kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

vendor: github.com/opencontainers/selinux v1.8.2

Browse source 
full diff:

- https://github.com/opencontainers/selinux/compare/v1.8.0...v1.8.2
- https://github.com/bits-and-blooms/bitset/compare/v1.1.11...v1.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-06-07 10:09:21 +02:00
parent 8dbd90ec00
commit 22186d2645
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
19 changed files with 55 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
vendor.conf
View file

@ -180,8 +180,8 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9
# metrics # metrics
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1 github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0 github.com/opencontainers/selinux 76bc82e11d854d3e40c08889d13c98abcea72ea2 # v1.8.2
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11 github.com/bits-and-blooms/bitset 59de210119f50cedaa42d175dc88b6335fcf63f6 # v1.2.0
# archive/tar # archive/tar

0
vendor/github.com/willf/bitset/LICENSE → vendor/github.com/bits-and-blooms/bitset/LICENSE generated vendored
View file

11
vendor/github.com/willf/bitset/README.md → vendor/github.com/bits-and-blooms/bitset/README.md generated vendored
View file

@ -2,10 +2,9 @@
*Go language library to map between non-negative integers and boolean values* *Go language library to map between non-negative integers and boolean values*
[![Test](https://github.com/willf/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest) [![Test](https://github.com/bits-and-blooms/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
[![Master Coverage Status](https://coveralls.io/repos/willf/bitset/badge.svg?branch=master&service=github)](https://coveralls.io/github/willf/bitset?branch=master)
[![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset) [![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/willf/bitset?tab=doc)](https://pkg.go.dev/github.com/willf/bitset?tab=doc) [![PkgGoDev](https://pkg.go.dev/badge/github.com/bits-and-blooms/bitset?tab=doc)](https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc)
## Description ## Description
@ -30,7 +29,7 @@ import (
"fmt" "fmt"
"math/rand" "math/rand"
"github.com/willf/bitset" "github.com/bits-and-blooms/bitset"
) )
func main() { func main() {
@ -63,7 +62,7 @@ func main() {
As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets. As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets.
Package documentation is at: https://pkg.go.dev/github.com/willf/bitset?tab=doc Package documentation is at: https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc
## Memory Usage ## Memory Usage
@ -78,7 +77,7 @@ It is possible that a later version will match the `math/bits` return signature
## Installation ## Installation
```bash ```bash
go get github.com/willf/bitset go get github.com/bits-and-blooms/bitset
``` ```
## Contributing ## Contributing

23
vendor/github.com/willf/bitset/bitset.go → vendor/github.com/bits-and-blooms/bitset/bitset.go generated vendored
View file

@ -209,6 +209,27 @@ func (b *BitSet) Flip(i uint) *BitSet {
return b return b
} }
// FlipRange bit in [start, end).
// If end>= Cap(), this function will panic.
// Warning: using a very large value for 'end'
// may lead to a memory shortage and a panic: the caller is responsible
// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) FlipRange(start, end uint) *BitSet {
if start >= end {
return b
}
b.extendSetMaybe(end - 1)
var startWord uint = start >> log2WordSize
var endWord uint = end >> log2WordSize
b.set[startWord] ^= ^(^uint64(0) << (start & (wordSize - 1)))
for i := startWord; i < endWord; i++ {
b.set[i] = ^b.set[i]
}
b.set[endWord] ^= ^uint64(0) >> (-end & (wordSize - 1))
return b
}
// Shrink shrinks BitSet so that the provided value is the last possible // Shrink shrinks BitSet so that the provided value is the last possible
// set value. It clears all bits > the provided index and reduces the size // set value. It clears all bits > the provided index and reduces the size
// and length of the set. // and length of the set.
@ -519,7 +540,7 @@ func (b *BitSet) Copy(c *BitSet) (count uint) {
} }
// Count (number of set bits). // Count (number of set bits).
// Also known as "popcount" or "popularity count". // Also known as "popcount" or "population count".
func (b *BitSet) Count() uint { func (b *BitSet) Count() uint {
if b != nil && b.set != nil { if b != nil && b.set != nil {
return uint(popcntSlice(b.set)) return uint(popcntSlice(b.set))

3
vendor/github.com/bits-and-blooms/bitset/go.mod generated vendored Normal file
View file

@ -0,0 +1,3 @@
module github.com/bits-and-blooms/bitset
go 1.14

0
vendor/github.com/willf/bitset/popcnt.go → vendor/github.com/bits-and-blooms/bitset/popcnt.go generated vendored
View file

0
vendor/github.com/willf/bitset/popcnt_19.go → vendor/github.com/bits-and-blooms/bitset/popcnt_19.go generated vendored
View file

0
vendor/github.com/willf/bitset/popcnt_amd64.go → vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.go generated vendored
View file

0
vendor/github.com/willf/bitset/popcnt_amd64.s → vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.s generated vendored
View file

0
vendor/github.com/willf/bitset/popcnt_generic.go → vendor/github.com/bits-and-blooms/bitset/popcnt_generic.go generated vendored
View file

0
vendor/github.com/willf/bitset/trailing_zeros_18.go → vendor/github.com/bits-and-blooms/bitset/trailing_zeros_18.go generated vendored
View file

0
vendor/github.com/willf/bitset/trailing_zeros_19.go → vendor/github.com/bits-and-blooms/bitset/trailing_zeros_19.go generated vendored
View file

4
vendor/github.com/opencontainers/selinux/go-selinux/doc.go generated vendored
View file

@ -1,10 +1,6 @@
/* /*
Package selinux provides a high-level interface for interacting with selinux. Package selinux provides a high-level interface for interacting with selinux.
This package uses a selinux build tag to enable the selinux functionality. This
allows non-linux and linux users who do not have selinux support to still use
tools that rely on this library.
Usage: Usage:
import "github.com/opencontainers/selinux/go-selinux" import "github.com/opencontainers/selinux/go-selinux"

5
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go generated vendored
View file

@ -25,6 +25,8 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
// the container. A list of options can be passed into this function to alter // the container. A list of options can be passed into this function to alter
// the labels. The labels returned will include a random MCS String, that is // the labels. The labels returned will include a random MCS String, that is
// guaranteed to be unique. // guaranteed to be unique.
// If the disabled flag is passed in, the process label will not be set, but the mount label will be set
// to the container_file label with the maximum category. This label is not usable by any confined label.
func InitLabels(options []string) (plabel string, mlabel string, retErr error) { func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
if !selinux.GetEnabled() { if !selinux.GetEnabled() {
return "", "", nil return "", "", nil
@ -47,7 +49,8 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
} }
for _, opt := range options { for _, opt := range options {
if opt == "disable" { if opt == "disable" {
return "", mountLabel, nil selinux.ReleaseLabel(mountLabel)
return "", selinux.PrivContainerMountLabel(), nil
} }
if i := strings.Index(opt, ":"); i == -1 { if i := strings.Index(opt, ":"); i == -1 {
return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt)

10
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go generated vendored
View file

@ -11,9 +11,10 @@ const (
Permissive = 0 Permissive = 0
// Disabled constant to indicate SELinux is disabled // Disabled constant to indicate SELinux is disabled
Disabled = -1 Disabled = -1
// maxCategory is the maximum number of categories used within containers
maxCategory = 1024
// DefaultCategoryRange is the upper bound on the category range // DefaultCategoryRange is the upper bound on the category range
DefaultCategoryRange = uint32(1024) DefaultCategoryRange = uint32(maxCategory)
) )
var ( var (
@ -276,3 +277,8 @@ func DisableSecOpt() []string {
func GetDefaultContextWithLevel(user, level, scon string) (string, error) { func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
return getDefaultContextWithLevel(user, level, scon) return getDefaultContextWithLevel(user, level, scon)
} }
// PrivContainerMountLabel returns mount label for privileged containers
func PrivContainerMountLabel() string {
return privContainerMountLabel
}

13
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go generated vendored
View file

@ -16,9 +16,9 @@ import (
"strings" "strings"
"sync" "sync"
"github.com/bits-and-blooms/bitset"
"github.com/opencontainers/selinux/pkg/pwalk" "github.com/opencontainers/selinux/pkg/pwalk"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/willf/bitset"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
@ -892,13 +892,13 @@ func openContextFile() (*os.File, error) {
return os.Open(lxcPath) return os.Open(lxcPath)
} }
var labels = loadLabels() var labels, privContainerMountLabel = loadLabels()
func loadLabels() map[string]string { func loadLabels() (map[string]string, string) {
labels := make(map[string]string) labels := make(map[string]string)
in, err := openContextFile() in, err := openContextFile()
if err != nil { if err != nil {
return labels return labels, ""
} }
defer in.Close() defer in.Close()
@ -920,7 +920,10 @@ func loadLabels() map[string]string {
} }
} }
return labels con, _ := NewContext(labels["file"])
con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
reserveLabel(con.get())
return labels, con.get()
} }
// kvmContainerLabels returns the default processLabel and mountLabel to be used // kvmContainerLabels returns the default processLabel and mountLabel to be used

2
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go generated vendored
View file

@ -2,6 +2,8 @@
package selinux package selinux
const privContainerMountLabel = ""
func setDisabled() { func setDisabled() {
} }

2
vendor/github.com/opencontainers/selinux/go.mod generated vendored
View file

@ -3,7 +3,7 @@ module github.com/opencontainers/selinux
go 1.13 go 1.13
require ( require (
github.com/bits-and-blooms/bitset v1.2.0
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/willf/bitset v1.1.11
golang.org/x/sys v0.0.0-20191115151921-52ab43148777 golang.org/x/sys v0.0.0-20191115151921-52ab43148777
) )

3
vendor/github.com/willf/bitset/go.mod generated vendored
View file

@ -1,3 +0,0 @@
module github.com/willf/bitset
go 1.14