diff --git a/hack/vendor.sh b/hack/vendor.sh index cbdef927a2..0a35182d49 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -64,7 +64,7 @@ if [ "$1" = '--go' ]; then mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar fi -clone git github.com/docker/libcontainer b3570267c7b7995d5d618974d8f7be4fe5ab076a +clone git github.com/docker/libcontainer 4f409628d80b9842004a3f17c9228e54e73da258 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file) rm -rf src/github.com/docker/libcontainer/vendor eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')" diff --git a/vendor/src/github.com/docker/libcontainer/Makefile b/vendor/src/github.com/docker/libcontainer/Makefile index 4744c5efcc..0ec995fc3c 100644 --- a/vendor/src/github.com/docker/libcontainer/Makefile +++ b/vendor/src/github.com/docker/libcontainer/Makefile @@ -9,7 +9,7 @@ test: sh: docker run --rm -it --privileged -w /busybox docker/libcontainer nsinit exec sh -GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u) +GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune -o -wholename ./.git -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u) direct-test: go test -cover -v $(GO_PACKAGES) diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go b/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go index 537336a493..e8c52938ce 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go +++ b/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go @@ -20,7 +20,7 @@ const ( func TestParseCgroups(t *testing.T) { r := bytes.NewBuffer([]byte(cgroupsContents)) - _, err := parseCgroupFile("blkio", r) + _, err := ParseCgroupFile("blkio", r) if err != nil { t.Fatal(err) } diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/utils.go b/vendor/src/github.com/docker/libcontainer/cgroups/utils.go index 5516c5a222..77a3c0d7c5 100644 --- a/vendor/src/github.com/docker/libcontainer/cgroups/utils.go +++ b/vendor/src/github.com/docker/libcontainer/cgroups/utils.go @@ -115,7 +115,7 @@ func GetThisCgroupDir(subsystem string) (string, error) { } defer f.Close() - return parseCgroupFile(subsystem, f) + return ParseCgroupFile(subsystem, f) } func GetInitCgroupDir(subsystem string) (string, error) { @@ -125,7 +125,7 @@ func GetInitCgroupDir(subsystem string) (string, error) { } defer f.Close() - return parseCgroupFile(subsystem, f) + return ParseCgroupFile(subsystem, f) } func ReadProcsFile(dir string) ([]int, error) { @@ -152,7 +152,7 @@ func ReadProcsFile(dir string) ([]int, error) { return out, nil } -func parseCgroupFile(subsystem string, r io.Reader) (string, error) { +func ParseCgroupFile(subsystem string, r io.Reader) (string, error) { s := bufio.NewScanner(r) for s.Scan() { diff --git a/vendor/src/github.com/docker/libcontainer/label/label_selinux.go b/vendor/src/github.com/docker/libcontainer/label/label_selinux.go index 0a9a82052c..65b84797b5 100644 --- a/vendor/src/github.com/docker/libcontainer/label/label_selinux.go +++ b/vendor/src/github.com/docker/libcontainer/label/label_selinux.go @@ -67,20 +67,17 @@ func FormatMountLabel(src, mountLabel string) string { // SetProcessLabel takes a process label and tells the kernel to assign the // label to the next program executed by the current process. func SetProcessLabel(processLabel string) error { - if selinux.SelinuxEnabled() { - return selinux.Setexeccon(processLabel) + if processLabel == "" { + return nil } - return nil + return selinux.Setexeccon(processLabel) } // GetProcessLabel returns the process label that the kernel will assign // to the next program executed by the current process. If "" is returned // this indicates that the default labeling will happen for the process. func GetProcessLabel() (string, error) { - if selinux.SelinuxEnabled() { - return selinux.Getexeccon() - } - return "", nil + return selinux.Getexeccon() } // SetFileLabel modifies the "path" label to the specified file label @@ -110,9 +107,6 @@ func Relabel(path string, fileLabel string, relabel string) error { // GetPidLabel will return the label of the process running with the specified pid func GetPidLabel(pid int) (string, error) { - if !selinux.SelinuxEnabled() { - return "", nil - } return selinux.Getpidcon(pid) } diff --git a/vendor/src/github.com/docker/libcontainer/selinux/selinux.go b/vendor/src/github.com/docker/libcontainer/selinux/selinux.go index bfa79578fe..e0c90ee551 100644 --- a/vendor/src/github.com/docker/libcontainer/selinux/selinux.go +++ b/vendor/src/github.com/docker/libcontainer/selinux/selinux.go @@ -173,13 +173,10 @@ func Getpidcon(pid int) (string, error) { } func Getexeccon() (string, error) { - return readCon("/proc/self/attr/exec") + return readCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid())) } func writeCon(name string, val string) error { - if !SelinuxEnabled() { - return nil - } out, err := os.OpenFile(name, os.O_WRONLY, 0) if err != nil { return err @@ -388,9 +385,6 @@ func SecurityCheckContext(val string) error { } func CopyLevel(src, dest string) (string, error) { - if !SelinuxEnabled() { - return "", nil - } if src == "" { return "", nil } @@ -424,7 +418,7 @@ func badPrefix(fpath string) error { // If the fpath is a directory and recurse is true Chcon will walk the // directory tree setting the label func Chcon(fpath string, scon string, recurse bool) error { - if !SelinuxEnabled() { + if scon == "" { return nil } if err := badPrefix(fpath); err != nil {