From 8eadc208e15023d9fa92cf08ff03c29ac55bf183 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 22 Feb 2018 12:55:39 -0500 Subject: Remove No New Privs from DB as it's already in the spec Signed-off-by: Matthew Heon Closes: #383 Approved by: rhatdan --- libpod/container.go | 2 -- libpod/container_ffjson.go | 58 -------------------------------------------- libpod/sql_state.go | 2 +- libpod/sql_state_internal.go | 8 +----- libpod/test_common.go | 5 ++++ 5 files changed, 7 insertions(+), 68 deletions(-) (limited to 'libpod') diff --git a/libpod/container.go b/libpod/container.go index 6a515a3e8..57b894b26 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -176,8 +176,6 @@ type ContainerConfig struct { // Security Config // Whether the container is privileged Privileged bool `json:"privileged"` - // Whether to set the No New Privileges flag - NoNewPrivs bool `json:"noNewPrivs"` // SELinux process label for container ProcessLabel string `json:"ProcessLabel,omitempty"` // SELinux mount label for root filesystem diff --git a/libpod/container_ffjson.go b/libpod/container_ffjson.go index 20cf69ba1..93a3bee20 100644 --- a/libpod/container_ffjson.go +++ b/libpod/container_ffjson.go @@ -106,11 +106,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error { } else { buf.WriteString(`"privileged":false`) } - if j.NoNewPrivs { - buf.WriteString(`,"noNewPrivs":true`) - } else { - buf.WriteString(`,"noNewPrivs":false`) - } buf.WriteByte(',') if len(j.ProcessLabel) != 0 { buf.WriteString(`"ProcessLabel":`) @@ -343,8 +338,6 @@ const ( ffjtContainerConfigPrivileged - ffjtContainerConfigNoNewPrivs - ffjtContainerConfigProcessLabel ffjtContainerConfigMountLabel @@ -416,8 +409,6 @@ var ffjKeyContainerConfigMounts = []byte("mounts") var ffjKeyContainerConfigPrivileged = []byte("privileged") -var ffjKeyContainerConfigNoNewPrivs = []byte("noNewPrivs") - var ffjKeyContainerConfigProcessLabel = []byte("ProcessLabel") var ffjKeyContainerConfigMountLabel = []byte("MountLabel") @@ -649,11 +640,6 @@ mainparse: state = fflib.FFParse_want_colon goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigNoNewPrivs, kn) { - currentKey = ffjtContainerConfigNoNewPrivs - state = fflib.FFParse_want_colon - goto mainparse - } else if bytes.Equal(ffjKeyContainerConfigNetNsCtr, kn) { currentKey = ffjtContainerConfigNetNsCtr state = fflib.FFParse_want_colon @@ -887,12 +873,6 @@ mainparse: goto mainparse } - if fflib.EqualFoldRight(ffjKeyContainerConfigNoNewPrivs, kn) { - currentKey = ffjtContainerConfigNoNewPrivs - state = fflib.FFParse_want_colon - goto mainparse - } - if fflib.SimpleLetterEqualFold(ffjKeyContainerConfigPrivileged, kn) { currentKey = ffjtContainerConfigPrivileged state = fflib.FFParse_want_colon @@ -1018,9 +998,6 @@ mainparse: case ffjtContainerConfigPrivileged: goto handle_Privileged - case ffjtContainerConfigNoNewPrivs: - goto handle_NoNewPrivs - case ffjtContainerConfigProcessLabel: goto handle_ProcessLabel @@ -1480,41 +1457,6 @@ handle_Privileged: state = fflib.FFParse_after_value goto mainparse -handle_NoNewPrivs: - - /* handler: j.NoNewPrivs type=bool kind=bool quoted=false*/ - - { - if tok != fflib.FFTok_bool && tok != fflib.FFTok_null { - return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok)) - } - } - - { - if tok == fflib.FFTok_null { - - } else { - tmpb := fs.Output.Bytes() - - if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 { - - j.NoNewPrivs = true - - } else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 { - - j.NoNewPrivs = false - - } else { - err = errors.New("unexpected bytes for true/false value") - return fs.WrapErr(err) - } - - } - } - - state = fflib.FFParse_after_value - goto mainparse - handle_ProcessLabel: /* handler: j.ProcessLabel type=string kind=string quoted=false*/ diff --git a/libpod/sql_state.go b/libpod/sql_state.go index 9efa12111..cf759d836 100644 --- a/libpod/sql_state.go +++ b/libpod/sql_state.go @@ -14,7 +14,7 @@ import ( // DBSchema is the current DB schema version // Increments every time a change is made to the database's tables -const DBSchema = 10 +const DBSchema = 11 // SQLState is a state implementation backed by a persistent SQLite3 database type SQLState struct { diff --git a/libpod/sql_state_internal.go b/libpod/sql_state_internal.go index 9cc4cd861..d0771e0d8 100644 --- a/libpod/sql_state_internal.go +++ b/libpod/sql_state_internal.go @@ -213,7 +213,6 @@ func prepareDB(db *sql.DB) (err error) { LogPath TEXT NOT NULL, Privileged INTEGER NOT NULL, - NoNewPrivs INTEGER NOT NULL, ProcessLabel TEXT NOT NULL, MountLabel TEXT NOT NULL, User TEXT NOT NULL, @@ -242,7 +241,6 @@ func prepareDB(db *sql.DB) (err error) { CHECK (ImageVolumes IN (0, 1)), CHECK (SHMSize>=0), CHECK (Privileged IN (0, 1)), - CHECK (NoNewPrivs IN (0, 1)), CHECK (CreateNetNS IN (0, 1)), CHECK (Stdin IN (0, 1)), CHECK (StopSignal>=0), @@ -448,7 +446,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) { logPath string privileged int - noNewPrivs int processLabel string mountLabel string user string @@ -503,7 +500,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) { &logPath, &privileged, - &noNewPrivs, &processLabel, &mountLabel, &user, @@ -566,7 +562,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) { ctr.config.LogPath = logPath ctr.config.Privileged = boolFromSQL(privileged) - ctr.config.NoNewPrivs = boolFromSQL(noNewPrivs) ctr.config.ProcessLabel = processLabel ctr.config.MountLabel = mountLabel ctr.config.User = user @@ -753,7 +748,7 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) { ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, - ?, ?, ?, ? + ?, ?, ? );` addCtrState = `INSERT INTO containerState VALUES ( ?, ?, ?, ?, ?, @@ -881,7 +876,6 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) { ctr.config.LogPath, boolToSQL(ctr.config.Privileged), - boolToSQL(ctr.config.NoNewPrivs), ctr.config.ProcessLabel, ctr.config.MountLabel, ctr.config.User, diff --git a/libpod/test_common.go b/libpod/test_common.go index 9e52c74a5..e4a684f87 100644 --- a/libpod/test_common.go +++ b/libpod/test_common.go @@ -106,6 +106,11 @@ func testContainersEqual(t *testing.T, a, b *Container) { assert.NotNil(t, a) assert.NotNil(t, b) + assert.NotNil(t, a.config) + assert.NotNil(t, b.config) + assert.NotNil(t, a.state) + assert.NotNil(t, b.state) + aConfig := new(ContainerConfig) bConfig := new(ContainerConfig) aState := new(containerState) -- cgit v1.2.3-54-g00ecf