diff options
-rw-r--r-- | vendor.conf | 2 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/bind/mount_unsupported.go | 14 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/buildah.go | 19 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/commit.go | 15 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/config_noseccomp.go | 11 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/config_seccomp.go | 35 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/imagebuildah/build.go | 13 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/import.go | 7 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/new.go | 10 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/pkg/cli/common.go | 4 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/pkg/parse/parse.go | 21 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/run.go | 154 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/vendor.conf | 5 |
13 files changed, 247 insertions, 63 deletions
diff --git a/vendor.conf b/vendor.conf index e3acae833..3f99d60af 100644 --- a/vendor.conf +++ b/vendor.conf @@ -88,7 +88,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/ k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils github.com/mrunalp/fileutils master github.com/varlink/go master -github.com/projectatomic/buildah 2441ff4f9f6a5e635f85c177892f096a46503d6f +github.com/projectatomic/buildah e098ef46fd32af5e77c7c65315d454653a36d6dd github.com/Nvveen/Gotty master github.com/fsouza/go-dockerclient master github.com/openshift/imagebuilder master diff --git a/vendor/github.com/projectatomic/buildah/bind/mount_unsupported.go b/vendor/github.com/projectatomic/buildah/bind/mount_unsupported.go index a8786955d..88ca2ca8b 100644 --- a/vendor/github.com/projectatomic/buildah/bind/mount_unsupported.go +++ b/vendor/github.com/projectatomic/buildah/bind/mount_unsupported.go @@ -3,23 +3,11 @@ package bind import ( - "fmt" - "os" - "path/filepath" - "sort" - "strings" - "syscall" - - "github.com/containers/storage/pkg/idtools" - "github.com/containers/storage/pkg/mount" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) // SetupIntermediateMountNamespace returns a no-op unmountAll() and no error. func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmountAll func() error, err error) { - stripNoBuildahBindOption(spec) + stripNoBindOption(spec) return func() error { return nil }, nil } diff --git a/vendor/github.com/projectatomic/buildah/buildah.go b/vendor/github.com/projectatomic/buildah/buildah.go index 5fb428da2..8cf9d7747 100644 --- a/vendor/github.com/projectatomic/buildah/buildah.go +++ b/vendor/github.com/projectatomic/buildah/buildah.go @@ -15,6 +15,7 @@ import ( "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/projectatomic/buildah/docker" + "github.com/projectatomic/buildah/util" ) const ( @@ -105,6 +106,8 @@ func (p NetworkConfigurationPolicy) String() string { type Builder struct { store storage.Store + // Args define variables that users can pass at build-time to the builder + Args map[string]string // Type is used to help identify a build container's metadata. It // should not be modified. Type string `json:"type"` @@ -147,6 +150,8 @@ type Builder struct { // DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format. DefaultMountsFilePath string `json:"defaultMountsFilePath,omitempty"` + // Isolation controls how we handle "RUN" statements and the Run() method. + Isolation Isolation // NamespaceOptions controls how we set up the namespaces for processes that we run in the container. NamespaceOptions NamespaceOptions // ConfigureNetwork controls whether or not network interfaces and @@ -193,11 +198,15 @@ type BuilderInfo struct { OCIv1 v1.Image Docker docker.V2Image DefaultMountsFilePath string + Isolation string NamespaceOptions NamespaceOptions ConfigureNetwork string CNIPluginPath string CNIConfigDir string IDMappingOptions IDMappingOptions + DefaultCapabilities []string + AddCapabilities []string + DropCapabilities []string } // GetBuildInfo gets a pointer to a Builder object and returns a BuilderInfo object from it. @@ -218,11 +227,15 @@ func GetBuildInfo(b *Builder) BuilderInfo { OCIv1: b.OCIv1, Docker: b.Docker, DefaultMountsFilePath: b.DefaultMountsFilePath, + Isolation: b.Isolation.String(), NamespaceOptions: b.NamespaceOptions, ConfigureNetwork: fmt.Sprintf("%v", b.ConfigureNetwork), CNIPluginPath: b.CNIPluginPath, CNIConfigDir: b.CNIConfigDir, IDMappingOptions: b.IDMappingOptions, + DefaultCapabilities: append([]string{}, util.DefaultCapabilities...), + AddCapabilities: append([]string{}, b.AddCapabilities...), + DropCapabilities: append([]string{}, b.DropCapabilities...), } } @@ -279,6 +292,9 @@ type CommonBuildOptions struct { // BuilderOptions are used to initialize a new Builder. type BuilderOptions struct { + + // Args define variables that users can pass at build-time to the builder + Args map[string]string // FromImage is the name of the image which should be used as the // starting point for the container. It can be set to an empty value // or "scratch" to indicate that the container should not be based on @@ -317,6 +333,9 @@ type BuilderOptions struct { // DefaultMountsFilePath is the file path holding the mounts to be // mounted in "host-path:container-path" format DefaultMountsFilePath string + // Isolation controls how we handle "RUN" statements and the Run() + // method. + Isolation Isolation // NamespaceOptions controls how we set up namespaces for processes that // we might need to run using the container's root filesystem. NamespaceOptions NamespaceOptions diff --git a/vendor/github.com/projectatomic/buildah/commit.go b/vendor/github.com/projectatomic/buildah/commit.go index 3c5958f2d..b25ec7029 100644 --- a/vendor/github.com/projectatomic/buildah/commit.go +++ b/vendor/github.com/projectatomic/buildah/commit.go @@ -105,10 +105,17 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options logrus.Debugf("error destroying signature policy context: %v", err2) } }() - // Check if we're keeping everything in local storage. If so, we can take certain shortcuts. - _, destIsStorage := dest.Transport().(is.StoreTransport) - exporting := !destIsStorage - src, err := b.makeImageRef(options.PreferredManifestType, options.Parent, exporting, options.Squash, options.Compression, options.HistoryTimestamp) + // Check if the base image is already in the destination and it's some kind of local + // storage. If so, we can skip recompressing any layers that come from the base image. + exportBaseLayers := true + if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && b.FromImageID != "" { + if baseref, err := transport.ParseReference(b.FromImageID); baseref != nil && err == nil { + if img, err := transport.GetImage(baseref); img != nil && err == nil { + exportBaseLayers = false + } + } + } + src, err := b.makeImageRef(options.PreferredManifestType, options.Parent, exportBaseLayers, options.Squash, options.Compression, options.HistoryTimestamp) if err != nil { return imgID, errors.Wrapf(err, "error computing layer digests and building metadata") } diff --git a/vendor/github.com/projectatomic/buildah/config_noseccomp.go b/vendor/github.com/projectatomic/buildah/config_noseccomp.go new file mode 100644 index 000000000..e8354cc55 --- /dev/null +++ b/vendor/github.com/projectatomic/buildah/config_noseccomp.go @@ -0,0 +1,11 @@ +// +build !seccomp + +package buildah + +import "github.com/opencontainers/runtime-spec/specs-go" + +func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error { + // If no seccomp is being used, the Seccomp profile in the Linux spec + // is not set + return nil +} diff --git a/vendor/github.com/projectatomic/buildah/config_seccomp.go b/vendor/github.com/projectatomic/buildah/config_seccomp.go new file mode 100644 index 000000000..3453a8f00 --- /dev/null +++ b/vendor/github.com/projectatomic/buildah/config_seccomp.go @@ -0,0 +1,35 @@ +// +build seccomp + +package buildah + +import ( + "io/ioutil" + + "github.com/docker/docker/profiles/seccomp" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" +) + +func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error { + switch seccompProfilePath { + case "unconfined": + spec.Linux.Seccomp = nil + case "": + seccompConfig, err := seccomp.GetDefaultProfile(spec) + if err != nil { + return errors.Wrapf(err, "loading default seccomp profile failed") + } + spec.Linux.Seccomp = seccompConfig + default: + seccompProfile, err := ioutil.ReadFile(seccompProfilePath) + if err != nil { + return errors.Wrapf(err, "opening seccomp profile (%s) failed", seccompProfilePath) + } + seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec) + if err != nil { + return errors.Wrapf(err, "loading seccomp profile (%s) failed", seccompProfilePath) + } + spec.Linux.Seccomp = seccompConfig + } + return nil +} diff --git a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go index 69ed1822f..2c75fcfe1 100644 --- a/vendor/github.com/projectatomic/buildah/imagebuildah/build.go +++ b/vendor/github.com/projectatomic/buildah/imagebuildah/build.go @@ -67,8 +67,11 @@ type BuildOptions struct { IgnoreUnrecognizedInstructions bool // Quiet tells us whether or not to announce steps as we go through them. Quiet bool - // Runtime is the name of the command to run for RUN instructions. It - // should accept the same arguments and flags that runc does. + // Isolation controls how Run() runs things. + Isolation buildah.Isolation + // Runtime is the name of the command to run for RUN instructions when + // Isolation is either IsolationDefault or IsolationOCI. It should + // accept the same arguments and flags that runc does. Runtime string // RuntimeArgs adds global arguments for the runtime. RuntimeArgs []string @@ -193,6 +196,7 @@ type Executor struct { volumeCache map[string]string volumeCacheInfo map[string]os.FileInfo reportWriter io.Writer + isolation buildah.Isolation namespaceOptions []buildah.NamespaceOption configureNetwork buildah.NetworkConfigurationPolicy cniPluginPath string @@ -551,6 +555,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) { out: options.Out, err: options.Err, reportWriter: options.ReportWriter, + isolation: options.Isolation, namespaceOptions: options.NamespaceOptions, configureNetwork: options.ConfigureNetwork, cniPluginPath: options.CNIPluginPath, @@ -601,6 +606,7 @@ func (b *Executor) Prepare(ctx context.Context, ib *imagebuilder.Builder, node * b.log("FROM %s", from) } builderOptions := buildah.BuilderOptions{ + Args: ib.Args, FromImage: from, PullPolicy: b.pullPolicy, Registry: b.registry, @@ -608,6 +614,7 @@ func (b *Executor) Prepare(ctx context.Context, ib *imagebuilder.Builder, node * SignaturePolicyPath: b.signaturePolicyPath, ReportWriter: b.reportWriter, SystemContext: b.systemContext, + Isolation: b.isolation, NamespaceOptions: b.namespaceOptions, ConfigureNetwork: b.configureNetwork, CNIPluginPath: b.cniPluginPath, @@ -673,7 +680,7 @@ func (b *Executor) Prepare(ctx context.Context, ib *imagebuilder.Builder, node * } b.mountPoint = mountPoint b.builder = builder - // Add the top layer of this image to b.topLayers so we can keep track of them + // Add the top layer of this image to b.topLayers so we can keep track of them // when building with cached images. b.topLayers = append(b.topLayers, builder.TopLayer) return nil diff --git a/vendor/github.com/projectatomic/buildah/import.go b/vendor/github.com/projectatomic/buildah/import.go index b7ed3730f..31288334a 100644 --- a/vendor/github.com/projectatomic/buildah/import.go +++ b/vendor/github.com/projectatomic/buildah/import.go @@ -43,6 +43,11 @@ func importBuilderDataFromImage(ctx context.Context, store storage.Store, system } } + defaultNamespaceOptions, err := DefaultNamespaceOptions() + if err != nil { + return nil, err + } + builder := &Builder{ store: store, Type: containerType, @@ -52,7 +57,7 @@ func importBuilderDataFromImage(ctx context.Context, store storage.Store, system ContainerID: containerID, ImageAnnotations: map[string]string{}, ImageCreatedBy: "", - NamespaceOptions: DefaultNamespaceOptions(), + NamespaceOptions: defaultNamespaceOptions, IDMappingOptions: IDMappingOptions{ HostUIDMapping: len(uidmap) == 0, HostGIDMapping: len(uidmap) == 0, diff --git a/vendor/github.com/projectatomic/buildah/new.go b/vendor/github.com/projectatomic/buildah/new.go index 4474fac92..1a1e89c46 100644 --- a/vendor/github.com/projectatomic/buildah/new.go +++ b/vendor/github.com/projectatomic/buildah/new.go @@ -292,7 +292,13 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions return nil, err } uidmap, gidmap := convertStorageIDMaps(container.UIDMap, container.GIDMap) - namespaceOptions := DefaultNamespaceOptions() + + defaultNamespaceOptions, err := DefaultNamespaceOptions() + if err != nil { + return nil, err + } + + namespaceOptions := defaultNamespaceOptions namespaceOptions.AddOrReplace(options.NamespaceOptions...) builder := &Builder{ @@ -307,6 +313,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions ProcessLabel: processLabel, MountLabel: mountLabel, DefaultMountsFilePath: options.DefaultMountsFilePath, + Isolation: options.Isolation, NamespaceOptions: namespaceOptions, ConfigureNetwork: options.ConfigureNetwork, CNIPluginPath: options.CNIPluginPath, @@ -321,6 +328,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions DropCapabilities: copyStringSlice(options.DropCapabilities), CommonBuildOpts: options.CommonBuildOpts, TopLayer: topLayer, + Args: options.Args, } if options.Mount { diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go index 4a5deafca..b46e1b491 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go +++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go @@ -119,6 +119,10 @@ var ( Name: "iidfile", Usage: "`file` to write the image ID to", }, + cli.StringFlag{ + Name: "isolation", + Usage: "`type` of process isolation to use", + }, cli.StringSliceFlag{ Name: "label", Usage: "Set metadata for an image (default [])", diff --git a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go index c6bd4665e..26831c7a2 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go +++ b/vendor/github.com/projectatomic/buildah/pkg/parse/parse.go @@ -294,6 +294,7 @@ func SystemContextFromOptions(c *cli.Context) (*types.SystemContext, error) { if c.GlobalIsSet("registries-conf-dir") { ctx.RegistriesDirPath = c.GlobalString("registries-conf-dir") } + ctx.DockerRegistryUserAgent = fmt.Sprintf("Buildah/%s", buildah.Version) return ctx, nil } @@ -529,3 +530,23 @@ func NamespaceOptions(c *cli.Context) (namespaceOptions buildah.NamespaceOptions } return options, policy, nil } + +func defaultIsolation() buildah.Isolation { + isolation := os.Getenv("BUILDAH_ISOLATION") + if strings.HasPrefix(strings.ToLower(isolation), "oci") { + return buildah.IsolationOCI + } + return buildah.IsolationDefault +} + +// IsolationOption parses the --isolation flag. +func IsolationOption(c *cli.Context) (buildah.Isolation, error) { + if c.String("isolation") != "" { + if strings.HasPrefix(strings.ToLower(c.String("isolation")), "oci") { + return buildah.IsolationOCI, nil + } else { + return buildah.IsolationDefault, errors.Errorf("unrecognized isolation type %q", c.String("isolation")) + } + } + return defaultIsolation(), nil +} diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 97d247fdc..e111c5207 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -21,7 +21,6 @@ import ( "github.com/containernetworking/cni/libcni" "github.com/containers/storage/pkg/ioutils" "github.com/containers/storage/pkg/reexec" - "github.com/docker/docker/profiles/seccomp" units "github.com/docker/go-units" digest "github.com/opencontainers/go-digest" "github.com/opencontainers/runtime-spec/specs-go" @@ -103,10 +102,34 @@ type IDMappingOptions struct { GIDMap []specs.LinuxIDMapping } +// Isolation provides a way to specify whether we're supposed to use a proper +// OCI runtime, or some other method for running commands. +type Isolation int + +const ( + // IsolationDefault is whatever we think will work best. + IsolationDefault