Commit Graph

37 Commits

Author SHA1 Message Date
Odin Ugedal 652297c7c7
Update dependency libseccomp-golang
Diff here: https://github.com/seccomp/libseccomp-golang/compare/1b506fc7c24e...v0.9.1

Fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367

Signed-off-by: Odin Ugedal <odin@ugedal.com>
2019-06-20 22:35:57 +02:00
Michael Crosby 70bc4cd847
Merge pull request #2034 from masters-of-cats/pr-child-logging
Support for logging from children processes
2019-05-07 10:35:48 -04:00
Daniel J Walsh 8362cd02c0
Vendor in latest selinux code for keycreate errors
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-04-24 08:41:56 -04:00
Georgi Sabev 475aef10f7 Remove redundant log function
Bump logrus so that we can use logrus.StandardLogger().Logf instead

Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
2019-04-22 17:54:55 +03:00
Daniel J Walsh dcf994b4f8
Fix SELinux failures on disabled SELinux Machines
On some machines when setting the SELinux key labels to "", we are seeing
failures that cause runc to fail.  Even if SELinux is disabled.

This check will ignore callers calling SELinux Set*Label functions with ""
when SELinux is disabled.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-04-02 10:27:27 -04:00
Daniel J Walsh cd96170c10
Need to setup labeling of kernel keyrings.
Work is ongoing in the kernel to support different kernel
keyrings per user namespace.  We want to allow SELinux to manage
kernel keyrings inside of the container.

Currently when runc creates the kernel keyring it gets the label which runc is
running with ususally `container_runtime_t`, with this change the kernel keyring
will be labeled with the container process label container_t:s0:C1,c2.

Container running as container_t:s0:c1,c2 can manage keyrings with the same label.

This change required a revendoring or the SELinux go bindings.

github.com/opencontainers/selinux.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-03-13 17:57:30 -04:00
Adrian Reber bfca1e6262
Vendor in go-criu
Now that CRIU has released Go bindings, this commit vendors those in.

At first it only replaces the copy of RPC interface but the goal is to
use CRIU functions from the Go bindings instead of replicating the
functionality in runc.

Signed-off-by: Adrian Reber <areber@redhat.com>
2019-02-14 18:20:02 +01:00
Daniel, Dao Quang Minh 0a012df867
Merge pull request #1973 from jhowardmsft/jjh/runtimespec
Vendor opencontainers/runtime-spec 29686dbc
2019-02-12 17:07:43 +00:00
John Howard ec069fe332 Vendor opencontainers/runtime-spec 29686dbc
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-02-07 14:49:22 -08:00
Filipe Brandenburger 4a600c04ed Update vendored golang.org/x/sys to latest
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
2019-02-06 17:59:21 -08:00
Xiaochen Shen bd90541666 vendor: bump runtime-spec to 5684b8af48c1
Update runtime-spec to get Intel RDT/MBA Linux configs which will be
used in successive commits.

Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>
2018-10-16 13:18:25 +08:00
Peter Morjan 59e5b61c5c Update console dependency to fix runc exec on BE
This fixes a bug in the console package for big-endian architectures.
When creating a new pty the returned path to the new pty slave was
wrong for the second und all subsequent ptys.
In runc the exec subcommand failed with an runtime error such as
`container_linux.go:265: starting container process caused "open
/dev/pts/4294967296: no such file or directory"`.
The number is shifted by 32.

Signed-off-by: Peter Morjan <peter.morjan@de.ibm.com>
2018-02-21 10:43:06 +01:00
Vincent Demeester 03ca562be1
Remove github.com/docker/docker from vendor
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 16:27:06 +01:00
Vincent Demeester 594501475e
Use cyphar/filepath-securejoin instead of docker pkg/symlink
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-31 16:53:45 +01:00
Matthew Heon 03a5a7476e Vendor updated libseccomp-golang for bugfix
Syscall argument handling was bugged in previous releases.
Per-argument match rules were handled with OR logic when they
should have used AND logic. The updated version of the bindings
resolves this issue.

As a side effect, the minimum supported version of Libseccomp has
been raised from v2.1.0 to v2.2.0.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-10-10 15:49:08 -04:00
Michael Crosby 9ba16b6d5a Update console and golang/sys deps
This bumps the console and golang/sys deps for runc.

The major change is that the console package does not clear ONLCR within
the package and leaves it up to the client to handle this if they
please.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-09-25 13:23:50 -04:00
Daniel Dao 1439022b60
bump vendor to have latest console with patches
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:03 +01:00
Daniel Dao 91eafcbc65
tty: move IO of master pty to be done with epoll
This moves all console code to use github.com/containerd/console library to
handle console I/O. Also move to use EpollConsole by default when user requests
a terminal so we can still cope when the other side temporarily goes away.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:02 +01:00
Michael Crosby e775f0fba3 Merge pull request #1526 from stevenh/logrus-v1
Updated logrus to v1
2017-07-27 13:28:55 -04:00
Mrunal Patel 30669da201 Bump the spec up to v1.0.0
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-19 10:34:27 -07:00
Steven Hartland ee4f68e302 Updated logrus to v1
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.

This includes a manual edit of the docker term package to also correct the name there too.

Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
2017-07-19 15:20:56 +00:00
Ma Shimiao f513ac19db update gocapability
gocapability has fixed can't get ambient cap problem
and some other fixes.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-07-17 10:30:17 +08:00
Michael Crosby eb70c213ba Update runtime-spec to rc6
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-12 16:24:04 -07:00
Tobias Klauser 05ea5e47aa vendor: bump golang.org/x/sys to 0e0164865330
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Justin Cormack e8ef6025a4 Update to runtime spec 198f23f827
Updates memory limits to be int64, and removes Platform from spec.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Tobias Klauser 472ec6df72 vendor: bump golang.org/x/sys to fb4cac33e319
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 09:49:17 +02:00
Mrunal Patel 9d6821d1b5 Merge pull request #1473 from crosbymichael/update-spec
Update spec to 239c4e44f2
2017-06-06 10:26:07 -07:00
Michael Crosby 854b41d81e Update spec to 239c4e44f2
This provides updates to runc for the spec changes with *Process and
OOMScoreAdj

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-01 16:29:47 -07:00
Tobias Klauser f0ae35b9e7 vendor: bump golang.org/x/sys to b90f89a1e7a9c1f6b918820b3daa7f08488c8594
Update golang.org/x/sys to get the Lgetxattr, Llistxattr, Lremovexattr
and Lsetxattr syscall wrappers. These will be used in a successive
commit to replace the wrappers in libcontainer/system/xattr_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30 09:23:16 +02:00
W. Trevor King 75ed93de16 vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d
With:

  $ go get -u github.com/LK4D4/vndr
  $ sed -i 's/9a7256cb28ed514b4e1e5f68959914c4c28a92e0/a55a76086885b80f79961eacb876ebd8caf3868d/' vendor.conf
  $ vndr

I'm not sure why vndr is messing with github.com/golang/protobuf, but
I assume it knows what it's doing.

The x/sys bumps to master, but I need it for MS_LAZYTIME (added in
github.com/golang/sys@ea9bcade75, unix: generate all Linux go files
from source, 2017-03-08).

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-26 10:03:08 -07:00
Andrei Vagin ffeedc4c62 Update github.com/golang/protobuf
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-05-01 21:55:57 +03:00
Aleksa Sarai d9807ae420
vendor: clean up to be better written
vndr doesn't support non-top-level imports, and in addition we really
should be using tagged releases far more than we currently are
(*especially* when it come to the OCI specs).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-25 10:46:48 +10:00
Daniel, Dao Quang Minh 13a8c5d140 Merge pull request #1365 from hqhq/use_go_selinux
Use opencontainers/selinux package
2017-04-15 14:22:32 +01:00
Aleksa Sarai 85de7ec363
vendor: add golang.org/x/sys/unix@9a7256cb28ed514b4e1e5f68959914c4c28a92e0
It turns out that the standard "syscall" library is not recommended for
new programs. runC will need to eventually move to this, but for now
include it in vendor so we can use it for new features.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-03-29 22:39:38 +11:00
Qiang Huang 5e7b48f7c0 Use opencontainers/selinux package
It's splitted as a separate project.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-23 08:21:19 +08:00
Mrunal Patel 4f9cb13b64 Update runtime spec to 1.0.0.rc5
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-03-15 11:38:37 -07:00
Alexander Morozov 993cbf9db0
move from Godeps to vndr
This uses the standard go vendor location instead of old Godeps
location.

Also remove usage of symlink GOPATH. Since our README mentions that you
should build it inside GOPATH, i think its a reasonable to assume that
you dont need to create a tmp GOPATH.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-02-24 11:25:21 +00:00