If no buffer is provided, GetValue returns the value's type only.
-// If the value does not exist, the error returned is ErrNotExist.
-//
-// GetValue is a low level function. If value's type is known, use the appropriate
-// Get*Value function instead.
-func (k Key) GetValue(name string, buf []byte) (n int, valtype uint32, err error) {
- pname, err := syscall.UTF16PtrFromString(name)
- if err != nil {
- return 0, 0, err
- }
- var pbuf *byte
- if len(buf) > 0 {
- pbuf = (*byte)(unsafe.Pointer(&buf[0]))
- }
- l := uint32(len(buf))
- err = syscall.RegQueryValueEx(syscall.Handle(k), pname, nil, &valtype, pbuf, &l)
- if err != nil {
- return int(l), valtype, err
- }
- return int(l), valtype, nil
-}
-
-func (k Key) getValue(name string, buf []byte) (data []byte, valtype uint32, err error) {
- p, err := syscall.UTF16PtrFromString(name)
- if err != nil {
- return nil, 0, err
- }
- var t uint32
- n := uint32(len(buf))
- for {
- err = syscall.RegQueryValueEx(syscall.Handle(k), p, nil, &t, (*byte)(unsafe.Pointer(&buf[0])), &n)
- if err == nil {
- return buf[:n], t, nil
- }
- if err != syscall.ERROR_MORE_DATA {
- return nil, 0, err
- }
- if n <= uint32(len(buf)) {
- return nil, 0, err
- }
- buf = make([]byte, n)
- }
-}
-
-// GetStringValue retrieves the string value for the specified
-// value name associated with an open key k. It also returns the value's type.
-// If value does not exist, GetStringValue returns ErrNotExist.
-// If value is not SZ or EXPAND_SZ, it will return the correct value
-// type and ErrUnexpectedType.
-func (k Key) GetStringValue(name string) (val string, valtype uint32, err error) {
- data, typ, err2 := k.getValue(name, make([]byte, 64))
- if err2 != nil {
- return "", typ, err2
- }
- switch typ {
- case SZ, EXPAND_SZ:
- default:
- return "", typ, ErrUnexpectedType
- }
- if len(data) == 0 {
- return "", typ, nil
- }
- u := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:]
- return syscall.UTF16ToString(u), typ, nil
-}
-
-// GetMUIStringValue retrieves the localized string value for
-// the specified value name associated with an open key k.
-// If the value name doesn't exist or the localized string value
-// can't be resolved, GetMUIStringValue returns ErrNotExist.
-// GetMUIStringValue panics if the system doesn't support
-// regLoadMUIString; use LoadRegLoadMUIString to check if
-// regLoadMUIString is supported before calling this function.
-func (k Key) GetMUIStringValue(name string) (string, error) {
- pname, err := syscall.UTF16PtrFromString(name)
- if err != nil {
- return "", err
- }
-
- buf := make([]uint16, 1024)
- var buflen uint32
- var pdir *uint16
-
- err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
- if err == syscall.ERROR_FILE_NOT_FOUND { // Try fallback path
-
- // Try to resolve the string value using the system directory as
- // a DLL search path; this assumes the string value is of the form
- // @[path]\dllname,-strID but with no path given, e.g. @tzres.dll,-320.
-
- // This approach works with tzres.dll but may have to be revised
- // in the future to allow callers to provide custom search paths.
-
- var s string
- s, err = ExpandString("%SystemRoot%\\system32\\")
- if err != nil {
- return "", err
- }
- pdir, err = syscall.UTF16PtrFromString(s)
- if err != nil {
- return "", err
- }
-
- err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
- }
-
- for err == syscall.ERROR_MORE_DATA { // Grow buffer if needed
- if buflen <= uint32(len(buf)) {
- break // Buffer not growing, assume race; break
- }
- buf = make([]uint16, buflen)
- err = regLoadMUIString(syscall.Handle(k), pname, &buf[0], uint32(len(buf)), &buflen, 0, pdir)
- }
-
- if err != nil {
- return "", err
- }
-
- return syscall.UTF16ToString(buf), nil
-}
-
-// ExpandString expands environment-variable strings and replaces
-// them with the values defined for the current user.
-// Use ExpandString to expand EXPAND_SZ strings.
