mirror of
https://github.com/containers/podman
synced 2024-10-19 00:34:18 +00:00
build(deps): bump github.com/rootless-containers/rootlesskit
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.3 to 0.9.4. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](https://github.com/rootless-containers/rootlesskit/compare/v0.9.3...v0.9.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
parent
c2a33b7bf9
commit
ddbe1aef17
2
go.mod
2
go.mod
|
@ -45,7 +45,7 @@ require (
|
|||
github.com/opentracing/opentracing-go v1.1.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/pmezard/go-difflib v1.0.0
|
||||
github.com/rootless-containers/rootlesskit v0.9.3
|
||||
github.com/rootless-containers/rootlesskit v0.9.4
|
||||
github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f
|
||||
github.com/sirupsen/logrus v1.5.0
|
||||
github.com/spf13/cobra v0.0.7
|
||||
|
|
4
go.sum
4
go.sum
|
@ -373,8 +373,8 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
|
|||
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
|
||||
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
|
||||
github.com/rootless-containers/rootlesskit v0.9.3 h1:hrkZzBZT5vEnhAso6H1jHAcc4DT8h6/hp2z4yL0xu/8=
|
||||
github.com/rootless-containers/rootlesskit v0.9.3/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
|
||||
github.com/rootless-containers/rootlesskit v0.9.4 h1:6ogX7l3r3nlS7eTB8ePbLSQ6TZR1aVQzRjTy2SIBOzk=
|
||||
github.com/rootless-containers/rootlesskit v0.9.4/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U=
|
||||
github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
|
||||
|
|
39
vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go
generated
vendored
39
vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go
generated
vendored
|
@ -2,11 +2,14 @@ package parent
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"syscall"
|
||||
|
||||
|
@ -84,6 +87,39 @@ func (d *driver) RunParentDriver(initComplete chan struct{}, quit <-chan struct{
|
|||
return nil
|
||||
}
|
||||
|
||||
func isEPERM(err error) bool {
|
||||
k := "permission denied"
|
||||
// As of Go 1.14, errors.Is(err, syscall.EPERM) does not seem to work for
|
||||
// "listen tcp 0.0.0.0:80: bind: permission denied" error from net.ListenTCP().
|
||||
return errors.Is(err, syscall.EPERM) || strings.Contains(err.Error(), k)
|
||||
}
|
||||
|
||||
// annotateEPERM annotates origErr for human-readability
|
||||
func annotateEPERM(origErr error, spec port.Spec) error {
|
||||
// Read "net.ipv4.ip_unprivileged_port_start" value (typically 1024)
|
||||
// TODO: what for IPv6?
|
||||
// NOTE: sync.Once should not be used here
|
||||
b, e := ioutil.ReadFile("/proc/sys/net/ipv4/ip_unprivileged_port_start")
|
||||
if e != nil {
|
||||
return origErr
|
||||
}
|
||||
start, e := strconv.Atoi(strings.TrimSpace(string(b)))
|
||||
if e != nil {
|
||||
return origErr
|
||||
}
|
||||
if spec.ParentPort >= start {
|
||||
// origErr is unrelated to ip_unprivileged_port_start
|
||||
return origErr
|
||||
}
|
||||
text := fmt.Sprintf("cannot expose privileged port %d, you might need to add \"net.ipv4.ip_unprivileged_port_start=0\" (currently %d) to /etc/sysctl.conf", spec.ParentPort, start)
|
||||
if filepath.Base(os.Args[0]) == "rootlesskit" {
|
||||
// NOTE: The following sentence is appended only if Args[0] == "rootlesskit", because it does not apply to Podman (as of Podman v1.9).
|
||||
// Podman launches the parent driver in the child user namespace (but in the parent network namespace), which disables the file capability.
|
||||
text += ", or set CAP_NET_BIND_SERVICE on rootlesskit binary"
|
||||
}
|
||||
return errors.Wrap(origErr, text)
|
||||
}
|
||||
|
||||
func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, error) {
|
||||
d.mu.Lock()
|
||||
err := portutil.ValidatePortSpec(spec, d.ports)
|
||||
|
@ -106,6 +142,9 @@ func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, err
|
|||
return nil, errors.New("spec was not validated?")
|
||||
}
|
||||
if err != nil {
|
||||
if isEPERM(err) {
|
||||
err = annotateEPERM(err, spec)
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
d.mu.Lock()
|
||||
|
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
|
@ -454,7 +454,7 @@ github.com/prometheus/common/model
|
|||
github.com/prometheus/procfs
|
||||
github.com/prometheus/procfs/internal/fs
|
||||
github.com/prometheus/procfs/internal/util
|
||||
# github.com/rootless-containers/rootlesskit v0.9.3
|
||||
# github.com/rootless-containers/rootlesskit v0.9.4
|
||||
github.com/rootless-containers/rootlesskit/pkg/msgutil
|
||||
github.com/rootless-containers/rootlesskit/pkg/port
|
||||
github.com/rootless-containers/rootlesskit/pkg/port/builtin
|
||||
|
|
Loading…
Reference in a new issue