summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/containers/storage/containers.go16
-rw-r--r--vendor/github.com/containers/storage/drivers/aufs/aufs.go4
-rw-r--r--vendor/github.com/containers/storage/drivers/btrfs/btrfs.go2
-rw-r--r--vendor/github.com/containers/storage/drivers/chown.go5
-rw-r--r--vendor/github.com/containers/storage/drivers/devmapper/driver.go4
-rw-r--r--vendor/github.com/containers/storage/drivers/driver.go11
-rw-r--r--vendor/github.com/containers/storage/drivers/fsdiff.go27
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go17
-rw-r--r--vendor/github.com/containers/storage/drivers/vfs/driver.go4
-rw-r--r--vendor/github.com/containers/storage/drivers/windows/windows.go6
-rw-r--r--vendor/github.com/containers/storage/drivers/zfs/zfs.go8
-rw-r--r--vendor/github.com/containers/storage/layers.go39
-rw-r--r--vendor/github.com/containers/storage/pkg/archive/example_changes.go97
-rw-r--r--vendor/github.com/containers/storage/store.go45
-rw-r--r--vendor/github.com/containers/storage/vendor.conf2
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label.go5
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go14
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go7
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go5
19 files changed, 268 insertions, 50 deletions
diff --git a/vendor/github.com/containers/storage/containers.go b/vendor/github.com/containers/storage/containers.go
index f87ea15be..0a125331d 100644
--- a/vendor/github.com/containers/storage/containers.go
+++ b/vendor/github.com/containers/storage/containers.go
@@ -133,6 +133,20 @@ func copyContainer(c *Container) *Container {
}
}
+func (c *Container) MountLabel() string {
+ if label, ok := c.Flags["MountLabel"].(string); ok {
+ return label
+ }
+ return ""
+}
+
+func (c *Container) ProcessLabel() string {
+ if label, ok := c.Flags["ProcessLabel"].(string); ok {
+ return label
+ }
+ return ""
+}
+
func (r *containerStore) Containers() ([]Container, error) {
containers := make([]Container, len(r.containers))
for i := range r.containers {
@@ -297,7 +311,7 @@ func (r *containerStore) Create(id string, names []string, image, layer, metadat
BigDataSizes: make(map[string]int64),
BigDataDigests: make(map[string]digest.Digest),
Created: time.Now().UTC(),
- Flags: make(map[string]interface{}),
+ Flags: copyStringInterfaceMap(options.Flags),
UIDMap: copyIDMap(options.UIDMap),
GIDMap: copyIDMap(options.GIDMap),
}
diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
index bee4a598e..f14ba24b9 100644
--- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go
+++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go
@@ -416,7 +416,7 @@ func atomicRemove(source string) error {
// Get returns the rootfs path for the id.
// This will mount the dir at its given path
-func (a *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (a *Driver) Get(id string, options graphdriver.MountOpts) (string, error) {
a.locker.Lock(id)
defer a.locker.Unlock(id)
parents, err := a.getParentLayerPaths(id)
@@ -441,7 +441,7 @@ func (a *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s
// If a dir does not have a parent ( no layers )do not try to mount
// just return the diff path to the data
if len(parents) > 0 {
- if err := a.mount(id, m, mountLabel, parents); err != nil {
+ if err := a.mount(id, m, options.MountLabel, parents); err != nil {
return "", err
}
}
diff --git a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
index 2dd81b0c0..adc34d209 100644
--- a/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
+++ b/vendor/github.com/containers/storage/drivers/btrfs/btrfs.go
@@ -634,7 +634,7 @@ func (d *Driver) Remove(id string) error {
}
// Get the requested filesystem id.
