aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-08-17 06:28:45 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-08-21 10:56:29 -0400
commit3848cac86052369c35a76f86a1f8e5471dfdf9e2 (patch)
treece349740b66871a766c7a98bc40333b32897baae
parent516196f09677819b72d03e068fb8094b28e273aa (diff)
downloadpodman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.tar.gz
podman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.tar.bz2
podman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.zip
In podman 1.* regression on --cap-add
In podman 1.0 if you executed a command like: podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80 It would work, and the user dwalsh would get the capability, in podman 2.0, only root and the binding set gets the capability. This change restores us back to the way podman 1.0 worked. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--go.mod4
-rw-r--r--go.sum8
-rw-r--r--pkg/specgen/generate/security.go26
-rw-r--r--vendor/github.com/containers/common/pkg/apparmor/apparmor.go1
-rw-r--r--vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go54
-rw-r--r--vendor/github.com/containers/common/pkg/auth/auth.go3
-rw-r--r--vendor/github.com/containers/common/pkg/capabilities/capabilities.go10
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_local.go23
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf23
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go30
-rw-r--r--vendor/github.com/containers/common/pkg/config/libpodConfig.go18
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/byteorder.go11
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_arm64.go8
-rw-r--r--vendor/golang.org/x/sys/unix/mkerrors.sh7
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_bsd.go17
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux.go40
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux.go66
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_386.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_arm.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_linux.go46
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go12
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_linux.go416
-rw-r--r--vendor/golang.org/x/sys/windows/memory_windows.go5
-rw-r--r--vendor/golang.org/x/sys/windows/syscall_windows.go2
-rw-r--r--vendor/golang.org/x/sys/windows/zsyscall_windows.go19
-rw-r--r--vendor/modules.txt4
51 files changed, 630 insertions, 332 deletions
diff --git a/go.mod b/go.mod
index 3a3173418..6ff9f244b 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.6
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c
- github.com/containers/common v0.18.0
+ github.com/containers/common v0.20.3
github.com/containers/conmon v2.0.19+incompatible
github.com/containers/image/v5 v5.5.2
github.com/containers/psgo v1.5.1
@@ -61,7 +61,7 @@ require (
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
- golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
k8s.io/api v0.18.8
k8s.io/apimachinery v0.18.8
k8s.io/client-go v0.0.0-20190620085101-78d2af792bab
diff --git a/go.sum b/go.sum
index d2a3f91f1..7114765a2 100644
--- a/go.sum
+++ b/go.sum
@@ -73,8 +73,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c h1:+V9RQOhg1LyhyHHU33OVjO+Uan1MoVbkjufH8E/BeLU=
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c/go.mod h1:XVOKQHd1sP/7tFpCXIaNsUJZdTNCwVZ7YZiLnnEfrVg=
github.com/containers/common v0.15.2/go.mod h1:rhpXuGLTEKsk/xX/x0iKGHjRadMHpBd2ZiNDugwXPEM=
-github.com/containers/common v0.18.0 h1:pZB6f17N5QV43TcT06gtx1lb0rxd/4StFdVhP9CtgQg=
-github.com/containers/common v0.18.0/go.mod h1:H2Wqvx6wkqdzT4RcTCqIG4W0HSOZwUbbNiUTX1+VohU=
+github.com/containers/common v0.20.3 h1:d8vSReNkrySKE3ZPya2vt6Wc/xuQiB30pNXTYHz2iHM=
+github.com/containers/common v0.20.3/go.mod h1:+NUHV8V5Kmo260ja9Dxtr8ialrDnK4RNzyeEbSgmLac=
github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQBTSwXvnKNdcB/a1vQ=
github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ=
@@ -89,8 +89,6 @@ github.com/containers/ocicrypt v1.0.3/go.mod h1:CUBa+8MRNL/VkpxYIpaMtgn1WgXGyvPQ
github.com/containers/psgo v1.5.1 h1:MQNb7FLbXqBdqz6u4lI2QWizVz4RSTzs1+Nk9XT1iVA=
github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc=
-github.com/containers/storage v1.21.2 h1:bf9IqA+g6ClBviqVG5lVCp5tTH9lvWwjYws7mVYSti0=
-github.com/containers/storage v1.21.2/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw=
github.com/containers/storage v1.23.0 h1:gYyNkBiihC2FvGiHOjOjpnfojYwgxpLVooTUlmD6pxs=
github.com/containers/storage v1.23.0/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -566,6 +564,8 @@ golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 5e4cc3399..d3e3d9278 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -112,7 +112,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
// Pass capRequiredRequested in CapAdd field to normalize capabilities names
capsRequired, err := capabilities.MergeCapabilities(nil, capsRequiredRequested, nil)
if err != nil {
- logrus.Errorf("capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
+ return errors.Wrapf(err, "capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
} else {
// Verify all capRequiered are in the capList
for _, cap := range capsRequired {
@@ -129,12 +129,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
}
}
- g.SetProcessNoNewPrivileges(s.NoNewPrivileges)
-
- if err := setupApparmor(s, rtc, g); err != nil {
- return err
- }
-
configSpec := g.Config
configSpec.Process.Capabilities.Bounding = caplist
@@ -142,13 +136,21 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Permitted = caplist
configSpec.Process.Capabilities.Inheritable = caplist
- configSpec.Process.Capabilities.Ambient = caplist
} else {
- configSpec.Process.Capabilities.Effective = []string{}
- configSpec.Process.Capabilities.Permitted = []string{}
- configSpec.Process.Capabilities.Inheritable = []string{}
- configSpec.Process.Capabilities.Ambient = []string{}
+ userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd)
+ if err != nil {
+ return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ","))
+ }
+ configSpec.Process.Capabilities.Effective = userCaps
+ configSpec.Process.Capabilities.Permitted = userCaps
}
+
+ g.SetProcessNoNewPrivileges(s.NoNewPrivileges)
+
+ if err := setupApparmor(s, rtc, g); err != nil {
+ return err
+ }
+
// HANDLE SECCOMP
if s.SeccompProfilePath != "unconfined" {
seccompConfig, err := getSeccompConfig(s, configSpec, newImage)
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
index 8046f45f5..146280df2 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
@@ -15,7 +15,6 @@ const (
)
var (
-
// ErrApparmorUnsupported indicates that AppArmor support is not supported.
ErrApparmorUnsupported = errors.New("AppArmor is not supported")
// ErrApparmorRootless indicates that AppArmor support is not supported in rootless mode.
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
index 307249f3d..e0b5c5677 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
@@ -5,7 +5,6 @@ package apparmor
import (
"bufio"
"bytes"
- "fmt"
"io"
"os"
"os/exec"
@@ -47,7 +46,7 @@ type profileData struct {
func (p *profileData) generateDefault(out io.Writer) error {
compiled, err := template.New("apparmor_profile").Parse(defaultProfileTemplate)
if err != nil {
- return err
+ return errors.Wrap(err, "create AppArmor profile from template")
}
if macroExists("tunables/global") {
@@ -62,11 +61,11 @@ func (p *profileData) generateDefault(out io.Writer) error {
ver, err := getAAParserVersion()
if err != nil {
- return err
+ return errors.Wrap(err, "get AppArmor version")
}
p.Version = ver
- return compiled.Execute(out, p)
+ return errors.Wrap(compiled.Execute(out, p), "execute compiled profile")
}
// macrosExists checks if the passed macro exists.
@@ -89,28 +88,29 @@ func InstallDefault(name string) error {
cmd := exec.Command("apparmor_parser", "-Kr")
pipe, err := cmd.StdinPipe()
if err != nil {
- return err
+ return errors.Wrap(err, "execute apparmor_parser")
}
if err := cmd.Start(); err != nil {
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
- return err
+ return errors.Wrap(err, "start apparmor_parser command")
}
if err := p.generateDefault(pipe); err != nil {
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
if cmdErr := cmd.Wait(); cmdErr != nil {
- logrus.Errorf("unable to wait for apparmor command: %q", cmdErr)
+ logrus.Errorf("unable to wait for AppArmor command: %q", cmdErr)
}
- return err
+ return errors.Wrap(err, "generate default profile into pipe")
}
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
- return cmd.Wait()
+
+ return errors.Wrap(cmd.Wait(), "wait for AppArmor command")
}
// DefaultContent returns the default profile content as byte slice. The
@@ -120,7 +120,7 @@ func DefaultContent(name string) ([]byte, error) {
p := profileData{Name: name}
var bytes bytes.Buffer
if err := p.generateDefault(&bytes); err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "generate default AppAmor profile")
}
return bytes.Bytes(), nil
}
@@ -137,7 +137,7 @@ func IsLoaded(name string) (bool, error) {
if os.IsNotExist(err) {
return false, nil
}
- return false, err
+ return false, errors.Wrap(err, "open AppArmor profile path")
}
defer file.Close()
@@ -148,7 +148,7 @@ func IsLoaded(name string) (bool, error) {
break
}
if err != nil {
- return false, err
+ return false, errors.Wrap(err, "reading AppArmor profile")
}
if strings.HasPrefix(p, name+" ") {
return true, nil
@@ -163,9 +163,9 @@ func execAAParser(dir string, args ...string) (string, error) {
c := exec.Command("apparmor_parser", args...)
c.Dir = dir
- output, err := c.CombinedOutput()
+ output, err := c.Output()
if err != nil {
- return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
+ return "", errors.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
}
return string(output), nil
@@ -175,7 +175,7 @@ func execAAParser(dir string, args ...string) (string, error) {
func getAAParserVersion() (int, error) {
output, err := execAAParser("", "--version")
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "execute apparmor_parser")
}
return parseAAParserVersion(output)
}
@@ -194,7 +194,7 @@ func parseAAParserVersion(output string) (int, error) {
// split by major minor version
v := strings.Split(version, ".")
if len(v) == 0 || len(v) > 3 {
- return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
+ return -1, errors.Errorf("parsing version failed for output: `%s`", output)
}
// Default the versions to 0.
@@ -202,19 +202,19 @@ func parseAAParserVersion(output string) (int, error) {
majorVersion, err := strconv.Atoi(v[0])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor major version")
}
if len(v) > 1 {
minorVersion, err = strconv.Atoi(v[1])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor minor version")
}
}
if len(v) > 2 {
patchLevel, err = strconv.Atoi(v[2])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor patch version")
}
}
@@ -251,7 +251,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
if name == "" {
return "", nil
} else {
- return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name)
+ return "", errors.Errorf("profile %q specified but AppArmor is disabled on the host", name)
}
}
@@ -262,10 +262,10 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
// name.
isLoaded, err := IsLoaded(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "verify if profile %s is loaded", name)
}
if !isLoaded {
- return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
+ return "", errors.Errorf("AppArmor profile %q specified but not loaded", name)
}
return name, nil
}
@@ -274,12 +274,12 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
// if it's loaded before installing it.
isLoaded, err := IsLoaded(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "verify if profile %s is loaded", name)
}
if !isLoaded {
err = InstallDefault(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "install profile %s", name)
}
logrus.Infof("successfully loaded AppAmor profile %q", name)
} else {
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go
index c52dfa01f..91ab45f0d 100644
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -150,9 +150,6 @@ func getRegistryName(server string) string {
// gets the registry from the input. If the input is of the form
// quay.io/myuser/myimage, it will parse it and just return quay.io
split := strings.Split(server, "/")
- if len(split) > 1 {
- return split[0]
- }
return split[0]
}
diff --git a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
index 941177489..ddfa53be8 100644
--- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
+++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
@@ -57,9 +57,9 @@ func AllCapabilities() []string {
return capabilityList
}
-// normalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet
+// NormalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet
// present).
-func normalizeCapabilities(caps []string) ([]string, error) {
+func NormalizeCapabilities(caps []string) ([]string, error) {
normalized := make([]string, len(caps))
for i, c := range caps {
c = strings.ToUpper(c)
@@ -98,7 +98,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
var caps []string
// Normalize the base capabilities
- base, err := normalizeCapabilities(base)
+ base, err := NormalizeCapabilities(base)
if err != nil {
return nil, err
}
@@ -106,11 +106,11 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
// Nothing to tweak; we're done
return base, nil
}
- capDrop, err := normalizeCapabilities(drops)
+ capDrop, err := NormalizeCapabilities(drops)
if err != nil {
return nil, err
}
- capAdd, err := normalizeCapabilities(adds)
+ capAdd, err := NormalizeCapabilities(adds)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 80c478505..e1bd4fc27 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -244,6 +244,11 @@ type EngineConfig struct {
// LockType is the type of locking to use.
LockType string `toml:"lock_type,omitempty"`
+ // MultiImageArchive - if true, the container engine allows for storing
+ // archives (e.g., of the docker-archive transport) with multiple
+ // images. By default, Podman creates single-image archives.
+ MultiImageArchive bool `toml:"multi_image_archive,omitempty"`
+
// Namespace is the engine namespace to use. Namespaces are used to create
// scopes to separate containers and pods in the state. When namespace is
// set, engine will only view containers and pods in the same namespace. All
diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go
index 282eb80b7..b1d1644dd 100644
--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@@ -7,6 +7,7 @@ import (
"os"
"path/filepath"
"regexp"
+ "strings"
"syscall"
units "github.com/docker/go-units"
@@ -81,12 +82,24 @@ func (c *ContainersConfig) validateTZ() error {
if c.TZ == "local" {
return nil
}
- zonePath := filepath.Join("/usr/share/zoneinfo", c.TZ)
- _, err := os.Stat(zonePath)
- if err != nil {
- return fmt.Errorf("Unrecognized timezone %s", zonePath)
+
+ lookupPaths := []string{
+ "/usr/share/zoneinfo",
+ "/etc/zoneinfo",
}
- return nil
+
+ for _, paths := range lookupPaths {
+ zonePath := filepath.Join(paths, c.TZ)
+ if _, err := os.Stat(zonePath); err == nil {
+ // found zone information
+ return nil
+ }
+ }
+
+ return fmt.Errorf(
+ "unable to find timezone %s in paths: %s",
+ c.TZ, strings.Join(lookupPaths, ", "),
+ )
}
func (c *ContainersConfig) validateUmask() error {
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 780df2a22..ff4d99bda 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -116,18 +116,13 @@
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+# "TERM=xterm",
# ]
# Pass all host environment variables into the container.
#
# env_host = false
-# Path to OCI hooks directories for automatically executed hooks.
-#
-# hooks_dir = [
-# "/usr/share/containers/oci/hooks.d",
-# ]
-
# Default proxy environment variables passed into the container.
# The environment variables passed in include:
# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of
@@ -299,6 +294,12 @@
#
# events_logger = "journald"
+# Path to OCI hooks directories for automatically executed hooks.
+#
+# hooks_dir = [
+# "/usr/share/containers/oci/hooks.d",
+# ]
+
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
@@ -322,6 +323,12 @@
#
# lock_type** = "shm"
+# MultiImageArchive - if true, the container engine allows for storing archives
+# (e.g., of the docker-archive transport) with multiple images. By default,
+# Podman creates single-image archives.
+#
+# multi_image_archive = "false"
+
# Default engine namespace
# If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
@@ -331,6 +338,10 @@
#
# namespace = ""
+# Path to the slirp4netns binary
+#
+# network_cmd_path=""
+
# Whether to use chroot instead of pivot_root in the runtime
#
# no_pivot_root = false
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 57b703f53..2c398c538 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -12,6 +12,7 @@ import (
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/cgroupv2"
"github.com/containers/storage"
+ "github.com/containers/storage/pkg/homedir"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
@@ -94,8 +95,8 @@ const (
_installPrefix = "/usr"
// _cniConfigDir is the directory where cni configuration is found
_cniConfigDir = "/etc/cni/net.d/"
- // _cniConfigDirRootless is the directory where cni plugins are found
- _cniConfigDirRootless = ".config/cni/net.d/"
+ // _cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins
+ _cniConfigDirRootless = "cni/net.d/"
// CgroupfsCgroupsManager represents cgroupfs native cgroup manager
CgroupfsCgroupsManager = "cgroupfs"
// DefaultApparmorProfile specifies the default apparmor profile for the container.
