mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #11758 from crosbymichael/update-libct-mar25
Update libcontainer to a6044b701c166fe538fc760f9e2
This commit is contained in:
Michael Crosby
commit
3d9cbf0e71
6 changed files with 16 additions and 25 deletions
|
|
@ -75,7 +75,7 @@ rm -rf src/github.com/docker/distribution
|
|||
mkdir -p src/github.com/docker/distribution
|
||||
mv tmp-digest src/github.com/docker/distribution/digest
|
||||
|
||||
clone git github.com/docker/libcontainer fd0087d3acdc4c5865de1829d4accee5e3ebb658
|
||||
clone git github.com/docker/libcontainer a6044b701c166fe538fc760f9e2dcea3d737cd2a
|
||||
# see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
|
||||
rm -rf src/github.com/docker/libcontainer/vendor
|
||||
eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')"
|
||||
|
|
|
|||
|
|
@ -173,9 +173,6 @@ func (m *Manager) Freeze(state configs.FreezerState) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !cgroups.PathExists(dir) {
|
||||
return cgroups.NewNotFoundError("freezer")
|
||||
}
|
||||
|
||||
prevState := m.Cgroups.Freezer
|
||||
m.Cgroups.Freezer = state
|
||||
|
|
@ -200,9 +197,6 @@ func (m *Manager) GetPids() ([]int, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !cgroups.PathExists(dir) {
|
||||
return nil, cgroups.NewNotFoundError("devices")
|
||||
}
|
||||
|
||||
return cgroups.ReadProcsFile(dir)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ func populateProcessEnvironment(env []string) error {
|
|||
|
||||
// finalizeNamespace drops the caps, sets the correct user
|
||||
// and working dir, and closes any leaked file descriptors
|
||||
// before execing the command inside the namespace
|
||||
// before executing the command inside the namespace
|
||||
func finalizeNamespace(config *initConfig) error {
|
||||
// Ensure that all non-standard fds we may have accidentally
|
||||
// inherited are marked close-on-exec so they stay out of the
|
||||
|
|
|
|||
|
|
@ -186,7 +186,9 @@ func reOpenDevNull(rootfs string) error {
|
|||
func createDevices(config *configs.Config) error {
|
||||
oldMask := syscall.Umask(0000)
|
||||
for _, node := range config.Devices {
|
||||
if err := createDeviceNode(config.Rootfs, node); err != nil {
|
||||
// containers running in a user namespace are not allowed to mknod
|
||||
// devices so we can just bind mount it from the host.
|
||||
if err := createDeviceNode(config.Rootfs, node, config.Namespaces.Contains(configs.NEWUSER)); err != nil {
|
||||
syscall.Umask(oldMask)
|
||||
return err
|
||||
}
|
||||
|
|
@ -196,20 +198,13 @@ func createDevices(config *configs.Config) error {
|
|||
}
|
||||
|
||||
// Creates the device node in the rootfs of the container.
|
||||
func createDeviceNode(rootfs string, node *configs.Device) error {
|
||||
func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
|
||||
dest := filepath.Join(rootfs, node.Path)
|
||||
if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := mknodDevice(dest, node); err != nil {
|
||||
if os.IsExist(err) {
|
||||
return nil
|
||||
}
|
||||
if err != syscall.EPERM {
|
||||
return err
|
||||
}
|
||||
// containers running in a user namespace are not allowed to mknod
|
||||
// devices so we can just bind mount it from the host.
|
||||
|
||||
if bind {
|
||||
f, err := os.Create(dest)
|
||||
if err != nil && !os.IsExist(err) {
|
||||
return err
|
||||
|
|
@ -219,6 +214,12 @@ func createDeviceNode(rootfs string, node *configs.Device) error {
|
|||
}
|
||||
return syscall.Mount(node.Path, dest, "bind", syscall.MS_BIND, "")
|
||||
}
|
||||
if err := mknodDevice(dest, node); err != nil {
|
||||
if os.IsExist(err) {
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,6 +44,6 @@ clone git github.com/codegangsta/cli 1.1.0
|
|||
clone git github.com/coreos/go-systemd v2
|
||||
clone git github.com/godbus/dbus v2
|
||||
clone git github.com/Sirupsen/logrus v0.6.6
|
||||
clone git github.com/syndtr/gocapability e55e583369
|
||||
clone git github.com/syndtr/gocapability 8e4cdcb
|
||||
|
||||
# intentionally not vendoring Docker itself... that'd be a circle :)
|
||||
|
|
|
|||
|
|
@ -417,10 +417,6 @@ func (c *capsV3) Load() (err error) {
|
|||
}
|
||||
|
||||
func (c *capsV3) Apply(kind CapType) (err error) {
|
||||
err = initLastCap()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if kind&BOUNDS == BOUNDS {
|
||||
var data [2]capData
|
||||
err = capget(&c.hdr, &data[0])
|
||||
|
|
@ -428,7 +424,7 @@ func (c *capsV3) Apply(kind CapType) (err error) {
|
|||
return
|
||||
}
|
||||
if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
|
||||
for i := Cap(0); i <= capLastCap; i++ {
|
||||
for i := Cap(0); i <= CAP_LAST_CAP; i++ {
|
||||
if c.Get(BOUNDING, i) {
|
||||
continue
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue