summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go2
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go2
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go (renamed from vendor/github.com/opencontainers/selinux/go-selinux/selinux.go)7
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go2
-rw-r--r--vendor/github.com/projectatomic/buildah/config_seccomp.go2
-rw-r--r--vendor/github.com/projectatomic/buildah/run.go10
-rw-r--r--vendor/github.com/projectatomic/buildah/run_linux.go17
-rw-r--r--vendor/github.com/projectatomic/buildah/run_unsupport.go11
-rw-r--r--vendor/github.com/projectatomic/buildah/vendor.conf5
9 files changed, 46 insertions, 12 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
index f7b238529..f0a055b87 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -130,7 +130,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
return nil
}
- exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true}
+ exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true, "/tmp": true, "/home": true, "/run": true, "/var": true, "/root": true}
if exclude_paths[path] {
return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 6068e84a5..5dc09a51e 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build selinux,linux
package selinux
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index 10aa85165..4dbfd83ed 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -1,4 +1,4 @@
-// +build !linux
+// +build !selinux
package selinux
@@ -30,6 +30,11 @@ func SetDisabled() {
return
}
+// GetEnabled returns whether selinux is currently enabled.
+func GetEnabled() bool {
+ return false
+}
+
// SetFileLabel sets the SELinux label for this path or returns an error.
func SetFileLabel(fpath string, label string) error {
return nil
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
index 7f2ef8504..67a9d8ee8 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build selinux,linux
package selinux
diff --git a/vendor/github.com/projectatomic/buildah/config_seccomp.go b/vendor/github.com/projectatomic/buildah/config_seccomp.go
index 3453a8f00..a5bb010c0 100644
--- a/vendor/github.com/projectatomic/buildah/config_seccomp.go
+++ b/vendor/github.com/projectatomic/buildah/config_seccomp.go
@@ -5,9 +5,9 @@ package buildah
import (
"io/ioutil"
- "github.com/docker/docker/profiles/seccomp"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
+ seccomp "github.com/seccomp/containers-golang"
)
func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go
index 0efb79922..4c9f83acd 100644
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -1145,9 +1145,9 @@ func runUsingRuntimeMain() {
os.Exit(1)
}
// Set ourselves up to read the container's exit status. We're doing this in a child process
- // so that we won't mess with the setting in a caller of the library.
- if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
- fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err)
+ // so that we won't mess with the setting in a caller of the library. This stubs to OS specific
+ // calls
+ if err := setChildProcess(); err != nil {
os.Exit(1)
}
// Run the container, start to finish.
@@ -1323,7 +1323,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork
}()
if configureNetwork {
- teardown, err := runConfigureNetwork(options, configureNetwork, configureNetworks, pid, containerName, spec.Process.Args)
+ teardown, err := runConfigureNetwork(options, configureNetworks, pid, containerName, spec.Process.Args)
if teardown != nil {
defer teardown()
}
@@ -1453,7 +1453,7 @@ func runCollectOutput(fds ...int) string {
return b.String()
}
-func runConfigureNetwork(options RunOptions, configureNetwork bool, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
+func runConfigureNetwork(options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
var netconf, undo []*libcni.NetworkConfigList
// Scan for CNI configuration files.
confdir := options.CNIConfigDir
diff --git a/vendor/github.com/projectatomic/buildah/run_linux.go b/vendor/github.com/projectatomic/buildah/run_linux.go
new file mode 100644
index 000000000..a7519a092
--- /dev/null
+++ b/vendor/github.com/projectatomic/buildah/run_linux.go
@@ -0,0 +1,17 @@
+// +build linux
+
+package buildah
+
+import (
+ "fmt"
+ "golang.org/x/sys/unix"
+ "os"
+)
+
+func setChildProcess() error {
+ if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
+ fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err)
+ return err
+ }
+ return nil
+}
diff --git a/vendor/github.com/projectatomic/buildah/run_unsupport.go b/vendor/github.com/projectatomic/buildah/run_unsupport.go
new file mode 100644
index 000000000..4824a0c4e
--- /dev/null
+++ b/vendor/github.com/projectatomic/buildah/run_unsupport.go
@@ -0,0 +1,11 @@
+// +build !linux
+
+package buildah
+
+import (
+ "github.com/pkg/errors"
+)
+
+func setChildProcess() error {
+ return errors.New("function not supported on non-linux systems")
+}
diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf
index de5f3e6e6..3879dbe5d 100644
--- a/vendor/github.com/projectatomic/buildah/vendor.conf
+++ b/vendor/github.com/projectatomic/buildah/vendor.conf
@@ -3,6 +3,7 @@ github.com/blang/semver master
github.com/BurntSushi/toml master
github.com/containerd/continuity master
github.com/containernetworking/cni v0.6.0
+github.com/seccomp/containers-golang master
github.com/containers/image master
github.com/containers/storage 0b8ab959bba614a4f88bb3791dbc078c3d47f259
github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
@@ -35,13 +36,13 @@ github.com/opencontainers/image-spec v1.0.0
github.com/opencontainers/runc master
github.com/opencontainers/runtime-spec v1.0.0
github.com/opencontainers/runtime-tools master
-github.com/opencontainers/selinux 3b2399ec5682aea5c9160d44fa53387d7e65ccf5
+github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
github.com/openshift/imagebuilder master
github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
github.com/pborman/uuid master
github.com/pkg/errors master
github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/projectatomic/libpod 781eec27b52c842fc83c8b1c97fbf825065f3b0c
+github.com/projectatomic/libpod master
github.com/sirupsen/logrus master
github.com/syndtr/gocapability master
github.com/tchap/go-patricia master