@@ -115,9 +116,9 @@ const (
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
- // DefaultRootlessSignaturePolicyPath is the default value for the
- // rootless policy.json file.
- DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json"
+ // DefaultRootlessSignaturePolicyPath is the location within
+ // XDG_CONFIG_HOME of the rootless policy.json file.
+ DefaultRootlessSignaturePolicyPath = "containers/policy.json"
// DefaultShmSize default value
DefaultShmSize = "65536k"
// DefaultUserNSSize default value
@@ -144,11 +145,11 @@ func DefaultConfig() (*Config, error) {
defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
if unshare.IsRootless() {
- home, err := unshare.HomeDir()
+ configHome, err := homedir.GetConfigHome()
if err != nil {
return nil, err
}
- sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath)
+ sigPath := filepath.Join(configHome, DefaultRootlessSignaturePolicyPath)
defaultEngineConfig.SignaturePolicyPath = sigPath
if _, err := os.Stat(sigPath); err != nil {
if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil {
@@ -156,7 +157,7 @@ func DefaultConfig() (*Config, error) {
}
}
netns = "slirp4netns"
- cniConfig = filepath.Join(home, _cniConfigDirRootless)
+ cniConfig = filepath.Join(configHome, _cniConfigDirRootless)
}
cgroupNS := "host"
@@ -181,6 +182,7 @@ func DefaultConfig() (*Config, error) {
EnableLabeling: selinuxEnabled(),
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm",
},
EnvHost: false,
HTTPProxy: false,
@@ -222,10 +224,16 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")
- storeOpts, err := storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
- if err != nil {
- return nil, err
+ var storeOpts storage.StoreOptions
+ if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok {
+ storage.ReloadConfigurationFile(path, &storeOpts)
+ } else {
+ storeOpts, err = storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
+ if err != nil {
+ return nil, err
+ }
}
+
if storeOpts.GraphRoot == "" {
logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot)
storeOpts.GraphRoot = _defaultGraphRoot
diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
index ab507e864..9d04da7f5 100644
--- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go
+++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
@@ -197,6 +197,10 @@ func newLibpodConfig(c *Config) error {
return errors.Wrapf(err, "error finding config on system")
}
+ if len(configs) == 0 {
+ return nil
+ }
+
for _, path := range configs {
config, err = readLibpodConfigFromFile(path, config)
if err != nil {
@@ -226,7 +230,7 @@ func newLibpodConfig(c *Config) error {
// hard code EventsLogger to "file" to match older podman versions.
if config.EventsLogger != "file" {
- logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger)
+ logrus.Warnf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", config.EventsLogger, Path())
config.EventsLogger = "file"
}
@@ -260,9 +264,7 @@ func systemLibpodConfigs() ([]string, error) {
if err != nil {
containersConfPath = filepath.Join("$HOME", UserOverrideContainersConfig)
}
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath)
return []string{path}, nil
}
return nil, err
@@ -270,15 +272,11 @@ func systemLibpodConfigs() ([]string, error) {
configs := []string{}
if _, err := os.Stat(_rootConfigPath); err == nil {
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig)
configs = append(configs, _rootConfigPath)
}
if _, err := os.Stat(_rootOverrideConfigPath); err == nil {
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig)
configs = append(configs, _rootOverrideConfigPath)
}
return configs, nil
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 6b226eabe..536e88076 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.18.0"
+const Version = "0.20.3"
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
index ed8da8dea..dcbb14ef3 100644
--- a/vendor/golang.org/x/sys/cpu/byteorder.go
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -39,20 +39,25 @@ func (bigEndian) Uint64(b []byte) uint64 {
uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
}
-// hostByteOrder returns binary.LittleEndian on little-endian machines and
-// binary.BigEndian on big-endian machines.
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
func hostByteOrder() byteOrder {
switch runtime.GOARCH {
case "386", "amd64", "amd64p32",
+ "alpha",
"arm", "arm64",
"mipsle", "mips64le", "mips64p32le",
+ "nios2",
"ppc64le",
- "riscv", "riscv64":
+ "riscv", "riscv64",
+ "sh":
return littleEndian{}
case "armbe", "arm64be",
+ "m68k",
"mips", "mips64", "mips64p32",
"ppc", "ppc64",
"s390", "s390x",
+ "shbe",
"sparc", "sparc64":
return bigEndian{}
}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
index 9c87677ae..7bcb36c7b 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -10,8 +10,14 @@ const cacheLineSize = 64
func init() {
switch runtime.GOOS {
- case "android", "darwin":
+ case "android", "darwin", "netbsd":
// Android and iOS don't seem to allow reading these registers.
+ //
+ // NetBSD:
+ // ID_AA64ISAR0_EL1 is a privileged register and cannot be read from EL0.
+ // It can be read via sysctl(3). Example for future implementers:
+ // https://nxr.netbsd.org/xref/src/usr.sbin/cpuctl/arch/aarch64.c
+ //
// Fake the minimal features expected by
// TestARM64minimalFeatures.
ARM64.HasASIMD = true
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 780e387e3..53a249312 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -107,6 +107,7 @@ includes_FreeBSD='
#include <sys/types.h>
#include <sys/disk.h>
#include <sys/event.h>
+#include <sys/sched.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -297,6 +298,7 @@ includes_NetBSD='
#include <sys/extattr.h>
#include <sys/mman.h>
#include <sys/mount.h>
+#include <sys/sched.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -325,6 +327,7 @@ includes_OpenBSD='
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/select.h>
+#include <sys/sched.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/stat.h>
@@ -507,9 +510,11 @@ ccflags="$@"
$2 ~ /^(CLOCK|TIMER)_/ ||
$2 ~ /^CAN_/ ||
$2 ~ /^CAP_/ ||
+ $2 ~ /^CP_/ ||
+ $2 ~ /^CPUSTATES$/ ||
$2 ~ /^ALG_/ ||
$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE)/ ||
- $2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|GETFLAGS)/ ||
+ $2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|[GS]ETFLAGS)/ ||
$2 ~ /^FS_VERITY_/ ||
$2 ~ /^FSCRYPT_/ ||
$2 ~ /^GRND_/ ||
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 68605db62..60bbe10ad 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -527,6 +527,23 @@ func SysctlClockinfo(name string) (*Clockinfo, error) {
return &ci, nil
}
+func SysctlTimeval(name string) (*Timeval, error) {
+ mib, err := sysctlmib(name)
+ if err != nil {
+ return nil, err
+ }
+
+ var tv Timeval
+ n := uintptr(unsafe.Sizeof(tv))
+ if err := sysctl(mib, (*byte)(unsafe.Pointer(&tv)), &n, nil, 0); err != nil {
+ return nil, err
+ }
+ if n != unsafe.Sizeof(tv) {
+ return nil, EIO
+ }
+ return &tv, nil
+}
+
//sys utimes(path string, timeval *[2]Timeval) (err error)
func Utimes(path string, tv []Timeval) error {
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 942a4bbf7..fad483bb9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -97,6 +97,12 @@ func IoctlSetRTCTime(fd int, value *RTCTime) error {
return err
}
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+ err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
func IoctlGetUint32(fd int, req uint) (uint32, error) {
var value uint32
err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
@@ -109,6 +115,12 @@ func IoctlGetRTCTime(fd int) (*RTCTime, error) {
return &value, err
}
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+ var value RTCWkAlrm
+ err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
//sys Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
func Link(oldpath string, newpath string) (err error) {
@@ -1938,6 +1950,20 @@ func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) {
return int(n), nil
}
+func isGroupMember(gid int) bool {
+ groups, err := Getgroups()
+ if err != nil {
+ return false
+ }
+
+ for _, g := range groups {
+ if g == gid {
+ return true
+ }
+ }
+ return false
+}
+
//sys faccessat(dirfd int, path string, mode uint32) (err error)
func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -1995,7 +2021,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
gid = Getgid()
}
- if uint32(gid) == st.Gid {
+ if uint32(gid) == st.Gid || isGroupMember(gid) {
fmode = (st.Mode >> 3) & 7
} else {
fmode = st.Mode & 7
@@ -2096,6 +2122,18 @@ func Klogset(typ int, arg int) (err error) {
return nil
}
+// RemoteIovec is Iovec with the pointer replaced with an integer.
+// It is used for ProcessVMReadv and ProcessVMWritev, where the pointer
+// refers to a location in a different process' address space, which
+// would confuse the Go garbage collector.
+type RemoteIovec struct {
+ Base uintptr
+ Len int
+}
+
+//sys ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_READV
+//sys ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_WRITEV
+
/*
* Unimplemented
*/
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index 848245873..3689c8084 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 4acd101c3..b8f7c3c93 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index e4719873b..be14bb1a4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index 5e49769d9..7ce9c0081 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 6e3cfec46..f8bd50c11 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -160,78 +160,28 @@ const (
BPF_A = 0x10
BPF_ABS = 0x20
BPF_ADD = 0x0
- BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
- BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
BPF_ALU = 0x4
BPF_ALU64 = 0x7
BPF_AND = 0x50
- BPF_ANY = 0x0
BPF_ARSH = 0xc0
BPF_B = 0x10
BPF_BUILD_ID_SIZE = 0x14
BPF_CALL = 0x80
- BPF_DEVCG_ACC_MKNOD = 0x1
- BPF_DEVCG_ACC_READ = 0x2
- BPF_DEVCG_ACC_WRITE = 0x4
- BPF_DEVCG_DEV_BLOCK = 0x1
- BPF_DEVCG_DEV_CHAR = 0x2
BPF_DIV = 0x30
BPF_DW = 0x18
BPF_END = 0xd0
- BPF_EXIST = 0x2
BPF_EXIT = 0x90
- BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1
- BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4
- BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2
BPF_FROM_BE = 0x8
BPF_FROM_LE = 0x0
BPF_FS_MAGIC = 0xcafe4a11
- BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 0x2
- BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 0x4
- BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8
- BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
- BPF_F_ADJ_ROOM_FIXED_GSO = 0x1
BPF_F_ALLOW_MULTI = 0x2
BPF_F_ALLOW_OVERRIDE = 0x1
BPF_F_ANY_ALIGNMENT = 0x2
- BPF_F_CLONE = 0x200
- BPF_F_CTXLEN_MASK = 0xfffff00000000
- BPF_F_CURRENT_CPU = 0xffffffff
- BPF_F_CURRENT_NETNS = -0x1
- BPF_F_DONT_FRAGMENT = 0x4
- BPF_F_FAST_STACK_CMP = 0x200
- BPF_F_HDR_FIELD_MASK = 0xf
- BPF_F_INDEX_MASK = 0xffffffff
- BPF_F_INGRESS = 0x1
- BPF_F_INVALIDATE_HASH = 0x2
- BPF_F_LOCK = 0x4
- BPF_F_MARK_ENFORCE = 0x40
- BPF_F_MARK_MANGLED_0 = 0x20
- BPF_F_MMAPABLE = 0x400
- BPF_F_NO_COMMON_LRU = 0x2
- BPF_F_NO_PREALLOC = 0x1
- BPF_F_NUMA_NODE = 0x4
- BPF_F_PSEUDO_HDR = 0x10
BPF_F_QUERY_EFFECTIVE = 0x1
- BPF_F_RDONLY = 0x8
- BPF_F_RDONLY_PROG = 0x80
- BPF_F_RECOMPUTE_CSUM = 0x1
BPF_F_REPLACE = 0x4
- BPF_F_REUSE_STACKID = 0x400
- BPF_F_SEQ_NUMBER = 0x8
- BPF_F_SKIP_FIELD_MASK = 0xff
- BPF_F_STACK_BUILD_ID = 0x20
BPF_F_STRICT_ALIGNMENT = 0x1
- BPF_F_SYSCTL_BASE_NAME = 0x1
BPF_F_TEST_RND_HI32 = 0x4
BPF_F_TEST_STATE_FREQ = 0x8
- BPF_F_TUNINFO_IPV6 = 0x1
- BPF_F_USER_BUILD_ID = 0x800
- BPF_F_USER_STACK = 0x100
- BPF_F_WRONLY = 0x10
- BPF_F_WRONLY_PROG = 0x100
- BPF_F_ZERO_CSUM_TX = 0x2
- BPF_F_ZERO_SEED = 0x40
BPF_H = 0x8
BPF_IMM = 0x0
BPF_IND = 0x40
@@ -267,7 +217,6 @@ const (
BPF_MUL = 0x20
BPF_NEG = 0x80
BPF_NET_OFF = -0x100000
- BPF_NOEXIST = 0x1
BPF_OBJ_NAME_LEN = 0x10
BPF_OR = 0x40
BPF_PSEUDO_CALL = 0x1
@@ -275,12 +224,6 @@ const (
BPF_PSEUDO_MAP_VALUE = 0x2
BPF_RET = 0x6
BPF_RSH = 0x70
- BPF_SK_STORAGE_GET_F_CREATE = 0x1
- BPF_SOCK_OPS_ALL_CB_FLAGS = 0xf
- BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2
- BPF_SOCK_OPS_RTO_CB_FLAG = 0x1
- BPF_SOCK_OPS_RTT_CB_FLAG = 0x8
- BPF_SOCK_OPS_STATE_CB_FLAG = 0x4
BPF_ST = 0x2
BPF_STX = 0x3
BPF_SUB = 0x10
@@ -378,12 +321,14 @@ const (
CLOCK_TXINT = 0x3
CLONE_ARGS_SIZE_VER0 = 0x40
CLONE_ARGS_SIZE_VER1 = 0x50
+ CLONE_ARGS_SIZE_VER2 = 0x58
CLONE_CHILD_CLEARTID = 0x200000
CLONE_CHILD_SETTID = 0x1000000
CLONE_CLEAR_SIGHAND = 0x100000000
CLONE_DETACHED = 0x400000
CLONE_FILES = 0x400
CLONE_FS = 0x200
+ CLONE_INTO_CGROUP = 0x200000000
CLONE_IO = 0x80000000
CLONE_NEWCGROUP = 0x2000000
CLONE_NEWIPC = 0x8000000
@@ -598,7 +543,9 @@ const (
FAN_DELETE = 0x200
FAN_DELETE_SELF = 0x400
FAN_DENY = 0x2
+ FAN_DIR_MODIFY = 0x80000
FAN_ENABLE_AUDIT = 0x40
+ FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2
FAN_EVENT_INFO_TYPE_FID = 0x1
FAN_EVENT_METADATA_LEN = 0x18
FAN_EVENT_ON_CHILD = 0x8000000
@@ -2108,8 +2055,6 @@ const (
TCOFLUSH = 0x1
TCOOFF = 0x0
TCOON = 0x1
- TCP_BPF_IW = 0x3e9
- TCP_BPF_SNDCWND_CLAMP = 0x3ea
TCP_CC_INFO = 0x1a
TCP_CM_INQ = 0x24
TCP_CONGESTION = 0xd
@@ -2384,8 +2329,9 @@ const (
XDP_COPY = 0x2
XDP_FLAGS_DRV_MODE = 0x4
XDP_FLAGS_HW_MODE = 0x8
- XDP_FLAGS_MASK = 0xf
+ XDP_FLAGS_MASK = 0x1f
XDP_FLAGS_MODES = 0xe
+ XDP_FLAGS_REPLACE = 0x10
XDP_FLAGS_SKB_MODE = 0x2
XDP_FLAGS_UPDATE_IF_NOEXIST = 0x1
XDP_MMAP_OFFSETS = 0x1
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 5e974110d..11b25f68c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -75,8 +75,10 @@ const (
FP_XSTATE_MAGIC2 = 0x46505845
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0xc
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 47a57fe46..f92cff6ea 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -75,8 +75,10 @@ const (
FP_XSTATE_MAGIC2 = 0x46505845
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index df2eea4bb..12bcbf88d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0xc
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 4e1214217..8b0e024b9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -77,8 +77,10 @@ const (
FPSIMD_MAGIC = 0x46508001
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index a23b08029..eeadea943 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x21
F_GETLK64 = 0x21
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index a5a921e43..0be6c4ccc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0xe
F_GETLK64 = 0xe
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index d088e197b..0880b745c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0xe
F_GETLK64 = 0xe
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 0ddf9d5fe..c8a66627a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x21
F_GETLK64 = 0x21
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index a93ffc180..97aae63f1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x800000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x5
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index c1ea48b95..b0c3b0664 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x800000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x5
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 7def950ba..0c0518193 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index d39293c87..0b96bd462 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 3ff3ec681..bd5c30577 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -78,8 +78,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x7
F_GETLK64 = 0x7
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 96b9b8ab3..20f3a5799 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index ed522a84e..90b8fcd29 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index c8d36fe99..c5c03993b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -150,6 +150,12 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index f1c146a74..14dd3c1d1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index 5402bd55c..c865a10df 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -146,6 +146,13 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index ffaf2d2f9..9db6b2fb6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -153,6 +153,13 @@ const (
CLOCK_REALTIME = 0x0
CLOCK_THREAD_CPUTIME_ID = 0x4
CLOCK_UPTIME = 0x5
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 7aa796a64..7072526a6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -146,6 +146,13 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index 1792d3f13..ac5efbe5a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -156,6 +156,13 @@ const (
CLOCK_REALTIME = 0x0
CLOCK_THREAD_CPUTIME_ID = 0x4
CLOCK_UPTIME = 0x5
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index df217825f..f6603de4f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1847,6 +1847,52 @@ func openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error)
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(localIov) > 0 {
+ _p0 = unsafe.Pointer(&localIov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ var _p1 unsafe.Pointer
+ if len(remoteIov) > 0 {
+ _p1 = unsafe.Pointer(&remoteIov[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PROCESS_VM_READV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(localIov) > 0 {
+ _p0 = unsafe.Pointer(&localIov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ var _p1 unsafe.Pointer
+ if len(remoteIov) > 0 {
+ _p1 = unsafe.Pointer(&remoteIov[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PROCESS_VM_WRITEV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func pipe2(p *[2]_C_int, flags int) (err error) {
_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index 6f79227d7..b91c2ae0f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -125,9 +125,9 @@ type Statfs_t struct {
Owner uint32
Fsid Fsid
Charspare [80]int8
- Fstypename [16]int8
- Mntfromname [1024]int8
- Mntonname [1024]int8
+ Fstypename [16]byte
+ Mntfromname [1024]byte
+ Mntonname [1024]byte
}
type statfs_freebsd11_t struct {
@@ -150,9 +150,9 @@ type statfs_freebsd11_t struct {
Owner uint32
Fsid Fsid
Charspare [80]int8
- Fstypename [16]int8
- Mntfromname [88]int8
- Mntonname [88]int8
+ Fstypename [16]byte
+ Mntfromname [88]byte
+ Mntonname [88]byte
}
type Flock_t struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 416f7767e..27d67ac8f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1871,175 +1871,249 @@ const (
)
const (
- BPF_REG_0 = 0x0
- BPF_REG_1 = 0x1
- BPF_REG_2 = 0x2
- BPF_REG_3 = 0x3
- BPF_REG_4 = 0x4
- BPF_REG_5 = 0x5
- BPF_REG_6 = 0x6
- BPF_REG_7 = 0x7
- BPF_REG_8 = 0x8
- BPF_REG_9 = 0x9
- BPF_REG_10 = 0xa
- BPF_MAP_CREATE = 0x0
- BPF_MAP_LOOKUP_ELEM = 0x1
- BPF_MAP_UPDATE_ELEM = 0x2
- BPF_MAP_DELETE_ELEM = 0x3
- BPF_MAP_GET_NEXT_KEY = 0x4
- BPF_PROG_LOAD = 0x5
- BPF_OBJ_PIN = 0x6
- BPF_OBJ_GET = 0x7
- BPF_PROG_ATTACH = 0x8
- BPF_PROG_DETACH = 0x9
- BPF_PROG_TEST_RUN = 0xa
- BPF_PROG_GET_NEXT_ID = 0xb
- BPF_MAP_GET_NEXT_ID = 0xc
- BPF_PROG_GET_FD_BY_ID = 0xd
- BPF_MAP_GET_FD_BY_ID = 0xe
- BPF_OBJ_GET_INFO_BY_FD = 0xf
- BPF_PROG_QUERY = 0x10
- BPF_RAW_TRACEPOINT_OPEN = 0x11
- BPF_BTF_LOAD = 0x12