-func ExpandString(value string) (string, error) {
- if value == "" {
- return "", nil
- }
- p, err := syscall.UTF16PtrFromString(value)
- if err != nil {
- return "", err
- }
- r := make([]uint16, 100)
- for {
- n, err := expandEnvironmentStrings(p, &r[0], uint32(len(r)))
- if err != nil {
- return "", err
- }
- if n <= uint32(len(r)) {
- u := (*[1 << 29]uint16)(unsafe.Pointer(&r[0]))[:]
- return syscall.UTF16ToString(u), nil
- }
- r = make([]uint16, n)
- }
-}
-
-// GetStringsValue retrieves the []string value for the specified
-// value name associated with an open key k. It also returns the value's type.
-// If value does not exist, GetStringsValue returns ErrNotExist.
-// If value is not MULTI_SZ, it will return the correct value
-// type and ErrUnexpectedType.
-func (k Key) GetStringsValue(name string) (val []string, valtype uint32, err error) {
- data, typ, err2 := k.getValue(name, make([]byte, 64))
- if err2 != nil {
- return nil, typ, err2
- }
- if typ != MULTI_SZ {
- return nil, typ, ErrUnexpectedType
- }
- if len(data) == 0 {
- return nil, typ, nil
- }
- p := (*[1 << 29]uint16)(unsafe.Pointer(&data[0]))[:len(data)/2]
- if len(p) == 0 {
- return nil, typ, nil
- }
- if p[len(p)-1] == 0 {
- p = p[:len(p)-1] // remove terminating null
- }
- val = make([]string, 0, 5)
- from := 0
- for i, c := range p {
- if c == 0 {
- val = append(val, string(utf16.Decode(p[from:i])))
- from = i + 1
- }
- }
- return val, typ, nil
-}
-
-// GetIntegerValue retrieves the integer value for the specified
-// value name associated with an open key k. It also returns the value's type.
-// If value does not exist, GetIntegerValue returns ErrNotExist.
-// If value is not DWORD or QWORD, it will return the correct value
-// type and ErrUnexpectedType.
-func (k Key) GetIntegerValue(name string) (val uint64, valtype uint32, err error) {
- data, typ, err2 := k.getValue(name, make([]byte, 8))
- if err2 != nil {
- return 0, typ, err2
- }
- switch typ {
- case DWORD:
- if len(data) != 4 {
- return 0, typ, errors.New("DWORD value is not 4 bytes long")
- }
- var val32 uint32
- copy((*[4]byte)(unsafe.Pointer(&val32))[:], data)
- return uint64(val32), DWORD, nil
- case QWORD:
- if len(data) != 8 {
- return 0, typ, errors.New("QWORD value is not 8 bytes long")
- }
- copy((*[8]byte)(unsafe.Pointer(&val))[:], data)
- return val, QWORD, nil
- default:
- return 0, typ, ErrUnexpectedType
- }
-}
-
-// GetBinaryValue retrieves the binary value for the specified
-// value name associated with an open key k. It also returns the value's type.
-// If value does not exist, GetBinaryValue returns ErrNotExist.
-// If value is not BINARY, it will return the correct value
-// type and ErrUnexpectedType.
-func (k Key) GetBinaryValue(name string) (val []byte, valtype uint32, err error) {
- data, typ, err2 := k.getValue(name, make([]byte, 64))
- if err2 != nil {
- return nil, typ, err2
- }
- if typ != BINARY {
- return nil, typ, ErrUnexpectedType
- }
- return data, typ, nil
-}
-
-func (k Key) setValue(name string, valtype uint32, data []byte) error {
- p, err := syscall.UTF16PtrFromString(name)
- if err != nil {
- return err
- }
- if len(data) == 0 {
- return regSetValueEx(syscall.Handle(k), p, 0, valtype, nil, 0)
- }
- return regSetValueEx(syscall.Handle(k), p, 0, valtype, &data[0], uint32(len(data)))
-}
-
-// SetDWordValue sets the data and type of a name value
-// under key k to value and DWORD.
-func (k Key) SetDWordValue(name string, value uint32) error {
- return k.setValue(name, DWORD, (*[4]byte)(unsafe.Pointer(&value))[:])
-}
-
-// SetQWordValue sets the data and type of a name value
-// under key k to value and QWORD.
-func (k Key) SetQWordValue(name string, value uint64) error {
- return k.setValue(name, QWORD, (*[8]byte)(unsafe.Pointer(&value))[:])
-}
-
-func (k Key) setStringValue(name string, valtype uint32, value string) error {
- v, err := syscall.UTF16FromString(value)
- if err != nil {
- return err
- }
- buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[:len(v)*2]
- return k.setValue(name, valtype, buf)
-}
-
-// SetStringValue sets the data and type of a name value
-// under key k to value and SZ. The value must not contain a zero byte.
-func (k Key) SetStringValue(name, value string) error {
- return k.setStringValue(name, SZ, value)
-}
-
-// SetExpandStringValue sets the data and type of a name value
-// under key k to value and EXPAND_SZ. The value must not contain a zero byte.
-func (k Key) SetExpandStringValue(name, value string) error {
- return k.setStringValue(name, EXPAND_SZ, value)
-}
-
-// SetStringsValue sets the data and type of a name value
-// under key k to value and MULTI_SZ. The value strings
-// must not contain a zero byte.
-func (k Key) SetStringsValue(name string, value []string) error {
- ss := ""
- for _, s := range value {
- for i := 0; i < len(s); i++ {
- if s[i] == 0 {
- return errors.New("string cannot have 0 inside")
- }
- }
- ss += s + "\x00"
- }
- v := utf16.Encode([]rune(ss + "\x00"))
- buf := (*[1 << 29]byte)(unsafe.Pointer(&v[0]))[:len(v)*2]
- return k.setValue(name, MULTI_SZ, buf)
-}
-
-// SetBinaryValue sets the data and type of a name value
-// under key k to value and BINARY.
-func (k Key) SetBinaryValue(name string, value []byte) error {
- return k.setValue(name, BINARY, value)
-}
-
-// DeleteValue removes a named value from the key k.
-func (k Key) DeleteValue(name string) error {
- return regDeleteValue(syscall.Handle(k), syscall.StringToUTF16Ptr(name))
-}
-
-// ReadValueNames returns the value names of key k.
-// The parameter n controls the number of returned names,
-// analogous to the way os.File.Readdirnames works.
-func (k Key) ReadValueNames(n int) ([]string, error) {
- ki, err := k.Stat()
- if err != nil {
- return nil, err
- }
- names := make([]string, 0, ki.ValueCount)
- buf := make([]uint16, ki.MaxValueNameLen+1) // extra room for terminating null character
-loopItems:
- for i := uint32(0); ; i++ {
- if n > 0 {
- if len(names) == n {
- return names, nil
- }
- }
- l := uint32(len(buf))
- for {
- err := regEnumValue(syscall.Handle(k), i, &buf[0], &l, nil, nil, nil, nil)
- if err == nil {
- break
- }
- if err == syscall.ERROR_MORE_DATA {
- // Double buffer size and try again.
- l = uint32(2 * len(buf))
- buf = make([]uint16, l)
- continue
- }
- if err == _ERROR_NO_MORE_ITEMS {
- break loopItems
- }
- return names, err
- }
- names = append(names, syscall.UTF16ToString(buf[:l]))
- }
- if n > len(names) {
- return names, io.EOF
- }
- return names, nil
-}
diff --git a/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
deleted file mode 100644
index 3778075da..000000000
--- a/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
+++ /dev/null
@@ -1,120 +0,0 @@
-// Code generated by 'go generate'; DO NOT EDIT.
-
-package registry
-
-import (
- "syscall"
- "unsafe"
-
- "golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
- errnoERROR_IO_PENDING = 997
-)
-
-var (
- errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
- switch e {
- case 0:
- return nil
- case errnoERROR_IO_PENDING:
- return errERROR_IO_PENDING
- }
- // TODO: add more here, after collecting data on the common
- // error values see on Windows. (perhaps when running
- // all.bat?)
