diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2021-10-25 07:22:11 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-10-25 16:50:45 -0400 |
| commit | a42c131c80fc8c7220687c56cf4384a224572ca0 (patch) | |
| tree | 6b3907947aa49553ace7642034632b0ad8206157 /libpod | |
| parent | dbe770e3ce2ac2e34ffa8e28b80df57eb0182a68 (diff) | |
| download | podman-a42c131c80fc8c7220687c56cf4384a224572ca0.tar.gz podman-a42c131c80fc8c7220687c56cf4384a224572ca0.tar.bz2 podman-a42c131c80fc8c7220687c56cf4384a224572ca0.zip | |
Update vendor github.com/opencontainers/runtime-tools
This will change mount of /dev within container to noexec, making
containers slightly more secure.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 5 | ||||
| -rw-r--r-- | libpod/options.go | 2 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 27cc318b4..d3151f7e0 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -322,7 +322,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { return nil, err } - g := generate.Generator{Config: c.config.Spec} + g := generate.NewFromSpec(c.config.Spec) // If network namespace was requested, add it now if c.config.CreateNetNS { @@ -1219,7 +1219,8 @@ func (c *Container) importCheckpoint(input string) error { } // Make sure the newly created config.json exists on disk - g := generate.Generator{Config: c.config.Spec} + g := generate.NewFromSpec(c.config.Spec) + if err := c.saveSpec(g.Config); err != nil { return errors.Wrap(err, "saving imported container specification for restore failed") } diff --git a/libpod/options.go b/libpod/options.go index 9762de67e..135b2f363 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -969,7 +969,7 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption { if err := JSONDeepCopy(nsCtr.IDMappings(), &ctr.config.IDMappings); err != nil { return err } - g := generate.Generator{Config: ctr.config.Spec} + g := generate.NewFromSpec(ctr.config.Spec) g.ClearLinuxUIDMappings() for _, uidmap := range nsCtr.config.IDMappings.UIDMap { diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 2256ba57c..0a7db33f1 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -389,7 +389,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if ctr.restoreFromCheckpoint { // Remove information about bind mount // for new container from imported checkpoint - g := generate.Generator{Config: ctr.config.Spec} + g := generate.NewFromSpec(ctr.config.Spec) g.RemoveMount("/dev/shm") ctr.config.ShmDir = "" g.RemoveMount("/etc/resolv.conf") |