- BPF_BTF_GET_FD_BY_ID = 0x13
- BPF_TASK_FD_QUERY = 0x14
- BPF_MAP_LOOKUP_AND_DELETE_ELEM = 0x15
- BPF_MAP_FREEZE = 0x16
- BPF_BTF_GET_NEXT_ID = 0x17
- BPF_MAP_TYPE_UNSPEC = 0x0
- BPF_MAP_TYPE_HASH = 0x1
- BPF_MAP_TYPE_ARRAY = 0x2
- BPF_MAP_TYPE_PROG_ARRAY = 0x3
- BPF_MAP_TYPE_PERF_EVENT_ARRAY = 0x4
- BPF_MAP_TYPE_PERCPU_HASH = 0x5
- BPF_MAP_TYPE_PERCPU_ARRAY = 0x6
- BPF_MAP_TYPE_STACK_TRACE = 0x7
- BPF_MAP_TYPE_CGROUP_ARRAY = 0x8
- BPF_MAP_TYPE_LRU_HASH = 0x9
- BPF_MAP_TYPE_LRU_PERCPU_HASH = 0xa
- BPF_MAP_TYPE_LPM_TRIE = 0xb
- BPF_MAP_TYPE_ARRAY_OF_MAPS = 0xc
- BPF_MAP_TYPE_HASH_OF_MAPS = 0xd
- BPF_MAP_TYPE_DEVMAP = 0xe
- BPF_MAP_TYPE_SOCKMAP = 0xf
- BPF_MAP_TYPE_CPUMAP = 0x10
- BPF_MAP_TYPE_XSKMAP = 0x11
- BPF_MAP_TYPE_SOCKHASH = 0x12
- BPF_MAP_TYPE_CGROUP_STORAGE = 0x13
- BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14
- BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15
- BPF_MAP_TYPE_QUEUE = 0x16
- BPF_MAP_TYPE_STACK = 0x17
- BPF_MAP_TYPE_SK_STORAGE = 0x18
- BPF_MAP_TYPE_DEVMAP_HASH = 0x19
- BPF_PROG_TYPE_UNSPEC = 0x0
- BPF_PROG_TYPE_SOCKET_FILTER = 0x1
- BPF_PROG_TYPE_KPROBE = 0x2
- BPF_PROG_TYPE_SCHED_CLS = 0x3
- BPF_PROG_TYPE_SCHED_ACT = 0x4
- BPF_PROG_TYPE_TRACEPOINT = 0x5
- BPF_PROG_TYPE_XDP = 0x6
- BPF_PROG_TYPE_PERF_EVENT = 0x7
- BPF_PROG_TYPE_CGROUP_SKB = 0x8
- BPF_PROG_TYPE_CGROUP_SOCK = 0x9
- BPF_PROG_TYPE_LWT_IN = 0xa
- BPF_PROG_TYPE_LWT_OUT = 0xb
- BPF_PROG_TYPE_LWT_XMIT = 0xc
- BPF_PROG_TYPE_SOCK_OPS = 0xd
- BPF_PROG_TYPE_SK_SKB = 0xe
- BPF_PROG_TYPE_CGROUP_DEVICE = 0xf
- BPF_PROG_TYPE_SK_MSG = 0x10
- BPF_PROG_TYPE_RAW_TRACEPOINT = 0x11
- BPF_PROG_TYPE_CGROUP_SOCK_ADDR = 0x12
- BPF_PROG_TYPE_LWT_SEG6LOCAL = 0x13
- BPF_PROG_TYPE_LIRC_MODE2 = 0x14
- BPF_PROG_TYPE_SK_REUSEPORT = 0x15
- BPF_PROG_TYPE_FLOW_DISSECTOR = 0x16
- BPF_PROG_TYPE_CGROUP_SYSCTL = 0x17
- BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE = 0x18
- BPF_PROG_TYPE_CGROUP_SOCKOPT = 0x19
- BPF_PROG_TYPE_TRACING = 0x1a
- BPF_CGROUP_INET_INGRESS = 0x0
- BPF_CGROUP_INET_EGRESS = 0x1
- BPF_CGROUP_INET_SOCK_CREATE = 0x2
- BPF_CGROUP_SOCK_OPS = 0x3
- BPF_SK_SKB_STREAM_PARSER = 0x4
- BPF_SK_SKB_STREAM_VERDICT = 0x5
- BPF_CGROUP_DEVICE = 0x6
- BPF_SK_MSG_VERDICT = 0x7
- BPF_CGROUP_INET4_BIND = 0x8
- BPF_CGROUP_INET6_BIND = 0x9
- BPF_CGROUP_INET4_CONNECT = 0xa
- BPF_CGROUP_INET6_CONNECT = 0xb
- BPF_CGROUP_INET4_POST_BIND = 0xc
- BPF_CGROUP_INET6_POST_BIND = 0xd
- BPF_CGROUP_UDP4_SENDMSG = 0xe
- BPF_CGROUP_UDP6_SENDMSG = 0xf
- BPF_LIRC_MODE2 = 0x10
- BPF_FLOW_DISSECTOR = 0x11
- BPF_CGROUP_SYSCTL = 0x12
- BPF_CGROUP_UDP4_RECVMSG = 0x13
- BPF_CGROUP_UDP6_RECVMSG = 0x14
- BPF_CGROUP_GETSOCKOPT = 0x15
- BPF_CGROUP_SETSOCKOPT = 0x16
- BPF_TRACE_RAW_TP = 0x17
- BPF_TRACE_FENTRY = 0x18
- BPF_TRACE_FEXIT = 0x19
- BPF_STACK_BUILD_ID_EMPTY = 0x0
- BPF_STACK_BUILD_ID_VALID = 0x1
- BPF_STACK_BUILD_ID_IP = 0x2
- BPF_ADJ_ROOM_NET = 0x0
- BPF_ADJ_ROOM_MAC = 0x1
- BPF_HDR_START_MAC = 0x0
- BPF_HDR_START_NET = 0x1
- BPF_LWT_ENCAP_SEG6 = 0x0
- BPF_LWT_ENCAP_SEG6_INLINE = 0x1
- BPF_LWT_ENCAP_IP = 0x2
- BPF_OK = 0x0
- BPF_DROP = 0x2
- BPF_REDIRECT = 0x7
- BPF_LWT_REROUTE = 0x80
- BPF_SOCK_OPS_VOID = 0x0
- BPF_SOCK_OPS_TIMEOUT_INIT = 0x1
- BPF_SOCK_OPS_RWND_INIT = 0x2
- BPF_SOCK_OPS_TCP_CONNECT_CB = 0x3
- BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 0x4
- BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 0x5
- BPF_SOCK_OPS_NEEDS_ECN = 0x6
- BPF_SOCK_OPS_BASE_RTT = 0x7
- BPF_SOCK_OPS_RTO_CB = 0x8
- BPF_SOCK_OPS_RETRANS_CB = 0x9
- BPF_SOCK_OPS_STATE_CB = 0xa
- BPF_SOCK_OPS_TCP_LISTEN_CB = 0xb
- BPF_SOCK_OPS_RTT_CB = 0xc
- BPF_TCP_ESTABLISHED = 0x1
- BPF_TCP_SYN_SENT = 0x2
- BPF_TCP_SYN_RECV = 0x3
- BPF_TCP_FIN_WAIT1 = 0x4
- BPF_TCP_FIN_WAIT2 = 0x5
- BPF_TCP_TIME_WAIT = 0x6
- BPF_TCP_CLOSE = 0x7
- BPF_TCP_CLOSE_WAIT = 0x8
- BPF_TCP_LAST_ACK = 0x9
- BPF_TCP_LISTEN = 0xa
- BPF_TCP_CLOSING = 0xb
- BPF_TCP_NEW_SYN_RECV = 0xc
- BPF_TCP_MAX_STATES = 0xd
- BPF_FIB_LKUP_RET_SUCCESS = 0x0
- BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
- BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
- BPF_FIB_LKUP_RET_PROHIBIT = 0x3
- BPF_FIB_LKUP_RET_NOT_FWDED = 0x4
- BPF_FIB_LKUP_RET_FWD_DISABLED = 0x5
- BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6
- BPF_FIB_LKUP_RET_NO_NEIGH = 0x7
- BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8
- BPF_FD_TYPE_RAW_TRACEPOINT = 0x0
- BPF_FD_TYPE_TRACEPOINT = 0x1
- BPF_FD_TYPE_KPROBE = 0x2
- BPF_FD_TYPE_KRETPROBE = 0x3
- BPF_FD_TYPE_UPROBE = 0x4
- BPF_FD_TYPE_URETPROBE = 0x5
+ BPF_REG_0 = 0x0
+ BPF_REG_1 = 0x1
+ BPF_REG_2 = 0x2
+ BPF_REG_3 = 0x3
+ BPF_REG_4 = 0x4
+ BPF_REG_5 = 0x5
+ BPF_REG_6 = 0x6
+ BPF_REG_7 = 0x7
+ BPF_REG_8 = 0x8
+ BPF_REG_9 = 0x9
+ BPF_REG_10 = 0xa
+ BPF_MAP_CREATE = 0x0
+ BPF_MAP_LOOKUP_ELEM = 0x1
+ BPF_MAP_UPDATE_ELEM = 0x2
+ BPF_MAP_DELETE_ELEM = 0x3
+ BPF_MAP_GET_NEXT_KEY = 0x4
+ BPF_PROG_LOAD = 0x5
+ BPF_OBJ_PIN = 0x6
+ BPF_OBJ_GET = 0x7
+ BPF_PROG_ATTACH = 0x8
+ BPF_PROG_DETACH = 0x9
+ BPF_PROG_TEST_RUN = 0xa
+ BPF_PROG_GET_NEXT_ID = 0xb
+ BPF_MAP_GET_NEXT_ID = 0xc
+ BPF_PROG_GET_FD_BY_ID = 0xd
+ BPF_MAP_GET_FD_BY_ID = 0xe
+ BPF_OBJ_GET_INFO_BY_FD = 0xf
+ BPF_PROG_QUERY = 0x10
+ BPF_RAW_TRACEPOINT_OPEN = 0x11
+ BPF_BTF_LOAD = 0x12
+ BPF_BTF_GET_FD_BY_ID = 0x13
+ BPF_TASK_FD_QUERY = 0x14
+ BPF_MAP_LOOKUP_AND_DELETE_ELEM = 0x15
+ BPF_MAP_FREEZE = 0x16
+ BPF_BTF_GET_NEXT_ID = 0x17
+ BPF_MAP_LOOKUP_BATCH = 0x18
+ BPF_MAP_LOOKUP_AND_DELETE_BATCH = 0x19
+ BPF_MAP_UPDATE_BATCH = 0x1a
+ BPF_MAP_DELETE_BATCH = 0x1b
+ BPF_LINK_CREATE = 0x1c
+ BPF_LINK_UPDATE = 0x1d
+ BPF_MAP_TYPE_UNSPEC = 0x0
+ BPF_MAP_TYPE_HASH = 0x1
+ BPF_MAP_TYPE_ARRAY = 0x2
+ BPF_MAP_TYPE_PROG_ARRAY = 0x3
+ BPF_MAP_TYPE_PERF_EVENT_ARRAY = 0x4
+ BPF_MAP_TYPE_PERCPU_HASH = 0x5
+ BPF_MAP_TYPE_PERCPU_ARRAY = 0x6
+ BPF_MAP_TYPE_STACK_TRACE = 0x7
+ BPF_MAP_TYPE_CGROUP_ARRAY = 0x8
+ BPF_MAP_TYPE_LRU_HASH = 0x9
+ BPF_MAP_TYPE_LRU_PERCPU_HASH = 0xa
+ BPF_MAP_TYPE_LPM_TRIE = 0xb
+ BPF_MAP_TYPE_ARRAY_OF_MAPS = 0xc
+ BPF_MAP_TYPE_HASH_OF_MAPS = 0xd
+ BPF_MAP_TYPE_DEVMAP = 0xe
+ BPF_MAP_TYPE_SOCKMAP = 0xf
+ BPF_MAP_TYPE_CPUMAP = 0x10
+ BPF_MAP_TYPE_XSKMAP = 0x11
+ BPF_MAP_TYPE_SOCKHASH = 0x12
+ BPF_MAP_TYPE_CGROUP_STORAGE = 0x13
+ BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14
+ BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15
+ BPF_MAP_TYPE_QUEUE = 0x16
+ BPF_MAP_TYPE_STACK = 0x17
+ BPF_MAP_TYPE_SK_STORAGE = 0x18
+ BPF_MAP_TYPE_DEVMAP_HASH = 0x19
+ BPF_MAP_TYPE_STRUCT_OPS = 0x1a
+ BPF_PROG_TYPE_UNSPEC = 0x0
+ BPF_PROG_TYPE_SOCKET_FILTER = 0x1
+ BPF_PROG_TYPE_KPROBE = 0x2
+ BPF_PROG_TYPE_SCHED_CLS = 0x3
+ BPF_PROG_TYPE_SCHED_ACT = 0x4
+ BPF_PROG_TYPE_TRACEPOINT = 0x5
+ BPF_PROG_TYPE_XDP = 0x6
+ BPF_PROG_TYPE_PERF_EVENT = 0x7
+ BPF_PROG_TYPE_CGROUP_SKB = 0x8
+ BPF_PROG_TYPE_CGROUP_SOCK = 0x9
+ BPF_PROG_TYPE_LWT_IN = 0xa
+ BPF_PROG_TYPE_LWT_OUT = 0xb
+ BPF_PROG_TYPE_LWT_XMIT = 0xc
+ BPF_PROG_TYPE_SOCK_OPS = 0xd
+ BPF_PROG_TYPE_SK_SKB = 0xe
+ BPF_PROG_TYPE_CGROUP_DEVICE = 0xf
+ BPF_PROG_TYPE_SK_MSG = 0x10
+ BPF_PROG_TYPE_RAW_TRACEPOINT = 0x11
+ BPF_PROG_TYPE_CGROUP_SOCK_ADDR = 0x12
+ BPF_PROG_TYPE_LWT_SEG6LOCAL = 0x13
+ BPF_PROG_TYPE_LIRC_MODE2 = 0x14
+ BPF_PROG_TYPE_SK_REUSEPORT = 0x15
+ BPF_PROG_TYPE_FLOW_DISSECTOR = 0x16
+ BPF_PROG_TYPE_CGROUP_SYSCTL = 0x17
+ BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE = 0x18
+ BPF_PROG_TYPE_CGROUP_SOCKOPT = 0x19
+ BPF_PROG_TYPE_TRACING = 0x1a
+ BPF_PROG_TYPE_STRUCT_OPS = 0x1b
+ BPF_PROG_TYPE_EXT = 0x1c
+ BPF_PROG_TYPE_LSM = 0x1d
+ BPF_CGROUP_INET_INGRESS = 0x0
+ BPF_CGROUP_INET_EGRESS = 0x1
+ BPF_CGROUP_INET_SOCK_CREATE = 0x2
+ BPF_CGROUP_SOCK_OPS = 0x3
+ BPF_SK_SKB_STREAM_PARSER = 0x4
+ BPF_SK_SKB_STREAM_VERDICT = 0x5
+ BPF_CGROUP_DEVICE = 0x6
+ BPF_SK_MSG_VERDICT = 0x7
+ BPF_CGROUP_INET4_BIND = 0x8
+ BPF_CGROUP_INET6_BIND = 0x9
+ BPF_CGROUP_INET4_CONNECT = 0xa
+ BPF_CGROUP_INET6_CONNECT = 0xb
+ BPF_CGROUP_INET4_POST_BIND = 0xc
+ BPF_CGROUP_INET6_POST_BIND = 0xd
+ BPF_CGROUP_UDP4_SENDMSG = 0xe
+ BPF_CGROUP_UDP6_SENDMSG = 0xf
+ BPF_LIRC_MODE2 = 0x10
+ BPF_FLOW_DISSECTOR = 0x11
+ BPF_CGROUP_SYSCTL = 0x12
+ BPF_CGROUP_UDP4_RECVMSG = 0x13
+ BPF_CGROUP_UDP6_RECVMSG = 0x14
+ BPF_CGROUP_GETSOCKOPT = 0x15
+ BPF_CGROUP_SETSOCKOPT = 0x16
+ BPF_TRACE_RAW_TP = 0x17
+ BPF_TRACE_FENTRY = 0x18
+ BPF_TRACE_FEXIT = 0x19
+ BPF_MODIFY_RETURN = 0x1a
+ BPF_LSM_MAC = 0x1b
+ BPF_ANY = 0x0
+ BPF_NOEXIST = 0x1
+ BPF_EXIST = 0x2
+ BPF_F_LOCK = 0x4
+ BPF_F_NO_PREALLOC = 0x1
+ BPF_F_NO_COMMON_LRU = 0x2
+ BPF_F_NUMA_NODE = 0x4
+ BPF_F_RDONLY = 0x8
+ BPF_F_WRONLY = 0x10
+ BPF_F_STACK_BUILD_ID = 0x20
+ BPF_F_ZERO_SEED = 0x40
+ BPF_F_RDONLY_PROG = 0x80
+ BPF_F_WRONLY_PROG = 0x100
+ BPF_F_CLONE = 0x200
+ BPF_F_MMAPABLE = 0x400
+ BPF_STACK_BUILD_ID_EMPTY = 0x0
+ BPF_STACK_BUILD_ID_VALID = 0x1
+ BPF_STACK_BUILD_ID_IP = 0x2
+ BPF_F_RECOMPUTE_CSUM = 0x1
+ BPF_F_INVALIDATE_HASH = 0x2
+ BPF_F_HDR_FIELD_MASK = 0xf
+ BPF_F_PSEUDO_HDR = 0x10
+ BPF_F_MARK_MANGLED_0 = 0x20
+ BPF_F_MARK_ENFORCE = 0x40
+ BPF_F_INGRESS = 0x1
+ BPF_F_TUNINFO_IPV6 = 0x1
+ BPF_F_SKIP_FIELD_MASK = 0xff
+ BPF_F_USER_STACK = 0x100
+ BPF_F_FAST_STACK_CMP = 0x200
+ BPF_F_REUSE_STACKID = 0x400
+ BPF_F_USER_BUILD_ID = 0x800
+ BPF_F_ZERO_CSUM_TX = 0x2
+ BPF_F_DONT_FRAGMENT = 0x4
+ BPF_F_SEQ_NUMBER = 0x8
+ BPF_F_INDEX_MASK = 0xffffffff
+ BPF_F_CURRENT_CPU = 0xffffffff
+ BPF_F_CTXLEN_MASK = 0xfffff00000000
+ BPF_F_CURRENT_NETNS = -0x1
+ BPF_F_ADJ_ROOM_FIXED_GSO = 0x1
+ BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 0x2
+ BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 0x4
+ BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8
+ BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
+ BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
+ BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
+ BPF_F_SYSCTL_BASE_NAME = 0x1
+ BPF_SK_STORAGE_GET_F_CREATE = 0x1
+ BPF_F_GET_BRANCH_RECORDS_SIZE = 0x1
+ BPF_ADJ_ROOM_NET = 0x0
+ BPF_ADJ_ROOM_MAC = 0x1
+ BPF_HDR_START_MAC = 0x0
+ BPF_HDR_START_NET = 0x1
+ BPF_LWT_ENCAP_SEG6 = 0x0
+ BPF_LWT_ENCAP_SEG6_INLINE = 0x1
+ BPF_LWT_ENCAP_IP = 0x2
+ BPF_OK = 0x0
+ BPF_DROP = 0x2
+ BPF_REDIRECT = 0x7
+ BPF_LWT_REROUTE = 0x80
+ BPF_SOCK_OPS_RTO_CB_FLAG = 0x1
+ BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2
+ BPF_SOCK_OPS_STATE_CB_FLAG = 0x4
+ BPF_SOCK_OPS_RTT_CB_FLAG = 0x8
+ BPF_SOCK_OPS_ALL_CB_FLAGS = 0xf
+ BPF_SOCK_OPS_VOID = 0x0
+ BPF_SOCK_OPS_TIMEOUT_INIT = 0x1
+ BPF_SOCK_OPS_RWND_INIT = 0x2
+ BPF_SOCK_OPS_TCP_CONNECT_CB = 0x3
+ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 0x4
+ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 0x5
+ BPF_SOCK_OPS_NEEDS_ECN = 0x6
+ BPF_SOCK_OPS_BASE_RTT = 0x7
+ BPF_SOCK_OPS_RTO_CB = 0x8
+ BPF_SOCK_OPS_RETRANS_CB = 0x9
+ BPF_SOCK_OPS_STATE_CB = 0xa
+ BPF_SOCK_OPS_TCP_LISTEN_CB = 0xb
+ BPF_SOCK_OPS_RTT_CB = 0xc
+ BPF_TCP_ESTABLISHED = 0x1
+ BPF_TCP_SYN_SENT = 0x2
+ BPF_TCP_SYN_RECV = 0x3
+ BPF_TCP_FIN_WAIT1 = 0x4
+ BPF_TCP_FIN_WAIT2 = 0x5
+ BPF_TCP_TIME_WAIT = 0x6
+ BPF_TCP_CLOSE = 0x7
+ BPF_TCP_CLOSE_WAIT = 0x8
+ BPF_TCP_LAST_ACK = 0x9
+ BPF_TCP_LISTEN = 0xa
+ BPF_TCP_CLOSING = 0xb
+ BPF_TCP_NEW_SYN_RECV = 0xc
+ BPF_TCP_MAX_STATES = 0xd
+ TCP_BPF_IW = 0x3e9
+ TCP_BPF_SNDCWND_CLAMP = 0x3ea
+ BPF_DEVCG_ACC_MKNOD = 0x1
+ BPF_DEVCG_ACC_READ = 0x2
+ BPF_DEVCG_ACC_WRITE = 0x4
+ BPF_DEVCG_DEV_BLOCK = 0x1
+ BPF_DEVCG_DEV_CHAR = 0x2
+ BPF_FIB_LOOKUP_DIRECT = 0x1
+ BPF_FIB_LOOKUP_OUTPUT = 0x2
+ BPF_FIB_LKUP_RET_SUCCESS = 0x0
+ BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
+ BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
+ BPF_FIB_LKUP_RET_PROHIBIT = 0x3
+ BPF_FIB_LKUP_RET_NOT_FWDED = 0x4
+ BPF_FIB_LKUP_RET_FWD_DISABLED = 0x5
+ BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6
+ BPF_FIB_LKUP_RET_NO_NEIGH = 0x7
+ BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8
+ BPF_FD_TYPE_RAW_TRACEPOINT = 0x0
+ BPF_FD_TYPE_TRACEPOINT = 0x1
+ BPF_FD_TYPE_KPROBE = 0x2
+ BPF_FD_TYPE_KRETPROBE = 0x3
+ BPF_FD_TYPE_UPROBE = 0x4
+ BPF_FD_TYPE_URETPROBE = 0x5
+ BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1
+ BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2
+ BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4
)
const (
@@ -2205,7 +2279,7 @@ const (
DEVLINK_CMD_DPIPE_ENTRIES_GET = 0x20
DEVLINK_CMD_DPIPE_HEADERS_GET = 0x21
DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET = 0x22
- DEVLINK_CMD_MAX = 0x44
+ DEVLINK_CMD_MAX = 0x48
DEVLINK_PORT_TYPE_NOTSET = 0x0
DEVLINK_PORT_TYPE_AUTO = 0x1
DEVLINK_PORT_TYPE_ETH = 0x2
@@ -2285,7 +2359,7 @@ const (
DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE = 0x3c
DEVLINK_ATTR_PAD = 0x3d
DEVLINK_ATTR_ESWITCH_ENCAP_MODE = 0x3e
- DEVLINK_ATTR_MAX = 0x8c
+ DEVLINK_ATTR_MAX = 0x90
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1
DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0
diff --git a/vendor/golang.org/x/sys/windows/memory_windows.go b/vendor/golang.org/x/sys/windows/memory_windows.go
index f80a4204f..e409d76f0 100644
--- a/vendor/golang.org/x/sys/windows/memory_windows.go
+++ b/vendor/golang.org/x/sys/windows/memory_windows.go
@@ -23,4 +23,9 @@ const (
PAGE_EXECUTE_READ = 0x20
PAGE_EXECUTE_READWRITE = 0x40
PAGE_EXECUTE_WRITECOPY = 0x80
+
+ QUOTA_LIMITS_HARDWS_MIN_DISABLE = 0x00000002
+ QUOTA_LIMITS_HARDWS_MIN_ENABLE = 0x00000001
+ QUOTA_LIMITS_HARDWS_MAX_DISABLE = 0x00000008
+ QUOTA_LIMITS_HARDWS_MAX_ENABLE = 0x00000004
)
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 12c0544cb..62cf70e9f 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -308,6 +308,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys GetProcessId(process Handle) (id uint32, err error)
//sys OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error)
//sys SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
+//sys GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
+//sys SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
// Volume Management Functions
//sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 2aa4fa642..8a562feed 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -217,6 +217,8 @@ var (
procGetProcessId = modkernel32.NewProc("GetProcessId")
procOpenThread = modkernel32.NewProc("OpenThread")
procSetProcessPriorityBoost = modkernel32.NewProc("SetProcessPriorityBoost")
+ procGetProcessWorkingSetSizeEx = modkernel32.NewProc("GetProcessWorkingSetSizeEx")
+ procSetProcessWorkingSetSizeEx = modkernel32.NewProc("SetProcessWorkingSetSizeEx")
procDefineDosDeviceW = modkernel32.NewProc("DefineDosDeviceW")
procDeleteVolumeMountPointW = modkernel32.NewProc("DeleteVolumeMountPointW")
procFindFirstVolumeW = modkernel32.NewProc("FindFirstVolumeW")
@@ -2414,6 +2416,23 @@ func SetProcessPriorityBoost(process Handle, disable bool) (err error) {
return
}
+func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) {
+ syscall.Syscall6(procGetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags)), 0, 0)
+ return
+}
+
+func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procSetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags), 0, 0)
+ if r1 == 0 {
+ if e1 != 0 {
+ err = errnoErr(e1)
+ } else {
+ err = syscall.EINVAL
+ }
+ }
+ return
+}
+
func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) {
r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)))
if r1 == 0 {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index c6e098f58..b8da2ee24 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.18.0
+# github.com/containers/common v0.20.3
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities
@@ -601,7 +601,7 @@ golang.org/x/oauth2/internal
# golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
+# golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix