diff options
Diffstat (limited to 'vendor')
-rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go | 2 | ||||
-rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go | 2 | ||||
-rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go (renamed from vendor/github.com/opencontainers/selinux/go-selinux/selinux.go) | 7 | ||||
-rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go | 2 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/config_seccomp.go | 2 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/run.go | 10 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/run_linux.go | 17 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/run_unsupport.go | 11 | ||||
-rw-r--r-- | vendor/github.com/projectatomic/buildah/vendor.conf | 5 |
9 files changed, 46 insertions, 12 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go index f7b238529..f0a055b87 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go @@ -130,7 +130,7 @@ func Relabel(path string, fileLabel string, shared bool) error { return nil } - exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true} + exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true, "/tmp": true, "/home": true, "/run": true, "/var": true, "/root": true} if exclude_paths[path] { return fmt.Errorf("SELinux relabeling of %s is not allowed", path) } diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 6068e84a5..5dc09a51e 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -1,4 +1,4 @@ -// +build linux +// +build selinux,linux package selinux diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 10aa85165..4dbfd83ed 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -1,4 +1,4 @@ -// +build !linux +// +build !selinux package selinux @@ -30,6 +30,11 @@ func SetDisabled() { return } +// GetEnabled returns whether selinux is currently enabled. +func GetEnabled() bool { + return false +} + // SetFileLabel sets the SELinux label for this path or returns an error. func SetFileLabel(fpath string, label string) error { return nil diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go index 7f2ef8504..67a9d8ee8 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go @@ -1,4 +1,4 @@ -// +build linux +// +build selinux,linux package selinux diff --git a/vendor/github.com/projectatomic/buildah/config_seccomp.go b/vendor/github.com/projectatomic/buildah/config_seccomp.go index 3453a8f00..a5bb010c0 100644 --- a/vendor/github.com/projectatomic/buildah/config_seccomp.go +++ b/vendor/github.com/projectatomic/buildah/config_seccomp.go @@ -5,9 +5,9 @@ package buildah import ( "io/ioutil" - "github.com/docker/docker/profiles/seccomp" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" + seccomp "github.com/seccomp/containers-golang" ) func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error { diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 0efb79922..4c9f83acd 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -1145,9 +1145,9 @@ func runUsingRuntimeMain() { os.Exit(1) } // Set ourselves up to read the container's exit status. We're doing this in a child process - // so that we won't mess with the setting in a caller of the library. - if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil { - fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err) + // so that we won't mess with the setting in a caller of the library. This stubs to OS specific + // calls + if err := setChildProcess(); err != nil { os.Exit(1) } // Run the container, start to finish. @@ -1323,7 +1323,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork }() if configureNetwork { - teardown, err := runConfigureNetwork(options, configureNetwork, configureNetworks, pid, containerName, spec.Process.Args) + teardown, err := runConfigureNetwork(options, configureNetworks, pid, containerName, spec.Process.Args) if teardown != nil { defer teardown() } @@ -1453,7 +1453,7 @@ func runCollectOutput(fds ...int) string { return b.String() } -func runConfigureNetwork(options RunOptions, configureNetwork bool, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) { +func runConfigureNetwork(options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) { var netconf, undo []*libcni.NetworkConfigList // Scan for CNI configuration files. confdir := options.CNIConfigDir diff --git a/vendor/github.com/projectatomic/buildah/run_linux.go b/vendor/github.com/projectatomic/buildah/run_linux.go new file mode 100644 index 000000000..a7519a092 --- /dev/null +++ b/vendor/github.com/projectatomic/buildah/run_linux.go @@ -0,0 +1,17 @@ +// +build linux + +package buildah + +import ( + "fmt" + "golang.org/x/sys/unix" + "os" +) + +func setChildProcess() error { + if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil { + fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err) + return err + } + return nil +} diff --git a/vendor/github.com/projectatomic/buildah/run_unsupport.go b/vendor/github.com/projectatomic/buildah/run_unsupport.go new file mode 100644 index 000000000..4824a0c4e --- /dev/null +++ b/vendor/github.com/projectatomic/buildah/run_unsupport.go @@ -0,0 +1,11 @@ +// +build !linux + +package buildah + +import ( + "github.com/pkg/errors" +) + +func setChildProcess() error { + return errors.New("function not supported on non-linux systems") +} diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index de5f3e6e6..3879dbe5d 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -3,6 +3,7 @@ github.com/blang/semver master github.com/BurntSushi/toml master github.com/containerd/continuity master github.com/containernetworking/cni v0.6.0 +github.com/seccomp/containers-golang master github.com/containers/image master github.com/containers/storage 0b8ab959bba614a4f88bb3791dbc078c3d47f259 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 @@ -35,13 +36,13 @@ github.com/opencontainers/image-spec v1.0.0 github.com/opencontainers/runc master github.com/opencontainers/runtime-spec v1.0.0 github.com/opencontainers/runtime-tools master -github.com/opencontainers/selinux 3b2399ec5682aea5c9160d44fa53387d7e65ccf5 +github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a github.com/openshift/imagebuilder master github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master github.com/pkg/errors master github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac -github.com/projectatomic/libpod 781eec27b52c842fc83c8b1c97fbf825065f3b0c +github.com/projectatomic/libpod master github.com/sirupsen/logrus master github.com/syndtr/gocapability master github.com/tchap/go-patricia master |