Commit Graph

52 Commits

Author SHA1 Message Date
Sebastiaan van Stijn c295a6339c
vendor: update opencontainers/selinux v1.3.1
full diff: 5215b1806f...v1.3.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-02 12:41:01 +01:00
Akihiro Suda faf673ee45 cgroup2: port over eBPF device controller from crun
The implementation is based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c

Although ebpf.c is originally licensed under LGPL-3.0-or-later, the author
Giuseppe Scrivano agreed to relicense the file in Apache License 2.0:
https://github.com/opencontainers/runc/issues/2144#issuecomment-543116397

See libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go for tested configurations.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-31 14:01:46 +09:00
Aleksa Sarai 9aef504415
vendor: update github.com/opencontainers/selinux
This is a bump to v1.3.0, plus the necessary CVE-2019-16884 mitigation.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2019-09-30 00:36:59 +10:00
Sebastiaan van Stijn 115d4b9e57
bump golang/protobuf v1.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:44:33 +02:00
Sebastiaan van Stijn 85c02f3f30
bump coreos/go-systemd v19, godbus/dbus v5.0.1
- https://github.com/coreos/go-systemd/compare/v14..v19
  - coreos/go-systemd#248 dbus: add SetPropertiesSubscriber method
  - coreos/go-systemd#251 activation: add support for listeners with names
  - coreos/go-systemd#296 dbus: Fix API break from godbus
- https://github.com/godbus/dbus/compare/v3..v5.0.1
  - godbus/dbus#89 introduce MakeVariantWithSignature

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:44:30 +02:00
Sebastiaan van Stijn 21498b8e54
bump mrunalp/fileutils 7d4729fb36185a7c1719923406c9d40e54fb93c7
no significant changes, other than some linting fixes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:44:28 +02:00
Sebastiaan van Stijn eb86f6037e
bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
relevant changes:

  - syndtr/gocapability#14 capability: Deprecate NewPid and NewFile for NewPid2 and NewFile2
  - syndtr/gocapability#16 Fix capHeader.pid type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:44:26 +02:00
Sebastiaan van Stijn 1150ce9c6e
bump urfave/cli v1.20.0
previous version was somewhere between v1.18 and v1.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:44:23 +02:00
Sebastiaan van Stijn 8e4f645fca
bump docker/go-units v0.3.3
relevant changes:

  - docker/go-units#8 Enhance FromHumanSize to parse float64 string
  - docker/go-units#20 Add `HumanSizeWithPrecision` function

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:44 +02:00
Sebastiaan van Stijn 0fc0662338
bump cyphar/filepath-securejoin v0.2.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:42 +02:00
Sebastiaan van Stijn 414a39dedb
bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
relevant changes:

- containerd/console#27 console_linux: Fix race: lock Cond before Signal

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:39 +02:00
Sebastiaan van Stijn de24d73350
bump github.com/pkg/errors 0.8.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:37 +02:00
Sebastiaan van Stijn 4be3c48e05
Reformat vendor.conf and pin all deps by git-sha
to make it better readable, and to encourage pinning by
sha, but align to a tagged release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:33 +02:00
Carlos de Paula 4316e4d047 Bump x/sys and update syscall to start Risc-V support
Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-08-29 12:09:08 -03:00
Filipe Brandenburger 4ca00773ee Update vendored dependencies to remove go-systemd/util
This removes "github.com/coreos/go-systemd/util", no longer needed after
removing the dependency on it.

It also gets rid of "github.com/coreos/pkg/dlopen", since that was only
referred to by the aforementioned "util" package.

Tested that everything builds and works as expected.

Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
2019-08-22 21:09:40 -07:00
Odin Ugedal 652297c7c7
Update dependency libseccomp-golang
Diff here: https://github.com/seccomp/libseccomp-golang/compare/1b506fc7c24e...v0.9.1

Fixes https://nvd.nist.gov/vuln/detail/CVE-2017-18367

Signed-off-by: Odin Ugedal <odin@ugedal.com>
2019-06-20 22:35:57 +02:00
Michael Crosby 70bc4cd847
Merge pull request #2034 from masters-of-cats/pr-child-logging
Support for logging from children processes
2019-05-07 10:35:48 -04:00
Daniel J Walsh 8362cd02c0
Vendor in latest selinux code for keycreate errors
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-04-24 08:41:56 -04:00
Georgi Sabev 475aef10f7 Remove redundant log function
Bump logrus so that we can use logrus.StandardLogger().Logf instead

Co-authored-by: Julia Nedialkova <julianedialkova@hotmail.com>
Signed-off-by: Georgi Sabev <georgethebeatle@gmail.com>
2019-04-22 17:54:55 +03:00
Daniel J Walsh dcf994b4f8
Fix SELinux failures on disabled SELinux Machines
On some machines when setting the SELinux key labels to "", we are seeing
failures that cause runc to fail.  Even if SELinux is disabled.

This check will ignore callers calling SELinux Set*Label functions with ""
when SELinux is disabled.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-04-02 10:27:27 -04:00
Daniel J Walsh cd96170c10
Need to setup labeling of kernel keyrings.
Work is ongoing in the kernel to support different kernel
keyrings per user namespace.  We want to allow SELinux to manage
kernel keyrings inside of the container.

Currently when runc creates the kernel keyring it gets the label which runc is
running with ususally `container_runtime_t`, with this change the kernel keyring
will be labeled with the container process label container_t:s0:C1,c2.

Container running as container_t:s0:c1,c2 can manage keyrings with the same label.

This change required a revendoring or the SELinux go bindings.

github.com/opencontainers/selinux.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-03-13 17:57:30 -04:00
Adrian Reber bfca1e6262
Vendor in go-criu
Now that CRIU has released Go bindings, this commit vendors those in.

At first it only replaces the copy of RPC interface but the goal is to
use CRIU functions from the Go bindings instead of replicating the
functionality in runc.

Signed-off-by: Adrian Reber <areber@redhat.com>
2019-02-14 18:20:02 +01:00
Daniel, Dao Quang Minh 0a012df867
Merge pull request #1973 from jhowardmsft/jjh/runtimespec
Vendor opencontainers/runtime-spec 29686dbc
2019-02-12 17:07:43 +00:00
John Howard ec069fe332 Vendor opencontainers/runtime-spec 29686dbc
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-02-07 14:49:22 -08:00
Filipe Brandenburger 4a600c04ed Update vendored golang.org/x/sys to latest
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
2019-02-06 17:59:21 -08:00
Xiaochen Shen bd90541666 vendor: bump runtime-spec to 5684b8af48c1
Update runtime-spec to get Intel RDT/MBA Linux configs which will be
used in successive commits.

Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>
2018-10-16 13:18:25 +08:00
Peter Morjan 59e5b61c5c Update console dependency to fix runc exec on BE
This fixes a bug in the console package for big-endian architectures.
When creating a new pty the returned path to the new pty slave was
wrong for the second und all subsequent ptys.
In runc the exec subcommand failed with an runtime error such as
`container_linux.go:265: starting container process caused "open
/dev/pts/4294967296: no such file or directory"`.
The number is shifted by 32.

Signed-off-by: Peter Morjan <peter.morjan@de.ibm.com>
2018-02-21 10:43:06 +01:00
Vincent Demeester 03ca562be1
Remove github.com/docker/docker from vendor
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-11-08 16:27:06 +01:00
Vincent Demeester 594501475e
Use cyphar/filepath-securejoin instead of docker pkg/symlink
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-31 16:53:45 +01:00
Matthew Heon 03a5a7476e Vendor updated libseccomp-golang for bugfix
Syscall argument handling was bugged in previous releases.
Per-argument match rules were handled with OR logic when they
should have used AND logic. The updated version of the bindings
resolves this issue.

As a side effect, the minimum supported version of Libseccomp has
been raised from v2.1.0 to v2.2.0.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-10-10 15:49:08 -04:00
Michael Crosby 9ba16b6d5a Update console and golang/sys deps
This bumps the console and golang/sys deps for runc.

The major change is that the console package does not clear ONLCR within
the package and leaves it up to the client to handle this if they
please.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-09-25 13:23:50 -04:00
Daniel Dao 1439022b60
bump vendor to have latest console with patches
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:03 +01:00
Daniel Dao 91eafcbc65
tty: move IO of master pty to be done with epoll
This moves all console code to use github.com/containerd/console library to
handle console I/O. Also move to use EpollConsole by default when user requests
a terminal so we can still cope when the other side temporarily goes away.

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-07-28 12:35:02 +01:00
Michael Crosby e775f0fba3 Merge pull request #1526 from stevenh/logrus-v1
Updated logrus to v1
2017-07-27 13:28:55 -04:00
Mrunal Patel 30669da201 Bump the spec up to v1.0.0
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-19 10:34:27 -07:00
Steven Hartland ee4f68e302 Updated logrus to v1
Updated logrus to use v1 which includes a breaking name change Sirupsen -> sirupsen.

This includes a manual edit of the docker term package to also correct the name there too.

Signed-off-by: Steven Hartland <steven.hartland@multiplay.co.uk>
2017-07-19 15:20:56 +00:00
Ma Shimiao f513ac19db update gocapability
gocapability has fixed can't get ambient cap problem
and some other fixes.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-07-17 10:30:17 +08:00
Michael Crosby eb70c213ba Update runtime-spec to rc6
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-12 16:24:04 -07:00
Tobias Klauser 05ea5e47aa vendor: bump golang.org/x/sys to 0e0164865330
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Justin Cormack e8ef6025a4 Update to runtime spec 198f23f827
Updates memory limits to be int64, and removes Platform from spec.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-27 12:16:07 +01:00
Tobias Klauser 472ec6df72 vendor: bump golang.org/x/sys to fb4cac33e319
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 09:49:17 +02:00
Mrunal Patel 9d6821d1b5 Merge pull request #1473 from crosbymichael/update-spec
Update spec to 239c4e44f2
2017-06-06 10:26:07 -07:00
Michael Crosby 854b41d81e Update spec to 239c4e44f2
This provides updates to runc for the spec changes with *Process and
OOMScoreAdj

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-01 16:29:47 -07:00
Tobias Klauser f0ae35b9e7 vendor: bump golang.org/x/sys to b90f89a1e7a9c1f6b918820b3daa7f08488c8594
Update golang.org/x/sys to get the Lgetxattr, Llistxattr, Lremovexattr
and Lsetxattr syscall wrappers. These will be used in a successive
commit to replace the wrappers in libcontainer/system/xattr_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30 09:23:16 +02:00
W. Trevor King 75ed93de16 vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d
With:

  $ go get -u github.com/LK4D4/vndr
  $ sed -i 's/9a7256cb28ed514b4e1e5f68959914c4c28a92e0/a55a76086885b80f79961eacb876ebd8caf3868d/' vendor.conf
  $ vndr

I'm not sure why vndr is messing with github.com/golang/protobuf, but
I assume it knows what it's doing.

The x/sys bumps to master, but I need it for MS_LAZYTIME (added in
github.com/golang/sys@ea9bcade75, unix: generate all Linux go files
from source, 2017-03-08).

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-26 10:03:08 -07:00
Andrei Vagin ffeedc4c62 Update github.com/golang/protobuf
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-05-01 21:55:57 +03:00
Aleksa Sarai d9807ae420
vendor: clean up to be better written
vndr doesn't support non-top-level imports, and in addition we really
should be using tagged releases far more than we currently are
(*especially* when it come to the OCI specs).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-04-25 10:46:48 +10:00
Daniel, Dao Quang Minh 13a8c5d140 Merge pull request #1365 from hqhq/use_go_selinux
Use opencontainers/selinux package
2017-04-15 14:22:32 +01:00
Aleksa Sarai 85de7ec363
vendor: add golang.org/x/sys/unix@9a7256cb28ed514b4e1e5f68959914c4c28a92e0
It turns out that the standard "syscall" library is not recommended for
new programs. runC will need to eventually move to this, but for now
include it in vendor so we can use it for new features.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-03-29 22:39:38 +11:00
Qiang Huang 5e7b48f7c0 Use opencontainers/selinux package
It's splitted as a separate project.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-23 08:21:19 +08:00