diff options
27 files changed, 694 insertions, 461 deletions
diff --git a/libpod/container.go b/libpod/container.go index 62db87fa0..7bb5b2687 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -243,6 +243,8 @@ type ContainerConfig struct { ProcessLabel string `json:"ProcessLabel,omitempty"` // SELinux mount label for root filesystem MountLabel string `json:"MountLabel,omitempty"` + // LabelOpts are options passed in by the user to setup SELinux labels + LabelOpts []string `json:"labelopts,omitempty"` // User and group to use in the container // Can be specified by name or UID/GID User string `json:"user,omitempty"` diff --git a/libpod/container_easyjson.go b/libpod/container_easyjson.go index 53ad5b7ee..041cc08ac 100644 --- a/libpod/container_easyjson.go +++ b/libpod/container_easyjson.go @@ -1319,6 +1319,29 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.ProcessLabel = string(in.String()) case "MountLabel": out.MountLabel = string(in.String()) + case "labelopts": + if in.IsNull() { + in.Skip() + out.LabelOpts = nil + } else { + in.Delim('[') + if out.LabelOpts == nil { + if !in.IsDelim(']') { + out.LabelOpts = make([]string, 0, 4) + } else { + out.LabelOpts = []string{} + } + } else { + out.LabelOpts = (out.LabelOpts)[:0] + } + for !in.IsDelim(']') { + var v41 string + v41 = string(in.String()) + out.LabelOpts = append(out.LabelOpts, v41) + in.WantComma() + } + in.Delim(']') + } case "user": out.User = string(in.String()) case "groups": @@ -1337,9 +1360,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.Groups = (out.Groups)[:0] } for !in.IsDelim(']') { - var v41 string - v41 = string(in.String()) - out.Groups = append(out.Groups, v41) + var v42 string + v42 = string(in.String()) + out.Groups = append(out.Groups, v42) in.WantComma() } in.Delim(']') @@ -1374,9 +1397,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.Dependencies = (out.Dependencies)[:0] } for !in.IsDelim(']') { - var v42 string - v42 = string(in.String()) - out.Dependencies = append(out.Dependencies, v42) + var v43 string + v43 = string(in.String()) + out.Dependencies = append(out.Dependencies, v43) in.WantComma() } in.Delim(']') @@ -1403,9 +1426,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.PortMappings = (out.PortMappings)[:0] } for !in.IsDelim(']') { - var v43 ocicni.PortMapping - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComCriOOcicniPkgOcicni(in, &v43) - out.PortMappings = append(out.PortMappings, v43) + var v44 ocicni.PortMapping + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComCriOOcicniPkgOcicni(in, &v44) + out.PortMappings = append(out.PortMappings, v44) in.WantComma() } in.Delim(']') @@ -1426,11 +1449,11 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.DNSServer = (out.DNSServer)[:0] } for !in.IsDelim(']') { - var v44 net.IP + var v45 net.IP if data := in.UnsafeBytes(); in.Ok() { - in.AddError((v44).UnmarshalText(data)) + in.AddError((v45).UnmarshalText(data)) } - out.DNSServer = append(out.DNSServer, v44) + out.DNSServer = append(out.DNSServer, v45) in.WantComma() } in.Delim(']') @@ -1451,9 +1474,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.DNSSearch = (out.DNSSearch)[:0] } for !in.IsDelim(']') { - var v45 string - v45 = string(in.String()) - out.DNSSearch = append(out.DNSSearch, v45) + var v46 string + v46 = string(in.String()) + out.DNSSearch = append(out.DNSSearch, v46) in.WantComma() } in.Delim(']') @@ -1474,9 +1497,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.DNSOption = (out.DNSOption)[:0] } for !in.IsDelim(']') { - var v46 string - v46 = string(in.String()) - out.DNSOption = append(out.DNSOption, v46) + var v47 string + v47 = string(in.String()) + out.DNSOption = append(out.DNSOption, v47) in.WantComma() } in.Delim(']') @@ -1497,9 +1520,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.HostAdd = (out.HostAdd)[:0] } for !in.IsDelim(']') { - var v47 string - v47 = string(in.String()) - out.HostAdd = append(out.HostAdd, v47) + var v48 string + v48 = string(in.String()) + out.HostAdd = append(out.HostAdd, v48) in.WantComma() } in.Delim(']') @@ -1520,9 +1543,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.Networks = (out.Networks)[:0] } for !in.IsDelim(']') { - var v48 string - v48 = string(in.String()) - out.Networks = append(out.Networks, v48) + var v49 string + v49 = string(in.String()) + out.Networks = append(out.Networks, v49) in.WantComma() } in.Delim(']') @@ -1543,9 +1566,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.UserVolumes = (out.UserVolumes)[:0] } for !in.IsDelim(']') { - var v49 string - v49 = string(in.String()) - out.UserVolumes = append(out.UserVolumes, v49) + var v50 string + v50 = string(in.String()) + out.UserVolumes = append(out.UserVolumes, v50) in.WantComma() } in.Delim(']') @@ -1566,9 +1589,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.Entrypoint = (out.Entrypoint)[:0] } for !in.IsDelim(']') { - var v50 string - v50 = string(in.String()) - out.Entrypoint = append(out.Entrypoint, v50) + var v51 string + v51 = string(in.String()) + out.Entrypoint = append(out.Entrypoint, v51) in.WantComma() } in.Delim(']') @@ -1589,9 +1612,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.Command = (out.Command)[:0] } for !in.IsDelim(']') { - var v51 string - v51 = string(in.String()) - out.Command = append(out.Command, v51) + var v52 string + v52 = string(in.String()) + out.Command = append(out.Command, v52) in.WantComma() } in.Delim(']') @@ -1611,9 +1634,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou for !in.IsDelim('}') { key := string(in.String()) in.WantColon() - var v52 string - v52 = string(in.String()) - (out.Labels)[key] = v52 + var v53 string + v53 = string(in.String()) + (out.Labels)[key] = v53 in.WantComma() } in.Delim('}') @@ -1650,9 +1673,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.ExitCommand = (out.ExitCommand)[:0] } for !in.IsDelim(']') { - var v53 string - v53 = string(in.String()) - out.ExitCommand = append(out.ExitCommand, v53) + var v54 string + v54 = string(in.String()) + out.ExitCommand = append(out.ExitCommand, v54) in.WantComma() } in.Delim(']') @@ -1673,9 +1696,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodLibpod2(in *jlexer.Lexer, ou out.LocalVolumes = (out.LocalVolumes)[:0] } for !in.IsDelim(']') { - var v54 string - v54 = string(in.String()) - out.LocalVolumes = append(out.LocalVolumes, v54) + var v55 string + v55 = string(in.String()) + out.LocalVolumes = append(out.LocalVolumes, v55) in.WantComma() } in.Delim(']') @@ -1842,11 +1865,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v55, v56 := range in.Mounts { - if v55 > 0 { + for v56, v57 := range in.Mounts { + if v56 > 0 { out.RawByte(',') } - out.String(string(v56)) + out.String(string(v57)) } out.RawByte(']') } @@ -1881,6 +1904,25 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } out.String(string(in.MountLabel)) } + if len(in.LabelOpts) != 0 { + const prefix string = ",\"labelopts\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + { + out.RawByte('[') + for v58, v59 := range in.LabelOpts { + if v58 > 0 { + out.RawByte(',') + } + out.String(string(v59)) + } + out.RawByte(']') + } + } if in.User != "" { const prefix string = ",\"user\":" if first { @@ -1901,11 +1943,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v57, v58 := range in.Groups { - if v57 > 0 { + for v60, v61 := range in.Groups { + if v60 > 0 { out.RawByte(',') } - out.String(string(v58)) + out.String(string(v61)) } out.RawByte(']') } @@ -1992,11 +2034,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, out.RawString("null") } else { out.RawByte('[') - for v59, v60 := range in.Dependencies { - if v59 > 0 { + for v62, v63 := range in.Dependencies { + if v62 > 0 { out.RawByte(',') } - out.String(string(v60)) + out.String(string(v63)) } out.RawByte(']') } @@ -2031,11 +2073,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v61, v62 := range in.PortMappings { - if v61 > 0 { + for v64, v65 := range in.PortMappings { + if v64 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComCriOOcicniPkgOcicni(out, v62) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComCriOOcicniPkgOcicni(out, v65) } out.RawByte(']') } @@ -2050,11 +2092,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v63, v64 := range in.DNSServer { - if v63 > 0 { + for v66, v67 := range in.DNSServer { + if v66 > 0 { out.RawByte(',') } - out.RawText((v64).MarshalText()) + out.RawText((v67).MarshalText()) } out.RawByte(']') } @@ -2069,11 +2111,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v65, v66 := range in.DNSSearch { - if v65 > 0 { + for v68, v69 := range in.DNSSearch { + if v68 > 0 { out.RawByte(',') } - out.String(string(v66)) + out.String(string(v69)) } out.RawByte(']') } @@ -2088,11 +2130,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v67, v68 := range in.DNSOption { - if v67 > 0 { + for v70, v71 := range in.DNSOption { + if v70 > 0 { out.RawByte(',') } - out.String(string(v68)) + out.String(string(v71)) } out.RawByte(']') } @@ -2107,11 +2149,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v69, v70 := range in.HostAdd { - if v69 > 0 { + for v72, v73 := range in.HostAdd { + if v72 > 0 { out.RawByte(',') } - out.String(string(v70)) + out.String(string(v73)) } out.RawByte(']') } @@ -2126,11 +2168,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v71, v72 := range in.Networks { - if v71 > 0 { + for v74, v75 := range in.Networks { + if v74 > 0 { out.RawByte(',') } - out.String(string(v72)) + out.String(string(v75)) } out.RawByte(']') } @@ -2145,11 +2187,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v73, v74 := range in.UserVolumes { - if v73 > 0 { + for v76, v77 := range in.UserVolumes { + if v76 > 0 { out.RawByte(',') } - out.String(string(v74)) + out.String(string(v77)) } out.RawByte(']') } @@ -2164,11 +2206,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v75, v76 := range in.Entrypoint { - if v75 > 0 { + for v78, v79 := range in.Entrypoint { + if v78 > 0 { out.RawByte(',') } - out.String(string(v76)) + out.String(string(v79)) } out.RawByte(']') } @@ -2183,11 +2225,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v77, v78 := range in.Command { - if v77 > 0 { + for v80, v81 := range in.Command { + if v80 > 0 { out.RawByte(',') } - out.String(string(v78)) + out.String(string(v81)) } out.RawByte(']') } @@ -2212,16 +2254,16 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('{') - v79First := true - for v79Name, v79Value := range in.Labels { - if v79First { - v79First = false + v82First := true + for v82Name, v82Value := range in.Labels { + if v82First { + v82First = false } else { out.RawByte(',') } - out.String(string(v79Name)) + out.String(string(v82Name)) out.RawByte(':') - out.String(string(v79Value)) + out.String(string(v82Value)) } out.RawByte('}') } @@ -2306,11 +2348,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, } { out.RawByte('[') - for v80, v81 := range in.ExitCommand { - if v80 > 0 { + for v83, v84 := range in.ExitCommand { + if v83 > 0 { out.RawByte(',') } - out.String(string(v81)) + out.String(string(v84)) } out.RawByte(']') } @@ -2327,11 +2369,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodLibpod2(out *jwriter.Writer, out.RawString("null") } else { out.RawByte('[') - for v82, v83 := range in.LocalVolumes { - if v82 > 0 { + for v85, v86 := range in.LocalVolumes { + if v85 > 0 { out.RawByte(',') } - out.String(string(v83)) + out.String(string(v86)) } out.RawByte(']') } @@ -2504,9 +2546,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersSto out.UIDMap = (out.UIDMap)[:0] } for !in.IsDelim(']') { - var v84 idtools.IDMap - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(in, &v84) - out.UIDMap = append(out.UIDMap, v84) + var v87 idtools.IDMap + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(in, &v87) + out.UIDMap = append(out.UIDMap, v87) in.WantComma() } in.Delim(']') @@ -2527,9 +2569,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersSto out.GIDMap = (out.GIDMap)[:0] } for !in.IsDelim(']') { - var v85 idtools.IDMap - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(in, &v85) - out.GIDMap = append(out.GIDMap, v85) + var v88 idtools.IDMap + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(in, &v88) + out.GIDMap = append(out.GIDMap, v88) in.WantComma() } in.Delim(']') @@ -2580,11 +2622,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersSto out.RawString("null") } else { out.RawByte('[') - for v86, v87 := range in.UIDMap { - if v86 > 0 { + for v89, v90 := range in.UIDMap { + if v89 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(out, v87) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(out, v90) } out.RawByte(']') } @@ -2601,11 +2643,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersSto out.RawString("null") } else { out.RawByte('[') - for v88, v89 := range in.GIDMap { - if v88 > 0 { + for v91, v92 := range in.GIDMap { + if v91 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(out, v89) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComContainersStoragePkgIdtools(out, v92) } out.RawByte(']') } @@ -2742,9 +2784,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Mounts = (out.Mounts)[:0] } for !in.IsDelim(']') { - var v90 specs_go.Mount - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo4(in, &v90) - out.Mounts = append(out.Mounts, v90) + var v93 specs_go.Mount + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo4(in, &v93) + out.Mounts = append(out.Mounts, v93) in.WantComma() } in.Delim(']') @@ -2772,9 +2814,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer for !in.IsDelim('}') { key := string(in.String()) in.WantColon() - var v91 string - v91 = string(in.String()) - (out.Annotations)[key] = v91 + var v94 string + v94 = string(in.String()) + (out.Annotations)[key] = v94 in.WantComma() } in.Delim('}') @@ -2883,11 +2925,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v92, v93 := range in.Mounts { - if v92 > 0 { + for v95, v96 := range in.Mounts { + if v95 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo4(out, v93) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo4(out, v96) } out.RawByte(']') } @@ -2912,16 +2954,16 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('{') - v94First := true - for v94Name, v94Value := range in.Annotations { - if v94First { - v94First = false + v97First := true + for v97Name, v97Value := range in.Annotations { + if v97First { + v97First = false } else { out.RawByte(',') } - out.String(string(v94Name)) + out.String(string(v97Name)) out.RawByte(':') - out.String(string(v94Value)) + out.String(string(v97Value)) } out.RawByte('}') } @@ -3263,9 +3305,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.LayerFolders = (out.LayerFolders)[:0] } for !in.IsDelim(']') { - var v95 string - v95 = string(in.String()) - out.LayerFolders = append(out.LayerFolders, v95) + var v98 string + v98 = string(in.String()) + out.LayerFolders = append(out.LayerFolders, v98) in.WantComma() } in.Delim(']') @@ -3286,9 +3328,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Devices = (out.Devices)[:0] } for !in.IsDelim(']') { - var v96 specs_go.WindowsDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo13(in, &v96) - out.Devices = append(out.Devices, v96) + var v99 specs_go.WindowsDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo13(in, &v99) + out.Devices = append(out.Devices, v99) in.WantComma() } in.Delim(']') @@ -3361,11 +3403,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer out.RawString("null") } else { out.RawByte('[') - for v97, v98 := range in.LayerFolders { - if v97 > 0 { + for v100, v101 := range in.LayerFolders { + if v100 > 0 { out.RawByte(',') } - out.String(string(v98)) + out.String(string(v101)) } out.RawByte(']') } @@ -3380,11 +3422,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v99, v100 := range in.Devices { - if v99 > 0 { + for v102, v103 := range in.Devices { + if v102 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo13(out, v100) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo13(out, v103) } out.RawByte(']') } @@ -3492,9 +3534,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.EndpointList = (out.EndpointList)[:0] } for !in.IsDelim(']') { - var v101 string - v101 = string(in.String()) - out.EndpointList = append(out.EndpointList, v101) + var v104 string + v104 = string(in.String()) + out.EndpointList = append(out.EndpointList, v104) in.WantComma() } in.Delim(']') @@ -3517,9 +3559,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.DNSSearchList = (out.DNSSearchList)[:0] } for !in.IsDelim(']') { - var v102 string - v102 = string(in.String()) - out.DNSSearchList = append(out.DNSSearchList, v102) + var v105 string + v105 = string(in.String()) + out.DNSSearchList = append(out.DNSSearchList, v105) in.WantComma() } in.Delim(']') @@ -3550,11 +3592,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v103, v104 := range in.EndpointList { - if v103 > 0 { + for v106, v107 := range in.EndpointList { + if v106 > 0 { out.RawByte(',') } - out.String(string(v104)) + out.String(string(v107)) } out.RawByte(']') } @@ -3579,11 +3621,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v105, v106 := range in.DNSSearchList { - if v105 > 0 { + for v108, v109 := range in.DNSSearchList { + if v108 > 0 { out.RawByte(',') } - out.String(string(v106)) + out.String(string(v109)) } out.RawByte(']') } @@ -4087,9 +4129,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Anet = (out.Anet)[:0] } for !in.IsDelim(']') { - var v107 specs_go.SolarisAnet - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo20(in, &v107) - out.Anet = append(out.Anet, v107) + var v110 specs_go.SolarisAnet + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo20(in, &v110) + out.Anet = append(out.Anet, v110) in.WantComma() } in.Delim(']') @@ -4168,11 +4210,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v108, v109 := range in.Anet { - if v108 > 0 { + for v111, v112 := range in.Anet { + if v111 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo20(out, v109) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo20(out, v112) } out.RawByte(']') } @@ -4459,9 +4501,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.UIDMappings = (out.UIDMappings)[:0] } for !in.IsDelim(']') { - var v110 specs_go.LinuxIDMapping - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(in, &v110) - out.UIDMappings = append(out.UIDMappings, v110) + var v113 specs_go.LinuxIDMapping + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(in, &v113) + out.UIDMappings = append(out.UIDMappings, v113) in.WantComma() } in.Delim(']') @@ -4482,9 +4524,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.GIDMappings = (out.GIDMappings)[:0] } for !in.IsDelim(']') { - var v111 specs_go.LinuxIDMapping - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(in, &v111) - out.GIDMappings = append(out.GIDMappings, v111) + var v114 specs_go.LinuxIDMapping + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(in, &v114) + out.GIDMappings = append(out.GIDMappings, v114) in.WantComma() } in.Delim(']') @@ -4502,9 +4544,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer for !in.IsDelim('}') { key := string(in.String()) in.WantColon() - var v112 string - v112 = string(in.String()) - (out.Sysctl)[key] = v112 + var v115 string + v115 = string(in.String()) + (out.Sysctl)[key] = v115 in.WantComma() } in.Delim('}') @@ -4537,9 +4579,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Namespaces = (out.Namespaces)[:0] } for !in.IsDelim(']') { - var v113 specs_go.LinuxNamespace - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo25(in, &v113) - out.Namespaces = append(out.Namespaces, v113) + var v116 specs_go.LinuxNamespace + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo25(in, &v116) + out.Namespaces = append(out.Namespaces, v116) in.WantComma() } in.Delim(']') @@ -4560,9 +4602,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Devices = (out.Devices)[:0] } for !in.IsDelim(']') { - var v114 specs_go.LinuxDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo26(in, &v114) - out.Devices = append(out.Devices, v114) + var v117 specs_go.LinuxDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo26(in, &v117) + out.Devices = append(out.Devices, v117) in.WantComma() } in.Delim(']') @@ -4595,9 +4637,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.MaskedPaths = (out.MaskedPaths)[:0] } for !in.IsDelim(']') { - var v115 string - v115 = string(in.String()) - out.MaskedPaths = append(out.MaskedPaths, v115) + var v118 string + v118 = string(in.String()) + out.MaskedPaths = append(out.MaskedPaths, v118) in.WantComma() } in.Delim(']') @@ -4618,9 +4660,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.ReadonlyPaths = (out.ReadonlyPaths)[:0] } for !in.IsDelim(']') { - var v116 string - v116 = string(in.String()) - out.ReadonlyPaths = append(out.ReadonlyPaths, v116) + var v119 string + v119 = string(in.String()) + out.ReadonlyPaths = append(out.ReadonlyPaths, v119) in.WantComma() } in.Delim(']') @@ -4661,11 +4703,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v117, v118 := range in.UIDMappings { - if v117 > 0 { + for v120, v121 := range in.UIDMappings { + if v120 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(out, v118) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(out, v121) } out.RawByte(']') } @@ -4680,11 +4722,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v119, v120 := range in.GIDMappings { - if v119 > 0 { + for v122, v123 := range in.GIDMappings { + if v122 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(out, v120) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo23(out, v123) } out.RawByte(']') } @@ -4699,16 +4741,16 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('{') - v121First := true - for v121Name, v121Value := range in.Sysctl { - if v121First { - v121First = false + v124First := true + for v124Name, v124Value := range in.Sysctl { + if v124First { + v124First = false } else { out.RawByte(',') } - out.String(string(v121Name)) + out.String(string(v124Name)) out.RawByte(':') - out.String(string(v121Value)) + out.String(string(v124Value)) } out.RawByte('}') } @@ -4743,11 +4785,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v122, v123 := range in.Namespaces { - if v122 > 0 { + for v125, v126 := range in.Namespaces { + if v125 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo25(out, v123) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo25(out, v126) } out.RawByte(']') } @@ -4762,11 +4804,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v124, v125 := range in.Devices { - if v124 > 0 { + for v127, v128 := range in.Devices { + if v127 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo26(out, v125) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo26(out, v128) } out.RawByte(']') } @@ -4801,11 +4843,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v126, v127 := range in.MaskedPaths { - if v126 > 0 { + for v129, v130 := range in.MaskedPaths { + if v129 > 0 { out.RawByte(',') } - out.String(string(v127)) + out.String(string(v130)) } out.RawByte(']') } @@ -4820,11 +4862,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v128, v129 := range in.ReadonlyPaths { - if v128 > 0 { + for v131, v132 := range in.ReadonlyPaths { + if v131 > 0 { out.RawByte(',') } - out.String(string(v129)) + out.String(string(v132)) } out.RawByte(']') } @@ -4935,9 +4977,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Architectures = (out.Architectures)[:0] } for !in.IsDelim(']') { - var v130 specs_go.Arch - v130 = specs_go.Arch(in.String()) - out.Architectures = append(out.Architectures, v130) + var v133 specs_go.Arch + v133 = specs_go.Arch(in.String()) + out.Architectures = append(out.Architectures, v133) in.WantComma() } in.Delim(']') @@ -4958,9 +5000,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Syscalls = (out.Syscalls)[:0] } for !in.IsDelim(']') { - var v131 specs_go.LinuxSyscall - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo29(in, &v131) - out.Syscalls = append(out.Syscalls, v131) + var v134 specs_go.LinuxSyscall + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo29(in, &v134) + out.Syscalls = append(out.Syscalls, v134) in.WantComma() } in.Delim(']') @@ -4999,11 +5041,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v132, v133 := range in.Architectures { - if v132 > 0 { + for v135, v136 := range in.Architectures { + if v135 > 0 { out.RawByte(',') } - out.String(string(v133)) + out.String(string(v136)) } out.RawByte(']') } @@ -5018,11 +5060,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v134, v135 := range in.Syscalls { - if v134 > 0 { + for v137, v138 := range in.Syscalls { + if v137 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo29(out, v135) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo29(out, v138) } out.RawByte(']') } @@ -5064,9 +5106,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Names = (out.Names)[:0] } for !in.IsDelim(']') { - var v136 string - v136 = string(in.String()) - out.Names = append(out.Names, v136) + var v139 string + v139 = string(in.String()) + out.Names = append(out.Names, v139) in.WantComma() } in.Delim(']') @@ -5089,9 +5131,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Args = (out.Args)[:0] } for !in.IsDelim(']') { - var v137 specs_go.LinuxSeccompArg - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo30(in, &v137) - out.Args = append(out.Args, v137) + var v140 specs_go.LinuxSeccompArg + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo30(in, &v140) + out.Args = append(out.Args, v140) in.WantComma() } in.Delim(']') @@ -5122,11 +5164,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer out.RawString("null") } else { out.RawByte('[') - for v138, v139 := range in.Names { - if v138 > 0 { + for v141, v142 := range in.Names { + if v141 > 0 { out.RawByte(',') } - out.String(string(v139)) + out.String(string(v142)) } out.RawByte(']') } @@ -5151,11 +5193,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v140, v141 := range in.Args { - if v140 > 0 { + for v143, v144 := range in.Args { + if v143 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo30(out, v141) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo30(out, v144) } out.RawByte(']') } @@ -5482,9 +5524,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Devices = (out.Devices)[:0] } for !in.IsDelim(']') { - var v142 specs_go.LinuxDeviceCgroup - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo31(in, &v142) - out.Devices = append(out.Devices, v142) + var v145 specs_go.LinuxDeviceCgroup + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo31(in, &v145) + out.Devices = append(out.Devices, v145) in.WantComma() } in.Delim(']') @@ -5545,9 +5587,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.HugepageLimits = (out.HugepageLimits)[:0] } for !in.IsDelim(']') { - var v143 specs_go.LinuxHugepageLimit - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo36(in, &v143) - out.HugepageLimits = append(out.HugepageLimits, v143) + var v146 specs_go.LinuxHugepageLimit + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo36(in, &v146) + out.HugepageLimits = append(out.HugepageLimits, v146) in.WantComma() } in.Delim(']') @@ -5575,9 +5617,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer for !in.IsDelim('}') { key := string(in.String()) in.WantColon() - var v144 specs_go.LinuxRdma - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo38(in, &v144) - (out.Rdma)[key] = v144 + var v147 specs_go.LinuxRdma + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo38(in, &v147) + (out.Rdma)[key] = v147 in.WantComma() } in.Delim('}') @@ -5606,11 +5648,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v145, v146 := range in.Devices { - if v145 > 0 { + for v148, v149 := range in.Devices { + if v148 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo31(out, v146) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo31(out, v149) } out.RawByte(']') } @@ -5665,11 +5707,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v147, v148 := range in.HugepageLimits { - if v147 > 0 { + for v150, v151 := range in.HugepageLimits { + if v150 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo36(out, v148) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo36(out, v151) } out.RawByte(']') } @@ -5694,16 +5736,16 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('{') - v149First := true - for v149Name, v149Value := range in.Rdma { - if v149First { - v149First = false + v152First := true + for v152Name, v152Value := range in.Rdma { + if v152First { + v152First = false } else { out.RawByte(',') } - out.String(string(v149Name)) + out.String(string(v152Name)) out.RawByte(':') - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo38(out, v149Value) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo38(out, v152Value) } out.RawByte('}') } @@ -5830,9 +5872,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Priorities = (out.Priorities)[:0] } for !in.IsDelim(']') { - var v150 specs_go.LinuxInterfacePriority - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo39(in, &v150) - out.Priorities = append(out.Priorities, v150) + var v153 specs_go.LinuxInterfacePriority + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo39(in, &v153) + out.Priorities = append(out.Priorities, v153) in.WantComma() } in.Delim(']') @@ -5871,11 +5913,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v151, v152 := range in.Priorities { - if v151 > 0 { + for v154, v155 := range in.Priorities { + if v154 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo39(out, v152) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo39(out, v155) } out.RawByte(']') } @@ -6055,9 +6097,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.WeightDevice = (out.WeightDevice)[:0] } for !in.IsDelim(']') { - var v153 specs_go.LinuxWeightDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo40(in, &v153) - out.WeightDevice = append(out.WeightDevice, v153) + var v156 specs_go.LinuxWeightDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo40(in, &v156) + out.WeightDevice = append(out.WeightDevice, v156) in.WantComma() } in.Delim(']') @@ -6078,9 +6120,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.ThrottleReadBpsDevice = (out.ThrottleReadBpsDevice)[:0] } for !in.IsDelim(']') { - var v154 specs_go.LinuxThrottleDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v154) - out.ThrottleReadBpsDevice = append(out.ThrottleReadBpsDevice, v154) + var v157 specs_go.LinuxThrottleDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v157) + out.ThrottleReadBpsDevice = append(out.ThrottleReadBpsDevice, v157) in.WantComma() } in.Delim(']') @@ -6101,9 +6143,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.ThrottleWriteBpsDevice = (out.ThrottleWriteBpsDevice)[:0] } for !in.IsDelim(']') { - var v155 specs_go.LinuxThrottleDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v155) - out.ThrottleWriteBpsDevice = append(out.ThrottleWriteBpsDevice, v155) + var v158 specs_go.LinuxThrottleDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v158) + out.ThrottleWriteBpsDevice = append(out.ThrottleWriteBpsDevice, v158) in.WantComma() } in.Delim(']') @@ -6124,9 +6166,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.ThrottleReadIOPSDevice = (out.ThrottleReadIOPSDevice)[:0] } for !in.IsDelim(']') { - var v156 specs_go.LinuxThrottleDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v156) - out.ThrottleReadIOPSDevice = append(out.ThrottleReadIOPSDevice, v156) + var v159 specs_go.LinuxThrottleDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v159) + out.ThrottleReadIOPSDevice = append(out.ThrottleReadIOPSDevice, v159) in.WantComma() } in.Delim(']') @@ -6147,9 +6189,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.ThrottleWriteIOPSDevice = (out.ThrottleWriteIOPSDevice)[:0] } for !in.IsDelim(']') { - var v157 specs_go.LinuxThrottleDevice - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v157) - out.ThrottleWriteIOPSDevice = append(out.ThrottleWriteIOPSDevice, v157) + var v160 specs_go.LinuxThrottleDevice + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(in, &v160) + out.ThrottleWriteIOPSDevice = append(out.ThrottleWriteIOPSDevice, v160) in.WantComma() } in.Delim(']') @@ -6198,11 +6240,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v158, v159 := range in.WeightDevice { - if v158 > 0 { + for v161, v162 := range in.WeightDevice { + if v161 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo40(out, v159) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo40(out, v162) } out.RawByte(']') } @@ -6217,11 +6259,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v160, v161 := range in.ThrottleReadBpsDevice { - if v160 > 0 { + for v163, v164 := range in.ThrottleReadBpsDevice { + if v163 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v161) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v164) } out.RawByte(']') } @@ -6236,11 +6278,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v162, v163 := range in.ThrottleWriteBpsDevice { - if v162 > 0 { + for v165, v166 := range in.ThrottleWriteBpsDevice { + if v165 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v163) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v166) } out.RawByte(']') } @@ -6255,11 +6297,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v164, v165 := range in.ThrottleReadIOPSDevice { - if v164 > 0 { + for v167, v168 := range in.ThrottleReadIOPSDevice { + if v167 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v165) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v168) } out.RawByte(']') } @@ -6274,11 +6316,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v166, v167 := range in.ThrottleWriteIOPSDevice { - if v166 > 0 { + for v169, v170 := range in.ThrottleWriteIOPSDevice { + if v169 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v167) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo41(out, v170) } out.RawByte(']') } @@ -7053,9 +7095,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Prestart = (out.Prestart)[:0] } for !in.IsDelim(']') { - var v168 specs_go.Hook - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v168) - out.Prestart = append(out.Prestart, v168) + var v171 specs_go.Hook + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v171) + out.Prestart = append(out.Prestart, v171) in.WantComma() } in.Delim(']') @@ -7076,9 +7118,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Poststart = (out.Poststart)[:0] } for !in.IsDelim(']') { - var v169 specs_go.Hook - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v169) - out.Poststart = append(out.Poststart, v169) + var v172 specs_go.Hook + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v172) + out.Poststart = append(out.Poststart, v172) in.WantComma() } in.Delim(']') @@ -7099,9 +7141,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Poststop = (out.Poststop)[:0] } for !in.IsDelim(']') { - var v170 specs_go.Hook - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v170) - out.Poststop = append(out.Poststop, v170) + var v173 specs_go.Hook + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(in, &v173) + out.Poststop = append(out.Poststop, v173) in.WantComma() } in.Delim(']') @@ -7130,11 +7172,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v171, v172 := range in.Prestart { - if v171 > 0 { + for v174, v175 := range in.Prestart { + if v174 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v172) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v175) } out.RawByte(']') } @@ -7149,11 +7191,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v173, v174 := range in.Poststart { - if v173 > 0 { + for v176, v177 := range in.Poststart { + if v176 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v174) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v177) } out.RawByte(']') } @@ -7168,11 +7210,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v175, v176 := range in.Poststop { - if v175 > 0 { + for v178, v179 := range in.Poststop { + if v178 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v176) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo(out, v179) } out.RawByte(']') } @@ -7220,9 +7262,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Options = (out.Options)[:0] } for !in.IsDelim(']') { - var v177 string - v177 = string(in.String()) - out.Options = append(out.Options, v177) + var v180 string + v180 = string(in.String()) + out.Options = append(out.Options, v180) in.WantComma() } in.Delim(']') @@ -7281,11 +7323,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v178, v179 := range in.Options { - if v178 > 0 { + for v181, v182 := range in.Options { + if v181 > 0 { out.RawByte(',') } - out.String(string(v179)) + out.String(string(v182)) } out.RawByte(']') } @@ -7400,9 +7442,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Args = (out.Args)[:0] } for !in.IsDelim(']') { - var v180 string - v180 = string(in.String()) - out.Args = append(out.Args, v180) + var v183 string + v183 = string(in.String()) + out.Args = append(out.Args, v183) in.WantComma() } in.Delim(']') @@ -7423,9 +7465,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Env = (out.Env)[:0] } for !in.IsDelim(']') { - var v181 string - v181 = string(in.String()) - out.Env = append(out.Env, v181) + var v184 string + v184 = string(in.String()) + out.Env = append(out.Env, v184) in.WantComma() } in.Delim(']') @@ -7458,9 +7500,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Rlimits = (out.Rlimits)[:0] } for !in.IsDelim(']') { - var v182 specs_go.POSIXRlimit - easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo45(in, &v182) - out.Rlimits = append(out.Rlimits, v182) + var v185 specs_go.POSIXRlimit + easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo45(in, &v185) + out.Rlimits = append(out.Rlimits, v185) in.WantComma() } in.Delim(']') @@ -7537,11 +7579,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer out.RawString("null") } else { out.RawByte('[') - for v183, v184 := range in.Args { - if v183 > 0 { + for v186, v187 := range in.Args { + if v186 > 0 { out.RawByte(',') } - out.String(string(v184)) + out.String(string(v187)) } out.RawByte(']') } @@ -7556,11 +7598,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v185, v186 := range in.Env { - if v185 > 0 { + for v188, v189 := range in.Env { + if v188 > 0 { out.RawByte(',') } - out.String(string(v186)) + out.String(string(v189)) } out.RawByte(']') } @@ -7595,11 +7637,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v187, v188 := range in.Rlimits { - if v187 > 0 { + for v190, v191 := range in.Rlimits { + if v190 > 0 { out.RawByte(',') } - easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo45(out, v188) + easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainersRuntimeSpecSpecsGo45(out, v191) } out.RawByte(']') } @@ -7752,9 +7794,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Bounding = (out.Bounding)[:0] } for !in.IsDelim(']') { - var v189 string - v189 = string(in.String()) - out.Bounding = append(out.Bounding, v189) + var v192 string + v192 = string(in.String()) + out.Bounding = append(out.Bounding, v192) in.WantComma() } in.Delim(']') @@ -7775,9 +7817,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Effective = (out.Effective)[:0] } for !in.IsDelim(']') { - var v190 string - v190 = string(in.String()) - out.Effective = append(out.Effective, v190) + var v193 string + v193 = string(in.String()) + out.Effective = append(out.Effective, v193) in.WantComma() } in.Delim(']') @@ -7798,9 +7840,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Inheritable = (out.Inheritable)[:0] } for !in.IsDelim(']') { - var v191 string - v191 = string(in.String()) - out.Inheritable = append(out.Inheritable, v191) + var v194 string + v194 = string(in.String()) + out.Inheritable = append(out.Inheritable, v194) in.WantComma() } in.Delim(']') @@ -7821,9 +7863,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Permitted = (out.Permitted)[:0] } for !in.IsDelim(']') { - var v192 string - v192 = string(in.String()) - out.Permitted = append(out.Permitted, v192) + var v195 string + v195 = string(in.String()) + out.Permitted = append(out.Permitted, v195) in.WantComma() } in.Delim(']') @@ -7844,9 +7886,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.Ambient = (out.Ambient)[:0] } for !in.IsDelim(']') { - var v193 string - v193 = string(in.String()) - out.Ambient = append(out.Ambient, v193) + var v196 string + v196 = string(in.String()) + out.Ambient = append(out.Ambient, v196) in.WantComma() } in.Delim(']') @@ -7875,11 +7917,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v194, v195 := range in.Bounding { - if v194 > 0 { + for v197, v198 := range in.Bounding { + if v197 > 0 { out.RawByte(',') } - out.String(string(v195)) + out.String(string(v198)) } out.RawByte(']') } @@ -7894,11 +7936,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v196, v197 := range in.Effective { - if v196 > 0 { + for v199, v200 := range in.Effective { + if v199 > 0 { out.RawByte(',') } - out.String(string(v197)) + out.String(string(v200)) } out.RawByte(']') } @@ -7913,11 +7955,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v198, v199 := range in.Inheritable { - if v198 > 0 { + for v201, v202 := range in.Inheritable { + if v201 > 0 { out.RawByte(',') } - out.String(string(v199)) + out.String(string(v202)) } out.RawByte(']') } @@ -7932,11 +7974,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v200, v201 := range in.Permitted { - if v200 > 0 { + for v203, v204 := range in.Permitted { + if v203 > 0 { out.RawByte(',') } - out.String(string(v201)) + out.String(string(v204)) } out.RawByte(']') } @@ -7951,11 +7993,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v202, v203 := range in.Ambient { - if v202 > 0 { + for v205, v206 := range in.Ambient { + if v205 > 0 { out.RawByte(',') } - out.String(string(v203)) + out.String(string(v206)) } out.RawByte(']') } @@ -8001,9 +8043,9 @@ func easyjson1dbef17bDecodeGithubComContainersLibpodVendorGithubComOpencontainer out.AdditionalGids = (out.AdditionalGids)[:0] } for !in.IsDelim(']') { - var v204 uint32 - v204 = uint32(in.Uint32()) - out.AdditionalGids = append(out.AdditionalGids, v204) + var v207 uint32 + v207 = uint32(in.Uint32()) + out.AdditionalGids = append(out.AdditionalGids, v207) in.WantComma() } in.Delim(']') @@ -8054,11 +8096,11 @@ func easyjson1dbef17bEncodeGithubComContainersLibpodVendorGithubComOpencontainer } { out.RawByte('[') - for v205, v206 := range in.AdditionalGids { - if v205 > 0 { + for v208, v209 := range in.AdditionalGids { + if v208 > 0 { out.RawByte(',') } - out.Uint32(uint32(v206)) + out.Uint32(uint32(v209)) } out.RawByte(']') } diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index f2e54aeef..9b07198bc 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -79,9 +79,9 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) Name: config.Name, Driver: driverData.Name, MountLabel: config.MountLabel, + ProcessLabel: config.ProcessLabel, EffectiveCaps: spec.Process.Capabilities.Effective, BoundingCaps: spec.Process.Capabilities.Bounding, - ProcessLabel: spec.Process.SelinuxLabel, AppArmorProfile: spec.Process.ApparmorProfile, ExecIDs: execIDs, GraphDriver: driverData, @@ -93,6 +93,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) HairpinMode: false, // TODO LinkLocalIPv6Address: "", // TODO - do we even support IPv6? LinkLocalIPv6PrefixLen: 0, // TODO - do we even support IPv6? + Ports: []ocicni.PortMapping{}, // TODO - maybe worth it to put this in Docker format? SandboxKey: "", // Network namespace path SecondaryIPAddresses: nil, // TODO - do we support this? diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 40159194f..cb6b940fd 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -194,12 +194,18 @@ func (c *Container) setupStorage(ctx context.Context) error { return errors.Wrapf(ErrInvalidArg, "must provide image ID and image name to use an image") } - var options *storage.ContainerOptions - if c.config.Rootfs == "" { - options = &storage.ContainerOptions{c.config.IDMappings} + options := storage.ContainerOptions{ + IDMappingOptions: storage.IDMappingOptions{ + HostUIDMapping: true, + HostGIDMapping: true, + }, + LabelOpts: c.config.LabelOpts, + } + if c.config.Rootfs == "" { + options.IDMappingOptions = c.config.IDMappings } - containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, c.config.MountLabel, options) + containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, options) if err != nil { return errors.Wrapf(err, "error creating container storage") } @@ -225,6 +231,8 @@ func (c *Container) setupStorage(ctx context.Context) error { } } + c.config.ProcessLabel = containerInfo.ProcessLabel + c.config.MountLabel = containerInfo.MountLabel c.config.StaticDir = containerInfo.Dir c.state.RunDir = containerInfo.RunDir c.state.DestinationRunDir = c.state.RunDir diff --git a/libpod/options.go b/libpod/options.go index 228b38ba5..8d044313b 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -391,11 +391,7 @@ func WithSecLabels(labelOpts []string) CtrCreateOption { if ctr.valid { return ErrCtrFinalized } - var err error - ctr.config.ProcessLabel, ctr.config.MountLabel, err = ctr.runtime.initLabels(labelOpts) - if err != nil { - return errors.Wrapf(err, "failed to init labels") - } + ctr.config.LabelOpts = labelOpts return nil } } diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 4256a84a0..b63726f29 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -11,7 +11,6 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/stringid" spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" @@ -329,10 +328,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool) } } - if r.config.EnableLabeling { - label.ReleaseLabel(c.ProcessLabel()) - r.reserveLabels() - } // Delete the container. // Not needed in Configured and Exited states, where the container // doesn't exist in the runtime @@ -467,28 +462,3 @@ func (r *Runtime) GetLatestContainer() (*Container, error) { } return ctrs[lastCreatedIndex], nil } - -// reserveLabels walks the list o fcontainers and reserves the label, so new containers will not -// get them. -// TODO Performance wise this should only run if the state has changed since the last time it was run. -func (r *Runtime) reserveLabels() error { - containers, err := r.state.AllContainers() - if err != nil { - return err - } - for _, ctr := range containers { - label.ReserveLabel(ctr.ProcessLabel()) - } - return nil -} - -// initLabels allocates an new label to return to the caller -func (r *Runtime) initLabels(labelOpts []string) (string, string, error) { - if !r.config.EnableLabeling { - return "", "", nil - } - if err := r.reserveLabels(); err != nil { - return "", "", errors.Wrapf(err, "unable to reserve labels") - } - return label.InitLabels(labelOpts) -} diff --git a/libpod/storage.go b/libpod/storage.go index 10827f13e..10026efda 100644 --- a/libpod/storage.go +++ b/libpod/storage.go @@ -27,10 +27,13 @@ func getStorageService(store storage.Store) (*storageService, error) { // of its nonvolatile and volatile per-container directories, along with a copy // of the configuration blob from the image that was used to create the // container, if the image had a configuration. +// It also returns the ProcessLabel and MountLabel selected for the container type ContainerInfo struct { - Dir string - RunDir string - Config *v1.Image + Dir string + RunDir string + Config *v1.Image + ProcessLabel string + MountLabel string } // RuntimeContainerMetadata is the structure that we encode as JSON and store @@ -59,7 +62,7 @@ func (metadata *RuntimeContainerMetadata) SetMountLabel(mountLabel string) { // CreateContainerStorage creates the storage end of things. We already have the container spec created // TO-DO We should be passing in an Image object in the future. -func (r *storageService) CreateContainerStorage(ctx context.Context, systemContext *types.SystemContext, imageName, imageID, containerName, containerID, mountLabel string, options *storage.ContainerOptions) (cinfo ContainerInfo, err error) { +func (r *storageService) CreateContainerStorage(ctx context.Context, systemContext *types.SystemContext, imageName, imageID, containerName, containerID string, options storage.ContainerOptions) (cinfo ContainerInfo, err error) { var imageConfig *v1.Image if imageName != "" { var ref types.ImageReference @@ -101,7 +104,6 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte ImageID: imageID, ContainerName: containerName, CreatedAt: time.Now().Unix(), - MountLabel: mountLabel, } mdata, err := json.Marshal(&metadata) if err != nil { @@ -111,15 +113,7 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte // Build the container. names := []string{containerName} - if options == nil { - options = &storage.ContainerOptions{ - IDMappingOptions: storage.IDMappingOptions{ - HostUIDMapping: true, - HostGIDMapping: true, - }, - } - } - container, err := r.store.CreateContainer(containerID, names, imageID, "", string(mdata), options) + container, err := r.store.CreateContainer(containerID, names, imageID, "", string(mdata), &options) if err != nil { logrus.Debugf("failed to create container %s(%s): %v", metadata.ContainerName, containerID, err) @@ -167,9 +161,11 @@ func (r *storageService) CreateContainerStorage(ctx context.Context, systemConte logrus.Debugf("container %q has run directory %q", container.ID, containerRunDir) return ContainerInfo{ - Dir: containerDir, - RunDir: containerRunDir, - Config: imageConfig, + Dir: containerDir, + RunDir: containerRunDir, + Config: imageConfig, + ProcessLabel: container.ProcessLabel(), + MountLabel: container.MountLabel(), }, nil } diff --git a/vendor.conf b/vendor.conf index 88ba7f28e..8004f9056 100644 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 github.com/containers/image bd10b1b53b2976f215b3f2f848fb8e7cad779aeb -github.com/containers/storage 41294c85d97bef688e18f710402895dbecde3308 +github.com/containers/storage 24f0de45708bc6e4c8062828cd03812aaebc30db https://github.com/rhatdan/storage github.com/containers/psgo 5dde6da0bc8831b35243a847625bcf18183bd1ee github.com/coreos/go-systemd v14 github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c @@ -51,7 +51,7 @@ github.com/opencontainers/image-spec v1.0.0 github.com/opencontainers/runc b4e2ecb452d9ee4381137cc0a7e6715b96bed6de github.com/opencontainers/runtime-spec d810dbc60d8c5aeeb3d054bd1132fab2121968ce github.com/opencontainers/runtime-tools master -github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a +github.com/opencontainers/selinux 36a9bc45a08c85f2c52bd9eb32e20267876773bd github.com/ostreedev/ostree-go master github.com/pkg/errors v0.8.0 github.com/pmezard/go-difflib 792786c7400a136282c1664665ae0a8db921c6c2 @@ -77,7 +77,7 @@ golang.org/x/sys master golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631 golang.org/x/sync master -google.golang.org/grpc v1.0.4 https://github.com/grpc/grpc-go +google.golang.org/grpc v1.0.4 https://github.com/grpc/grpc-go< gopkg.in/cheggaaa/pb.v1 v1.0.7 gopkg.in/inf.v0 v0.9.0 gopkg.in/mgo.v2 v2 diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go index f87ea15be..0a125331d 100644 --- a/vendor/github.com/containers/storage/containers.go +++ b/vendor/github.com/containers/storage/containers.go @@ -133,6 +133,20 @@ func copyContainer(c *Container) *Container { } } +func (c *Container) MountLabel() string { + if label, ok := c.Flags["MountLabel"].(string); ok { + return label + } + return "" +} + +func (c *Container) ProcessLabel() string { + if label, ok := c.Flags["ProcessLabel"].(string); ok { + return label + } + return "" +} + func (r *containerStore) Containers() ([]Container, error) { containers := make([]Container, len(r.containers)) for i := range r.containers { @@ -297,7 +311,7 @@ func (r *containerStore) Create(id string, names []string, image, layer, metadat BigDataSizes: make(map[string]int64), BigDataDigests: make(map[string]digest.Digest), Created: time.Now().UTC(), - Flags: make(map[string]interface{}), + Flags: copyStringInterfaceMap(options.Flags), UIDMap: copyIDMap(options.UIDMap), GIDMap: copyIDMap(options.GIDMap), } diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go index bee4a598e..f14ba24b9 100644 --- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go +++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go @@ -416,7 +416,7 @@ func atomicRemove(source string) error { // Get returns the rootfs path for the id. // This will mount the dir at its given path -func (a *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (a *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { a.locker.Lock(id) defer a.locker.Unlock(id) parents, err := a.getParentLayerPaths(id) @@ -441,7 +441,7 @@ func (a *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s // If a dir does not have a parent ( no layers )do not try to mount // just return the diff path to the data if len(parents) > 0 { - if err := a.mount(id, m, mountLabel, parents); err != nil { + if err := a.mount(id, m, options.MountLabel, parents); err != nil { return "", err } } diff --git a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go index 2dd81b0c0..adc34d209 100644 --- a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go +++ b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go @@ -634,7 +634,7 @@ func (d *Driver) Remove(id string) error { } // Get the requested filesystem id. -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { dir := d.subvolumesDirID(id) st, err := os.Stat(dir) if err != nil { diff --git a/vendor/github.com/containers/storage/drivers/chown.go b/vendor/github.com/containers/storage/drivers/chown.go index 168bb7e34..4d4011ee0 100644 --- a/vendor/github.com/containers/storage/drivers/chown.go +++ b/vendor/github.com/containers/storage/drivers/chown.go @@ -114,7 +114,10 @@ func NewNaiveLayerIDMapUpdater(driver ProtoDriver) LayerIDMapUpdater { // same "container" IDs. func (n *naiveLayerIDMapUpdater) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error { driver := n.ProtoDriver - layerFs, err := driver.Get(id, mountLabel, nil, nil) + options := MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := driver.Get(id, options) if err != nil { return err } diff --git a/vendor/github.com/containers/storage/drivers/devmapper/driver.go b/vendor/github.com/containers/storage/drivers/devmapper/driver.go index 4aaca6508..9fc082d7d 100644 --- a/vendor/github.com/containers/storage/drivers/devmapper/driver.go +++ b/vendor/github.com/containers/storage/drivers/devmapper/driver.go @@ -163,7 +163,7 @@ func (d *Driver) Remove(id string) error { } // Get mounts a device with given id into the root filesystem -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { d.locker.Lock(id) defer d.locker.Unlock(id) mp := path.Join(d.home, "mnt", id) @@ -189,7 +189,7 @@ func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s } // Mount the device - if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil { + if err := d.DeviceSet.MountDevice(id, mp, options.MountLabel); err != nil { d.ctr.Decrement(mp) return "", err } diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go index 40b911ab7..4569c7b59 100644 --- a/vendor/github.com/containers/storage/drivers/driver.go +++ b/vendor/github.com/containers/storage/drivers/driver.go @@ -42,6 +42,15 @@ type CreateOpts struct { StorageOpt map[string]string } +// MountOpts contains optional arguments for LayerStope.Mount() methods. +type MountOpts struct { + // Mount label is the MAC Labels to assign to mount point (SELINUX) + MountLabel string + // UidMaps & GidMaps are the User Namespace mappings to be assigned to content in the mount point + UidMaps []idtools.IDMap + GidMaps []idtools.IDMap +} + // InitFunc initializes the storage driver. type InitFunc func(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (Driver, error) @@ -68,7 +77,7 @@ type ProtoDriver interface { // to by this id. You can optionally specify a mountLabel or "". // Optionally it gets the mappings used to create the layer. // Returns the absolute path to the mounted layered filesystem. - Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (dir string, err error) + Get(id string, options MountOpts) (dir string, err error) // Put releases the system resources for the specified id, // e.g, unmounting layered filesystem. Put(id string) error diff --git a/vendor/github.com/containers/storage/drivers/fsdiff.go b/vendor/github.com/containers/storage/drivers/fsdiff.go index 64541e269..19da7d101 100644 --- a/vendor/github.com/containers/storage/drivers/fsdiff.go +++ b/vendor/github.com/containers/storage/drivers/fsdiff.go @@ -51,7 +51,10 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare parentMappings = &idtools.IDMappings{} } - layerFs, err := driver.Get(id, mountLabel, nil, nil) + options := MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := driver.Get(id, options) if err != nil { return nil, err } @@ -78,7 +81,7 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare }), nil } - parentFs, err := driver.Get(parent, mountLabel, nil, nil) + parentFs, err := driver.Get(parent, options) if err != nil { return nil, err } @@ -119,7 +122,10 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p parentMappings = &idtools.IDMappings{} } - layerFs, err := driver.Get(id, mountLabel, nil, nil) + options := MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := driver.Get(id, options) if err != nil { return nil, err } @@ -128,7 +134,10 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p parentFs := "" if parent != "" { - parentFs, err = driver.Get(parent, mountLabel, nil, nil) + options := MountOpts{ + MountLabel: mountLabel, + } + parentFs, err = driver.Get(parent, options) if err != nil { return nil, err } @@ -149,7 +158,10 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id string, applyMappings *idtools.IDMappin } // Mount the root filesystem so we can apply the diff/layer. - layerFs, err := driver.Get(id, mountLabel, nil, nil) + mountOpts := MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := driver.Get(id, mountOpts) if err != nil { return } @@ -189,7 +201,10 @@ func (gdw *NaiveDiffDriver) DiffSize(id string, idMappings *idtools.IDMappings, return } - layerFs, err := driver.Get(id, mountLabel, nil, nil) + options := MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := driver.Get(id, options) if err != nil { return } diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index 323d7c274..66ccc6a63 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -642,11 +642,11 @@ func (d *Driver) Remove(id string) error { } // Get creates and mounts the required file system for the given id and returns the mount path. -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) { - return d.get(id, mountLabel, false, uidMaps, gidMaps) +func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) { + return d.get(id, false, options) } -func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) { +func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountOpts) (_ string, retErr error) { d.locker.Lock(id) defer d.locker.Unlock(id) dir := d.dir(id) @@ -740,7 +740,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa if d.options.mountOptions != "" { opts = fmt.Sprintf("%s,%s", d.options.mountOptions, opts) } - mountData := label.FormatMountLabel(opts, mountLabel) + mountData := label.FormatMountLabel(opts, options.MountLabel) mountFunc := unix.Mount mountTarget := mergedDir @@ -753,7 +753,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa if d.options.mountProgram != "" { mountFunc = func(source string, target string, mType string, flags uintptr, label string) error { if !disableShifting { - label = d.optsAppendMappings(label, uidMaps, gidMaps) + label = d.optsAppendMappings(label, options.UidMaps, options.GidMaps) } mountProgram := exec.Command(d.options.mountProgram, "-o", label, target) @@ -763,7 +763,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa } else if len(mountData) > pageSize { //FIXME: We need to figure out to get this to work with additional stores opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(relLowers, ":"), path.Join(id, "diff"), path.Join(id, "work")) - mountData = label.FormatMountLabel(opts, mountLabel) + mountData = label.FormatMountLabel(opts, options.MountLabel) if len(mountData) > pageSize { return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData)) } @@ -952,7 +952,10 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp } // Mount the new layer and handle ownership changes and possible copy_ups in it. - layerFs, err := d.get(id, mountLabel, true, nil, nil) + options := graphdriver.MountOpts{ + MountLabel: mountLabel, + } + layerFs, err := d.get(id, true, options) if err != nil { return err } diff --git a/vendor/github.com/containers/storage/drivers/vfs/driver.go b/vendor/github.com/containers/storage/drivers/vfs/driver.go index 115afb814..d10fb2607 100644 --- a/vendor/github.com/containers/storage/drivers/vfs/driver.go +++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go @@ -137,7 +137,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts, ro bool label.SetFileLabel(dir, mountLabel) } if parent != "" { - parentDir, err := d.Get(parent, "", nil, nil) + parentDir, err := d.Get(parent, graphdriver.MountOpts{}) if err != nil { return fmt.Errorf("%s: %s", parent, err) } @@ -179,7 +179,7 @@ func (d *Driver) Remove(id string) error { } // Get returns the directory for the given id. -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) { dir := d.dir(id) if st, err := os.Stat(dir); err != nil { return "", err diff --git a/vendor/github.com/containers/storage/drivers/windows/windows.go b/vendor/github.com/containers/storage/drivers/windows/windows.go index 9d9aac701..4ccf657dc 100644 --- a/vendor/github.com/containers/storage/drivers/windows/windows.go +++ b/vendor/github.com/containers/storage/drivers/windows/windows.go @@ -362,9 +362,9 @@ func (d *Driver) Remove(id string) error { } // Get returns the rootfs path for the id. This will mount the dir at its given path. -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { panicIfUsedByLcow() - logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, mountLabel) + logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, options.MountLabel) var dir string rID, err := d.resolveID(id) @@ -620,7 +620,7 @@ func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent stri return } - layerFs, err := d.Get(id, "", nil, nil) + layerFs, err := d.Get(id, graphdriver.MountOpts{}) if err != nil { return } diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go index b8ae59a61..cb4424f2d 100644 --- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go +++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go @@ -360,15 +360,15 @@ func (d *Driver) Remove(id string) error { } // Get returns the mountpoint for the given id after creating the target directories if necessary. -func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) { mountpoint := d.mountPath(id) if count := d.ctr.Increment(mountpoint); count > 1 { return mountpoint, nil } filesystem := d.zfsPath(id) - options := label.FormatMountLabel(d.options.mountOptions, mountLabel) - logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, options) + opts := label.FormatMountLabel(d.options.mountOptions, options.MountLabel) + logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, opts) rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) if err != nil { @@ -381,7 +381,7 @@ func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s return "", err } - if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil { + if err := mount.Mount(filesystem, mountpoint, "zfs", opts); err != nil { d.ctr.Decrement(mountpoint) return "", fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err) } diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index fe263ba63..1275ab47c 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -21,6 +21,7 @@ import ( "github.com/containers/storage/pkg/system" "github.com/containers/storage/pkg/truncindex" digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/vbatts/tar-split/tar/asm" "github.com/vbatts/tar-split/tar/storage" @@ -210,7 +211,7 @@ type LayerStore interface { // layers, it should not be written to. An SELinux label to be applied to the // mount can be specified to override the one configured for the layer. // The mappings used by the container can be specified. - Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) + Mount(id string, options drivers.MountOpts) (string, error) // Unmount unmounts a layer when it is no longer in use. Unmount(id string, force bool) (bool, error) @@ -294,6 +295,9 @@ func (r *layerStore) Load() error { mounts := make(map[string]*Layer) compressedsums := make(map[digest.Digest][]string) uncompressedsums := make(map[digest.Digest][]string) + if r.lockfile.IsReadWrite() { + label.ClearLabels() + } if err = json.Unmarshal(data, &layers); len(data) == 0 || err == nil { idlist = make([]string, 0, len(layers)) for n, layer := range layers { @@ -312,6 +316,9 @@ func (r *layerStore) Load() error { if layer.UncompressedDigest != "" { uncompressedsums[layer.UncompressedDigest] = append(uncompressedsums[layer.UncompressedDigest], layer.ID) } + if layer.MountLabel != "" { + label.ReserveLabel(layer.MountLabel) + } } } if shouldSave && !r.IsReadWrite() { @@ -552,6 +559,9 @@ func (r *layerStore) Put(id string, parentLayer *Layer, names []string, mountLab } else { parentMappings = &idtools.IDMappings{} } + if mountLabel != "" { + label.ReserveLabel(mountLabel) + } idMappings := idtools.NewIDMappingsFromMaps(moreOptions.UIDMap, moreOptions.GIDMap) opts := drivers.CreateOpts{ MountLabel: mountLabel, @@ -649,7 +659,7 @@ func (r *layerStore) Mounted(id string) (int, error) { return layer.MountCount, nil } -func (r *layerStore) Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) { +func (r *layerStore) Mount(id string, options drivers.MountOpts) (string, error) { if !r.IsReadWrite() { return "", errors.Wrapf(ErrStoreIsReadOnly, "not allowed to update mount locations for layers at %q", r.mountspath()) } @@ -661,16 +671,16 @@ func (r *layerStore) Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDM layer.MountCount++ return layer.MountPoint, r.Save() } - if mountLabel == "" { - mountLabel = layer.MountLabel + if options.MountLabel == "" { + options.MountLabel = layer.MountLabel } - if (uidMaps != nil || gidMaps != nil) && !r.driver.SupportsShifting() { - if !reflect.DeepEqual(uidMaps, layer.UIDMap) || !reflect.DeepEqual(gidMaps, layer.GIDMap) { + if (options.UidMaps != nil || options.GidMaps != nil) && !r.driver.SupportsShifting() { + if !reflect.DeepEqual(options.UidMaps, layer.UIDMap) || !reflect.DeepEqual(options.GidMaps, layer.GIDMap) { return "", fmt.Errorf("cannot mount layer %v: shifting not enabled", layer.ID) } } - mountpoint, err := r.driver.Get(id, mountLabel, uidMaps, gidMaps) + mountpoint, err := r.driver.Get(id, options) if mountpoint != "" && err == nil { if layer.MountPoint != "" { delete(r.bymount, layer.MountPoint) @@ -839,6 +849,7 @@ func (r *layerStore) Delete(id string) error { os.Remove(r.tspath(id)) delete(r.byid, id) r.idindex.Delete(id) + mountLabel := layer.MountLabel if layer.MountPoint != "" { delete(r.bymount, layer.MountPoint) } @@ -857,6 +868,18 @@ func (r *layerStore) Delete(id string) error { r.layers = append(r.layers[:toDeleteIndex], r.layers[toDeleteIndex+1:]...) } } + if mountLabel != "" { + var found bool + for _, candidate := range r.layers { + if candidate.MountLabel == mountLabel { + found = true + break + } + } + if !found { + label.ReleaseLabel(mountLabel) + } + } if err = r.Save(); err != nil { return err } @@ -957,7 +980,7 @@ func (r *layerStore) newFileGetter(id string) (drivers.FileGetCloser, error) { if getter, ok := r.driver.(drivers.DiffGetterDriver); ok { return getter.DiffGetter(id) } - path, err := r.Mount(id, "", nil, nil) + path, err := r.Mount(id, drivers.MountOpts{}) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/storage/pkg/archive/example_changes.go b/vendor/github.com/containers/storage/pkg/archive/example_changes.go new file mode 100644 index 000000000..70f9c5564 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/archive/example_changes.go @@ -0,0 +1,97 @@ +// +build ignore + +// Simple tool to create an archive stream from an old and new directory +// +// By default it will stream the comparison of two temporary directories with junk files +package main + +import ( + "flag" + "fmt" + "io" + "io/ioutil" + "os" + "path" + + "github.com/containers/storage/pkg/archive" + "github.com/sirupsen/logrus" +) + +var ( + flDebug = flag.Bool("D", false, "debugging output") + flNewDir = flag.String("newdir", "", "") + flOldDir = flag.String("olddir", "", "") + log = logrus.New() +) + +func main() { + flag.Usage = func() { + fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)") + fmt.Printf("%s [OPTIONS]\n", os.Args[0]) + flag.PrintDefaults() + } + flag.Parse() + log.Out = os.Stderr + if (len(os.Getenv("DEBUG")) > 0) || *flDebug { + logrus.SetLevel(logrus.DebugLevel) + } + var newDir, oldDir string + + if len(*flNewDir) == 0 { + var err error + newDir, err = ioutil.TempDir("", "storage-test-newDir") + if err != nil { + log.Fatal(err) + } + defer os.RemoveAll(newDir) + if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil { + log.Fatal(err) + } + } else { + newDir = *flNewDir + } + + if len(*flOldDir) == 0 { + oldDir, err := ioutil.TempDir("", "storage-test-oldDir") + if err != nil { + log.Fatal(err) + } + defer os.RemoveAll(oldDir) + } else { + oldDir = *flOldDir + } + + changes, err := archive.ChangesDirs(newDir, oldDir) + if err != nil { + log.Fatal(err) + } + + a, err := archive.ExportChanges(newDir, changes) + if err != nil { + log.Fatal(err) + } + defer a.Close() + + i, err := io.Copy(os.Stdout, a) + if err != nil && err != io.EOF { + log.Fatal(err) + } + fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i) +} + +func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) { + fileData := []byte("fooo") + for n := 0; n < numberOfFiles; n++ { + fileName := fmt.Sprintf("file-%d", n) + if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil { + return 0, err + } + if makeLinks { + if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil { + return 0, err + } + } + } + totalSize := numberOfFiles * len(fileData) + return totalSize, nil +} diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 94cf1f0a7..7eaa82910 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -25,6 +25,7 @@ import ( "github.com/containers/storage/pkg/stringid" "github.com/containers/storage/pkg/stringutils" digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" ) @@ -251,6 +252,8 @@ type Store interface { // Mount attempts to mount a layer, image, or container for access, and // returns the pathname if it succeeds. + // Note if the mountLabel == "", the default label for the container + // will be used. // // Note that we do some of this work in a child process. The calling // process's main() function needs to import our pkg/reexec package and @@ -497,6 +500,8 @@ type ContainerOptions struct { // container's layer will inherit settings from the image's top layer // or, if it is not being created based on an image, the Store object. IDMappingOptions + LabelOpts []string + Flags map[string]interface{} } type store struct { @@ -1175,7 +1180,26 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat }, } } - clayer, err := rlstore.Create(layer, imageTopLayer, nil, "", nil, layerOptions, true) + if options.Flags == nil { + options.Flags = make(map[string]interface{}) + } + plabel, _ := options.Flags["ProcessLabel"].(string) + mlabel, _ := options.Flags["MountLabel"].(string) + if (plabel == "" && mlabel != "") || + (plabel != "" && mlabel == "") { + return nil, errors.Errorf("ProcessLabel and Mountlabel must either not be specified or both specified") + } + + if plabel == "" { + processLabel, mountLabel, err := label.InitLabels(options.LabelOpts) + if err != nil { + return nil, err + } + options.Flags["ProcessLabel"] = processLabel + options.Flags["MountLabel"] = mountLabel + } + + clayer, err := rlstore.Create(layer, imageTopLayer, nil, options.Flags["MountLabel"].(string), nil, layerOptions, true) if err != nil { return nil, err } @@ -1189,13 +1213,11 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat if modified, err := rcstore.Modified(); modified || err != nil { rcstore.Load() } - options = &ContainerOptions{ - IDMappingOptions: IDMappingOptions{ - HostUIDMapping: len(options.UIDMap) == 0, - HostGIDMapping: len(options.GIDMap) == 0, - UIDMap: copyIDMap(options.UIDMap), - GIDMap: copyIDMap(options.GIDMap), - }, + options.IDMappingOptions = IDMappingOptions{ + HostUIDMapping: len(options.UIDMap) == 0, + HostGIDMapping: len(options.GIDMap) == 0, + UIDMap: copyIDMap(options.UIDMap), + GIDMap: copyIDMap(options.GIDMap), } container, err := rcstore.Create(id, names, imageID, layer, metadata, options) if err != nil || container == nil { @@ -2273,7 +2295,12 @@ func (s *store) Mount(id, mountLabel string) (string, error) { rlstore.Load() } if rlstore.Exists(id) { - return rlstore.Mount(id, mountLabel, uidMap, gidMap) + options := drivers.MountOpts{ + MountLabel: mountLabel, + UidMaps: uidMap, + GidMaps: gidMap, + } + return rlstore.Mount(id, options) } return "", ErrLayerUnknown } diff --git a/vendor/github.com/containers/storage/vendor.conf b/vendor/github.com/containers/storage/vendor.conf index c0498a02d..2276d5531 100644 --- a/vendor/github.com/containers/storage/vendor.conf +++ b/vendor/github.com/containers/storage/vendor.conf @@ -8,7 +8,7 @@ github.com/mattn/go-shellwords 753a2322a99f87c0eff284980e77f53041555bc6 github.com/mistifyio/go-zfs c0224de804d438efd11ea6e52ada8014537d6062 github.com/opencontainers/go-digest master github.com/opencontainers/runc 6c22e77604689db8725fa866f0f2ec0b3e8c3a07 -github.com/opencontainers/selinux ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d +github.com/opencontainers/selinux 36a9bc45a08c85f2c52bd9eb32e20267876773bd github.com/pborman/uuid 1b00554d822231195d1babd97ff4a781231955c9 github.com/pkg/errors master github.com/pmezard/go-difflib v1.0.0 diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go index 6cfc5fded..2a31cd3c5 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go @@ -48,6 +48,11 @@ func GetPidLabel(pid int) (string, error) { func Init() { } +// ClearLabels clears all reserved labels +func ClearLabels() { + return +} + func ReserveLabel(label string) error { return nil } diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go index f0a055b87..63c4edd05 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go @@ -24,17 +24,22 @@ var ErrIncompatibleLabel = fmt.Errorf("Bad SELinux option z and Z can not be use // the container. A list of options can be passed into this function to alter // the labels. The labels returned will include a random MCS String, that is // guaranteed to be unique. -func InitLabels(options []string) (string, string, error) { +func InitLabels(options []string) (plabel string, mlabel string, Err error) { if !selinux.GetEnabled() { return "", "", nil } processLabel, mountLabel := selinux.ContainerLabels() if processLabel != "" { + defer func() { + if Err != nil { + ReleaseLabel(mountLabel) + } + }() pcon := selinux.NewContext(processLabel) mcon := selinux.NewContext(mountLabel) for _, opt := range options { if opt == "disable" { - return "", "", nil + return "", mountLabel, nil } if i := strings.Index(opt, ":"); i == -1 { return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) @@ -156,6 +161,11 @@ func Init() { selinux.GetEnabled() } +// ClearLabels will clear all reserved labels +func ClearLabels() { + selinux.ClearLabels() +} + // ReserveLabel will record the fact that the MCS label has already been used. // This will prevent InitLabels from using the MCS label in a newly created // container diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 5dc09a51e..2cd54eac1 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -409,6 +409,13 @@ func NewContext(label string) Context { return c } +// ClearLabels clears all reserved labels +func ClearLabels() { + state.Lock() + state.mcsList = make(map[string]bool) + state.Unlock() +} + // ReserveLabel reserves the MLS/MCS level component of the specified label func ReserveLabel(label string) { if len(label) != 0 { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 4dbfd83ed..5abf8a362 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -107,6 +107,11 @@ func NewContext(label string) Context { return c } +// ClearLabels clears all reserved MLS/MCS levels +func ClearLabels() { + return +} + // ReserveLabel reserves the MLS/MCS level component of the specified label func ReserveLabel(label string) { return |