diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2020-08-17 06:28:45 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-08-21 10:56:29 -0400 |
| commit | 3848cac86052369c35a76f86a1f8e5471dfdf9e2 (patch) | |
| tree | ce349740b66871a766c7a98bc40333b32897baae /vendor/golang.org/x/sys/cpu | |
| parent | 516196f09677819b72d03e068fb8094b28e273aa (diff) | |
| download | podman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.tar.gz podman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.tar.bz2 podman-3848cac86052369c35a76f86a1f8e5471dfdf9e2.zip | |
In podman 1.* regression on --cap-add
In podman 1.0 if you executed a command like:
podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80
It would work, and the user dwalsh would get the capability, in
podman 2.0, only root and the binding set gets the capability.
This change restores us back to the way podman 1.0 worked.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor/golang.org/x/sys/cpu')
| -rw-r--r-- | vendor/golang.org/x/sys/cpu/byteorder.go | 11 | ||||
| -rw-r--r-- | vendor/golang.org/x/sys/cpu/cpu_arm64.go | 8 |
2 files changed, 15 insertions, 4 deletions
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go index ed8da8dea..dcbb14ef3 100644 --- a/vendor/golang.org/x/sys/cpu/byteorder.go +++ b/vendor/golang.org/x/sys/cpu/byteorder.go @@ -39,20 +39,25 @@ func (bigEndian) Uint64(b []byte) uint64 { uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 } -// hostByteOrder returns binary.LittleEndian on little-endian machines and -// binary.BigEndian on big-endian machines. +// hostByteOrder returns littleEndian on little-endian machines and +// bigEndian on big-endian machines. func hostByteOrder() byteOrder { switch runtime.GOARCH { case "386", "amd64", "amd64p32", + "alpha", "arm", "arm64", "mipsle", "mips64le", "mips64p32le", + "nios2", "ppc64le", - "riscv", "riscv64": + "riscv", "riscv64", + "sh": return littleEndian{} case "armbe", "arm64be", + "m68k", "mips", "mips64", "mips64p32", "ppc", "ppc64", "s390", "s390x", + "shbe", "sparc", "sparc64": return bigEndian{} } diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go index 9c87677ae..7bcb36c7b 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -10,8 +10,14 @@ const cacheLineSize = 64 func init() { switch runtime.GOOS { - case "android", "darwin": + case "android", "darwin", "netbsd": // Android and iOS don't seem to allow reading these registers. + // + // NetBSD: + // ID_AA64ISAR0_EL1 is a privileged register and cannot be read from EL0. + // It can be read via sysctl(3). Example for future implementers: + // https://nxr.netbsd.org/xref/src/usr.sbin/cpuctl/arch/aarch64.c + // // Fake the minimal features expected by // TestARM64minimalFeatures. ARM64.HasASIMD = true |