diff --git a/Dockerfile b/Dockerfile index 65ff87f7f6..119bbdc3ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -248,7 +248,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index b26424d6c8..ec59c7ebc3 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -181,7 +181,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 739f5db10b..5fd488055a 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -200,7 +200,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.gccgo b/Dockerfile.gccgo index 30500e3ecc..1156a97330 100644 --- a/Dockerfile.gccgo +++ b/Dockerfile.gccgo @@ -74,7 +74,7 @@ WORKDIR /go/src/github.com/docker/docker ENV DOCKER_BUILDTAGS apparmor seccomp selinux # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index dc559c9027..2b7411e799 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -199,7 +199,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index 929ce92e61..00b551e01f 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -178,7 +178,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.simple b/Dockerfile.simple index 2113af6cdd..aabadadacc 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -30,7 +30,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go index ca9ed020f3..0c3636ce1d 100644 --- a/daemon/oci_linux.go +++ b/daemon/oci_linux.go @@ -671,6 +671,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e } s.Process.SelinuxLabel = c.GetProcessLabel() s.Process.NoNewPrivileges = c.NoNewPrivileges + s.Linux.MountLabel = c.MountLabel return (*libcontainerd.Spec)(&s), nil } diff --git a/hack/vendor.sh b/hack/vendor.sh index edc4590e43..e5a65477f4 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -61,7 +61,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c clone git github.com/opencontainers/runc 7b6c4c418d5090f4f11eee949fdf49afd15838c9 # libcontainer -clone git github.com/opencontainers/specs 93ca97e83ca7fb4fba6d9e30d5470f99ddc02d11 # specs +clone git github.com/opencontainers/specs f955d90e70a98ddfb886bd930ffd076da9b67998 # specs clone git github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) clone git github.com/coreos/go-systemd v4 diff --git a/vendor/src/github.com/opencontainers/specs/specs-go/config.go b/vendor/src/github.com/opencontainers/specs/specs-go/config.go index 3e5d499e88..45e604cc3d 100644 --- a/vendor/src/github.com/opencontainers/specs/specs-go/config.go +++ b/vendor/src/github.com/opencontainers/specs/specs-go/config.go @@ -49,7 +49,7 @@ type Process struct { // ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent) ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` - // SelinuxProcessLabel specifies the selinux context that the container process is run as. (this field is platform dependent) + // SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent) SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` } @@ -140,6 +140,8 @@ type Linux struct { MaskedPaths []string `json:"maskedPaths,omitempty"` // ReadonlyPaths sets the provided paths as RO inside the container. ReadonlyPaths []string `json:"readonlyPaths,omitempty"` + // MountLabel specifies the selinux context for the mounts in the container. + MountLabel string `json:"mountLabel,omitempty"` } // Namespace is the configuration for a Linux namespace diff --git a/vendor/src/github.com/opencontainers/specs/specs-go/version.go b/vendor/src/github.com/opencontainers/specs/specs-go/version.go index 27f45e08b3..371289aea5 100644 --- a/vendor/src/github.com/opencontainers/specs/specs-go/version.go +++ b/vendor/src/github.com/opencontainers/specs/specs-go/version.go @@ -6,7 +6,7 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 0 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 5 + VersionMinor = 6 // VersionPatch is for backwards-compatible bug fixes VersionPatch = 0