- return e
-}
-
-var (
- modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
- modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
-
- procRegCreateKeyExW = modadvapi32.NewProc("RegCreateKeyExW")
- procRegDeleteKeyW = modadvapi32.NewProc("RegDeleteKeyW")
- procRegSetValueExW = modadvapi32.NewProc("RegSetValueExW")
- procRegEnumValueW = modadvapi32.NewProc("RegEnumValueW")
- procRegDeleteValueW = modadvapi32.NewProc("RegDeleteValueW")
- procRegLoadMUIStringW = modadvapi32.NewProc("RegLoadMUIStringW")
- procRegConnectRegistryW = modadvapi32.NewProc("RegConnectRegistryW")
- procExpandEnvironmentStringsW = modkernel32.NewProc("ExpandEnvironmentStringsW")
-)
-
-func regCreateKeyEx(key syscall.Handle, subkey *uint16, reserved uint32, class *uint16, options uint32, desired uint32, sa *syscall.SecurityAttributes, result *syscall.Handle, disposition *uint32) (regerrno error) {
- r0, _, _ := syscall.Syscall9(procRegCreateKeyExW.Addr(), 9, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(reserved), uintptr(unsafe.Pointer(class)), uintptr(options), uintptr(desired), uintptr(unsafe.Pointer(sa)), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)))
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regDeleteKey(key syscall.Handle, subkey *uint16) (regerrno error) {
- r0, _, _ := syscall.Syscall(procRegDeleteKeyW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(subkey)), 0)
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regSetValueEx(key syscall.Handle, valueName *uint16, reserved uint32, vtype uint32, buf *byte, bufsize uint32) (regerrno error) {
- r0, _, _ := syscall.Syscall6(procRegSetValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(valueName)), uintptr(reserved), uintptr(vtype), uintptr(unsafe.Pointer(buf)), uintptr(bufsize))
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regEnumValue(key syscall.Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) {
- r0, _, _ := syscall.Syscall9(procRegEnumValueW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen)), 0)
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regDeleteValue(key syscall.Handle, name *uint16) (regerrno error) {
- r0, _, _ := syscall.Syscall(procRegDeleteValueW.Addr(), 2, uintptr(key), uintptr(unsafe.Pointer(name)), 0)
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regLoadMUIString(key syscall.Handle, name *uint16, buf *uint16, buflen uint32, buflenCopied *uint32, flags uint32, dir *uint16) (regerrno error) {
- r0, _, _ := syscall.Syscall9(procRegLoadMUIStringW.Addr(), 7, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(unsafe.Pointer(buflenCopied)), uintptr(flags), uintptr(unsafe.Pointer(dir)), 0, 0)
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func regConnectRegistry(machinename *uint16, key syscall.Handle, result *syscall.Handle) (regerrno error) {
- r0, _, _ := syscall.Syscall(procRegConnectRegistryW.Addr(), 3, uintptr(unsafe.Pointer(machinename)), uintptr(key), uintptr(unsafe.Pointer(result)))
- if r0 != 0 {
- regerrno = syscall.Errno(r0)
- }
- return
-}
-
-func expandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) {
- r0, _, e1 := syscall.Syscall(procExpandEnvironmentStringsW.Addr(), 3, uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size))
- n = uint32(r0)
- if n == 0 {
- if e1 != 0 {
- err = errnoErr(e1)
- } else {
- err = syscall.EINVAL
- }
- }
- return
-}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ae456b4a5..cda4bcd9e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -194,14 +194,11 @@ github.com/docker/docker/oci/caps
github.com/docker/docker/pkg/namesgenerator
github.com/docker/docker/pkg/term
github.com/docker/docker/pkg/ioutils
-github.com/docker/docker/profiles/seccomp
github.com/docker/docker/pkg/parsers
github.com/docker/docker/api/types/versions
github.com/docker/docker/errdefs
github.com/docker/docker/pkg/term/windows
github.com/docker/docker/pkg/longpath
-github.com/docker/docker/api/types
-github.com/docker/docker/pkg/parsers/kernel
github.com/docker/docker/api/types/registry
github.com/docker/docker/api/types/swarm
github.com/docker/docker/pkg/archive
@@ -211,7 +208,6 @@ github.com/docker/docker/pkg/stdcopy
github.com/docker/docker/pkg/system
github.com/docker/docker/client
github.com/docker/docker/api/types/container
-github.com/docker/docker/api/types/filters
github.com/docker/docker/api/types/mount
github.com/docker/docker/api/types/network
github.com/docker/docker/api/types/swarm/runtime
@@ -219,7 +215,9 @@ github.com/docker/docker/pkg/idtools
github.com/docker/docker/pkg/pools
github.com/docker/docker/pkg/mount
github.com/docker/docker/api
+github.com/docker/docker/api/types
github.com/docker/docker/api/types/events
+github.com/docker/docker/api/types/filters
github.com/docker/docker/api/types/image
github.com/docker/docker/api/types/time
github.com/docker/docker/api/types/volume
@@ -523,7 +521,6 @@ golang.org/x/sync/errgroup
# golang.org/x/sys v0.0.0-20190902133755-9109b7679e13
golang.org/x/sys/unix
golang.org/x/sys/windows
-golang.org/x/sys/windows/registry
# golang.org/x/text v0.3.2
golang.org/x/text/encoding
golang.org/x/text/encoding/charmap