From c7424b69911222c2dc92a41308685f1e6d36fb53 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 8 Jul 2018 07:59:35 -0400 Subject: Vendor in latest buildah to add masks for /proc/keys and /proc/acpi Signed-off-by: Daniel J Walsh Closes: #1062 Approved by: baude --- vendor/github.com/projectatomic/buildah/README.md | 10 +++++++--- vendor/github.com/projectatomic/buildah/pkg/cli/common.go | 4 ++++ vendor/github.com/projectatomic/buildah/pull.go | 6 +++--- vendor/github.com/projectatomic/buildah/run.go | 4 +++- vendor/github.com/projectatomic/buildah/util.go | 9 ++------- vendor/github.com/projectatomic/buildah/vendor.conf | 2 +- 6 files changed, 20 insertions(+), 15 deletions(-) (limited to 'vendor/github.com/projectatomic/buildah') diff --git a/vendor/github.com/projectatomic/buildah/README.md b/vendor/github.com/projectatomic/buildah/README.md index ef430153d..29ae52d41 100644 --- a/vendor/github.com/projectatomic/buildah/README.md +++ b/vendor/github.com/projectatomic/buildah/README.md @@ -5,8 +5,6 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/projectatomic/buildah)](https://goreportcard.com/report/github.com/projectatomic/buildah) [![Travis](https://travis-ci.org/projectatomic/buildah.svg?branch=master)](https://travis-ci.org/projectatomic/buildah) -Note: this package is in alpha, but is close to being feature-complete. - The Buildah package provides a command line tool that can be used to * create a working container, either from scratch or using an image as a starting point * create an image, either from a working container or via the instructions in a Dockerfile @@ -16,13 +14,19 @@ The Buildah package provides a command line tool that can be used to * use the updated contents of a container's root filesystem as a filesystem layer to create a new image * delete a working container or an image +**[Buildah Demos](demos)** + **[Changelog](CHANGELOG.md)** +**[Contributing](CONTRIBUTING.md)** + +**[Development Plan](developmentplan.md)** + **[Installation notes](install.md)** **[Troubleshooting Guide](troubleshooting.md)** -**[Tutorials](docs/tutorials/README.md)** +**[Tutorials](docs/tutorials)** ## Example diff --git a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go index b46e1b491..de3326842 100644 --- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go +++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go @@ -139,6 +139,10 @@ var ( Name: "logfile", Usage: "log to `file` instead of stdout/stderr", }, + cli.IntFlag{ + Name: "loglevel", + Usage: "adjust logging level (range from -2 to 3)", + }, cli.BoolTFlag{ Name: "pull", Usage: "pull the image if not present", diff --git a/vendor/github.com/projectatomic/buildah/pull.go b/vendor/github.com/projectatomic/buildah/pull.go index e1310f7ce..e9ce03f02 100644 --- a/vendor/github.com/projectatomic/buildah/pull.go +++ b/vendor/github.com/projectatomic/buildah/pull.go @@ -167,14 +167,14 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio }() logrus.Debugf("copying %q to %q", spec, destName) - err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, options.SystemContext, nil, "")) + err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) if err == nil { return destRef, nil } // If no image was found, we should handle. Lets be nicer to the user and see if we can figure out why. - registryPath := sysregistries.RegistriesConfPath(&types.SystemContext{}) - searchRegistries, err := getRegistries() + registryPath := sysregistries.RegistriesConfPath(sc) + searchRegistries, err := getRegistries(sc) if err != nil { return nil, err } diff --git a/vendor/github.com/projectatomic/buildah/run.go b/vendor/github.com/projectatomic/buildah/run.go index 4c9f83acd..6d9fa260f 100644 --- a/vendor/github.com/projectatomic/buildah/run.go +++ b/vendor/github.com/projectatomic/buildah/run.go @@ -598,7 +598,9 @@ func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDP func setupMaskedPaths(g *generate.Generator) { for _, mp := range []string{ + "/proc/acpi", "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", @@ -749,7 +751,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i // If we've got mappings, we're going to have to create a user namespace. if len(idmapOptions.UIDMap) > 0 || len(idmapOptions.GIDMap) > 0 || configureUserns { if hostPidns { - return false, nil, false, errors.Wrapf(err, "unable to mix host PID namespace with user namespace") + return false, nil, false, errors.New("unable to mix host PID namespace with user namespace") } if err := g.AddOrReplaceLinuxNamespace(specs.UserNamespace, ""); err != nil { return false, nil, false, errors.Wrapf(err, "error adding new %q namespace for run", string(specs.UserNamespace)) diff --git a/vendor/github.com/projectatomic/buildah/util.go b/vendor/github.com/projectatomic/buildah/util.go index 3e86d8c0e..4aa19b384 100644 --- a/vendor/github.com/projectatomic/buildah/util.go +++ b/vendor/github.com/projectatomic/buildah/util.go @@ -167,13 +167,8 @@ func (b *Builder) tarPath() func(path string) (io.ReadCloser, error) { } // getRegistries obtains the list of registries defined in the global registries file. -func getRegistries() ([]string, error) { - registryConfigPath := "" - envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") - if len(envOverride) > 0 { - registryConfigPath = envOverride - } - searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath}) +func getRegistries(sc *types.SystemContext) ([]string, error) { + searchRegistries, err := sysregistries.GetRegistries(sc) if err != nil { return nil, errors.Wrapf(err, "unable to parse the registries.conf file") } diff --git a/vendor/github.com/projectatomic/buildah/vendor.conf b/vendor/github.com/projectatomic/buildah/vendor.conf index 3879dbe5d..16bfb12ee 100644 --- a/vendor/github.com/projectatomic/buildah/vendor.conf +++ b/vendor/github.com/projectatomic/buildah/vendor.conf @@ -5,7 +5,7 @@ github.com/containerd/continuity master github.com/containernetworking/cni v0.6.0 github.com/seccomp/containers-golang master github.com/containers/image master -github.com/containers/storage 0b8ab959bba614a4f88bb3791dbc078c3d47f259 +github.com/containers/storage 9cbb6cb3fc2044eae8b8fd8d8da081fe812858c4 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 github.com/docker/docker b8571fd81c7d2223c9ecbf799c693e3ef1daaea9 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 -- cgit v1.2.3-54-g00ecf