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) {
dir := d.subvolumesDirID(id)
st, err := os.Stat(dir)
if err != nil {
diff --git a/vendor/github.com/containers/storage/drivers/chown.go b/vendor/github.com/containers/storage/drivers/chown.go
index 168bb7e34..4d4011ee0 100644
--- a/vendor/github.com/containers/storage/drivers/chown.go
+++ b/vendor/github.com/containers/storage/drivers/chown.go
@@ -114,7 +114,10 @@ func NewNaiveLayerIDMapUpdater(driver ProtoDriver) LayerIDMapUpdater {
// same "container" IDs.
func (n *naiveLayerIDMapUpdater) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error {
driver := n.ProtoDriver
- layerFs, err := driver.Get(id, mountLabel, nil, nil)
+ options := MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := driver.Get(id, options)
if err != nil {
return err
}
diff --git a/vendor/github.com/containers/storage/drivers/devmapper/driver.go b/vendor/github.com/containers/storage/drivers/devmapper/driver.go
index 4aaca6508..9fc082d7d 100644
--- a/vendor/github.com/containers/storage/drivers/devmapper/driver.go
+++ b/vendor/github.com/containers/storage/drivers/devmapper/driver.go
@@ -163,7 +163,7 @@ func (d *Driver) Remove(id string) error {
}
// Get mounts a device with given id into the root filesystem
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) {
d.locker.Lock(id)
defer d.locker.Unlock(id)
mp := path.Join(d.home, "mnt", id)
@@ -189,7 +189,7 @@ func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s
}
// Mount the device
- if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil {
+ if err := d.DeviceSet.MountDevice(id, mp, options.MountLabel); err != nil {
d.ctr.Decrement(mp)
return "", err
}
diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go
index 40b911ab7..4569c7b59 100644
--- a/vendor/github.com/containers/storage/drivers/driver.go
+++ b/vendor/github.com/containers/storage/drivers/driver.go
@@ -42,6 +42,15 @@ type CreateOpts struct {
StorageOpt map[string]string
}
+// MountOpts contains optional arguments for LayerStope.Mount() methods.
+type MountOpts struct {
+ // Mount label is the MAC Labels to assign to mount point (SELINUX)
+ MountLabel string
+ // UidMaps & GidMaps are the User Namespace mappings to be assigned to content in the mount point
+ UidMaps []idtools.IDMap
+ GidMaps []idtools.IDMap
+}
+
// InitFunc initializes the storage driver.
type InitFunc func(root string, options []string, uidMaps, gidMaps []idtools.IDMap) (Driver, error)
@@ -68,7 +77,7 @@ type ProtoDriver interface {
// to by this id. You can optionally specify a mountLabel or "".
// Optionally it gets the mappings used to create the layer.
// Returns the absolute path to the mounted layered filesystem.
- Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (dir string, err error)
+ Get(id string, options MountOpts) (dir string, err error)
// Put releases the system resources for the specified id,
// e.g, unmounting layered filesystem.
Put(id string) error
diff --git a/vendor/github.com/containers/storage/drivers/fsdiff.go b/vendor/github.com/containers/storage/drivers/fsdiff.go
index 64541e269..19da7d101 100644
--- a/vendor/github.com/containers/storage/drivers/fsdiff.go
+++ b/vendor/github.com/containers/storage/drivers/fsdiff.go
@@ -51,7 +51,10 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare
parentMappings = &idtools.IDMappings{}
}
- layerFs, err := driver.Get(id, mountLabel, nil, nil)
+ options := MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := driver.Get(id, options)
if err != nil {
return nil, err
}
@@ -78,7 +81,7 @@ func (gdw *NaiveDiffDriver) Diff(id string, idMappings *idtools.IDMappings, pare
}), nil
}
- parentFs, err := driver.Get(parent, mountLabel, nil, nil)
+ parentFs, err := driver.Get(parent, options)
if err != nil {
return nil, err
}
@@ -119,7 +122,10 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p
parentMappings = &idtools.IDMappings{}
}
- layerFs, err := driver.Get(id, mountLabel, nil, nil)
+ options := MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := driver.Get(id, options)
if err != nil {
return nil, err
}
@@ -128,7 +134,10 @@ func (gdw *NaiveDiffDriver) Changes(id string, idMappings *idtools.IDMappings, p
parentFs := ""
if parent != "" {
- parentFs, err = driver.Get(parent, mountLabel, nil, nil)
+ options := MountOpts{
+ MountLabel: mountLabel,
+ }
+ parentFs, err = driver.Get(parent, options)
if err != nil {
return nil, err
}
@@ -149,7 +158,10 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id string, applyMappings *idtools.IDMappin
}
// Mount the root filesystem so we can apply the diff/layer.
- layerFs, err := driver.Get(id, mountLabel, nil, nil)
+ mountOpts := MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := driver.Get(id, mountOpts)
if err != nil {
return
}
@@ -189,7 +201,10 @@ func (gdw *NaiveDiffDriver) DiffSize(id string, idMappings *idtools.IDMappings,
return
}
- layerFs, err := driver.Get(id, mountLabel, nil, nil)
+ options := MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := driver.Get(id, options)
if err != nil {
return
}
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 323d7c274..66ccc6a63 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -642,11 +642,11 @@ func (d *Driver) Remove(id string) error {
}
// Get creates and mounts the required file system for the given id and returns the mount path.
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) {
- return d.get(id, mountLabel, false, uidMaps, gidMaps)
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) {
+ return d.get(id, false, options)
}
-func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMaps []idtools.IDMap) (_ string, retErr error) {
+func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountOpts) (_ string, retErr error) {
d.locker.Lock(id)
defer d.locker.Unlock(id)
dir := d.dir(id)
@@ -740,7 +740,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa
if d.options.mountOptions != "" {
opts = fmt.Sprintf("%s,%s", d.options.mountOptions, opts)
}
- mountData := label.FormatMountLabel(opts, mountLabel)
+ mountData := label.FormatMountLabel(opts, options.MountLabel)
mountFunc := unix.Mount
mountTarget := mergedDir
@@ -753,7 +753,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa
if d.options.mountProgram != "" {
mountFunc = func(source string, target string, mType string, flags uintptr, label string) error {
if !disableShifting {
- label = d.optsAppendMappings(label, uidMaps, gidMaps)
+ label = d.optsAppendMappings(label, options.UidMaps, options.GidMaps)
}
mountProgram := exec.Command(d.options.mountProgram, "-o", label, target)
@@ -763,7 +763,7 @@ func (d *Driver) get(id, mountLabel string, disableShifting bool, uidMaps, gidMa
} else if len(mountData) > pageSize {
//FIXME: We need to figure out to get this to work with additional stores
opts = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", strings.Join(relLowers, ":"), path.Join(id, "diff"), path.Join(id, "work"))
- mountData = label.FormatMountLabel(opts, mountLabel)
+ mountData = label.FormatMountLabel(opts, options.MountLabel)
if len(mountData) > pageSize {
return "", fmt.Errorf("cannot mount layer, mount label too large %d", len(mountData))
}
@@ -952,7 +952,10 @@ func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMapp
}
// Mount the new layer and handle ownership changes and possible copy_ups in it.
- layerFs, err := d.get(id, mountLabel, true, nil, nil)
+ options := graphdriver.MountOpts{
+ MountLabel: mountLabel,
+ }
+ layerFs, err := d.get(id, true, options)
if err != nil {
return err
}
diff --git a/vendor/github.com/containers/storage/drivers/vfs/driver.go b/vendor/github.com/containers/storage/drivers/vfs/driver.go
index 115afb814..d10fb2607 100644
--- a/vendor/github.com/containers/storage/drivers/vfs/driver.go
+++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go
@@ -137,7 +137,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts, ro bool
label.SetFileLabel(dir, mountLabel)
}
if parent != "" {
- parentDir, err := d.Get(parent, "", nil, nil)
+ parentDir, err := d.Get(parent, graphdriver.MountOpts{})
if err != nil {
return fmt.Errorf("%s: %s", parent, err)
}
@@ -179,7 +179,7 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the directory for the given id.
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (_ string, retErr error) {
dir := d.dir(id)
if st, err := os.Stat(dir); err != nil {
return "", err
diff --git a/vendor/github.com/containers/storage/drivers/windows/windows.go b/vendor/github.com/containers/storage/drivers/windows/windows.go
index 9d9aac701..4ccf657dc 100644
--- a/vendor/github.com/containers/storage/drivers/windows/windows.go
+++ b/vendor/github.com/containers/storage/drivers/windows/windows.go
@@ -362,9 +362,9 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the rootfs path for the id. This will mount the dir at its given path.
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) {
panicIfUsedByLcow()
- logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, mountLabel)
+ logrus.Debugf("WindowsGraphDriver Get() id %s mountLabel %s", id, options.MountLabel)
var dir string
rID, err := d.resolveID(id)
@@ -620,7 +620,7 @@ func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent stri
return
}
- layerFs, err := d.Get(id, "", nil, nil)
+ layerFs, err := d.Get(id, graphdriver.MountOpts{})
if err != nil {
return
}
diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
index b8ae59a61..cb4424f2d 100644
--- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go
+++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go
@@ -360,15 +360,15 @@ func (d *Driver) Remove(id string) error {
}
// Get returns the mountpoint for the given id after creating the target directories if necessary.
-func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (d *Driver) Get(id string, options graphdriver.MountOpts) (string, error) {
mountpoint := d.mountPath(id)
if count := d.ctr.Increment(mountpoint); count > 1 {
return mountpoint, nil
}
filesystem := d.zfsPath(id)
- options := label.FormatMountLabel(d.options.mountOptions, mountLabel)
- logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, options)
+ opts := label.FormatMountLabel(d.options.mountOptions, options.MountLabel)
+ logrus.Debugf(`[zfs] mount("%s", "%s", "%s")`, filesystem, mountpoint, opts)
rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
if err != nil {
@@ -381,7 +381,7 @@ func (d *Driver) Get(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (s
return "", err
}
- if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil {
+ if err := mount.Mount(filesystem, mountpoint, "zfs", opts); err != nil {
d.ctr.Decrement(mountpoint)
return "", fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
}
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index fe263ba63..1275ab47c 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -21,6 +21,7 @@ import (
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/truncindex"
digest "github.com/opencontainers/go-digest"
+ "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/vbatts/tar-split/tar/asm"
"github.com/vbatts/tar-split/tar/storage"
@@ -210,7 +211,7 @@ type LayerStore interface {
// layers, it should not be written to. An SELinux label to be applied to the
// mount can be specified to override the one configured for the layer.
// The mappings used by the container can be specified.
- Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error)
+ Mount(id string, options drivers.MountOpts) (string, error)
// Unmount unmounts a layer when it is no longer in use.
Unmount(id string, force bool) (bool, error)
@@ -294,6 +295,9 @@ func (r *layerStore) Load() error {
mounts := make(map[string]*Layer)
compressedsums := make(map[digest.Digest][]string)
uncompressedsums := make(map[digest.Digest][]string)
+ if r.lockfile.IsReadWrite() {
+ label.ClearLabels()
+ }
if err = json.Unmarshal(data, &layers); len(data) == 0 || err == nil {
idlist = make([]string, 0, len(layers))
for n, layer := range layers {
@@ -312,6 +316,9 @@ func (r *layerStore) Load() error {
if layer.UncompressedDigest != "" {
uncompressedsums[layer.UncompressedDigest] = append(uncompressedsums[layer.UncompressedDigest], layer.ID)
}
+ if layer.MountLabel != "" {
+ label.ReserveLabel(layer.MountLabel)
+ }
}
}
if shouldSave && !r.IsReadWrite() {
@@ -552,6 +559,9 @@ func (r *layerStore) Put(id string, parentLayer *Layer, names []string, mountLab
} else {
parentMappings = &idtools.IDMappings{}
}
+ if mountLabel != "" {
+ label.ReserveLabel(mountLabel)
+ }
idMappings := idtools.NewIDMappingsFromMaps(moreOptions.UIDMap, moreOptions.GIDMap)
opts := drivers.CreateOpts{
MountLabel: mountLabel,
@@ -649,7 +659,7 @@ func (r *layerStore) Mounted(id string) (int, error) {
return layer.MountCount, nil
}
-func (r *layerStore) Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDMap) (string, error) {
+func (r *layerStore) Mount(id string, options drivers.MountOpts) (string, error) {
if !r.IsReadWrite() {
return "", errors.Wrapf(ErrStoreIsReadOnly, "not allowed to update mount locations for layers at %q", r.mountspath())
}
@@ -661,16 +671,16 @@ func (r *layerStore) Mount(id, mountLabel string, uidMaps, gidMaps []idtools.IDM
layer.MountCount++
return layer.MountPoint, r.Save()
}
- if mountLabel == "" {
- mountLabel = layer.MountLabel
+ if options.MountLabel == "" {
+ options.MountLabel = layer.MountLabel
}
- if (uidMaps != nil || gidMaps != nil) && !r.driver.SupportsShifting() {
- if !reflect.DeepEqual(uidMaps, layer.UIDMap) || !reflect.DeepEqual(gidMaps, layer.GIDMap) {
+ if (options.UidMaps != nil || options.GidMaps != nil) && !r.driver.SupportsShifting() {
+ if !reflect.DeepEqual(options.UidMaps, layer.UIDMap) || !reflect.DeepEqual(options.GidMaps, layer.GIDMap) {
return "", fmt.Errorf("cannot mount layer %v: shifting not enabled", layer.ID)
}
}
- mountpoint, err := r.driver.Get(id, mountLabel, uidMaps, gidMaps)
+ mountpoint, err := r.driver.Get(id, options)
if mountpoint != "" && err == nil {
if layer.MountPoint != "" {
delete(r.bymount, layer.MountPoint)
@@ -839,6 +849,7 @@ func (r *layerStore) Delete(id string) error {
os.Remove(r.tspath(id))
delete(r.byid, id)
r.idindex.Delete(id)
+ mountLabel := layer.MountLabel
if layer.MountPoint != "" {
delete(r.bymount, layer.MountPoint)
}
@@ -857,6 +868,18 @@ func (r *layerStore) Delete(id string) error {
r.layers = append(r.layers[:toDeleteIndex], r.layers[toDeleteIndex+1:]...)
}
}
+ if mountLabel != "" {
+ var found bool
+ for _, candidate := range r.layers {
+ if candidate.MountLabel == mountLabel {
+ found = true
+ break
+ }
+ }
+ if !found {
+ label.ReleaseLabel(mountLabel)
+ }
+ }
if err = r.Save(); err != nil {
return err
}
@@ -957,7 +980,7 @@ func (r *layerStore) newFileGetter(id string) (drivers.FileGetCloser, error) {
if getter, ok := r.driver.(drivers.DiffGetterDriver); ok {
return getter.DiffGetter(id)
}
- path, err := r.Mount(id, "", nil, nil)
+ path, err := r.Mount(id, drivers.MountOpts{})
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/storage/pkg/archive/example_changes.go b/vendor/github.com/containers/storage/pkg/archive/example_changes.go
new file mode 100644
index 000000000..70f9c5564
--- /dev/null
+++ b/vendor/github.com/containers/storage/pkg/archive/example_changes.go
@@ -0,0 +1,97 @@
+// +build ignore
+
+// Simple tool to create an archive stream from an old and new directory
+//
+// By default it will stream the comparison of two temporary directories with junk files
+package main
+
+import (
+ "flag"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "os"
+ "path"
+
+ "github.com/containers/storage/pkg/archive"
+ "github.com/sirupsen/logrus"
+)
+
+var (
+ flDebug = flag.Bool("D", false, "debugging output")
+ flNewDir = flag.String("newdir", "", "")
+ flOldDir = flag.String("olddir", "", "")
+ log = logrus.New()
+)
+
+func main() {
+ flag.Usage = func() {
+ fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)")
+ fmt.Printf("%s [OPTIONS]\n", os.Args[0])
+ flag.PrintDefaults()
+ }
+ flag.Parse()
+ log.Out = os.Stderr
+ if (len(os.Getenv("DEBUG")) > 0) || *flDebug {
+ logrus.SetLevel(logrus.DebugLevel)
+ }
+ var newDir, oldDir string
+
+ if len(*flNewDir) == 0 {
+ var err error
+ newDir, err = ioutil.TempDir("", "storage-test-newDir")
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer os.RemoveAll(newDir)
+ if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil {
+ log.Fatal(err)
+ }
+ } else {
+ newDir = *flNewDir
+ }
+
+ if len(*flOldDir) == 0 {
+ oldDir, err := ioutil.TempDir("", "storage-test-oldDir")
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer os.RemoveAll(oldDir)
+ } else {
+ oldDir = *flOldDir
+ }
+
+ changes, err := archive.ChangesDirs(newDir, oldDir)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ a, err := archive.ExportChanges(newDir, changes)
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer a.Close()
+
+ i, err := io.Copy(os.Stdout, a)
+ if err != nil && err != io.EOF {
+ log.Fatal(err)
+ }
+ fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i)
+}
+
+func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) {
+ fileData := []byte("fooo")
+ for n := 0; n < numberOfFiles; n++ {
+ fileName := fmt.Sprintf("file-%d", n)
+ if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil {
+ return 0, err
+ }
+ if makeLinks {
+ if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil {
+ return 0, err
+ }
+ }
+ }
+ totalSize := numberOfFiles * len(fileData)
+ return totalSize, nil
+}
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index 94cf1f0a7..7eaa82910 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -25,6 +25,7 @@ import (
"github.com/containers/storage/pkg/stringid"
"github.com/containers/storage/pkg/stringutils"
digest "github.com/opencontainers/go-digest"
+ "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
)
@@ -251,6 +252,8 @@ type Store interface {
// Mount attempts to mount a layer, image, or container for access, and
// returns the pathname if it succeeds.
+ // Note if the mountLabel == "", the default label for the container
+ // will be used.
//
// Note that we do some of this work in a child process. The calling
// process's main() function needs to import our pkg/reexec package and
@@ -497,6 +500,8 @@ type ContainerOptions struct {
// container's layer will inherit settings from the image's top layer
// or, if it is not being created based on an image, the Store object.
IDMappingOptions
+ LabelOpts []string
+ Flags map[string]interface{}
}
type store struct {
@@ -1175,7 +1180,26 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
},
}
}
- clayer, err := rlstore.Create(layer, imageTopLayer, nil, "", nil, layerOptions, true)
+ if options.Flags == nil {
+ options.Flags = make(map[string]interface{})
+ }
+ plabel, _ := options.Flags["ProcessLabel"].(string)
+ mlabel, _ := options.Flags["MountLabel"].(string)
+ if (plabel == "" && mlabel != "") ||
+ (plabel != "" && mlabel == "") {
+ return nil, errors.Errorf("ProcessLabel and Mountlabel must either not be specified or both specified")
+ }
+
+ if plabel == "" {
+ processLabel, mountLabel, err := label.InitLabels(options.LabelOpts)
+ if err != nil {
+ return nil, err
+ }
+ options.Flags["ProcessLabel"] = processLabel
+ options.Flags["MountLabel"] = mountLabel
+ }
+
+ clayer, err := rlstore.Create(layer, imageTopLayer, nil, options.Flags["MountLabel"].(string), nil, layerOptions, true)
if err != nil {
return nil, err
}
@@ -1189,13 +1213,11 @@ func (s *store) CreateContainer(id string, names []string, image, layer, metadat
if modified, err := rcstore.Modified(); modified || err != nil {
rcstore.Load()
}
- options = &ContainerOptions{
- IDMappingOptions: IDMappingOptions{
- HostUIDMapping: len(options.UIDMap) == 0,
- HostGIDMapping: len(options.GIDMap) == 0,
- UIDMap: copyIDMap(options.UIDMap),
- GIDMap: copyIDMap(options.GIDMap),
- },
+ options.IDMappingOptions = IDMappingOptions{
+ HostUIDMapping: len(options.UIDMap) == 0,
+ HostGIDMapping: len(options.GIDMap) == 0,
+ UIDMap: copyIDMap(options.UIDMap),
+ GIDMap: copyIDMap(options.GIDMap),
}
container, err := rcstore.Create(id, names, imageID, layer, metadata, options)
if err != nil || container == nil {
@@ -2273,7 +2295,12 @@ func (s *store) Mount(id, mountLabel string) (string, error) {
rlstore.Load()
}
if rlstore.Exists(id) {
- return rlstore.Mount(id, mountLabel, uidMap, gidMap)
+ options := drivers.MountOpts{
+ MountLabel: mountLabel,
+ UidMaps: uidMap,
+ GidMaps: gidMap,
+ }
+ return rlstore.Mount(id, options)
}
return "", ErrLayerUnknown
}
diff --git a/vendor/github.com/containers/storage/vendor.conf b/vendor/github.com/containers/storage/vendor.conf
index c0498a02d..2276d5531 100644
--- a/vendor/github.com/containers/storage/vendor.conf
+++ b/vendor/github.com/containers/storage/vendor.conf
@@ -8,7 +8,7 @@ github.com/mattn/go-shellwords 753a2322a99f87c0eff284980e77f53041555bc6
github.com/mistifyio/go-zfs c0224de804d438efd11ea6e52ada8014537d6062
github.com/opencontainers/go-digest master
github.com/opencontainers/runc 6c22e77604689db8725fa866f0f2ec0b3e8c3a07
-github.com/opencontainers/selinux ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d
+github.com/opencontainers/selinux 36a9bc45a08c85f2c52bd9eb32e20267876773bd
github.com/pborman/uuid 1b00554d822231195d1babd97ff4a781231955c9
github.com/pkg/errors master
github.com/pmezard/go-difflib v1.0.0
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
index 6cfc5fded..2a31cd3c5 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
@@ -48,6 +48,11 @@ func GetPidLabel(pid int) (string, error) {
func Init() {
}
+// ClearLabels clears all reserved labels
+func ClearLabels() {
+ return
+}
+
func ReserveLabel(label string) error {
return nil
}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
index f0a055b87..63c4edd05 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -24,17 +24,22 @@ var ErrIncompatibleLabel = fmt.Errorf("Bad SELinux option z and Z can not be use
// the container. A list of options can be passed into this function to alter
// the labels. The labels returned will include a random MCS String, that is
// guaranteed to be unique.
-func InitLabels(options []string) (string, string, error) {
+func InitLabels(options []string) (plabel string, mlabel string, Err error) {
if !selinux.GetEnabled() {
return "", "", nil
}
processLabel, mountLabel := selinux.ContainerLabels()
if processLabel != "" {
+ defer func() {
+ if Err != nil {
+ ReleaseLabel(mountLabel)
+ }
+ }()
pcon := selinux.NewContext(processLabel)
mcon := selinux.NewContext(mountLabel)
for _, opt := range options {
if opt == "disable" {
- return "", "", nil
+ return "", mountLabel, nil
}
if i := strings.Index(opt, ":"); i == -1 {
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
@@ -156,6 +161,11 @@ func Init() {
selinux.GetEnabled()
}
+// ClearLabels will clear all reserved labels
+func ClearLabels() {
+ selinux.ClearLabels()
+}
+
// ReserveLabel will record the fact that the MCS label has already been used.
// This will prevent InitLabels from using the MCS label in a newly created
// container
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 5dc09a51e..2cd54eac1 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -409,6 +409,13 @@ func NewContext(label string) Context {
return c
}
+// ClearLabels clears all reserved labels
+func ClearLabels() {
+ state.Lock()
+ state.mcsList = make(map[string]bool)
+ state.Unlock()
+}
+
// ReserveLabel reserves the MLS/MCS level component of the specified label
func ReserveLabel(label string) {
if len(label) != 0 {
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index 4dbfd83ed..5abf8a362 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -107,6 +107,11 @@ func NewContext(label string) Context {
return c
}
+// ClearLabels clears all reserved MLS/MCS levels
+func ClearLabels() {
+ return
+}
+
// ReserveLabel reserves the MLS/MCS level component of the specified label
func ReserveLabel(label string) {
return