Isolation = iota + // IsolationOCI is a proper OCI runtime. + IsolationOCI +) + +// String converts a Isolation into a string. +func (i Isolation) String() string { + switch i { + case IsolationDefault: + return "IsolationDefault" + case IsolationOCI: + return "IsolationOCI" + } + return fmt.Sprintf("unrecognized isolation type %d", i) +} + // RunOptions can be used to alter how a command is run in the container. type RunOptions struct { // Hostname is the hostname we set for the running container. Hostname string + // Isolation is either IsolationDefault or IsolationOCI. + Isolation Isolation // Runtime is the name of the command to run. It should accept the same arguments // that runc does, and produce similar output. Runtime string @@ -167,7 +190,7 @@ type RunOptions struct { // DefaultNamespaceOptions returns the default namespace settings from the // runtime-tools generator library. -func DefaultNamespaceOptions() NamespaceOptions { +func DefaultNamespaceOptions() (NamespaceOptions, error) { options := NamespaceOptions{ {Name: string(specs.CgroupNamespace), Host: true}, {Name: string(specs.IPCNamespace), Host: true}, @@ -177,8 +200,11 @@ func DefaultNamespaceOptions() NamespaceOptions { {Name: string(specs.UserNamespace), Host: true}, {Name: string(specs.UTSNamespace), Host: true}, } - g := generate.New() - spec := g.Spec() + g, err := generate.New("linux") + if err != nil { + return options, err + } + spec := g.Config if spec.Linux != nil { for _, ns := range spec.Linux.Namespaces { options.AddOrReplace(NamespaceOption{ @@ -187,7 +213,7 @@ func DefaultNamespaceOptions() NamespaceOptions { }) } } - return options + return options, nil } // Find the configuration for the namespace of the given type. If there are @@ -658,30 +684,6 @@ func setupCapabilities(g *generate.Generator, firstAdds, firstDrops, secondAdds, return nil } -func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error { - switch seccompProfilePath { - case "unconfined": - spec.Linux.Seccomp = nil - case "": - seccompConfig, err := seccomp.GetDefaultProfile(spec) - if err != nil { - return errors.Wrapf(err, "loading default seccomp profile failed") - } - spec.Linux.Seccomp = seccompConfig - default: - seccompProfile, err := ioutil.ReadFile(seccompProfilePath) - if err != nil { - return errors.Wrapf(err, "opening seccomp profile (%s) failed", seccompProfilePath) - } - seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), spec) - if err != nil { - return errors.Wrapf(err, "loading seccomp profile (%s) failed", seccompProfilePath) - } - spec.Linux.Seccomp = seccompConfig - } - return nil -} - func setupApparmor(spec *specs.Spec, apparmorProfile string) error { spec.Process.ApparmorProfile = apparmorProfile return nil @@ -795,6 +797,53 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i return configureNetwork, configureNetworks, configureUTS, nil } +// Search for a command that isn't given as an absolute path using the $PATH +// under the rootfs. We can't resolve absolute symbolic links without +// chroot()ing, which we may not be able to do, so just accept a link as a +// valid resolution. +func runLookupPath(g *generate.Generator, command []string) []string { + // Look for the configured $PATH. + spec := g.Spec() + envPath := "" + for i := range spec.Process.Env { + if strings.HasPrefix(spec.Process.Env[i], "PATH=") { + envPath = spec.Process.Env[i] + } + } + // If there is no configured $PATH, supply one. + if envPath == "" { + defaultPath := "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" + envPath = "PATH=" + defaultPath + g.AddProcessEnv("PATH", defaultPath) + } + // No command, nothing to do. + if len(command) == 0 { + return command + } + // Command is already an absolute path, use it as-is. + if filepath.IsAbs(command[0]) { + return command + } + // For each element in the PATH, + for _, pathEntry := range filepath.SplitList(envPath[5:]) { + // if it's the empty string, it's ".", which is the Cwd, + if pathEntry == "" { + pathEntry = spec.Process.Cwd + } + // build the absolute path which it might be, + candidate := filepath.Join(pathEntry, command[0]) + // check if it's there, + if fi, err := os.Lstat(filepath.Join(spec.Root.Path, candidate)); fi != nil && err == nil { + // and if it's not a directory, and either a symlink or executable, + if !fi.IsDir() && ((fi.Mode()&os.ModeSymlink != 0) || (fi.Mode()&0111 != 0)) { + // use that. + return append([]string{candidate}, command[1:]...) + } + } + } + return command +} + // Run runs the specified command in the container's root filesystem. func (b *Builder) Run(command []string, options RunOptions) error { var user specs.User @@ -814,9 +863,14 @@ func (b *Builder) Run(command []string, options RunOptions) error { logrus.Errorf("error removing %q: %v", path, err2) } }() - gp := generate.New() + gp, err := generate.New("linux") + if err != nil { + return err + } + g := &gp + g.ClearProcessEnv() for _, envSpec := range append(b.Env(), options.Env...) { env := strings.SplitN(envSpec, "=", 2) if len(env) > 1 { @@ -824,6 +878,10 @@ func (b *Builder) Run(command []string, options RunOptions) error { } } + for src, dest := range b.Args { + g.AddProcessEnv(src, dest) + } + if b.CommonBuildOpts == nil { return errors.Errorf("Invalid format on container you must recreate the container") } @@ -832,11 +890,6 @@ func (b *Builder) Run(command []string, options RunOptions) error { return err } - if len(command) > 0 { - g.SetProcessArgs(command) - } else { - g.SetProcessArgs(nil) - } if options.WorkingDir != "" { g.SetProcessCwd(options.WorkingDir) } else if b.WorkDir() != "" { @@ -853,15 +906,25 @@ func (b *Builder) Run(command []string, options RunOptions) error { logrus.Errorf("error unmounting container: %v", err2) } }() + g.SetRootPath(mountPoint) + if len(command) > 0 { + command = runLookupPath(g, command) + g.SetProcessArgs(command) + } else { + g.SetProcessArgs(nil) + } setupMaskedPaths(g) setupReadOnlyPaths(g) - g.SetRootPath(mountPoint) - setupTerminal(g, options.Terminal, options.TerminalSize) - namespaceOptions := DefaultNamespaceOptions() + defaultNamespaceOptions, err := DefaultNamespaceOptions() + if err != nil { + return err + } + + namespaceOptions := defaultNamespaceOptions namespaceOptions.AddOrReplace(b.NamespaceOptions...) namespaceOptions.AddOrReplace(options.NamespaceOptions...) @@ -967,7 +1030,20 @@ func (b *Builder) Run(command []string, options RunOptions) error { } } - return b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + isolation := options.Isolation + if isolation == IsolationDefault { + isolation = b.Isolation + if isolation == IsolationDefault { + isolation = IsolationOCI + } + } + switch isolation { + case IsolationOCI: + err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + default: + err = errors.Errorf("don't know how to run this command") + } + return err } type runUsingRuntimeSubprocOptions struct { diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index 7fb20cd61..de5f3e6e6 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -1,3 +1,4 @@ +github.com/Azure/go-ansiterm master github.com/blang/semver master github.com/BurntSushi/toml master github.com/containerd/continuity master @@ -23,6 +24,8 @@ github.com/hashicorp/go-multierror master github.com/imdario/mergo master github.com/mattn/go-runewidth master github.com/mattn/go-shellwords master +github.com/Microsoft/go-winio master +github.com/Microsoft/hcsshim master github.com/mistifyio/go-zfs master github.com/moby/moby f8806b18b4b92c5e1980f6e11c917fad201cd73c github.com/mtrmac/gpgme master @@ -32,7 +35,7 @@ github.com/opencontainers/image-spec v1.0.0 github.com/opencontainers/runc master github.com/opencontainers/runtime-spec v1.0.0 github.com/opencontainers/runtime-tools master -github.com/opencontainers/selinux 6ccd0b50d53ae771fe5259ff7a4039110777aa2d +github.com/opencontainers/selinux 3b2399ec5682aea5c9160d44fa53387d7e65ccf5 github.com/openshift/imagebuilder master github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master |