summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/containers/common/libimage/events.go27
-rw-r--r--vendor/github.com/containers/common/libimage/image.go17
-rw-r--r--vendor/github.com/containers/common/libimage/image_tree.go61
-rw-r--r--vendor/github.com/containers/common/libimage/layer_tree.go2
-rw-r--r--vendor/github.com/containers/common/libimage/load.go5
-rw-r--r--vendor/github.com/containers/common/libimage/manifest_list.go5
-rw-r--r--vendor/github.com/containers/common/libimage/pull.go45
-rw-r--r--vendor/github.com/containers/common/libimage/push.go7
-rw-r--r--vendor/github.com/containers/common/libimage/runtime.go20
-rw-r--r--vendor/github.com/containers/common/libimage/save.go14
-rw-r--r--vendor/github.com/containers/common/libimage/search.go14
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go8
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf10
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go6
-rw-r--r--vendor/github.com/containers/common/pkg/filters/filters.go2
-rw-r--r--vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go2
-rw-r--r--vendor/github.com/containers/common/pkg/secrets/secrets.go2
-rw-r--r--vendor/github.com/containers/common/pkg/secrets/secretsdb.go2
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/github.com/containers/storage/.cirrus.yml12
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/go.mod8
-rw-r--r--vendor/github.com/containers/storage/go.sum20
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/doc.go4
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go5
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux.go10
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go11
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go2
28 files changed, 227 insertions, 98 deletions
diff --git a/vendor/github.com/containers/common/libimage/events.go b/vendor/github.com/containers/common/libimage/events.go
index bca736c7b..c7733564d 100644
--- a/vendor/github.com/containers/common/libimage/events.go
+++ b/vendor/github.com/containers/common/libimage/events.go
@@ -1,14 +1,18 @@
package libimage
-import "time"
+import (
+ "time"
-// EventType indicates the type of an event. Currrently, there is only one
+ "github.com/sirupsen/logrus"
+)
+
+// EventType indicates the type of an event. Currently, there is only one
// supported type for container image but we may add more (e.g., for manifest
// lists) in the future.
type EventType int
const (
- // EventTypeUnknow is an unitialized EventType.
+ // EventTypeUnknown is an uninitialized EventType.
EventTypeUnknown EventType = iota
// EventTypeImagePull represents an image pull.
EventTypeImagePull
@@ -26,7 +30,7 @@ const (
EventTypeImageUntag
// EventTypeImageMount represents an image being mounted.
EventTypeImageMount
- // EventTypeImageUnmounted represents an image being unmounted.
+ // EventTypeImageUnmount represents an image being unmounted.
EventTypeImageUnmount
)
@@ -41,3 +45,18 @@ type Event struct {
// Type of the event.
Type EventType
}
+
+// writeEvent writes the specified event to the Runtime's event channel. The
+// event is discarded if no event channel has been registered (yet).
+func (r *Runtime) writeEvent(event *Event) {
+ select {
+ case r.eventChannel <- event:
+ // Done
+ case <-time.After(2 * time.Second):
+ // The Runtime's event channel has a buffer of size 100 which
+ // should be enough even under high load. However, we
+ // shouldn't block too long in case the buffer runs full (could
+ // be an honest user error or bug).
+ logrus.Warnf("Discarding libimage event which was not read within 2 seconds: %v", event)
+ }
+}
diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go
index 4728565bb..11abfdee7 100644
--- a/vendor/github.com/containers/common/libimage/image.go
+++ b/vendor/github.com/containers/common/libimage/image.go
@@ -277,6 +277,10 @@ func (i *Image) remove(ctx context.Context, rmMap map[string]*RemoveImageReport,
return errors.Errorf("cannot remove read-only image %q", i.ID())
}
+ if i.runtime.eventChannel != nil {
+ i.runtime.writeEvent(&Event{ID: i.ID(), Name: referencedBy, Time: time.Now(), Type: EventTypeImageRemove})
+ }
+
// Check if already visisted this image.
report, exists := rmMap[i.ID()]
if exists {
@@ -423,6 +427,9 @@ func (i *Image) Tag(name string) error {
}
logrus.Debugf("Tagging image %s with %q", i.ID(), ref.String())
+ if i.runtime.eventChannel != nil {
+ i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageTag})
+ }
newNames := append(i.Names(), ref.String())
if err := i.runtime.store.SetNames(i.ID(), newNames); err != nil {
@@ -454,6 +461,9 @@ func (i *Image) Untag(name string) error {
name = ref.String()
logrus.Debugf("Untagging %q from image %s", ref.String(), i.ID())
+ if i.runtime.eventChannel != nil {
+ i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageUntag})
+ }
removedName := false
newNames := []string{}
@@ -593,6 +603,10 @@ func (i *Image) RepoDigests() ([]string, error) {
// are directly passed down to the containers storage. Returns the fully
// evaluated path to the mount point.
func (i *Image) Mount(ctx context.Context, mountOptions []string, mountLabel string) (string, error) {
+ if i.runtime.eventChannel != nil {
+ i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageMount})
+ }
+
mountPoint, err := i.runtime.store.MountImage(i.ID(), mountOptions, mountLabel)
if err != nil {
return "", err
@@ -634,6 +648,9 @@ func (i *Image) Mountpoint() (string, error) {
// Unmount the image. Use force to ignore the reference counter and forcefully
// unmount.
func (i *Image) Unmount(force bool) error {
+ if i.runtime.eventChannel != nil {
+ i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageUnmount})
+ }
logrus.Debugf("Unmounted image %s", i.ID())
_, err := i.runtime.store.UnmountImage(i.ID(), force)
return err
diff --git a/vendor/github.com/containers/common/libimage/image_tree.go b/vendor/github.com/containers/common/libimage/image_tree.go
index 6583a7007..b8b9cb216 100644
--- a/vendor/github.com/containers/common/libimage/image_tree.go
+++ b/vendor/github.com/containers/common/libimage/image_tree.go
@@ -35,36 +35,45 @@ func (i *Image) Tree(traverseChildren bool) (string, error) {
fmt.Fprintf(sb, "No Image Layers")
}
- tree := gotree.New(sb.String())
-
layerTree, err := i.runtime.layerTree()
if err != nil {
return "", err
}
-
imageNode := layerTree.node(i.TopLayer())
// Traverse the entire tree down to all children.
if traverseChildren {
+ tree := gotree.New(sb.String())
if err := imageTreeTraverseChildren(imageNode, tree); err != nil {
return "", err
}
- } else {
- // Walk all layers of the image and assemlbe their data.
- for parentNode := imageNode; parentNode != nil; parentNode = parentNode.parent {
- if parentNode.layer == nil {
- break // we're done
- }
- var tags string
- repoTags, err := parentNode.repoTags()
- if err != nil {
- return "", err
- }
- if len(repoTags) > 0 {
- tags = fmt.Sprintf(" Top Layer of: %s", repoTags)
- }
- tree.Add(fmt.Sprintf("ID: %s Size: %7v%s", parentNode.layer.ID[:12], units.HumanSizeWithPrecision(float64(parentNode.layer.UncompressedSize), 4), tags))
+ return tree.Print(), nil
+ }
+
+ // Walk all layers of the image and assemlbe their data. Note that the
+ // tree is constructed in reverse order to remain backwards compatible
+ // with Podman.
+ contents := []string{}
+ for parentNode := imageNode; parentNode != nil; parentNode = parentNode.parent {
+ if parentNode.layer == nil {
+ break // we're done
+ }
+ var tags string
+ repoTags, err := parentNode.repoTags()
+ if err != nil {
+ return "", err
+ }
+ if len(repoTags) > 0 {
+ tags = fmt.Sprintf(" Top Layer of: %s", repoTags)
}
+ content := fmt.Sprintf("ID: %s Size: %7v%s", parentNode.layer.ID[:12], units.HumanSizeWithPrecision(float64(parentNode.layer.UncompressedSize), 4), tags)
+ contents = append(contents, content)
+ }
+ contents = append(contents, sb.String())
+
+ tree := gotree.New(contents[len(contents)-1])
+ for i := len(contents) - 2; i >= 0; i-- {
+ tree.Add(contents[i])
}
return tree.Print(), nil
@@ -80,14 +89,22 @@ func imageTreeTraverseChildren(node *layerNode, parent gotree.Tree) error {
tags = fmt.Sprintf(" Top Layer of: %s", repoTags)
}
- newNode := parent.Add(fmt.Sprintf("ID: %s Size: %7v%s", node.layer.ID[:12], units.HumanSizeWithPrecision(float64(node.layer.UncompressedSize), 4), tags))
+ content := fmt.Sprintf("ID: %s Size: %7v%s", node.layer.ID[:12], units.HumanSizeWithPrecision(float64(node.layer.UncompressedSize), 4), tags)
- if len(node.children) <= 1 {
- newNode = parent
+ var newTree gotree.Tree
+ if node.parent == nil || len(node.parent.children) <= 1 {
+ // No parent or no siblings, so we can go linear.
+ parent.Add(content)
+ newTree = parent
+ } else {
+ // Each siblings gets a new tree, so we can branch.
+ newTree = gotree.New(content)
+ parent.AddTree(newTree)
}
+
for i := range node.children {
child := node.children[i]
- if err := imageTreeTraverseChildren(child, newNode); err != nil {
+ if err := imageTreeTraverseChildren(child, newTree); err != nil {
return err
}
}
diff --git a/vendor/github.com/containers/common/libimage/layer_tree.go b/vendor/github.com/containers/common/libimage/layer_tree.go
index 7e0940339..4195b43c0 100644
--- a/vendor/github.com/containers/common/libimage/layer_tree.go
+++ b/vendor/github.com/containers/common/libimage/layer_tree.go
@@ -59,7 +59,7 @@ func (l *layerNode) repoTags() ([]string, error) {
return nil, err
}
for _, tag := range repoTags {
- if _, visted := visitedTags[tag]; visted {
+ if _, visited := visitedTags[tag]; visited {
continue
}
visitedTags[tag] = true
diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go
index c606aca5b..856813356 100644
--- a/vendor/github.com/containers/common/libimage/load.go
+++ b/vendor/github.com/containers/common/libimage/load.go
@@ -4,6 +4,7 @@ import (
"context"
"errors"
"os"
+ "time"
dirTransport "github.com/containers/image/v5/directory"
dockerArchiveTransport "github.com/containers/image/v5/docker/archive"
@@ -23,6 +24,10 @@ type LoadOptions struct {
func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) ([]string, error) {
logrus.Debugf("Loading image from %q", path)
+ if r.eventChannel != nil {
+ r.writeEvent(&Event{ID: "", Name: path, Time: time.Now(), Type: EventTypeImageLoad})
+ }
+
var (
loadedImages []string
loadError error
diff --git a/vendor/github.com/containers/common/libimage/manifest_list.go b/vendor/github.com/containers/common/libimage/manifest_list.go
index 72a2cf55f..f902db5cb 100644
--- a/vendor/github.com/containers/common/libimage/manifest_list.go
+++ b/vendor/github.com/containers/common/libimage/manifest_list.go
@@ -3,6 +3,7 @@ package libimage
import (
"context"
"fmt"
+ "time"
"github.com/containers/common/libimage/manifests"
imageCopy "github.com/containers/image/v5/copy"
@@ -364,6 +365,10 @@ func (m *ManifestList) Push(ctx context.Context, destination string, options *Ma
}
}
+ if m.image.runtime.eventChannel != nil {
+ m.image.runtime.writeEvent(&Event{ID: m.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush})
+ }
+
// NOTE: we're using the logic in copier to create a proper
// types.SystemContext. This prevents us from having an error prone
// code duplicate here.
diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go
index b92a5e15e..f92b4d36c 100644
--- a/vendor/github.com/containers/common/libimage/pull.go
+++ b/vendor/github.com/containers/common/libimage/pull.go
@@ -5,10 +5,10 @@ import (
"fmt"
"io"
"strings"
+ "time"
"github.com/containers/common/pkg/config"
- dirTransport "github.com/containers/image/v5/directory"
- dockerTransport "github.com/containers/image/v5/docker"
+ registryTransport "github.com/containers/image/v5/docker"
dockerArchiveTransport "github.com/containers/image/v5/docker/archive"
"github.com/containers/image/v5/docker/reference"
ociArchiveTransport "github.com/containers/image/v5/oci/archive"
@@ -42,7 +42,7 @@ type PullOptions struct {
// policies (e.g., buildah-bud versus podman-build). Making the pull-policy
// choice explicit is an attempt to prevent silent regressions.
//
-// The errror is storage.ErrImageUnknown iff the pull policy is set to "never"
+// The error is storage.ErrImageUnknown iff the pull policy is set to "never"
// and no local image has been found. This allows for an easier integration
// into some users of this package (e.g., Buildah).
func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullPolicy, options *PullOptions) ([]*Image, error) {
@@ -56,7 +56,7 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
if err != nil {
// If the image clearly refers to a local one, we can look it up directly.
// In fact, we need to since they are not parseable.
- if strings.HasPrefix(name, "sha256:") || (len(name) == 64 && !strings.Contains(name, "/.:@")) {
+ if strings.HasPrefix(name, "sha256:") || (len(name) == 64 && !strings.ContainsAny(name, "/.:@")) {
if pullPolicy == config.PullPolicyAlways {
return nil, errors.Errorf("pull policy is always but image has been referred to by ID (%s)", name)
}
@@ -76,10 +76,14 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
ref = dockerRef
}
- if options.AllTags && ref.Transport().Name() != dockerTransport.Transport.Name() {
+ if options.AllTags && ref.Transport().Name() != registryTransport.Transport.Name() {
return nil, errors.Errorf("pulling all tags is not supported for %s transport", ref.Transport().Name())
}
+ if r.eventChannel != nil {
+ r.writeEvent(&Event{ID: "", Name: name, Time: time.Now(), Type: EventTypeImagePull})
+ }
+
var (
pulledImages []string
pullError error
@@ -88,29 +92,17 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP
// Dispatch the copy operation.
switch ref.Transport().Name() {
- // DOCKER/REGISTRY
- case dockerTransport.Transport.Name():
+ // DOCKER REGISTRY
+ case registryTransport.Transport.Name():
pulledImages, pullError = r.copyFromRegistry(ctx, ref, strings.TrimPrefix(name, "docker://"), pullPolicy, options)
// DOCKER ARCHIVE
case dockerArchiveTransport.Transport.Name():
pulledImages, pullError = r.copyFromDockerArchive(ctx, ref, &options.CopyOptions)
- // OCI
- case ociTransport.Transport.Name():
- pulledImages, pullError = r.copyFromDefault(ctx, ref, &options.CopyOptions)
-
- // OCI ARCHIVE
- case ociArchiveTransport.Transport.Name():
- pulledImages, pullError = r.copyFromDefault(ctx, ref, &options.CopyOptions)
-
- // DIR
- case dirTransport.Transport.Name():
- pulledImages, pullError = r.copyFromDefault(ctx, ref, &options.CopyOptions)
-
- // UNSUPPORTED
+ // ALL OTHER TRANSPORTS
default:
- return nil, errors.Errorf("unsupported transport %q for pulling", ref.Transport().Name())
+ pulledImages, pullError = r.copyFromDefault(ctx, ref, &options.CopyOptions)
}
if pullError != nil {
@@ -162,7 +154,12 @@ func (r *Runtime) copyFromDefault(ctx context.Context, ref types.ImageReference,
imageName = "sha256:" + storageName[1:]
} else {
storageName = manifest.Annotations["org.opencontainers.image.ref.name"]
- imageName = storageName
+ named, err := NormalizeName(storageName)
+ if err != nil {
+ return nil, err
+ }
+ imageName = named.String()
+ storageName = imageName
}
default:
@@ -275,7 +272,7 @@ func (r *Runtime) copyFromRegistry(ctx context.Context, ref types.ImageReference
}
named := reference.TrimNamed(ref.DockerReference())
- tags, err := dockerTransport.GetRepositoryTags(ctx, &r.systemContext, ref)
+ tags, err := registryTransport.GetRepositoryTags(ctx, &r.systemContext, ref)
if err != nil {
return nil, err
}
@@ -399,7 +396,7 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str
for _, candidate := range resolved.PullCandidates {
candidateString := candidate.Value.String()
logrus.Debugf("Attempting to pull candidate %s for %s", candidateString, imageName)
- srcRef, err := dockerTransport.NewReference(candidate.Value)
+ srcRef, err := registryTransport.NewReference(candidate.Value)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/common/libimage/push.go b/vendor/github.com/containers/common/libimage/push.go
index 8ff5d5ffd..f1434b81d 100644
--- a/vendor/github.com/containers/common/libimage/push.go
+++ b/vendor/github.com/containers/common/libimage/push.go
@@ -2,6 +2,7 @@ package libimage
import (
"context"
+ "time"
dockerArchiveTransport "github.com/containers/image/v5/docker/archive"
"github.com/containers/image/v5/docker/reference"
@@ -61,8 +62,12 @@ func (r *Runtime) Push(ctx context.Context, source, destination string, options
destRef = dockerRef
}
+ if r.eventChannel != nil {
+ r.writeEvent(&Event{ID: image.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush})
+ }
+
// Buildah compat: Make sure to tag the destination image if it's a
- // Docker archive. This way, we preseve the image name.
+ // Docker archive. This way, we preserve the image name.
if destRef.Transport().Name() == dockerArchiveTransport.Transport.Name() {
if named, err := reference.ParseNamed(resolvedSource); err == nil {
tagged, isTagged := named.(reference.NamedTagged)
diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go
index 4e6bd2cf2..c80e7ec7a 100644
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@@ -20,6 +20,9 @@ import (
// RuntimeOptions allow for creating a customized Runtime.
type RuntimeOptions struct {
+ // The base system context of the runtime which will be used throughout
+ // the entire lifespan of the Runtime. Certain options in some
+ // functions may override specific fields.
SystemContext *types.SystemContext
}
@@ -41,6 +44,8 @@ func setRegistriesConfPath(systemContext *types.SystemContext) {
// Runtime is responsible for image management and storing them in a containers
// storage.
type Runtime struct {
+ // Use to send events out to users.
+ eventChannel chan *Event
// Underlying storage store.
store storage.Store
// Global system context. No pointer to simplify copying and modifying
@@ -55,6 +60,18 @@ func (r *Runtime) systemContextCopy() *types.SystemContext {
return &sys
}
+// EventChannel creates a buffered channel for events that the Runtime will use
+// to write events to. Callers are expected to read from the channel in a
+// timely manner.
+// Can be called once for a given Runtime.
+func (r *Runtime) EventChannel() chan *Event {
+ if r.eventChannel != nil {
+ return r.eventChannel
+ }
+ r.eventChannel = make(chan *Event, 100)
+ return r.eventChannel
+}
+
// RuntimeFromStore returns a Runtime for the specified store.
func RuntimeFromStore(store storage.Store, options *RuntimeOptions) (*Runtime, error) {
if options == nil {
@@ -99,6 +116,9 @@ func RuntimeFromStoreOptions(runtimeOptions *RuntimeOptions, storeOptions *stora
// is considered to be an error condition.
func (r *Runtime) Shutdown(force bool) error {
_, err := r.store.Shutdown(force)
+ if r.eventChannel != nil {
+ close(r.eventChannel)
+ }
return err
}
diff --git a/vendor/github.com/containers/common/libimage/save.go b/vendor/github.com/containers/common/libimage/save.go
index c03437682..c00c0107e 100644
--- a/vendor/github.com/containers/common/libimage/save.go
+++ b/vendor/github.com/containers/common/libimage/save.go
@@ -3,6 +3,7 @@ package libimage
import (
"context"
"strings"
+ "time"
dirTransport "github.com/containers/image/v5/directory"
dockerArchiveTransport "github.com/containers/image/v5/docker/archive"
@@ -46,7 +47,7 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
// All formats support saving 1.
default:
if format != "docker-archive" {
- return errors.Errorf("unspported format %q for saving multiple images (only docker-archive)", format)
+ return errors.Errorf("unsupported format %q for saving multiple images (only docker-archive)", format)
}
if len(options.AdditionalTags) > 0 {
return errors.Errorf("cannot save multiple images with multiple tags")
@@ -62,7 +63,7 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
return r.saveDockerArchive(ctx, names, path, options)
}
- return errors.Errorf("unspported format %q for saving images", format)
+ return errors.Errorf("unsupported format %q for saving images", format)
}
@@ -74,6 +75,10 @@ func (r *Runtime) saveSingleImage(ctx context.Context, name, format, path string
return err
}
+ if r.eventChannel != nil {
+ r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave})
+ }
+
// Unless the image was referenced by ID, use the resolved name as a
// tag.
var tag string
@@ -101,7 +106,7 @@ func (r *Runtime) saveSingleImage(ctx context.Context, name, format, path string
options.ManifestMIMEType = manifest.DockerV2Schema2MediaType
default:
- return errors.Errorf("unspported format %q for saving images", format)
+ return errors.Errorf("unsupported format %q for saving images", format)
}
if err != nil {
@@ -160,6 +165,9 @@ func (r *Runtime) saveDockerArchive(ctx context.Context, names []string, path st
}
}
localImages[image.ID()] = local
+ if r.eventChannel != nil {
+ r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave})
+ }
}
writer, err := dockerArchiveTransport.NewWriter(r.systemContextCopy(), path)
diff --git a/vendor/github.com/containers/common/libimage/search.go b/vendor/github.com/containers/common/libimage/search.go
index b36b6d2a3..4d1b842e7 100644
--- a/vendor/github.com/containers/common/libimage/search.go
+++ b/vendor/github.com/containers/common/libimage/search.go
@@ -7,7 +7,7 @@ import (
"strings"
"sync"
- dockerTransport "github.com/containers/image/v5/docker"
+ registryTransport "github.com/containers/image/v5/docker"
"github.com/containers/image/v5/pkg/sysregistriesv2"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/image/v5/types"
@@ -193,7 +193,7 @@ func (r *Runtime) searchImageInRegistry(ctx context.Context, term, registry stri
return results, nil
}
- results, err := dockerTransport.SearchRegistry(ctx, sys, registry, term, limit)
+ results, err := registryTransport.SearchRegistry(ctx, sys, registry, term, limit)
if err != nil {
return []SearchResult{}, err
}
@@ -255,7 +255,7 @@ func (r *Runtime) searchImageInRegistry(ctx context.Context, term, registry stri
func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registry, term string, options *SearchOptions) ([]SearchResult, error) {
dockerPrefix := "docker://"
imageRef, err := alltransports.ParseImageName(fmt.Sprintf("%s/%s", registry, term))
- if err == nil && imageRef.Transport().Name() != dockerTransport.Transport.Name() {
+ if err == nil && imageRef.Transport().Name() != registryTransport.Transport.Name() {
return nil, errors.Errorf("reference %q must be a docker reference", term)
} else if err != nil {
imageRef, err = alltransports.ParseImageName(fmt.Sprintf("%s%s", dockerPrefix, fmt.Sprintf("%s/%s", registry, term)))
@@ -263,7 +263,7 @@ func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registr
return nil, errors.Errorf("reference %q must be a docker reference", term)
}
}
- tags, err := dockerTransport.GetRepositoryTags(ctx, sys, imageRef)
+ tags, err := registryTransport.GetRepositoryTags(ctx, sys, imageRef)
if err != nil {
return nil, errors.Errorf("error getting repository tags: %v", err)
}
@@ -288,18 +288,18 @@ func searchRepositoryTags(ctx context.Context, sys *types.SystemContext, registr
return paramsArr, nil
}
-func (f *SearchFilter) matchesStarFilter(result dockerTransport.SearchResult) bool {
+func (f *SearchFilter) matchesStarFilter(result registryTransport.SearchResult) bool {
return result.StarCount >= f.Stars
}
-func (f *SearchFilter) matchesAutomatedFilter(result dockerTransport.SearchResult) bool {
+func (f *SearchFilter) matchesAutomatedFilter(result registryTransport.SearchResult) bool {
if f.IsAutomated != types.OptionalBoolUndefined {
return result.IsAutomated == (f.IsAutomated == types.OptionalBoolTrue)
}
return true
}
-func (f *SearchFilter) matchesOfficialFilter(result dockerTransport.SearchResult) bool {
+func (f *SearchFilter) matchesOfficialFilter(result registryTransport.SearchResult) bool {
if f.IsOfficial != types.OptionalBoolUndefined {
return result.IsOfficial == (f.IsOfficial == types.OptionalBoolTrue)
}
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 371dd3667..ee5957527 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -232,7 +232,7 @@ type EngineConfig struct {
// will fall back to containers/image defaults.
ImageParallelCopies uint `toml:"image_parallel_copies,omitempty"`
- // ImageDefaultFormat sepecified the manifest Type (oci, v2s2, or v2s1)
+ // ImageDefaultFormat specified the manifest Type (oci, v2s2, or v2s1)
// to use when pulling, pushing, building container images. By default
// image pulled and pushed match the format of the source image.
// Building/committing defaults to OCI.
@@ -425,6 +425,12 @@ type NetworkConfig struct {
// to attach pods to.
DefaultNetwork string `toml:"default_network,omitempty"`
+ // DefaultSubnet is the subnet to be used for the default CNI network.
+ // If a network with the name given in DefaultNetwork is not present
+ // then a new network using this subnet will be created.
+ // Must be a valid IPv4 CIDR block.
+ DefaultSubnet string `toml:"default_subnet,omitempty"`
+
// NetworkConfigDir is where CNI network configuration files are stored.
NetworkConfigDir string `toml:"network_config_dir,omitempty"`
}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 00edd5438..f696843f5 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -157,7 +157,7 @@ default_sysctls = [
# Logging driver for the container. Available options: k8s-file and journald.
#
-# log_driver = "k8s-file"
+# log_driver = "journald"
# Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or
@@ -243,6 +243,12 @@ default_sysctls = [
# The network name of the default CNI network to attach pods to.
# default_network = "podman"
+# The default subnet for the default CNI network given in default_network.
+# If a network with that name does not exist, a new network using that name and
+# this subnet will be created.
+# Must be a valid IPv4 CIDR prefix.
+#default_subnet = "10.88.0.0/16"
+
# Path to the directory where CNI configuration files are located.
#
# network_config_dir = "/etc/cni/net.d/"
@@ -254,7 +260,7 @@ default_sysctls = [
# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
# container images. By default image pulled and pushed match the format of the
-# source image. Building/commiting defaults to OCI.
+# source image. Building/committing defaults to OCI.
# image_default_format = ""
# Cgroup management implementation used for the runtime.
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 34a360bf5..417776160 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -102,7 +102,7 @@ const (
// SystemdCgroupsManager represents systemd native cgroup manager
SystemdCgroupsManager = "systemd"
// DefaultLogDriver is the default type of log files
- DefaultLogDriver = "k8s-file"
+ DefaultLogDriver = "journald"
// DefaultLogSizeMax is the default value for the maximum log size
// allowed for a container. Negative values mean that no limit is imposed.
DefaultLogSizeMax = -1
@@ -114,6 +114,9 @@ const (
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
+ // DefaultSubnet is the subnet that will be used for the default CNI
+ // network.
+ DefaultSubnet = "10.88.0.0/16"
// DefaultRootlessSignaturePolicyPath is the location within
// XDG_CONFIG_HOME of the rootless policy.json file.
DefaultRootlessSignaturePolicyPath = "containers/policy.json"
@@ -204,6 +207,7 @@ func DefaultConfig() (*Config, error) {
},
Network: NetworkConfig{
DefaultNetwork: "podman",
+ DefaultSubnet: DefaultSubnet,
NetworkConfigDir: cniConfig,
CNIPluginDirs: cniBinDir,
},
diff --git a/vendor/github.com/containers/common/pkg/filters/filters.go b/vendor/github.com/containers/common/pkg/filters/filters.go
index 53f420db2..e26e056ad 100644
--- a/vendor/github.com/containers/common/pkg/filters/filters.go
+++ b/vendor/github.com/containers/common/pkg/filters/filters.go
@@ -96,7 +96,7 @@ func PrepareFilters(r *http.Request) (map[string][]string, error) {
return filterMap, nil
}
-// MatchLabelFilters matches labels and returs true if they are valid
+// MatchLabelFilters matches labels and returns true if they are valid
func MatchLabelFilters(filterValues []string, labels map[string]string) bool {
outer:
for _, filterValue := range filterValues {
diff --git a/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go b/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go
index 37edc16be..80fcf5458 100644
--- a/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go
+++ b/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go
@@ -33,7 +33,7 @@ type Driver struct {
func NewDriver(rootPath string) (*Driver, error) {
fileDriver := new(Driver)
fileDriver.secretsDataFilePath = filepath.Join(rootPath, secretsDataFile)
- // the lockfile functions requre that the rootPath dir is executable
+ // the lockfile functions require that the rootPath dir is executable
if err := os.MkdirAll(rootPath, 0700); err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go
index 5e0fb3e9d..d27bb7472 100644
--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@@ -99,7 +99,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
if !filepath.IsAbs(rootPath) {
return nil, errors.Wrapf(errInvalidPath, "path must be absolute: %s", rootPath)
}
- // the lockfile functions requre that the rootPath dir is executable
+ // the lockfile functions require that the rootPath dir is executable
if err := os.MkdirAll(rootPath, 0700); err != nil {
return nil, err
}
diff --git a/vendor/github.com/containers/common/pkg/secrets/secretsdb.go b/vendor/github.com/containers/common/pkg/secrets/secretsdb.go
index 22db97c12..1395d103c 100644
--- a/vendor/github.com/containers/common/pkg/secrets/secretsdb.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secretsdb.go
@@ -76,7 +76,7 @@ func (s *SecretsManager) getNameAndID(nameOrID string) (name, id string, err err
}
// ID prefix may have been given, iterate through all IDs.
- // ID and partial ID has a max lenth of 25, so we return if its greater than that.
+ // ID and partial ID has a max length of 25, so we return if its greater than that.
if len(nameOrID) > secretIDLength {
return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID)
}
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index af0a1269e..df095f220 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.37.2-dev"
+const Version = "0.38.1-dev"
diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml
index 836bf659a..96714c2fc 100644
--- a/vendor/github.com/containers/storage/.cirrus.yml
+++ b/vendor/github.com/containers/storage/.cirrus.yml
@@ -17,15 +17,15 @@ env:
####
#### Cache-image names to test with (double-quotes around names are critical)
###
- FEDORA_NAME: "fedora-33"
- PRIOR_FEDORA_NAME: "fedora-32"
- UBUNTU_NAME: "ubuntu-2010"
- PRIOR_UBUNTU_NAME: "ubuntu-2004"
+ FEDORA_NAME: "fedora-34"
+ PRIOR_FEDORA_NAME: "fedora-33"
+ UBUNTU_NAME: "ubuntu-2104"
+ PRIOR_UBUNTU_NAME: "ubuntu-2010"
# GCE project where images live
IMAGE_PROJECT: "libpod-218412"
# VM Image built in containers/automation_images
- _BUILT_IMAGE_SUFFIX: "c5744859501821952"
+ _BUILT_IMAGE_SUFFIX: "c6032583541653504"
FEDORA_CACHE_IMAGE_NAME: "fedora-${_BUILT_IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${_BUILT_IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${_BUILT_IMAGE_SUFFIX}"
@@ -112,8 +112,6 @@ ubuntu_testing_task: &ubuntu_testing
- env:
TEST_DRIVER: "vfs"
- env:
- TEST_DRIVER: "aufs"
- - env:
TEST_DRIVER: "overlay"
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index d1eaa3ba0..b0f33908d 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.30.2
+1.30.3
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 08a54d60d..bda564681 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -16,9 +16,9 @@ require (
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/sys/mountinfo v0.4.1
github.com/opencontainers/go-digest v1.0.0
- github.com/opencontainers/runc v1.0.0-rc93
- github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
- github.com/opencontainers/selinux v1.8.0
+ github.com/opencontainers/runc v1.0.0-rc94
+ github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
+ github.com/opencontainers/selinux v1.8.1
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.0
@@ -27,6 +27,6 @@ require (
github.com/ulikunitz/xz v0.5.10
github.com/vbatts/tar-split v0.11.1
golang.org/x/net v0.0.0-20201224014010-6772e930b67b
- golang.org/x/sys v0.0.0-20210324051608-47abb6519492
+ golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
gotest.tools v2.2.0+incompatible
)
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index dc2cbc338..692ddbb84 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -82,12 +82,14 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
+github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
+github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
@@ -107,6 +109,7 @@ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
+github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
@@ -164,6 +167,7 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -205,6 +209,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
@@ -233,6 +238,7 @@ github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblf
github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -350,8 +356,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxv
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
@@ -413,18 +420,22 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93 h1:x2UMpOOVf3kQ8arv/EsDGwim8PTNqzL1/EYDr/+scOM=
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
+github.com/opencontainers/runc v1.0.0-rc94 h1:atqAFoBGp+Wkh9HKpYN3g/8NCbMzYG6SJrr+YgwamgM=
+github.com/opencontainers/runc v1.0.0-rc94/go.mod h1:z+bZxa/+Tz/FmYVWkhUajJdzFeOqjc5vrqskhVyHGUM=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d h1:pNa8metDkwZjb9g4T8s+krQ+HRgZAkqnXml+wNir/+s=
github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
+github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
github.com/opencontainers/selinux v1.8.0 h1:+77ba4ar4jsCbL1GLbFL8fFM57w6suPfSS9PDLDY7KM=
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
+github.com/opencontainers/selinux v1.8.1 h1:yvEZh7CsfnJNwKzG9ZeXwbvR05RAZsu5RS/3vA6qFTA=
+github.com/opencontainers/selinux v1.8.1/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -687,8 +698,9 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492 h1:Paq34FxTluEPvVyayQqMPgHm+vTOrIifmcYxFBx9TLg=
golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210426230700-d19ff857e887 h1:dXfMednGJh/SUUFjTLsWJz3P+TQt9qnR11GgeI3vWKs=
+golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
index 9c9cbd120..0ac7d819e 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go
@@ -1,10 +1,6 @@
/*
Package selinux provides a high-level interface for interacting with selinux.
-This package uses a selinux build tag to enable the selinux functionality. This
-allows non-linux and linux users who do not have selinux support to still use
-tools that rely on this library.
-
Usage:
import "github.com/opencontainers/selinux/go-selinux"
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
index 439455511..b3d142d8c 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
@@ -25,6 +25,8 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
// the container. A list of options can be passed into this function to alter
// the labels. The labels returned will include a random MCS String, that is
// guaranteed to be unique.
+// If the disabled flag is passed in, the process label will not be set, but the mount label will be set
+// to the container_file label with the maximum category. This label is not usable by any confined label.
func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
if !selinux.GetEnabled() {
return "", "", nil
@@ -47,7 +49,8 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
}
for _, opt := range options {
if opt == "disable" {
- return "", mountLabel, nil
+ selinux.ReleaseLabel(mountLabel)
+ return "", selinux.PrivContainerMountLabel(), nil
}
if i := strings.Index(opt, ":"); i == -1 {
return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt)
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
index d9119908b..b336ebad3 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
@@ -11,9 +11,10 @@ const (
Permissive = 0
// Disabled constant to indicate SELinux is disabled
Disabled = -1
-
+ // maxCategory is the maximum number of categories used within containers
+ maxCategory = 1024
// DefaultCategoryRange is the upper bound on the category range
- DefaultCategoryRange = uint32(1024)
+ DefaultCategoryRange = uint32(maxCategory)
)
var (
@@ -276,3 +277,8 @@ func DisableSecOpt() []string {
func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
return getDefaultContextWithLevel(user, level, scon)
}
+
+// PrivContainerMountLabel returns mount label for privileged containers
+func PrivContainerMountLabel() string {
+ return privContainerMountLabel
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 5bfcc0490..54597398b 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -892,13 +892,13 @@ func openContextFile() (*os.File, error) {
return os.Open(lxcPath)
}
-var labels = loadLabels()
+var labels, privContainerMountLabel = loadLabels()
-func loadLabels() map[string]string {
+func loadLabels() (map[string]string, string) {
labels := make(map[string]string)
in, err := openContextFile()
if err != nil {
- return labels
+ return labels, ""
}
defer in.Close()
@@ -920,7 +920,10 @@ func loadLabels() map[string]string {
}
}
- return labels
+ con, _ := NewContext(labels["file"])
+ con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
+ reserveLabel(con.get())
+ return labels, con.get()
}
// kvmContainerLabels returns the default processLabel and mountLabel to be used
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index 70b7b7c85..b7218a0b6 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -2,6 +2,8 @@
package selinux
+const privContainerMountLabel = ""
+
func setDisabled() {
}