summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml4
-rw-r--r--completions/bash/podman1
-rw-r--r--go.mod4
-rw-r--r--go.sum8
-rw-r--r--nix/nixpkgs.json6
-rw-r--r--pkg/specgen/generate/security.go26
-rw-r--r--vendor/github.com/containers/common/pkg/apparmor/apparmor.go1
-rw-r--r--vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go54
-rw-r--r--vendor/github.com/containers/common/pkg/auth/auth.go3
-rw-r--r--vendor/github.com/containers/common/pkg/capabilities/capabilities.go10
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_local.go23
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf23
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go30
-rw-r--r--vendor/github.com/containers/common/pkg/config/libpodConfig.go18
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/byteorder.go11
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_arm64.go8
-rw-r--r--vendor/golang.org/x/sys/unix/mkerrors.sh7
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_bsd.go17
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux.go40
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux.go66
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_386.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_arm.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go6
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go7
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_linux.go46
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go12
-rw-r--r--vendor/golang.org/x/sys/unix/ztypes_linux.go416
-rw-r--r--vendor/golang.org/x/sys/windows/memory_windows.go5
-rw-r--r--vendor/golang.org/x/sys/windows/syscall_windows.go2
-rw-r--r--vendor/golang.org/x/sys/windows/zsyscall_windows.go19
-rw-r--r--vendor/modules.txt4
54 files changed, 636 insertions, 337 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 964368743..1bf35e142 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -775,11 +775,11 @@ static_build_task:
build_script: |
set -ex
- mkdir -p /nix
mkdir -p .cache
- mount --bind .cache /nix
+ mv .cache /nix
if [[ -z $(ls -A /nix) ]]; then podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix; fi
podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
+ mv /nix .cache
chown -Rf $(whoami) .cache
binaries_artifacts:
diff --git a/completions/bash/podman b/completions/bash/podman
index af222bf65..ca2c93153 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -3672,6 +3672,7 @@ _podman_podman() {
start
stats
stop
+ system
tag
top
umount
diff --git a/go.mod b/go.mod
index 0fd4e602e..779423bf9 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.6
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c
- github.com/containers/common v0.18.0
+ github.com/containers/common v0.20.3
github.com/containers/conmon v2.0.19+incompatible
github.com/containers/image/v5 v5.5.2
github.com/containers/psgo v1.5.1
@@ -61,7 +61,7 @@ require (
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
- golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
k8s.io/api v0.18.8
k8s.io/apimachinery v0.18.8
k8s.io/client-go v0.0.0-20190620085101-78d2af792bab
diff --git a/go.sum b/go.sum
index 8b178a6b7..7a4476f22 100644
--- a/go.sum
+++ b/go.sum
@@ -73,8 +73,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c h1:+V9RQOhg1LyhyHHU33OVjO+Uan1MoVbkjufH8E/BeLU=
github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c/go.mod h1:XVOKQHd1sP/7tFpCXIaNsUJZdTNCwVZ7YZiLnnEfrVg=
github.com/containers/common v0.15.2/go.mod h1:rhpXuGLTEKsk/xX/x0iKGHjRadMHpBd2ZiNDugwXPEM=
-github.com/containers/common v0.18.0 h1:pZB6f17N5QV43TcT06gtx1lb0rxd/4StFdVhP9CtgQg=
-github.com/containers/common v0.18.0/go.mod h1:H2Wqvx6wkqdzT4RcTCqIG4W0HSOZwUbbNiUTX1+VohU=
+github.com/containers/common v0.20.3 h1:d8vSReNkrySKE3ZPya2vt6Wc/xuQiB30pNXTYHz2iHM=
+github.com/containers/common v0.20.3/go.mod h1:+NUHV8V5Kmo260ja9Dxtr8ialrDnK4RNzyeEbSgmLac=
github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQBTSwXvnKNdcB/a1vQ=
github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ=
@@ -89,8 +89,6 @@ github.com/containers/ocicrypt v1.0.3/go.mod h1:CUBa+8MRNL/VkpxYIpaMtgn1WgXGyvPQ
github.com/containers/psgo v1.5.1 h1:MQNb7FLbXqBdqz6u4lI2QWizVz4RSTzs1+Nk9XT1iVA=
github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc=
-github.com/containers/storage v1.21.2 h1:bf9IqA+g6ClBviqVG5lVCp5tTH9lvWwjYws7mVYSti0=
-github.com/containers/storage v1.21.2/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw=
github.com/containers/storage v1.23.0 h1:gYyNkBiihC2FvGiHOjOjpnfojYwgxpLVooTUlmD6pxs=
github.com/containers/storage v1.23.0/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -567,6 +565,8 @@ golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json
index 976284ed4..6ef89ff82 100644
--- a/nix/nixpkgs.json
+++ b/nix/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/nixos/nixpkgs",
- "rev": "d6a445fe821052861b379d9b6c02d21623c25464",
- "date": "2020-08-11T04:28:16+01:00",
- "sha256": "064scwaxg8qg4xbmq07hag57saa4bhsb4pgg5h5vfs4nhhwvchg9",
+ "rev": "5f212d693fe1c82f9c7e20cd57bc69802b36a321",
+ "date": "2020-08-22T01:42:23+02:00",
+ "sha256": "1h3819ppllcpw07j884bjh07sma07vrrk1md92sf93cg43nmzncf",
"fetchSubmodules": false
}
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 5e4cc3399..d3e3d9278 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -112,7 +112,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
// Pass capRequiredRequested in CapAdd field to normalize capabilities names
capsRequired, err := capabilities.MergeCapabilities(nil, capsRequiredRequested, nil)
if err != nil {
- logrus.Errorf("capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
+ return errors.Wrapf(err, "capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
} else {
// Verify all capRequiered are in the capList
for _, cap := range capsRequired {
@@ -129,12 +129,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
}
}
- g.SetProcessNoNewPrivileges(s.NoNewPrivileges)
-
- if err := setupApparmor(s, rtc, g); err != nil {
- return err
- }
-
configSpec := g.Config
configSpec.Process.Capabilities.Bounding = caplist
@@ -142,13 +136,21 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Permitted = caplist
configSpec.Process.Capabilities.Inheritable = caplist
- configSpec.Process.Capabilities.Ambient = caplist
} else {
- configSpec.Process.Capabilities.Effective = []string{}
- configSpec.Process.Capabilities.Permitted = []string{}
- configSpec.Process.Capabilities.Inheritable = []string{}
- configSpec.Process.Capabilities.Ambient = []string{}
+ userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd)
+ if err != nil {
+ return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ","))
+ }
+ configSpec.Process.Capabilities.Effective = userCaps
+ configSpec.Process.Capabilities.Permitted = userCaps
}
+
+ g.SetProcessNoNewPrivileges(s.NoNewPrivileges)
+
+ if err := setupApparmor(s, rtc, g); err != nil {
+ return err
+ }
+
// HANDLE SECCOMP
if s.SeccompProfilePath != "unconfined" {
seccompConfig, err := getSeccompConfig(s, configSpec, newImage)
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
index 8046f45f5..146280df2 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go
@@ -15,7 +15,6 @@ const (
)
var (
-
// ErrApparmorUnsupported indicates that AppArmor support is not supported.
ErrApparmorUnsupported = errors.New("AppArmor is not supported")
// ErrApparmorRootless indicates that AppArmor support is not supported in rootless mode.
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
index 307249f3d..e0b5c5677 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
@@ -5,7 +5,6 @@ package apparmor
import (
"bufio"
"bytes"
- "fmt"
"io"
"os"
"os/exec"
@@ -47,7 +46,7 @@ type profileData struct {
func (p *profileData) generateDefault(out io.Writer) error {
compiled, err := template.New("apparmor_profile").Parse(defaultProfileTemplate)
if err != nil {
- return err
+ return errors.Wrap(err, "create AppArmor profile from template")
}
if macroExists("tunables/global") {
@@ -62,11 +61,11 @@ func (p *profileData) generateDefault(out io.Writer) error {
ver, err := getAAParserVersion()
if err != nil {
- return err
+ return errors.Wrap(err, "get AppArmor version")
}
p.Version = ver
- return compiled.Execute(out, p)
+ return errors.Wrap(compiled.Execute(out, p), "execute compiled profile")
}
// macrosExists checks if the passed macro exists.
@@ -89,28 +88,29 @@ func InstallDefault(name string) error {
cmd := exec.Command("apparmor_parser", "-Kr")
pipe, err := cmd.StdinPipe()
if err != nil {
- return err
+ return errors.Wrap(err, "execute apparmor_parser")
}
if err := cmd.Start(); err != nil {
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
- return err
+ return errors.Wrap(err, "start apparmor_parser command")
}
if err := p.generateDefault(pipe); err != nil {
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
if cmdErr := cmd.Wait(); cmdErr != nil {
- logrus.Errorf("unable to wait for apparmor command: %q", cmdErr)
+ logrus.Errorf("unable to wait for AppArmor command: %q", cmdErr)
}
- return err
+ return errors.Wrap(err, "generate default profile into pipe")
}
if pipeErr := pipe.Close(); pipeErr != nil {
- logrus.Errorf("unable to close apparmor pipe: %q", pipeErr)
+ logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr)
}
- return cmd.Wait()
+
+ return errors.Wrap(cmd.Wait(), "wait for AppArmor command")
}
// DefaultContent returns the default profile content as byte slice. The
@@ -120,7 +120,7 @@ func DefaultContent(name string) ([]byte, error) {
p := profileData{Name: name}
var bytes bytes.Buffer
if err := p.generateDefault(&bytes); err != nil {
- return nil, err
+ return nil, errors.Wrap(err, "generate default AppAmor profile")
}
return bytes.Bytes(), nil
}
@@ -137,7 +137,7 @@ func IsLoaded(name string) (bool, error) {
if os.IsNotExist(err) {
return false, nil
}
- return false, err
+ return false, errors.Wrap(err, "open AppArmor profile path")
}
defer file.Close()
@@ -148,7 +148,7 @@ func IsLoaded(name string) (bool, error) {
break
}
if err != nil {
- return false, err
+ return false, errors.Wrap(err, "reading AppArmor profile")
}
if strings.HasPrefix(p, name+" ") {
return true, nil
@@ -163,9 +163,9 @@ func execAAParser(dir string, args ...string) (string, error) {
c := exec.Command("apparmor_parser", args...)
c.Dir = dir
- output, err := c.CombinedOutput()
+ output, err := c.Output()
if err != nil {
- return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
+ return "", errors.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
}
return string(output), nil
@@ -175,7 +175,7 @@ func execAAParser(dir string, args ...string) (string, error) {
func getAAParserVersion() (int, error) {
output, err := execAAParser("", "--version")
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "execute apparmor_parser")
}
return parseAAParserVersion(output)
}
@@ -194,7 +194,7 @@ func parseAAParserVersion(output string) (int, error) {
// split by major minor version
v := strings.Split(version, ".")
if len(v) == 0 || len(v) > 3 {
- return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
+ return -1, errors.Errorf("parsing version failed for output: `%s`", output)
}
// Default the versions to 0.
@@ -202,19 +202,19 @@ func parseAAParserVersion(output string) (int, error) {
majorVersion, err := strconv.Atoi(v[0])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor major version")
}
if len(v) > 1 {
minorVersion, err = strconv.Atoi(v[1])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor minor version")
}
}
if len(v) > 2 {
patchLevel, err = strconv.Atoi(v[2])
if err != nil {
- return -1, err
+ return -1, errors.Wrap(err, "convert AppArmor patch version")
}
}
@@ -251,7 +251,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
if name == "" {
return "", nil
} else {
- return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name)
+ return "", errors.Errorf("profile %q specified but AppArmor is disabled on the host", name)
}
}
@@ -262,10 +262,10 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
// name.
isLoaded, err := IsLoaded(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "verify if profile %s is loaded", name)
}
if !isLoaded {
- return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
+ return "", errors.Errorf("AppArmor profile %q specified but not loaded", name)
}
return name, nil
}
@@ -274,12 +274,12 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
// if it's loaded before installing it.
isLoaded, err := IsLoaded(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "verify if profile %s is loaded", name)
}
if !isLoaded {
err = InstallDefault(name)
if err != nil {
- return "", err
+ return "", errors.Wrapf(err, "install profile %s", name)
}
logrus.Infof("successfully loaded AppAmor profile %q", name)
} else {
diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go
index c52dfa01f..91ab45f0d 100644
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@@ -150,9 +150,6 @@ func getRegistryName(server string) string {
// gets the registry from the input. If the input is of the form
// quay.io/myuser/myimage, it will parse it and just return quay.io
split := strings.Split(server, "/")
- if len(split) > 1 {
- return split[0]
- }
return split[0]
}
diff --git a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
index 941177489..ddfa53be8 100644
--- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
+++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
@@ -57,9 +57,9 @@ func AllCapabilities() []string {
return capabilityList
}
-// normalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet
+// NormalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet
// present).
-func normalizeCapabilities(caps []string) ([]string, error) {
+func NormalizeCapabilities(caps []string) ([]string, error) {
normalized := make([]string, len(caps))
for i, c := range caps {
c = strings.ToUpper(c)
@@ -98,7 +98,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
var caps []string
// Normalize the base capabilities
- base, err := normalizeCapabilities(base)
+ base, err := NormalizeCapabilities(base)
if err != nil {
return nil, err
}
@@ -106,11 +106,11 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
// Nothing to tweak; we're done
return base, nil
}
- capDrop, err := normalizeCapabilities(drops)
+ capDrop, err := NormalizeCapabilities(drops)
if err != nil {
return nil, err
}
- capAdd, err := normalizeCapabilities(adds)
+ capAdd, err := NormalizeCapabilities(adds)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 80c478505..e1bd4fc27 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -244,6 +244,11 @@ type EngineConfig struct {
// LockType is the type of locking to use.
LockType string `toml:"lock_type,omitempty"`
+ // MultiImageArchive - if true, the container engine allows for storing
+ // archives (e.g., of the docker-archive transport) with multiple
+ // images. By default, Podman creates single-image archives.
+ MultiImageArchive bool `toml:"multi_image_archive,omitempty"`
+
// Namespace is the engine namespace to use. Namespaces are used to create
// scopes to separate containers and pods in the state. When namespace is
// set, engine will only view containers and pods in the same namespace. All
diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go
index 282eb80b7..b1d1644dd 100644
--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@@ -7,6 +7,7 @@ import (
"os"
"path/filepath"
"regexp"
+ "strings"
"syscall"
units "github.com/docker/go-units"
@@ -81,12 +82,24 @@ func (c *ContainersConfig) validateTZ() error {
if c.TZ == "local" {
return nil
}
- zonePath := filepath.Join("/usr/share/zoneinfo", c.TZ)
- _, err := os.Stat(zonePath)
- if err != nil {
- return fmt.Errorf("Unrecognized timezone %s", zonePath)
+
+ lookupPaths := []string{
+ "/usr/share/zoneinfo",
+ "/etc/zoneinfo",
}
- return nil
+
+ for _, paths := range lookupPaths {
+ zonePath := filepath.Join(paths, c.TZ)
+ if _, err := os.Stat(zonePath); err == nil {
+ // found zone information
+ return nil
+ }
+ }
+
+ return fmt.Errorf(
+ "unable to find timezone %s in paths: %s",
+ c.TZ, strings.Join(lookupPaths, ", "),
+ )
}
func (c *ContainersConfig) validateUmask() error {
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 780df2a22..ff4d99bda 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -116,18 +116,13 @@
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+# "TERM=xterm",
# ]
# Pass all host environment variables into the container.
#
# env_host = false
-# Path to OCI hooks directories for automatically executed hooks.
-#
-# hooks_dir = [
-# "/usr/share/containers/oci/hooks.d",
-# ]
-
# Default proxy environment variables passed into the container.
# The environment variables passed in include:
# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of
@@ -299,6 +294,12 @@
#
# events_logger = "journald"
+# Path to OCI hooks directories for automatically executed hooks.
+#
+# hooks_dir = [
+# "/usr/share/containers/oci/hooks.d",
+# ]
+
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
@@ -322,6 +323,12 @@
#
# lock_type** = "shm"
+# MultiImageArchive - if true, the container engine allows for storing archives
+# (e.g., of the docker-archive transport) with multiple images. By default,
+# Podman creates single-image archives.
+#
+# multi_image_archive = "false"
+
# Default engine namespace
# If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
@@ -331,6 +338,10 @@
#
# namespace = ""
+# Path to the slirp4netns binary
+#
+# network_cmd_path=""
+
# Whether to use chroot instead of pivot_root in the runtime
#
# no_pivot_root = false
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 57b703f53..2c398c538 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -12,6 +12,7 @@ import (
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/cgroupv2"
"github.com/containers/storage"
+ "github.com/containers/storage/pkg/homedir"
"github.com/containers/storage/pkg/unshare"
"github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
@@ -94,8 +95,8 @@ const (
_installPrefix = "/usr"
// _cniConfigDir is the directory where cni configuration is found
_cniConfigDir = "/etc/cni/net.d/"
- // _cniConfigDirRootless is the directory where cni plugins are found
- _cniConfigDirRootless = ".config/cni/net.d/"
+ // _cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins
+ _cniConfigDirRootless = "cni/net.d/"
// CgroupfsCgroupsManager represents cgroupfs native cgroup manager
CgroupfsCgroupsManager = "cgroupfs"
// DefaultApparmorProfile specifies the default apparmor profile for the container.
@@ -115,9 +116,9 @@ const (
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
- // DefaultRootlessSignaturePolicyPath is the default value for the
- // rootless policy.json file.
- DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json"
+ // DefaultRootlessSignaturePolicyPath is the location within
+ // XDG_CONFIG_HOME of the rootless policy.json file.
+ DefaultRootlessSignaturePolicyPath = "containers/policy.json"
// DefaultShmSize default value
DefaultShmSize = "65536k"
// DefaultUserNSSize default value
@@ -144,11 +145,11 @@ func DefaultConfig() (*Config, error) {
defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
if unshare.IsRootless() {
- home, err := unshare.HomeDir()
+ configHome, err := homedir.GetConfigHome()
if err != nil {
return nil, err
}
- sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath)
+ sigPath := filepath.Join(configHome, DefaultRootlessSignaturePolicyPath)
defaultEngineConfig.SignaturePolicyPath = sigPath
if _, err := os.Stat(sigPath); err != nil {
if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil {
@@ -156,7 +157,7 @@ func DefaultConfig() (*Config, error) {
}
}
netns = "slirp4netns"
- cniConfig = filepath.Join(home, _cniConfigDirRootless)
+ cniConfig = filepath.Join(configHome, _cniConfigDirRootless)
}
cgroupNS := "host"
@@ -181,6 +182,7 @@ func DefaultConfig() (*Config, error) {
EnableLabeling: selinuxEnabled(),
Env: []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm",
},
EnvHost: false,
HTTPProxy: false,
@@ -222,10 +224,16 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")
- storeOpts, err := storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
- if err != nil {
- return nil, err
+ var storeOpts storage.StoreOptions
+ if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok {
+ storage.ReloadConfigurationFile(path, &storeOpts)
+ } else {
+ storeOpts, err = storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
+ if err != nil {
+ return nil, err
+ }
}
+
if storeOpts.GraphRoot == "" {
logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot)
storeOpts.GraphRoot = _defaultGraphRoot
diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
index ab507e864..9d04da7f5 100644
--- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go
+++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go
@@ -197,6 +197,10 @@ func newLibpodConfig(c *Config) error {
return errors.Wrapf(err, "error finding config on system")
}
+ if len(configs) == 0 {
+ return nil
+ }
+
for _, path := range configs {
config, err = readLibpodConfigFromFile(path, config)
if err != nil {
@@ -226,7 +230,7 @@ func newLibpodConfig(c *Config) error {
// hard code EventsLogger to "file" to match older podman versions.
if config.EventsLogger != "file" {
- logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger)
+ logrus.Warnf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", config.EventsLogger, Path())
config.EventsLogger = "file"
}
@@ -260,9 +264,7 @@ func systemLibpodConfigs() ([]string, error) {
if err != nil {
containersConfPath = filepath.Join("$HOME", UserOverrideContainersConfig)
}
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath)
return []string{path}, nil
}
return nil, err
@@ -270,15 +272,11 @@ func systemLibpodConfigs() ([]string, error) {
configs := []string{}
if _, err := os.Stat(_rootConfigPath); err == nil {
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig)
configs = append(configs, _rootConfigPath)
}
if _, err := os.Stat(_rootOverrideConfigPath); err == nil {
- // TODO: Raise to Warnf, when Podman is updated to
- // remove libpod.conf by default
- logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig)
+ logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig)
configs = append(configs, _rootOverrideConfigPath)
}
return configs, nil
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 6b226eabe..536e88076 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.18.0"
+const Version = "0.20.3"
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
index ed8da8dea..dcbb14ef3 100644
--- a/vendor/golang.org/x/sys/cpu/byteorder.go
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -39,20 +39,25 @@ func (bigEndian) Uint64(b []byte) uint64 {
uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
}
-// hostByteOrder returns binary.LittleEndian on little-endian machines and
-// binary.BigEndian on big-endian machines.
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
func hostByteOrder() byteOrder {
switch runtime.GOARCH {
case "386", "amd64", "amd64p32",
+ "alpha",
"arm", "arm64",
"mipsle", "mips64le", "mips64p32le",
+ "nios2",
"ppc64le",
- "riscv", "riscv64":
+ "riscv", "riscv64",
+ "sh":
return littleEndian{}
case "armbe", "arm64be",
+ "m68k",
"mips", "mips64", "mips64p32",
"ppc", "ppc64",
"s390", "s390x",
+ "shbe",
"sparc", "sparc64":
return bigEndian{}
}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
index 9c87677ae..7bcb36c7b 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -10,8 +10,14 @@ const cacheLineSize = 64
func init() {
switch runtime.GOOS {
- case "android", "darwin":
+ case "android", "darwin", "netbsd":
// Android and iOS don't seem to allow reading these registers.
+ //
+ // NetBSD:
+ // ID_AA64ISAR0_EL1 is a privileged register and cannot be read from EL0.
+ // It can be read via sysctl(3). Example for future implementers:
+ // https://nxr.netbsd.org/xref/src/usr.sbin/cpuctl/arch/aarch64.c
+ //
// Fake the minimal features expected by
// TestARM64minimalFeatures.
ARM64.HasASIMD = true
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 780e387e3..53a249312 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -107,6 +107,7 @@ includes_FreeBSD='
#include <sys/types.h>
#include <sys/disk.h>
#include <sys/event.h>
+#include <sys/sched.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -297,6 +298,7 @@ includes_NetBSD='
#include <sys/extattr.h>
#include <sys/mman.h>
#include <sys/mount.h>
+#include <sys/sched.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -325,6 +327,7 @@ includes_OpenBSD='
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/select.h>
+#include <sys/sched.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/stat.h>
@@ -507,9 +510,11 @@ ccflags="$@"
$2 ~ /^(CLOCK|TIMER)_/ ||
$2 ~ /^CAN_/ ||
$2 ~ /^CAP_/ ||
+ $2 ~ /^CP_/ ||
+ $2 ~ /^CPUSTATES$/ ||
$2 ~ /^ALG_/ ||
$2 ~ /^FS_(POLICY_FLAGS|KEY_DESC|ENCRYPTION_MODE|[A-Z0-9_]+_KEY_SIZE)/ ||
- $2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|GETFLAGS)/ ||
+ $2 ~ /^FS_IOC_.*(ENCRYPTION|VERITY|[GS]ETFLAGS)/ ||
$2 ~ /^FS_VERITY_/ ||
$2 ~ /^FSCRYPT_/ ||
$2 ~ /^GRND_/ ||
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 68605db62..60bbe10ad 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -527,6 +527,23 @@ func SysctlClockinfo(name string) (*Clockinfo, error) {
return &ci, nil
}
+func SysctlTimeval(name string) (*Timeval, error) {
+ mib, err := sysctlmib(name)
+ if err != nil {
+ return nil, err
+ }
+
+ var tv Timeval
+ n := uintptr(unsafe.Sizeof(tv))
+ if err := sysctl(mib, (*byte)(unsafe.Pointer(&tv)), &n, nil, 0); err != nil {
+ return nil, err
+ }
+ if n != unsafe.Sizeof(tv) {
+ return nil, EIO
+ }
+ return &tv, nil
+}
+
//sys utimes(path string, timeval *[2]Timeval) (err error)
func Utimes(path string, tv []Timeval) error {
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 942a4bbf7..fad483bb9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -97,6 +97,12 @@ func IoctlSetRTCTime(fd int, value *RTCTime) error {
return err
}
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+ err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
func IoctlGetUint32(fd int, req uint) (uint32, error) {
var value uint32
err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
@@ -109,6 +115,12 @@ func IoctlGetRTCTime(fd int) (*RTCTime, error) {
return &value, err
}
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+ var value RTCWkAlrm
+ err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
//sys Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
func Link(oldpath string, newpath string) (err error) {
@@ -1938,6 +1950,20 @@ func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) {
return int(n), nil
}
+func isGroupMember(gid int) bool {
+ groups, err := Getgroups()
+ if err != nil {
+ return false
+ }
+
+ for _, g := range groups {
+ if g == gid {
+ return true
+ }
+ }
+ return false
+}
+
//sys faccessat(dirfd int, path string, mode uint32) (err error)
func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
@@ -1995,7 +2021,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
gid = Getgid()
}
- if uint32(gid) == st.Gid {
+ if uint32(gid) == st.Gid || isGroupMember(gid) {
fmode = (st.Mode >> 3) & 7
} else {
fmode = st.Mode & 7
@@ -2096,6 +2122,18 @@ func Klogset(typ int, arg int) (err error) {
return nil
}
+// RemoteIovec is Iovec with the pointer replaced with an integer.
+// It is used for ProcessVMReadv and ProcessVMWritev, where the pointer
+// refers to a location in a different process' address space, which
+// would confuse the Go garbage collector.
+type RemoteIovec struct {
+ Base uintptr
+ Len int
+}
+
+//sys ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_READV
+//sys ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) = SYS_PROCESS_VM_WRITEV
+
/*
* Unimplemented
*/
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index 848245873..3689c8084 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 4acd101c3..b8f7c3c93 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index e4719873b..be14bb1a4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index 5e49769d9..7ce9c0081 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -339,6 +339,12 @@ const (
CLOCK_UPTIME_FAST = 0x8
CLOCK_UPTIME_PRECISE = 0x7
CLOCK_VIRTUAL = 0x1
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x30000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 6e3cfec46..f8bd50c11 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -160,78 +160,28 @@ const (
BPF_A = 0x10
BPF_ABS = 0x20
BPF_ADD = 0x0
- BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
- BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
BPF_ALU = 0x4
BPF_ALU64 = 0x7
BPF_AND = 0x50
- BPF_ANY = 0x0
BPF_ARSH = 0xc0
BPF_B = 0x10
BPF_BUILD_ID_SIZE = 0x14
BPF_CALL = 0x80
- BPF_DEVCG_ACC_MKNOD = 0x1
- BPF_DEVCG_ACC_READ = 0x2
- BPF_DEVCG_ACC_WRITE = 0x4
- BPF_DEVCG_DEV_BLOCK = 0x1
- BPF_DEVCG_DEV_CHAR = 0x2
BPF_DIV = 0x30
BPF_DW = 0x18
BPF_END = 0xd0
- BPF_EXIST = 0x2
BPF_EXIT = 0x90
- BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1
- BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4
- BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2
BPF_FROM_BE = 0x8
BPF_FROM_LE = 0x0
BPF_FS_MAGIC = 0xcafe4a11
- BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 0x2
- BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 0x4
- BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8
- BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
- BPF_F_ADJ_ROOM_FIXED_GSO = 0x1
BPF_F_ALLOW_MULTI = 0x2
BPF_F_ALLOW_OVERRIDE = 0x1
BPF_F_ANY_ALIGNMENT = 0x2
- BPF_F_CLONE = 0x200
- BPF_F_CTXLEN_MASK = 0xfffff00000000
- BPF_F_CURRENT_CPU = 0xffffffff
- BPF_F_CURRENT_NETNS = -0x1
- BPF_F_DONT_FRAGMENT = 0x4
- BPF_F_FAST_STACK_CMP = 0x200
- BPF_F_HDR_FIELD_MASK = 0xf
- BPF_F_INDEX_MASK = 0xffffffff
- BPF_F_INGRESS = 0x1
- BPF_F_INVALIDATE_HASH = 0x2
- BPF_F_LOCK = 0x4
- BPF_F_MARK_ENFORCE = 0x40
- BPF_F_MARK_MANGLED_0 = 0x20
- BPF_F_MMAPABLE = 0x400
- BPF_F_NO_COMMON_LRU = 0x2
- BPF_F_NO_PREALLOC = 0x1
- BPF_F_NUMA_NODE = 0x4
- BPF_F_PSEUDO_HDR = 0x10
BPF_F_QUERY_EFFECTIVE = 0x1
- BPF_F_RDONLY = 0x8
- BPF_F_RDONLY_PROG = 0x80
- BPF_F_RECOMPUTE_CSUM = 0x1
BPF_F_REPLACE = 0x4
- BPF_F_REUSE_STACKID = 0x400
- BPF_F_SEQ_NUMBER = 0x8
- BPF_F_SKIP_FIELD_MASK = 0xff
- BPF_F_STACK_BUILD_ID = 0x20
BPF_F_STRICT_ALIGNMENT = 0x1
- BPF_F_SYSCTL_BASE_NAME = 0x1
BPF_F_TEST_RND_HI32 = 0x4
BPF_F_TEST_STATE_FREQ = 0x8
- BPF_F_TUNINFO_IPV6 = 0x1
- BPF_F_USER_BUILD_ID = 0x800
- BPF_F_USER_STACK = 0x100
- BPF_F_WRONLY = 0x10
- BPF_F_WRONLY_PROG = 0x100
- BPF_F_ZERO_CSUM_TX = 0x2
- BPF_F_ZERO_SEED = 0x40
BPF_H = 0x8
BPF_IMM = 0x0
BPF_IND = 0x40
@@ -267,7 +217,6 @@ const (
BPF_MUL = 0x20
BPF_NEG = 0x80
BPF_NET_OFF = -0x100000
- BPF_NOEXIST = 0x1
BPF_OBJ_NAME_LEN = 0x10
BPF_OR = 0x40
BPF_PSEUDO_CALL = 0x1
@@ -275,12 +224,6 @@ const (
BPF_PSEUDO_MAP_VALUE = 0x2
BPF_RET = 0x6
BPF_RSH = 0x70
- BPF_SK_STORAGE_GET_F_CREATE = 0x1
- BPF_SOCK_OPS_ALL_CB_FLAGS = 0xf
- BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2
- BPF_SOCK_OPS_RTO_CB_FLAG = 0x1
- BPF_SOCK_OPS_RTT_CB_FLAG = 0x8
- BPF_SOCK_OPS_STATE_CB_FLAG = 0x4
BPF_ST = 0x2
BPF_STX = 0x3
BPF_SUB = 0x10
@@ -378,12 +321,14 @@ const (
CLOCK_TXINT = 0x3
CLONE_ARGS_SIZE_VER0 = 0x40
CLONE_ARGS_SIZE_VER1 = 0x50
+ CLONE_ARGS_SIZE_VER2 = 0x58
CLONE_CHILD_CLEARTID = 0x200000
CLONE_CHILD_SETTID = 0x1000000
CLONE_CLEAR_SIGHAND = 0x100000000
CLONE_DETACHED = 0x400000
CLONE_FILES = 0x400
CLONE_FS = 0x200
+ CLONE_INTO_CGROUP = 0x200000000
CLONE_IO = 0x80000000
CLONE_NEWCGROUP = 0x2000000
CLONE_NEWIPC = 0x8000000
@@ -598,7 +543,9 @@ const (
FAN_DELETE = 0x200
FAN_DELETE_SELF = 0x400
FAN_DENY = 0x2
+ FAN_DIR_MODIFY = 0x80000
FAN_ENABLE_AUDIT = 0x40
+ FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2
FAN_EVENT_INFO_TYPE_FID = 0x1
FAN_EVENT_METADATA_LEN = 0x18
FAN_EVENT_ON_CHILD = 0x8000000
@@ -2108,8 +2055,6 @@ const (
TCOFLUSH = 0x1
TCOOFF = 0x0
TCOON = 0x1
- TCP_BPF_IW = 0x3e9
- TCP_BPF_SNDCWND_CLAMP = 0x3ea
TCP_CC_INFO = 0x1a
TCP_CM_INQ = 0x24
TCP_CONGESTION = 0xd
@@ -2384,8 +2329,9 @@ const (
XDP_COPY = 0x2
XDP_FLAGS_DRV_MODE = 0x4
XDP_FLAGS_HW_MODE = 0x8
- XDP_FLAGS_MASK = 0xf
+ XDP_FLAGS_MASK = 0x1f
XDP_FLAGS_MODES = 0xe
+ XDP_FLAGS_REPLACE = 0x10
XDP_FLAGS_SKB_MODE = 0x2
XDP_FLAGS_UPDATE_IF_NOEXIST = 0x1
XDP_MMAP_OFFSETS = 0x1
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 5e974110d..11b25f68c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -75,8 +75,10 @@ const (
FP_XSTATE_MAGIC2 = 0x46505845
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0xc
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 47a57fe46..f92cff6ea 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -75,8 +75,10 @@ const (
FP_XSTATE_MAGIC2 = 0x46505845
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index df2eea4bb..12bcbf88d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0xc
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 4e1214217..8b0e024b9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -77,8 +77,10 @@ const (
FPSIMD_MAGIC = 0x46508001
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index a23b08029..eeadea943 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x21
F_GETLK64 = 0x21
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index a5a921e43..0be6c4ccc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0xe
F_GETLK64 = 0xe
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index d088e197b..0880b745c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0xe
F_GETLK64 = 0xe
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 0ddf9d5fe..c8a66627a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x2000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80046602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x21
F_GETLK64 = 0x21
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index a93ffc180..97aae63f1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x800000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x5
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index c1ea48b95..b0c3b0664 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x800000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x5
F_GETLK64 = 0xc
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 7def950ba..0c0518193 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index d39293c87..0b96bd462 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -74,8 +74,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614
+ FS_IOC_SETFLAGS = 0x40086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613
F_GETLK = 0x5
F_GETLK64 = 0x5
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 3ff3ec681..bd5c30577 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -78,8 +78,10 @@ const (
FLUSHO = 0x1000
FS_IOC_ENABLE_VERITY = 0x80806685
FS_IOC_GETFLAGS = 0x40086601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80086602
FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
F_GETLK = 0x7
F_GETLK64 = 0x7
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 96b9b8ab3..20f3a5799 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index ed522a84e..90b8fcd29 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index c8d36fe99..c5c03993b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -150,6 +150,12 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index f1c146a74..14dd3c1d1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -158,6 +158,12 @@ const (
CLONE_SIGHAND = 0x800
CLONE_VFORK = 0x4000
CLONE_VM = 0x100
+ CPUSTATES = 0x5
+ CP_IDLE = 0x4
+ CP_INTR = 0x3
+ CP_NICE = 0x1
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index 5402bd55c..c865a10df 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -146,6 +146,13 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index ffaf2d2f9..9db6b2fb6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -153,6 +153,13 @@ const (
CLOCK_REALTIME = 0x0
CLOCK_THREAD_CPUTIME_ID = 0x4
CLOCK_UPTIME = 0x5
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 7aa796a64..7072526a6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -146,6 +146,13 @@ const (
BRKINT = 0x2
CFLUSH = 0xf
CLOCAL = 0x8000
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index 1792d3f13..ac5efbe5a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -156,6 +156,13 @@ const (
CLOCK_REALTIME = 0x0
CLOCK_THREAD_CPUTIME_ID = 0x4
CLOCK_UPTIME = 0x5
+ CPUSTATES = 0x6
+ CP_IDLE = 0x5
+ CP_INTR = 0x4
+ CP_NICE = 0x1
+ CP_SPIN = 0x3
+ CP_SYS = 0x2
+ CP_USER = 0x0
CREAD = 0x800
CRTSCTS = 0x10000
CS5 = 0x0
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index df217825f..f6603de4f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1847,6 +1847,52 @@ func openByHandleAt(mountFD int, fh *fileHandle, flags int) (fd int, err error)
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ProcessVMReadv(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(localIov) > 0 {
+ _p0 = unsafe.Pointer(&localIov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ var _p1 unsafe.Pointer
+ if len(remoteIov) > 0 {
+ _p1 = unsafe.Pointer(&remoteIov[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PROCESS_VM_READV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ProcessVMWritev(pid int, localIov []Iovec, remoteIov []RemoteIovec, flags uint) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(localIov) > 0 {
+ _p0 = unsafe.Pointer(&localIov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ var _p1 unsafe.Pointer
+ if len(remoteIov) > 0 {
+ _p1 = unsafe.Pointer(&remoteIov[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PROCESS_VM_WRITEV, uintptr(pid), uintptr(_p0), uintptr(len(localIov)), uintptr(_p1), uintptr(len(remoteIov)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func pipe2(p *[2]_C_int, flags int) (err error) {
_, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index 6f79227d7..b91c2ae0f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -125,9 +125,9 @@ type Statfs_t struct {
Owner uint32
Fsid Fsid
Charspare [80]int8
- Fstypename [16]int8
- Mntfromname [1024]int8
- Mntonname [1024]int8
+ Fstypename [16]byte
+ Mntfromname [1024]byte
+ Mntonname [1024]byte
}
type statfs_freebsd11_t struct {
@@ -150,9 +150,9 @@ type statfs_freebsd11_t struct {
Owner uint32
Fsid Fsid
Charspare [80]int8
- Fstypename [16]int8
- Mntfromname [88]int8
- Mntonname [88]int8
+ Fstypename [16]byte
+ Mntfromname [88]byte
+ Mntonname [88]byte
}
type Flock_t struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 416f7767e..27d67ac8f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1871,175 +1871,249 @@ const (
)
const (
- BPF_REG_0 = 0x0
- BPF_REG_1 = 0x1
- BPF_REG_2 = 0x2
- BPF_REG_3 = 0x3
- BPF_REG_4 = 0x4
- BPF_REG_5 = 0x5
- BPF_REG_6 = 0x6
- BPF_REG_7 = 0x7
- BPF_REG_8 = 0x8
- BPF_REG_9 = 0x9
- BPF_REG_10 = 0xa
- BPF_MAP_CREATE = 0x0
- BPF_MAP_LOOKUP_ELEM = 0x1
- BPF_MAP_UPDATE_ELEM = 0x2
- BPF_MAP_DELETE_ELEM = 0x3
- BPF_MAP_GET_NEXT_KEY = 0x4
- BPF_PROG_LOAD = 0x5
- BPF_OBJ_PIN = 0x6
- BPF_OBJ_GET = 0x7
- BPF_PROG_ATTACH = 0x8
- BPF_PROG_DETACH = 0x9
- BPF_PROG_TEST_RUN = 0xa
- BPF_PROG_GET_NEXT_ID = 0xb
- BPF_MAP_GET_NEXT_ID = 0xc
- BPF_PROG_GET_FD_BY_ID = 0xd
- BPF_MAP_GET_FD_BY_ID = 0xe
- BPF_OBJ_GET_INFO_BY_FD = 0xf
- BPF_PROG_QUERY = 0x10
- BPF_RAW_TRACEPOINT_OPEN = 0x11
- BPF_BTF_LOAD = 0x12
- BPF_BTF_GET_FD_BY_ID = 0x13
- BPF_TASK_FD_QUERY = 0x14
- BPF_MAP_LOOKUP_AND_DELETE_ELEM = 0x15
- BPF_MAP_FREEZE = 0x16
- BPF_BTF_GET_NEXT_ID = 0x17
- BPF_MAP_TYPE_UNSPEC = 0x0
- BPF_MAP_TYPE_HASH = 0x1
- BPF_MAP_TYPE_ARRAY = 0x2
- BPF_MAP_TYPE_PROG_ARRAY = 0x3
- BPF_MAP_TYPE_PERF_EVENT_ARRAY = 0x4
- BPF_MAP_TYPE_PERCPU_HASH = 0x5
- BPF_MAP_TYPE_PERCPU_ARRAY = 0x6
- BPF_MAP_TYPE_STACK_TRACE = 0x7
- BPF_MAP_TYPE_CGROUP_ARRAY = 0x8
- BPF_MAP_TYPE_LRU_HASH = 0x9
- BPF_MAP_TYPE_LRU_PERCPU_HASH = 0xa
- BPF_MAP_TYPE_LPM_TRIE = 0xb
- BPF_MAP_TYPE_ARRAY_OF_MAPS = 0xc
- BPF_MAP_TYPE_HASH_OF_MAPS = 0xd
- BPF_MAP_TYPE_DEVMAP = 0xe
- BPF_MAP_TYPE_SOCKMAP = 0xf
- BPF_MAP_TYPE_CPUMAP = 0x10
- BPF_MAP_TYPE_XSKMAP = 0x11
- BPF_MAP_TYPE_SOCKHASH = 0x12
- BPF_MAP_TYPE_CGROUP_STORAGE = 0x13
- BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14
- BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15
- BPF_MAP_TYPE_QUEUE = 0x16
- BPF_MAP_TYPE_STACK = 0x17
- BPF_MAP_TYPE_SK_STORAGE = 0x18
- BPF_MAP_TYPE_DEVMAP_HASH = 0x19
- BPF_PROG_TYPE_UNSPEC = 0x0
- BPF_PROG_TYPE_SOCKET_FILTER = 0x1
- BPF_PROG_TYPE_KPROBE = 0x2
- BPF_PROG_TYPE_SCHED_CLS = 0x3
- BPF_PROG_TYPE_SCHED_ACT = 0x4
- BPF_PROG_TYPE_TRACEPOINT = 0x5
- BPF_PROG_TYPE_XDP = 0x6
- BPF_PROG_TYPE_PERF_EVENT = 0x7
- BPF_PROG_TYPE_CGROUP_SKB = 0x8
- BPF_PROG_TYPE_CGROUP_SOCK = 0x9
- BPF_PROG_TYPE_LWT_IN = 0xa
- BPF_PROG_TYPE_LWT_OUT = 0xb
- BPF_PROG_TYPE_LWT_XMIT = 0xc
- BPF_PROG_TYPE_SOCK_OPS = 0xd
- BPF_PROG_TYPE_SK_SKB = 0xe
- BPF_PROG_TYPE_CGROUP_DEVICE = 0xf
- BPF_PROG_TYPE_SK_MSG = 0x10
- BPF_PROG_TYPE_RAW_TRACEPOINT = 0x11
- BPF_PROG_TYPE_CGROUP_SOCK_ADDR = 0x12
- BPF_PROG_TYPE_LWT_SEG6LOCAL = 0x13
- BPF_PROG_TYPE_LIRC_MODE2 = 0x14
- BPF_PROG_TYPE_SK_REUSEPORT = 0x15
- BPF_PROG_TYPE_FLOW_DISSECTOR = 0x16
- BPF_PROG_TYPE_CGROUP_SYSCTL = 0x17
- BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE = 0x18
- BPF_PROG_TYPE_CGROUP_SOCKOPT = 0x19
- BPF_PROG_TYPE_TRACING = 0x1a
- BPF_CGROUP_INET_INGRESS = 0x0
- BPF_CGROUP_INET_EGRESS = 0x1
- BPF_CGROUP_INET_SOCK_CREATE = 0x2
- BPF_CGROUP_SOCK_OPS = 0x3
- BPF_SK_SKB_STREAM_PARSER = 0x4
- BPF_SK_SKB_STREAM_VERDICT = 0x5
- BPF_CGROUP_DEVICE = 0x6
- BPF_SK_MSG_VERDICT = 0x7
- BPF_CGROUP_INET4_BIND = 0x8
- BPF_CGROUP_INET6_BIND = 0x9
- BPF_CGROUP_INET4_CONNECT = 0xa
- BPF_CGROUP_INET6_CONNECT = 0xb
- BPF_CGROUP_INET4_POST_BIND = 0xc
- BPF_CGROUP_INET6_POST_BIND = 0xd
- BPF_CGROUP_UDP4_SENDMSG = 0xe
- BPF_CGROUP_UDP6_SENDMSG = 0xf
- BPF_LIRC_MODE2 = 0x10
- BPF_FLOW_DISSECTOR = 0x11
- BPF_CGROUP_SYSCTL = 0x12
- BPF_CGROUP_UDP4_RECVMSG = 0x13
- BPF_CGROUP_UDP6_RECVMSG = 0x14
- BPF_CGROUP_GETSOCKOPT = 0x15
- BPF_CGROUP_SETSOCKOPT = 0x16
- BPF_TRACE_RAW_TP = 0x17
- BPF_TRACE_FENTRY = 0x18
- BPF_TRACE_FEXIT = 0x19
- BPF_STACK_BUILD_ID_EMPTY = 0x0
- BPF_STACK_BUILD_ID_VALID = 0x1
- BPF_STACK_BUILD_ID_IP = 0x2
- BPF_ADJ_ROOM_NET = 0x0
- BPF_ADJ_ROOM_MAC = 0x1
- BPF_HDR_START_MAC = 0x0
- BPF_HDR_START_NET = 0x1
- BPF_LWT_ENCAP_SEG6 = 0x0
- BPF_LWT_ENCAP_SEG6_INLINE = 0x1
- BPF_LWT_ENCAP_IP = 0x2
- BPF_OK = 0x0
- BPF_DROP = 0x2
- BPF_REDIRECT = 0x7
- BPF_LWT_REROUTE = 0x80
- BPF_SOCK_OPS_VOID = 0x0
- BPF_SOCK_OPS_TIMEOUT_INIT = 0x1
- BPF_SOCK_OPS_RWND_INIT = 0x2
- BPF_SOCK_OPS_TCP_CONNECT_CB = 0x3
- BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 0x4
- BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 0x5
- BPF_SOCK_OPS_NEEDS_ECN = 0x6
- BPF_SOCK_OPS_BASE_RTT = 0x7
- BPF_SOCK_OPS_RTO_CB = 0x8
- BPF_SOCK_OPS_RETRANS_CB = 0x9
- BPF_SOCK_OPS_STATE_CB = 0xa
- BPF_SOCK_OPS_TCP_LISTEN_CB = 0xb
- BPF_SOCK_OPS_RTT_CB = 0xc
- BPF_TCP_ESTABLISHED = 0x1
- BPF_TCP_SYN_SENT = 0x2
- BPF_TCP_SYN_RECV = 0x3
- BPF_TCP_FIN_WAIT1 = 0x4
- BPF_TCP_FIN_WAIT2 = 0x5
- BPF_TCP_TIME_WAIT = 0x6
- BPF_TCP_CLOSE = 0x7
- BPF_TCP_CLOSE_WAIT = 0x8
- BPF_TCP_LAST_ACK = 0x9
- BPF_TCP_LISTEN = 0xa
- BPF_TCP_CLOSING = 0xb
- BPF_TCP_NEW_SYN_RECV = 0xc
- BPF_TCP_MAX_STATES = 0xd
- BPF_FIB_LKUP_RET_SUCCESS = 0x0
- BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
- BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
- BPF_FIB_LKUP_RET_PROHIBIT = 0x3
- BPF_FIB_LKUP_RET_NOT_FWDED = 0x4
- BPF_FIB_LKUP_RET_FWD_DISABLED = 0x5
- BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6
- BPF_FIB_LKUP_RET_NO_NEIGH = 0x7
- BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8
- BPF_FD_TYPE_RAW_TRACEPOINT = 0x0
- BPF_FD_TYPE_TRACEPOINT = 0x1
- BPF_FD_TYPE_KPROBE = 0x2
- BPF_FD_TYPE_KRETPROBE = 0x3
- BPF_FD_TYPE_UPROBE = 0x4
- BPF_FD_TYPE_URETPROBE = 0x5
+ BPF_REG_0 = 0x0
+ BPF_REG_1 = 0x1
+ BPF_REG_2 = 0x2
+ BPF_REG_3 = 0x3
+ BPF_REG_4 = 0x4
+ BPF_REG_5 = 0x5
+ BPF_REG_6 = 0x6
+ BPF_REG_7 = 0x7
+ BPF_REG_8 = 0x8
+ BPF_REG_9 = 0x9
+ BPF_REG_10 = 0xa
+ BPF_MAP_CREATE = 0x0
+ BPF_MAP_LOOKUP_ELEM = 0x1
+ BPF_MAP_UPDATE_ELEM = 0x2
+ BPF_MAP_DELETE_ELEM = 0x3
+ BPF_MAP_GET_NEXT_KEY = 0x4
+ BPF_PROG_LOAD = 0x5
+ BPF_OBJ_PIN = 0x6
+ BPF_OBJ_GET = 0x7
+ BPF_PROG_ATTACH = 0x8
+ BPF_PROG_DETACH = 0x9
+ BPF_PROG_TEST_RUN = 0xa
+ BPF_PROG_GET_NEXT_ID = 0xb
+ BPF_MAP_GET_NEXT_ID = 0xc
+ BPF_PROG_GET_FD_BY_ID = 0xd
+ BPF_MAP_GET_FD_BY_ID = 0xe
+ BPF_OBJ_GET_INFO_BY_FD = 0xf
+ BPF_PROG_QUERY = 0x10
+ BPF_RAW_TRACEPOINT_OPEN = 0x11
+ BPF_BTF_LOAD = 0x12
+ BPF_BTF_GET_FD_BY_ID = 0x13
+ BPF_TASK_FD_QUERY = 0x14
+ BPF_MAP_LOOKUP_AND_DELETE_ELEM = 0x15
+ BPF_MAP_FREEZE = 0x16
+ BPF_BTF_GET_NEXT_ID = 0x17
+ BPF_MAP_LOOKUP_BATCH = 0x18
+ BPF_MAP_LOOKUP_AND_DELETE_BATCH = 0x19
+ BPF_MAP_UPDATE_BATCH = 0x1a
+ BPF_MAP_DELETE_BATCH = 0x1b
+ BPF_LINK_CREATE = 0x1c
+ BPF_LINK_UPDATE = 0x1d
+ BPF_MAP_TYPE_UNSPEC = 0x0
+ BPF_MAP_TYPE_HASH = 0x1
+ BPF_MAP_TYPE_ARRAY = 0x2
+ BPF_MAP_TYPE_PROG_ARRAY = 0x3
+ BPF_MAP_TYPE_PERF_EVENT_ARRAY = 0x4
+ BPF_MAP_TYPE_PERCPU_HASH = 0x5
+ BPF_MAP_TYPE_PERCPU_ARRAY = 0x6
+ BPF_MAP_TYPE_STACK_TRACE = 0x7
+ BPF_MAP_TYPE_CGROUP_ARRAY = 0x8
+ BPF_MAP_TYPE_LRU_HASH = 0x9
+ BPF_MAP_TYPE_LRU_PERCPU_HASH = 0xa
+ BPF_MAP_TYPE_LPM_TRIE = 0xb
+ BPF_MAP_TYPE_ARRAY_OF_MAPS = 0xc
+ BPF_MAP_TYPE_HASH_OF_MAPS = 0xd
+ BPF_MAP_TYPE_DEVMAP = 0xe
+ BPF_MAP_TYPE_SOCKMAP = 0xf
+ BPF_MAP_TYPE_CPUMAP = 0x10
+ BPF_MAP_TYPE_XSKMAP = 0x11
+ BPF_MAP_TYPE_SOCKHASH = 0x12
+ BPF_MAP_TYPE_CGROUP_STORAGE = 0x13
+ BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14
+ BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15
+ BPF_MAP_TYPE_QUEUE = 0x16
+ BPF_MAP_TYPE_STACK = 0x17
+ BPF_MAP_TYPE_SK_STORAGE = 0x18
+ BPF_MAP_TYPE_DEVMAP_HASH = 0x19
+ BPF_MAP_TYPE_STRUCT_OPS = 0x1a
+ BPF_PROG_TYPE_UNSPEC = 0x0
+ BPF_PROG_TYPE_SOCKET_FILTER = 0x1
+ BPF_PROG_TYPE_KPROBE = 0x2
+ BPF_PROG_TYPE_SCHED_CLS = 0x3
+ BPF_PROG_TYPE_SCHED_ACT = 0x4
+ BPF_PROG_TYPE_TRACEPOINT = 0x5
+ BPF_PROG_TYPE_XDP = 0x6
+ BPF_PROG_TYPE_PERF_EVENT = 0x7
+ BPF_PROG_TYPE_CGROUP_SKB = 0x8
+ BPF_PROG_TYPE_CGROUP_SOCK = 0x9
+ BPF_PROG_TYPE_LWT_IN = 0xa
+ BPF_PROG_TYPE_LWT_OUT = 0xb
+ BPF_PROG_TYPE_LWT_XMIT = 0xc
+ BPF_PROG_TYPE_SOCK_OPS = 0xd
+ BPF_PROG_TYPE_SK_SKB = 0xe
+ BPF_PROG_TYPE_CGROUP_DEVICE = 0xf
+ BPF_PROG_TYPE_SK_MSG = 0x10
+ BPF_PROG_TYPE_RAW_TRACEPOINT = 0x11
+ BPF_PROG_TYPE_CGROUP_SOCK_ADDR = 0x12
+ BPF_PROG_TYPE_LWT_SEG6LOCAL = 0x13
+ BPF_PROG_TYPE_LIRC_MODE2 = 0x14
+ BPF_PROG_TYPE_SK_REUSEPORT = 0x15
+ BPF_PROG_TYPE_FLOW_DISSECTOR = 0x16
+ BPF_PROG_TYPE_CGROUP_SYSCTL = 0x17
+ BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE = 0x18
+ BPF_PROG_TYPE_CGROUP_SOCKOPT = 0x19
+ BPF_PROG_TYPE_TRACING = 0x1a
+ BPF_PROG_TYPE_STRUCT_OPS = 0x1b
+ BPF_PROG_TYPE_EXT = 0x1c
+ BPF_PROG_TYPE_LSM = 0x1d
+ BPF_CGROUP_INET_INGRESS = 0x0
+ BPF_CGROUP_INET_EGRESS = 0x1
+ BPF_CGROUP_INET_SOCK_CREATE = 0x2
+ BPF_CGROUP_SOCK_OPS = 0x3
+ BPF_SK_SKB_STREAM_PARSER = 0x4
+ BPF_SK_SKB_STREAM_VERDICT = 0x5
+ BPF_CGROUP_DEVICE = 0x6
+ BPF_SK_MSG_VERDICT = 0x7
+ BPF_CGROUP_INET4_BIND = 0x8
+ BPF_CGROUP_INET6_BIND = 0x9
+ BPF_CGROUP_INET4_CONNECT = 0xa
+ BPF_CGROUP_INET6_CONNECT = 0xb
+ BPF_CGROUP_INET4_POST_BIND = 0xc
+ BPF_CGROUP_INET6_POST_BIND = 0xd
+ BPF_CGROUP_UDP4_SENDMSG = 0xe
+ BPF_CGROUP_UDP6_SENDMSG = 0xf
+ BPF_LIRC_MODE2 = 0x10
+ BPF_FLOW_DISSECTOR = 0x11
+ BPF_CGROUP_SYSCTL = 0x12
+ BPF_CGROUP_UDP4_RECVMSG = 0x13
+ BPF_CGROUP_UDP6_RECVMSG = 0x14
+ BPF_CGROUP_GETSOCKOPT = 0x15
+ BPF_CGROUP_SETSOCKOPT = 0x16
+ BPF_TRACE_RAW_TP = 0x17
+ BPF_TRACE_FENTRY = 0x18
+ BPF_TRACE_FEXIT = 0x19
+ BPF_MODIFY_RETURN = 0x1a
+ BPF_LSM_MAC = 0x1b
+ BPF_ANY = 0x0
+ BPF_NOEXIST = 0x1
+ BPF_EXIST = 0x2
+ BPF_F_LOCK = 0x4
+ BPF_F_NO_PREALLOC = 0x1
+ BPF_F_NO_COMMON_LRU = 0x2
+ BPF_F_NUMA_NODE = 0x4
+ BPF_F_RDONLY = 0x8
+ BPF_F_WRONLY = 0x10
+ BPF_F_STACK_BUILD_ID = 0x20
+ BPF_F_ZERO_SEED = 0x40
+ BPF_F_RDONLY_PROG = 0x80
+ BPF_F_WRONLY_PROG = 0x100
+ BPF_F_CLONE = 0x200
+ BPF_F_MMAPABLE = 0x400
+ BPF_STACK_BUILD_ID_EMPTY = 0x0
+ BPF_STACK_BUILD_ID_VALID = 0x1
+ BPF_STACK_BUILD_ID_IP = 0x2
+ BPF_F_RECOMPUTE_CSUM = 0x1
+ BPF_F_INVALIDATE_HASH = 0x2
+ BPF_F_HDR_FIELD_MASK = 0xf
+ BPF_F_PSEUDO_HDR = 0x10
+ BPF_F_MARK_MANGLED_0 = 0x20
+ BPF_F_MARK_ENFORCE = 0x40
+ BPF_F_INGRESS = 0x1
+ BPF_F_TUNINFO_IPV6 = 0x1
+ BPF_F_SKIP_FIELD_MASK = 0xff
+ BPF_F_USER_STACK = 0x100
+ BPF_F_FAST_STACK_CMP = 0x200
+ BPF_F_REUSE_STACKID = 0x400
+ BPF_F_USER_BUILD_ID = 0x800
+ BPF_F_ZERO_CSUM_TX = 0x2
+ BPF_F_DONT_FRAGMENT = 0x4
+ BPF_F_SEQ_NUMBER = 0x8
+ BPF_F_INDEX_MASK = 0xffffffff
+ BPF_F_CURRENT_CPU = 0xffffffff
+ BPF_F_CTXLEN_MASK = 0xfffff00000000
+ BPF_F_CURRENT_NETNS = -0x1
+ BPF_F_ADJ_ROOM_FIXED_GSO = 0x1
+ BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 0x2
+ BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 0x4
+ BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8
+ BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
+ BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
+ BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
+ BPF_F_SYSCTL_BASE_NAME = 0x1
+ BPF_SK_STORAGE_GET_F_CREATE = 0x1
+ BPF_F_GET_BRANCH_RECORDS_SIZE = 0x1
+ BPF_ADJ_ROOM_NET = 0x0
+ BPF_ADJ_ROOM_MAC = 0x1
+ BPF_HDR_START_MAC = 0x0
+ BPF_HDR_START_NET = 0x1
+ BPF_LWT_ENCAP_SEG6 = 0x0
+ BPF_LWT_ENCAP_SEG6_INLINE = 0x1
+ BPF_LWT_ENCAP_IP = 0x2
+ BPF_OK = 0x0
+ BPF_DROP = 0x2
+ BPF_REDIRECT = 0x7
+ BPF_LWT_REROUTE = 0x80
+ BPF_SOCK_OPS_RTO_CB_FLAG = 0x1
+ BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2
+ BPF_SOCK_OPS_STATE_CB_FLAG = 0x4
+ BPF_SOCK_OPS_RTT_CB_FLAG = 0x8
+ BPF_SOCK_OPS_ALL_CB_FLAGS = 0xf
+ BPF_SOCK_OPS_VOID = 0x0
+ BPF_SOCK_OPS_TIMEOUT_INIT = 0x1
+ BPF_SOCK_OPS_RWND_INIT = 0x2
+ BPF_SOCK_OPS_TCP_CONNECT_CB = 0x3
+ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 0x4
+ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 0x5
+ BPF_SOCK_OPS_NEEDS_ECN = 0x6
+ BPF_SOCK_OPS_BASE_RTT = 0x7
+ BPF_SOCK_OPS_RTO_CB = 0x8
+ BPF_SOCK_OPS_RETRANS_CB = 0x9
+ BPF_SOCK_OPS_STATE_CB = 0xa
+ BPF_SOCK_OPS_TCP_LISTEN_CB = 0xb
+ BPF_SOCK_OPS_RTT_CB = 0xc
+ BPF_TCP_ESTABLISHED = 0x1
+ BPF_TCP_SYN_SENT = 0x2
+ BPF_TCP_SYN_RECV = 0x3
+ BPF_TCP_FIN_WAIT1 = 0x4
+ BPF_TCP_FIN_WAIT2 = 0x5
+ BPF_TCP_TIME_WAIT = 0x6
+ BPF_TCP_CLOSE = 0x7
+ BPF_TCP_CLOSE_WAIT = 0x8
+ BPF_TCP_LAST_ACK = 0x9
+ BPF_TCP_LISTEN = 0xa
+ BPF_TCP_CLOSING = 0xb
+ BPF_TCP_NEW_SYN_RECV = 0xc
+ BPF_TCP_MAX_STATES = 0xd
+ TCP_BPF_IW = 0x3e9
+ TCP_BPF_SNDCWND_CLAMP = 0x3ea
+ BPF_DEVCG_ACC_MKNOD = 0x1
+ BPF_DEVCG_ACC_READ = 0x2
+ BPF_DEVCG_ACC_WRITE = 0x4
+ BPF_DEVCG_DEV_BLOCK = 0x1
+ BPF_DEVCG_DEV_CHAR = 0x2
+ BPF_FIB_LOOKUP_DIRECT = 0x1
+ BPF_FIB_LOOKUP_OUTPUT = 0x2
+ BPF_FIB_LKUP_RET_SUCCESS = 0x0
+ BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
+ BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
+ BPF_FIB_LKUP_RET_PROHIBIT = 0x3
+ BPF_FIB_LKUP_RET_NOT_FWDED = 0x4
+ BPF_FIB_LKUP_RET_FWD_DISABLED = 0x5
+ BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6
+ BPF_FIB_LKUP_RET_NO_NEIGH = 0x7
+ BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8
+ BPF_FD_TYPE_RAW_TRACEPOINT = 0x0
+ BPF_FD_TYPE_TRACEPOINT = 0x1
+ BPF_FD_TYPE_KPROBE = 0x2
+ BPF_FD_TYPE_KRETPROBE = 0x3
+ BPF_FD_TYPE_UPROBE = 0x4
+ BPF_FD_TYPE_URETPROBE = 0x5
+ BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1
+ BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2
+ BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4
)
const (
@@ -2205,7 +2279,7 @@ const (
DEVLINK_CMD_DPIPE_ENTRIES_GET = 0x20
DEVLINK_CMD_DPIPE_HEADERS_GET = 0x21
DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET = 0x22
- DEVLINK_CMD_MAX = 0x44
+ DEVLINK_CMD_MAX = 0x48
DEVLINK_PORT_TYPE_NOTSET = 0x0
DEVLINK_PORT_TYPE_AUTO = 0x1
DEVLINK_PORT_TYPE_ETH = 0x2
@@ -2285,7 +2359,7 @@ const (
DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE = 0x3c
DEVLINK_ATTR_PAD = 0x3d
DEVLINK_ATTR_ESWITCH_ENCAP_MODE = 0x3e
- DEVLINK_ATTR_MAX = 0x8c
+ DEVLINK_ATTR_MAX = 0x90
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0
DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1
DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0
diff --git a/vendor/golang.org/x/sys/windows/memory_windows.go b/vendor/golang.org/x/sys/windows/memory_windows.go
index f80a4204f..e409d76f0 100644
--- a/vendor/golang.org/x/sys/windows/memory_windows.go
+++ b/vendor/golang.org/x/sys/windows/memory_windows.go
@@ -23,4 +23,9 @@ const (
PAGE_EXECUTE_READ = 0x20
PAGE_EXECUTE_READWRITE = 0x40
PAGE_EXECUTE_WRITECOPY = 0x80
+
+ QUOTA_LIMITS_HARDWS_MIN_DISABLE = 0x00000002
+ QUOTA_LIMITS_HARDWS_MIN_ENABLE = 0x00000001
+ QUOTA_LIMITS_HARDWS_MAX_DISABLE = 0x00000008
+ QUOTA_LIMITS_HARDWS_MAX_ENABLE = 0x00000004
)
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 12c0544cb..62cf70e9f 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -308,6 +308,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys GetProcessId(process Handle) (id uint32, err error)
//sys OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (handle Handle, err error)
//sys SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
+//sys GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
+//sys SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
// Volume Management Functions
//sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 2aa4fa642..8a562feed 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -217,6 +217,8 @@ var (
procGetProcessId = modkernel32.NewProc("GetProcessId")
procOpenThread = modkernel32.NewProc("OpenThread")
procSetProcessPriorityBoost = modkernel32.NewProc("SetProcessPriorityBoost")
+ procGetProcessWorkingSetSizeEx = modkernel32.NewProc("GetProcessWorkingSetSizeEx")
+ procSetProcessWorkingSetSizeEx = modkernel32.NewProc("SetProcessWorkingSetSizeEx")
procDefineDosDeviceW = modkernel32.NewProc("DefineDosDeviceW")
procDeleteVolumeMountPointW = modkernel32.NewProc("DeleteVolumeMountPointW")
procFindFirstVolumeW = modkernel32.NewProc("FindFirstVolumeW")
@@ -2414,6 +2416,23 @@ func SetProcessPriorityBoost(process Handle, disable bool) (err error) {
return
}
+func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) {
+ syscall.Syscall6(procGetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags)), 0, 0)
+ return
+}
+
+func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procSetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags), 0, 0)
+ if r1 == 0 {
+ if e1 != 0 {
+ err = errnoErr(e1)
+ } else {
+ err = syscall.EINVAL
+ }
+ }
+ return
+}
+
func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) {
r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)))
if r1 == 0 {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 540c6bb45..7dce0e5af 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.18.0
+# github.com/containers/common v0.20.3
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities
@@ -601,7 +601,7 @@ golang.org/x/oauth2/internal
# golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
+# golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix