diff options
| author | baude <bbaude@redhat.com> | 2018-06-26 13:50:12 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-27 15:16:02 +0000 |
| commit | f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3 (patch) | |
| tree | 55a2c6e560625df8b8e176e4ac9cb2214480d3ab /vendor/github.com/opencontainers/runtime-tools/generate/seccomp | |
| parent | 19f5a504ffb1470991f331db412be456e41caab5 (diff) | |
| download | podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.gz podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.bz2 podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.zip | |
Vendor in latest runtime-tools
Newer runtime tools separates syscalls by OS so we can build darwin.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1007
Approved by: baude
Diffstat (limited to 'vendor/github.com/opencontainers/runtime-tools/generate/seccomp')
3 files changed, 31 insertions, 2 deletions
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go index 35b12cd65..5fee5a3b2 100644 --- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go +++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go @@ -2,7 +2,6 @@ package seccomp import ( "runtime" - "syscall" "github.com/opencontainers/runtime-spec/specs-go" rspec "github.com/opencontainers/runtime-spec/specs-go" @@ -513,7 +512,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp { Args: []rspec.LinuxSeccompArg{ { Index: sysCloneFlagsIndex, - Value: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET, + Value: CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet, ValueTwo: 0, Op: rspec.OpMaskedEqual, }, diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go new file mode 100644 index 000000000..311587437 --- /dev/null +++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go @@ -0,0 +1,15 @@ +// +build linux + +package seccomp + +import "syscall" + +// System values passed through on linux +const ( + CloneNewIPC = syscall.CLONE_NEWIPC + CloneNewNet = syscall.CLONE_NEWNET + CloneNewNS = syscall.CLONE_NEWNS + CloneNewPID = syscall.CLONE_NEWPID + CloneNewUser = syscall.CLONE_NEWUSER + CloneNewUTS = syscall.CLONE_NEWUTS +) diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go new file mode 100644 index 000000000..589b81c16 --- /dev/null +++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go @@ -0,0 +1,15 @@ +// +build !linux + +package seccomp + +// These are copied from linux/amd64 syscall values, as a reference for other +// platforms to have access to +const ( + CloneNewIPC = 0x8000000 + CloneNewNet = 0x40000000 + CloneNewNS = 0x20000 + CloneNewPID = 0x20000000 + CloneNewUser = 0x10000000 + CloneNewUTS = 0x4000000 + CloneNewCgroup = 0x02000000 +) |