зеркало из https://github.com/microsoft/docker.git
Update libcontainer to 4f409628d80b9842004a3f17c92
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby
Родитель
547c42d8d0
Коммит
8fedf718ce
|
|
@ -64,7 +64,7 @@ if [ "$1" = '--go' ]; then
|
||||||
mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
|
mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
|
||||||
fi
|
fi
|
||||||
|
|
||||||
clone git github.com/docker/libcontainer b3570267c7b7995d5d618974d8f7be4fe5ab076a
|
clone git github.com/docker/libcontainer 4f409628d80b9842004a3f17c9228e54e73da258
|
||||||
# see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
|
# see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
|
||||||
rm -rf src/github.com/docker/libcontainer/vendor
|
rm -rf src/github.com/docker/libcontainer/vendor
|
||||||
eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
|
eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ test:
|
||||||
sh:
|
sh:
|
||||||
docker run --rm -it --privileged -w /busybox docker/libcontainer nsinit exec sh
|
docker run --rm -it --privileged -w /busybox docker/libcontainer nsinit exec sh
|
||||||
|
|
||||||
GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
|
GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune -o -wholename ./.git -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
|
||||||
|
|
||||||
direct-test:
|
direct-test:
|
||||||
go test -cover -v $(GO_PACKAGES)
|
go test -cover -v $(GO_PACKAGES)
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ const (
|
||||||
|
|
||||||
func TestParseCgroups(t *testing.T) {
|
func TestParseCgroups(t *testing.T) {
|
||||||
r := bytes.NewBuffer([]byte(cgroupsContents))
|
r := bytes.NewBuffer([]byte(cgroupsContents))
|
||||||
_, err := parseCgroupFile("blkio", r)
|
_, err := ParseCgroupFile("blkio", r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,7 @@ func GetThisCgroupDir(subsystem string) (string, error) {
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
|
|
||||||
return parseCgroupFile(subsystem, f)
|
return ParseCgroupFile(subsystem, f)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetInitCgroupDir(subsystem string) (string, error) {
|
func GetInitCgroupDir(subsystem string) (string, error) {
|
||||||
|
|
@ -125,7 +125,7 @@ func GetInitCgroupDir(subsystem string) (string, error) {
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
|
|
||||||
return parseCgroupFile(subsystem, f)
|
return ParseCgroupFile(subsystem, f)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReadProcsFile(dir string) ([]int, error) {
|
func ReadProcsFile(dir string) ([]int, error) {
|
||||||
|
|
@ -152,7 +152,7 @@ func ReadProcsFile(dir string) ([]int, error) {
|
||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
|
func ParseCgroupFile(subsystem string, r io.Reader) (string, error) {
|
||||||
s := bufio.NewScanner(r)
|
s := bufio.NewScanner(r)
|
||||||
|
|
||||||
for s.Scan() {
|
for s.Scan() {
|
||||||
|
|
|
||||||
|
|
@ -67,21 +67,18 @@ func FormatMountLabel(src, mountLabel string) string {
|
||||||
// SetProcessLabel takes a process label and tells the kernel to assign the
|
// SetProcessLabel takes a process label and tells the kernel to assign the
|
||||||
// label to the next program executed by the current process.
|
// label to the next program executed by the current process.
|
||||||
func SetProcessLabel(processLabel string) error {
|
func SetProcessLabel(processLabel string) error {
|
||||||
if selinux.SelinuxEnabled() {
|
if processLabel == "" {
|
||||||
return selinux.Setexeccon(processLabel)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
return selinux.Setexeccon(processLabel)
|
||||||
|
}
|
||||||
|
|
||||||
// GetProcessLabel returns the process label that the kernel will assign
|
// GetProcessLabel returns the process label that the kernel will assign
|
||||||
// to the next program executed by the current process. If "" is returned
|
// to the next program executed by the current process. If "" is returned
|
||||||
// this indicates that the default labeling will happen for the process.
|
// this indicates that the default labeling will happen for the process.
|
||||||
func GetProcessLabel() (string, error) {
|
func GetProcessLabel() (string, error) {
|
||||||
if selinux.SelinuxEnabled() {
|
|
||||||
return selinux.Getexeccon()
|
return selinux.Getexeccon()
|
||||||
}
|
}
|
||||||
return "", nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetFileLabel modifies the "path" label to the specified file label
|
// SetFileLabel modifies the "path" label to the specified file label
|
||||||
func SetFileLabel(path string, fileLabel string) error {
|
func SetFileLabel(path string, fileLabel string) error {
|
||||||
|
|
@ -110,9 +107,6 @@ func Relabel(path string, fileLabel string, relabel string) error {
|
||||||
|
|
||||||
// GetPidLabel will return the label of the process running with the specified pid
|
// GetPidLabel will return the label of the process running with the specified pid
|
||||||
func GetPidLabel(pid int) (string, error) {
|
func GetPidLabel(pid int) (string, error) {
|
||||||
if !selinux.SelinuxEnabled() {
|
|
||||||
return "", nil
|
|
||||||
}
|
|
||||||
return selinux.Getpidcon(pid)
|
return selinux.Getpidcon(pid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -173,13 +173,10 @@ func Getpidcon(pid int) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func Getexeccon() (string, error) {
|
func Getexeccon() (string, error) {
|
||||||
return readCon("/proc/self/attr/exec")
|
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()))
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeCon(name string, val string) error {
|
func writeCon(name string, val string) error {
|
||||||
if !SelinuxEnabled() {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out, err := os.OpenFile(name, os.O_WRONLY, 0)
|
out, err := os.OpenFile(name, os.O_WRONLY, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -388,9 +385,6 @@ func SecurityCheckContext(val string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func CopyLevel(src, dest string) (string, error) {
|
func CopyLevel(src, dest string) (string, error) {
|
||||||
if !SelinuxEnabled() {
|
|
||||||
return "", nil
|
|
||||||
}
|
|
||||||
if src == "" {
|
if src == "" {
|
||||||
return "", nil
|
return "", nil
|
||||||
}
|
}
|
||||||
|
|
@ -424,7 +418,7 @@ func badPrefix(fpath string) error {
|
||||||
// If the fpath is a directory and recurse is true Chcon will walk the
|
// If the fpath is a directory and recurse is true Chcon will walk the
|
||||||
// directory tree setting the label
|
// directory tree setting the label
|
||||||
func Chcon(fpath string, scon string, recurse bool) error {
|
func Chcon(fpath string, scon string, recurse bool) error {
|
||||||
if !SelinuxEnabled() {
|
if scon == "" {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
if err := badPrefix(fpath); err != nil {
|
if err := badPrefix(fpath); err != nil {
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче