mirror of
https://github.com/containers/podman
synced 2024-10-19 08:44:11 +00:00
vendor: bump c/common to v0.49.2-0.20220929111928-2d1b45ae2423
[NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
This commit is contained in:
parent
b7eee0b2ce
commit
f00ceaabd4
6
go.mod
6
go.mod
|
@ -12,12 +12,12 @@ require (
|
|||
github.com/containernetworking/cni v1.1.2
|
||||
github.com/containernetworking/plugins v1.1.1
|
||||
github.com/containers/buildah v1.27.1-0.20220921131114-d3064796af36
|
||||
github.com/containers/common v0.49.2-0.20220926195839-590004b80685
|
||||
github.com/containers/common v0.49.2-0.20220929111928-2d1b45ae2423
|
||||
github.com/containers/conmon v2.0.20+incompatible
|
||||
github.com/containers/image/v5 v5.22.1-0.20220919112403-fe51f7ffca50
|
||||
github.com/containers/ocicrypt v1.1.5
|
||||
github.com/containers/psgo v1.7.3
|
||||
github.com/containers/storage v1.42.1-0.20220919112236-8a581aac3bdf
|
||||
github.com/containers/storage v1.43.0
|
||||
github.com/coreos/go-systemd/v22 v22.4.0
|
||||
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
|
||||
github.com/cyphar/filepath-securejoin v0.2.3
|
||||
|
@ -48,7 +48,7 @@ require (
|
|||
github.com/opencontainers/runc v1.1.4
|
||||
github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab
|
||||
github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7
|
||||
github.com/opencontainers/selinux v1.10.1
|
||||
github.com/opencontainers/selinux v1.10.2
|
||||
github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
|
||||
github.com/rootless-containers/rootlesskit v1.0.1
|
||||
github.com/sirupsen/logrus v1.9.0
|
||||
|
|
10
go.sum
10
go.sum
|
@ -420,8 +420,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19
|
|||
github.com/containers/buildah v1.27.1-0.20220921131114-d3064796af36 h1:LTSEbPUbs0slJSJ+IH6atAjYDe0IDzA0sPgBLjT1yAo=
|
||||
github.com/containers/buildah v1.27.1-0.20220921131114-d3064796af36/go.mod h1:cY3pGPyMmrNp/sEDK8ESoBOf4hoNovptZSI0oyo8eQM=
|
||||
github.com/containers/common v0.49.2-0.20220920205255-8062f81c5497/go.mod h1:ZnhOPR/07UOkfIg5bezUpBilGjxEUdaeoUpu7gRBGc0=
|
||||
github.com/containers/common v0.49.2-0.20220926195839-590004b80685 h1:rutCgIKcew85mTUO0JTnh7XDXQfaTz/qQ3HyQHb0jZE=
|
||||
github.com/containers/common v0.49.2-0.20220926195839-590004b80685/go.mod h1:ZnhOPR/07UOkfIg5bezUpBilGjxEUdaeoUpu7gRBGc0=
|
||||
github.com/containers/common v0.49.2-0.20220929111928-2d1b45ae2423 h1:2QfVh7+dAKLg9Kht5n4YtRzg5WnQger0R1Brn/6TeUs=
|
||||
github.com/containers/common v0.49.2-0.20220929111928-2d1b45ae2423/go.mod h1:sJZt3VeNeXVQT7gTLDBu2Nr8x7Fv2/pa3n9m8661gsU=
|
||||
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
|
||||
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
|
||||
github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993/go.mod h1:/Ruurd87C6Ap45t1PWNOD8+SGwiZbk79XCgs1iUTvYA=
|
||||
|
@ -441,8 +441,9 @@ github.com/containers/psgo v1.7.3/go.mod h1:PfaNzzHmMb8M9/blPgyD4BB3ZEj/0ApZIxN6
|
|||
github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
|
||||
github.com/containers/storage v1.42.0/go.mod h1:JiUJwOgOo1dr2DdOUc1MRe2GCAXABYoYmOdPF8yvH78=
|
||||
github.com/containers/storage v1.42.1-0.20220907083030-5aff7f62e8d0/go.mod h1:nj2fW3rgwkr6toBVFzv5OqUYs1kowX+AMiPjgv2UXN0=
|
||||
github.com/containers/storage v1.42.1-0.20220919112236-8a581aac3bdf h1:CnGYVAFSZgwYdYHnJJhVnhxtrggWsgwooG/Be1LxWGI=
|
||||
github.com/containers/storage v1.42.1-0.20220919112236-8a581aac3bdf/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s=
|
||||
github.com/containers/storage v1.43.0 h1:P+zulGXA3mqe2GnYmZU0xu87Wy1M0PVHM2ucrgmvTdU=
|
||||
github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s=
|
||||
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
|
@ -1411,8 +1412,9 @@ github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xA
|
|||
github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo=
|
||||
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
|
||||
github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
|
||||
github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4=
|
||||
github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ=
|
||||
github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df h1:vf6pdI10F2Tim5a9JKiVVl4/dpNz1OEhz4EnfLdLtiA=
|
||||
github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
|
||||
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
|
||||
|
|
16
vendor/github.com/containers/common/libimage/platform.go
generated
vendored
16
vendor/github.com/containers/common/libimage/platform.go
generated
vendored
|
@ -6,6 +6,7 @@ import (
|
|||
"runtime"
|
||||
|
||||
"github.com/containerd/containerd/platforms"
|
||||
v1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
|
@ -20,9 +21,18 @@ const (
|
|||
)
|
||||
|
||||
// NormalizePlatform normalizes (according to the OCI spec) the specified os,
|
||||
// arch and variant. If left empty, the individual item will not be normalized.
|
||||
// arch and variant. If left empty, the individual item will be normalized.
|
||||
func NormalizePlatform(rawOS, rawArch, rawVariant string) (os, arch, variant string) {
|
||||
rawPlatform := toPlatformString(rawOS, rawArch, rawVariant)
|
||||
platformSpec := v1.Platform{
|
||||
OS: rawOS,
|
||||
Architecture: rawArch,
|
||||
Variant: rawVariant,
|
||||
}
|
||||
normalizedSpec := platforms.Normalize(platformSpec)
|
||||
if normalizedSpec.Variant == "" && rawVariant != "" {
|
||||
normalizedSpec.Variant = rawVariant
|
||||
}
|
||||
rawPlatform := toPlatformString(normalizedSpec.OS, normalizedSpec.Architecture, normalizedSpec.Variant)
|
||||
normalizedPlatform, err := platforms.Parse(rawPlatform)
|
||||
if err != nil {
|
||||
logrus.Debugf("Error normalizing platform: %v", err)
|
||||
|
@ -38,7 +48,7 @@ func NormalizePlatform(rawOS, rawArch, rawVariant string) (os, arch, variant str
|
|||
arch = normalizedPlatform.Architecture
|
||||
}
|
||||
variant = rawVariant
|
||||
if rawVariant != "" {
|
||||
if rawVariant != "" || (rawVariant == "" && normalizedPlatform.Variant != "") {
|
||||
variant = normalizedPlatform.Variant
|
||||
}
|
||||
return os, arch, variant
|
||||
|
|
6
vendor/github.com/containers/common/pkg/util/util_supported.go
generated
vendored
6
vendor/github.com/containers/common/pkg/util/util_supported.go
generated
vendored
|
@ -11,6 +11,7 @@ import (
|
|||
"sync"
|
||||
"syscall"
|
||||
|
||||
"github.com/containers/storage/pkg/homedir"
|
||||
"github.com/containers/storage/pkg/unshare"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
@ -31,7 +32,10 @@ func GetRuntimeDir() (string, error) {
|
|||
var rootlessRuntimeDirError error
|
||||
|
||||
rootlessRuntimeDirOnce.Do(func() {
|
||||
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
|
||||
runtimeDir, err := homedir.GetRuntimeDir()
|
||||
if err != nil {
|
||||
logrus.Debug(err)
|
||||
}
|
||||
if runtimeDir != "" {
|
||||
st, err := os.Stat(runtimeDir)
|
||||
if err != nil {
|
||||
|
|
2
vendor/github.com/containers/storage/VERSION
generated
vendored
2
vendor/github.com/containers/storage/VERSION
generated
vendored
|
@ -1 +1 @@
|
|||
1.42.1-dev
|
||||
1.43.0
|
||||
|
|
8
vendor/github.com/containers/storage/drivers/driver_linux.go
generated
vendored
8
vendor/github.com/containers/storage/drivers/driver_linux.go
generated
vendored
|
@ -7,6 +7,7 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/containers/storage/pkg/mount"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
|
@ -127,9 +128,14 @@ var (
|
|||
// GetFSMagic returns the filesystem id given the path.
|
||||
func GetFSMagic(rootpath string) (FsMagic, error) {
|
||||
var buf unix.Statfs_t
|
||||
if err := unix.Statfs(filepath.Dir(rootpath), &buf); err != nil {
|
||||
path := filepath.Dir(rootpath)
|
||||
if err := unix.Statfs(path, &buf); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
if _, ok := FsNames[FsMagic(buf.Type)]; !ok {
|
||||
logrus.Debugf("Unknown filesystem type %#x reported for %s", buf.Type, path)
|
||||
}
|
||||
return FsMagic(buf.Type), nil
|
||||
}
|
||||
|
||||
|
|
4
vendor/github.com/containers/storage/layers.go
generated
vendored
4
vendor/github.com/containers/storage/layers.go
generated
vendored
|
@ -563,6 +563,8 @@ func (s *store) newLayerStore(rundir string, layerdir string, driver drivers.Dri
|
|||
uidMap: copyIDMap(s.uidMap),
|
||||
gidMap: copyIDMap(s.gidMap),
|
||||
}
|
||||
rlstore.Lock()
|
||||
defer rlstore.Unlock()
|
||||
if err := rlstore.Load(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -584,6 +586,8 @@ func newROLayerStore(rundir string, layerdir string, driver drivers.Driver) (ROL
|
|||
bymount: make(map[string]*Layer),
|
||||
byname: make(map[string]*Layer),
|
||||
}
|
||||
rlstore.RLock()
|
||||
defer rlstore.Unlock()
|
||||
if err := rlstore.Load(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
3
vendor/github.com/containers/storage/pkg/archive/archive.go
generated
vendored
3
vendor/github.com/containers/storage/pkg/archive/archive.go
generated
vendored
|
@ -75,6 +75,7 @@ const (
|
|||
solaris = "solaris"
|
||||
windows = "windows"
|
||||
darwin = "darwin"
|
||||
freebsd = "freebsd"
|
||||
)
|
||||
|
||||
var xattrsToIgnore = map[string]interface{}{
|
||||
|
@ -671,7 +672,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
|
|||
if !strings.HasPrefix(targetPath, extractDir) {
|
||||
return breakoutError(fmt.Errorf("invalid hardlink %q -> %q", targetPath, hdr.Linkname))
|
||||
}
|
||||
if err := os.Link(targetPath, path); err != nil {
|
||||
if err := handleLLink(targetPath, path); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
23
vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go
generated
vendored
23
vendor/github.com/containers/storage/pkg/archive/archive_freebsd.go
generated
vendored
|
@ -9,6 +9,7 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
"unsafe"
|
||||
|
||||
"github.com/containers/storage/pkg/idtools"
|
||||
"github.com/containers/storage/pkg/system"
|
||||
|
@ -111,16 +112,18 @@ func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo, forceMask *
|
|||
if forceMask != nil {
|
||||
permissionsMask = *forceMask
|
||||
}
|
||||
if hdr.Typeflag == tar.TypeLink {
|
||||
if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
|
||||
if err := os.Chmod(path, permissionsMask); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
} else if hdr.Typeflag != tar.TypeSymlink {
|
||||
if err := os.Chmod(path, permissionsMask); err != nil {
|
||||
return err
|
||||
}
|
||||
p, err := unix.BytePtrFromString(path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, _, e1 := unix.Syscall(unix.SYS_LCHMOD, uintptr(unsafe.Pointer(p)), uintptr(permissionsMask), 0)
|
||||
if e1 != 0 {
|
||||
return e1
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Hardlink without following symlinks
|
||||
func handleLLink(targetPath string, path string) error {
|
||||
return unix.Linkat(unix.AT_FDCWD, targetPath, unix.AT_FDCWD, path, 0)
|
||||
}
|
||||
|
|
13
vendor/github.com/containers/storage/pkg/archive/archive_unix.go
generated
vendored
13
vendor/github.com/containers/storage/pkg/archive/archive_unix.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !windows && !freebsd
|
||||
// +build !windows,!freebsd
|
||||
|
||||
package archive
|
||||
|
@ -97,7 +98,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
|
|||
mode |= unix.S_IFIFO
|
||||
}
|
||||
|
||||
return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
|
||||
return system.Mknod(path, mode, system.Mkdev(hdr.Devmajor, hdr.Devminor))
|
||||
}
|
||||
|
||||
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo, forceMask *os.FileMode) error {
|
||||
|
@ -118,3 +119,13 @@ func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo, forceMask *
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Hardlink without symlinks
|
||||
func handleLLink(targetPath, path string) error {
|
||||
// Note: on Linux, the link syscall will not follow symlinks.
|
||||
// This behavior is implementation-dependent since
|
||||
// POSIX.1-2008 so to make it clear that we need non-symlink
|
||||
// following here we use the linkat syscall which has a flags
|
||||
// field to select symlink following or not.
|
||||
return unix.Linkat(unix.AT_FDCWD, targetPath, unix.AT_FDCWD, path, 0)
|
||||
}
|
||||
|
|
5
vendor/github.com/containers/storage/pkg/archive/archive_windows.go
generated
vendored
5
vendor/github.com/containers/storage/pkg/archive/archive_windows.go
generated
vendored
|
@ -78,3 +78,8 @@ func getFileUIDGID(stat interface{}) (idtools.IDPair, error) {
|
|||
// no notion of file ownership mapping yet on Windows
|
||||
return idtools.IDPair{0, 0}, nil
|
||||
}
|
||||
|
||||
// Hardlink without following symlinks
|
||||
func handleLLink(targetPath string, path string) error {
|
||||
return os.Link(targetPath, path)
|
||||
}
|
||||
|
|
3
vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go
generated
vendored
3
vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package homedir
|
||||
|
@ -46,7 +47,7 @@ func GetShortcutString() string {
|
|||
// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
|
||||
func GetRuntimeDir() (string, error) {
|
||||
if xdgRuntimeDir := os.Getenv("XDG_RUNTIME_DIR"); xdgRuntimeDir != "" {
|
||||
return xdgRuntimeDir, nil
|
||||
return filepath.EvalSymlinks(xdgRuntimeDir)
|
||||
}
|
||||
return "", errors.New("could not get XDG_RUNTIME_DIR")
|
||||
}
|
||||
|
|
5
vendor/github.com/containers/storage/pkg/system/mknod.go
generated
vendored
5
vendor/github.com/containers/storage/pkg/system/mknod.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !windows && !freebsd
|
||||
// +build !windows,!freebsd
|
||||
|
||||
package system
|
||||
|
@ -8,8 +9,8 @@ import (
|
|||
|
||||
// Mknod creates a filesystem node (file, device special file or named pipe) named path
|
||||
// with attributes specified by mode and dev.
|
||||
func Mknod(path string, mode uint32, dev int) error {
|
||||
return unix.Mknod(path, mode, dev)
|
||||
func Mknod(path string, mode uint32, dev uint32) error {
|
||||
return unix.Mknod(path, mode, int(dev))
|
||||
}
|
||||
|
||||
// Mkdev is used to build the value of linux devices (in /dev/) which specifies major
|
||||
|
|
5
vendor/github.com/containers/storage/pkg/system/mknod_freebsd.go
generated
vendored
5
vendor/github.com/containers/storage/pkg/system/mknod_freebsd.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build freebsd
|
||||
// +build freebsd
|
||||
|
||||
package system
|
||||
|
@ -17,6 +18,6 @@ func Mknod(path string, mode uint32, dev uint64) error {
|
|||
// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
|
||||
// They are, from low to high: the lower 8 bits of the minor, then 12 bits of the major,
|
||||
// then the top 12 bits of the minor.
|
||||
func Mkdev(major int64, minor int64) uint32 {
|
||||
return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
|
||||
func Mkdev(major int64, minor int64) uint64 {
|
||||
return uint64(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
|
||||
}
|
||||
|
|
3
vendor/github.com/containers/storage/pkg/system/rm.go
generated
vendored
3
vendor/github.com/containers/storage/pkg/system/rm.go
generated
vendored
|
@ -35,6 +35,9 @@ func EnsureRemoveAll(dir string) error {
|
|||
}
|
||||
|
||||
for {
|
||||
if err := resetFileFlags(dir); err != nil {
|
||||
return fmt.Errorf("resetting file flags: %w", err)
|
||||
}
|
||||
err := os.RemoveAll(dir)
|
||||
if err == nil {
|
||||
return nil
|
||||
|
|
10
vendor/github.com/containers/storage/pkg/system/rm_common.go
generated
vendored
Normal file
10
vendor/github.com/containers/storage/pkg/system/rm_common.go
generated
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
//go:build !freebsd
|
||||
// +build !freebsd
|
||||
|
||||
package system
|
||||
|
||||
// Reset file flags in a directory tree. This allows EnsureRemoveAll
|
||||
// to delete trees which have the immutable flag set.
|
||||
func resetFileFlags(dir string) error {
|
||||
return nil
|
||||
}
|
32
vendor/github.com/containers/storage/pkg/system/rm_freebsd.go
generated
vendored
Normal file
32
vendor/github.com/containers/storage/pkg/system/rm_freebsd.go
generated
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
package system
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
"path/filepath"
|
||||
"unsafe"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func lchflags(path string, flags int) (err error) {
|
||||
p, err := unix.BytePtrFromString(path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, _, e1 := unix.Syscall(unix.SYS_LCHFLAGS, uintptr(unsafe.Pointer(p)), uintptr(flags), 0)
|
||||
if e1 != 0 {
|
||||
return e1
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Reset file flags in a directory tree. This allows EnsureRemoveAll
|
||||
// to delete trees which have the immutable flag set.
|
||||
func resetFileFlags(dir string) error {
|
||||
return filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
|
||||
if err := lchflags(path, 0); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
})
|
||||
}
|
55
vendor/github.com/containers/storage/types/options.go
generated
vendored
55
vendor/github.com/containers/storage/types/options.go
generated
vendored
|
@ -38,17 +38,44 @@ var (
|
|||
)
|
||||
|
||||
func loadDefaultStoreOptions() {
|
||||
defaultStoreOptions.RunRoot = defaultRunRoot
|
||||
defaultStoreOptions.GraphRoot = defaultGraphRoot
|
||||
defaultStoreOptions.GraphDriverName = ""
|
||||
|
||||
setDefaults := func() {
|
||||
// reload could set values to empty for run and graph root if config does not contains anything
|
||||
if defaultStoreOptions.RunRoot == "" {
|
||||
defaultStoreOptions.RunRoot = defaultRunRoot
|
||||
}
|
||||
if defaultStoreOptions.GraphRoot == "" {
|
||||
defaultStoreOptions.GraphRoot = defaultGraphRoot
|
||||
}
|
||||
}
|
||||
setDefaults()
|
||||
|
||||
if path, ok := os.LookupEnv(storageConfEnv); ok {
|
||||
defaultOverrideConfigFile = path
|
||||
if err := ReloadConfigurationFileIfNeeded(path, &defaultStoreOptions); err != nil {
|
||||
loadDefaultStoreOptionsErr = err
|
||||
return
|
||||
}
|
||||
} else if _, err := os.Stat(defaultOverrideConfigFile); err == nil {
|
||||
setDefaults()
|
||||
return
|
||||
}
|
||||
|
||||
if path, ok := os.LookupEnv("XDG_CONFIG_HOME"); ok {
|
||||
homeConfigFile := filepath.Join(path, "containers", "storage.conf")
|
||||
if _, err := os.Stat(homeConfigFile); err == nil {
|
||||
// user storage.conf in XDG_CONFIG_HOME if it exists
|
||||
defaultOverrideConfigFile = homeConfigFile
|
||||
} else {
|
||||
if !os.IsNotExist(err) {
|
||||
loadDefaultStoreOptionsErr = err
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
_, err := os.Stat(defaultOverrideConfigFile)
|
||||
if err == nil {
|
||||
// The DefaultConfigFile(rootless) function returns the path
|
||||
// of the used storage.conf file, by returning defaultConfigFile
|
||||
// If override exists containers/storage uses it by default.
|
||||
|
@ -57,22 +84,18 @@ func loadDefaultStoreOptions() {
|
|||
loadDefaultStoreOptionsErr = err
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if !os.IsNotExist(err) {
|
||||
logrus.Warningf("Attempting to use %s, %v", defaultConfigFile, err)
|
||||
}
|
||||
if err := ReloadConfigurationFileIfNeeded(defaultConfigFile, &defaultStoreOptions); err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||
loadDefaultStoreOptionsErr = err
|
||||
return
|
||||
}
|
||||
setDefaults()
|
||||
return
|
||||
}
|
||||
// reload could set values to empty for run and graph root if config does not contains anything
|
||||
if defaultStoreOptions.RunRoot == "" {
|
||||
defaultStoreOptions.RunRoot = defaultRunRoot
|
||||
|
||||
if !os.IsNotExist(err) {
|
||||
logrus.Warningf("Attempting to use %s, %v", defaultConfigFile, err)
|
||||
}
|
||||
if defaultStoreOptions.GraphRoot == "" {
|
||||
defaultStoreOptions.GraphRoot = defaultGraphRoot
|
||||
if err := ReloadConfigurationFileIfNeeded(defaultConfigFile, &defaultStoreOptions); err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||
loadDefaultStoreOptionsErr = err
|
||||
return
|
||||
}
|
||||
setDefaults()
|
||||
}
|
||||
|
||||
// defaultStoreOptionsIsolated is an internal implementation detail of DefaultStoreOptions to allow testing.
|
||||
|
|
1
vendor/github.com/opencontainers/selinux/go-selinux/doc.go
generated
vendored
1
vendor/github.com/opencontainers/selinux/go-selinux/doc.go
generated
vendored
|
@ -9,6 +9,5 @@ Usage:
|
|||
if selinux.EnforceMode() != selinux.Enforcing {
|
||||
selinux.SetEnforceMode(selinux.Enforcing)
|
||||
}
|
||||
|
||||
*/
|
||||
package selinux
|
||||
|
|
46
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
generated
vendored
46
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
generated
vendored
|
@ -3,8 +3,6 @@ package label
|
|||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/user"
|
||||
"strings"
|
||||
|
||||
"github.com/opencontainers/selinux/go-selinux"
|
||||
|
@ -113,50 +111,6 @@ func Relabel(path string, fileLabel string, shared bool) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
exclude_paths := map[string]bool{
|
||||
"/": true,
|
||||
"/bin": true,
|
||||
"/boot": true,
|
||||
"/dev": true,
|
||||
"/etc": true,
|
||||
"/etc/passwd": true,
|
||||
"/etc/pki": true,
|
||||
"/etc/shadow": true,
|
||||
"/home": true,
|
||||
"/lib": true,
|
||||
"/lib64": true,
|
||||
"/media": true,
|
||||
"/opt": true,
|
||||
"/proc": true,
|
||||
"/root": true,
|
||||
"/run": true,
|
||||
"/sbin": true,
|
||||
"/srv": true,
|
||||
"/sys": true,
|
||||
"/tmp": true,
|
||||
"/usr": true,
|
||||
"/var": true,
|
||||
"/var/lib": true,
|
||||
"/var/log": true,
|
||||
}
|
||||
|
||||
if home := os.Getenv("HOME"); home != "" {
|
||||
exclude_paths[home] = true
|
||||
}
|
||||
|
||||
if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" {
|
||||
if usr, err := user.Lookup(sudoUser); err == nil {
|
||||
exclude_paths[usr.HomeDir] = true
|
||||
}
|
||||
}
|
||||
|
||||
if path != "/" {
|
||||
path = strings.TrimSuffix(path, "/")
|
||||
}
|
||||
if exclude_paths[path] {
|
||||
return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
|
||||
}
|
||||
|
||||
if shared {
|
||||
c, err := selinux.NewContext(fileLabel)
|
||||
if err != nil {
|
||||
|
|
1
vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
generated
vendored
1
vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
package label
|
||||
|
|
12
vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
generated
vendored
12
vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build linux && go1.16
|
||||
// +build linux,go1.16
|
||||
|
||||
package selinux
|
||||
|
@ -11,7 +12,18 @@ import (
|
|||
)
|
||||
|
||||
func rchcon(fpath, label string) error {
|
||||
fastMode := false
|
||||
// If the current label matches the new label, assume
|
||||
// other labels are correct.
|
||||
if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label {
|
||||
fastMode = true
|
||||
}
|
||||
return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
|
||||
if fastMode {
|
||||
if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
e := lSetFileLabel(p, label)
|
||||
// Walk a file tree can race with removal, so ignore ENOENT.
|
||||
if errors.Is(e, os.ErrNotExist) {
|
||||
|
|
1
vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
generated
vendored
1
vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build linux && !go1.16
|
||||
// +build linux,!go1.16
|
||||
|
||||
package selinux
|
||||
|
|
80
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
80
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
|
@ -11,6 +11,7 @@ import (
|
|||
"io/ioutil"
|
||||
"math/big"
|
||||
"os"
|
||||
"os/user"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
|
@ -1072,21 +1073,6 @@ func copyLevel(src, dest string) (string, error) {
|
|||
return tcon.Get(), nil
|
||||
}
|
||||
|
||||
// Prevent users from relabeling system files
|
||||
func badPrefix(fpath string) error {
|
||||
if fpath == "" {
|
||||
return ErrEmptyPath
|
||||
}
|
||||
|
||||
badPrefixes := []string{"/usr"}
|
||||
for _, prefix := range badPrefixes {
|
||||
if strings.HasPrefix(fpath, prefix) {
|
||||
return fmt.Errorf("relabeling content in %s is not allowed", prefix)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// chcon changes the fpath file object to the SELinux label label.
|
||||
// If fpath is a directory and recurse is true, then chcon walks the
|
||||
// directory tree setting the label.
|
||||
|
@ -1097,12 +1083,70 @@ func chcon(fpath string, label string, recurse bool) error {
|
|||
if label == "" {
|
||||
return nil
|
||||
}
|
||||
if err := badPrefix(fpath); err != nil {
|
||||
return err
|
||||
|
||||
exclude_paths := map[string]bool{
|
||||
"/": true,
|
||||
"/bin": true,
|
||||
"/boot": true,
|
||||
"/dev": true,
|
||||
"/etc": true,
|
||||
"/etc/passwd": true,
|
||||
"/etc/pki": true,
|
||||
"/etc/shadow": true,
|
||||
"/home": true,
|
||||
"/lib": true,
|
||||
"/lib64": true,
|
||||
"/media": true,
|
||||
"/opt": true,
|
||||
"/proc": true,
|
||||
"/root": true,
|
||||
"/run": true,
|
||||
"/sbin": true,
|
||||
"/srv": true,
|
||||
"/sys": true,
|
||||
"/tmp": true,
|
||||
"/usr": true,
|
||||
"/var": true,
|
||||
"/var/lib": true,
|
||||
"/var/log": true,
|
||||
}
|
||||
|
||||
if home := os.Getenv("HOME"); home != "" {
|
||||
exclude_paths[home] = true
|
||||
}
|
||||
|
||||
if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" {
|
||||
if usr, err := user.Lookup(sudoUser); err == nil {
|
||||
exclude_paths[usr.HomeDir] = true
|
||||
}
|
||||
}
|
||||
|
||||
if fpath != "/" {
|
||||
fpath = strings.TrimSuffix(fpath, "/")
|
||||
}
|
||||
if exclude_paths[fpath] {
|
||||
return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath)
|
||||
}
|
||||
|
||||
if !recurse {
|
||||
return setFileLabel(fpath, label)
|
||||
err := lSetFileLabel(fpath, label)
|
||||
if err != nil {
|
||||
// Check if file doesn't exist, must have been removed
|
||||
if errors.Is(err, os.ErrNotExist) {
|
||||
return nil
|
||||
}
|
||||
// Check if current label is correct on disk
|
||||
flabel, nerr := lFileLabel(fpath)
|
||||
if nerr == nil && flabel == label {
|
||||
return nil
|
||||
}
|
||||
// Check if file doesn't exist, must have been removed
|
||||
if errors.Is(nerr, os.ErrNotExist) {
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
return rchcon(fpath, label)
|
||||
|
|
1
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
1
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
package selinux
|
||||
|
|
6
vendor/modules.txt
vendored
6
vendor/modules.txt
vendored
|
@ -120,7 +120,7 @@ github.com/containers/buildah/pkg/rusage
|
|||
github.com/containers/buildah/pkg/sshagent
|
||||
github.com/containers/buildah/pkg/util
|
||||
github.com/containers/buildah/util
|
||||
# github.com/containers/common v0.49.2-0.20220926195839-590004b80685
|
||||
# github.com/containers/common v0.49.2-0.20220929111928-2d1b45ae2423
|
||||
## explicit; go 1.17
|
||||
github.com/containers/common/libimage
|
||||
github.com/containers/common/libimage/define
|
||||
|
@ -266,7 +266,7 @@ github.com/containers/psgo/internal/dev
|
|||
github.com/containers/psgo/internal/host
|
||||
github.com/containers/psgo/internal/proc
|
||||
github.com/containers/psgo/internal/process
|
||||
# github.com/containers/storage v1.42.1-0.20220919112236-8a581aac3bdf
|
||||
# github.com/containers/storage v1.43.0
|
||||
## explicit; go 1.16
|
||||
github.com/containers/storage
|
||||
github.com/containers/storage/drivers
|
||||
|
@ -638,7 +638,7 @@ github.com/opencontainers/runtime-tools/generate
|
|||
github.com/opencontainers/runtime-tools/generate/seccomp
|
||||
github.com/opencontainers/runtime-tools/specerror
|
||||
github.com/opencontainers/runtime-tools/validate
|
||||
# github.com/opencontainers/selinux v1.10.1
|
||||
# github.com/opencontainers/selinux v1.10.2
|
||||
## explicit; go 1.13
|
||||
github.com/opencontainers/selinux/go-selinux
|
||||
github.com/opencontainers/selinux/go-selinux/label
|
||||
|
|
Loading…
Reference in a new issue