Update libcontainer to a6044b701c166fe538fc760f9e2

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-03-25 11:32:14 -07:00 · 2015-03-25 11:32:14 -07:00 · b4196f7892
parent e6e2893fa3
commit b4196f7892
6 changed files with 16 additions and 25 deletions
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@ -75,7 +75,7 @@ rm -rf src/github.com/docker/distribution
 mkdir -p src/github.com/docker/distribution
 mv tmp-digest src/github.com/docker/distribution/digest

-clone git github.com/docker/libcontainer fd0087d3acdc4c5865de1829d4accee5e3ebb658
+clone git github.com/docker/libcontainer a6044b701c166fe538fc760f9e2dcea3d737cd2a
 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
 rm -rf src/github.com/docker/libcontainer/vendor
 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')"
--- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@ -173,9 +173,6 @@ func (m *Manager) Freeze(state configs.FreezerState) error {
 	if err != nil {
 		return err
 	}
-	if !cgroups.PathExists(dir) {
-		return cgroups.NewNotFoundError("freezer")
-	}

 	prevState := m.Cgroups.Freezer
 	m.Cgroups.Freezer = state
@ -200,9 +197,6 @@ func (m *Manager) GetPids() ([]int, error) {
 	if err != nil {
 		return nil, err
 	}
-	if !cgroups.PathExists(dir) {
-		return nil, cgroups.NewNotFoundError("devices")
-	}

 	return cgroups.ReadProcsFile(dir)
 }
--- a/vendor/src/github.com/docker/libcontainer/init_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/init_linux.go
@ -91,7 +91,7 @@ func populateProcessEnvironment(env []string) error {

 // finalizeNamespace drops the caps, sets the correct user
 // and working dir, and closes any leaked file descriptors
-// before execing the command inside the namespace
+// before executing the command inside the namespace
 func finalizeNamespace(config *initConfig) error {
 	// Ensure that all non-standard fds we may have accidentally
 	// inherited are marked close-on-exec so they stay out of the
--- a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
@ -186,7 +186,9 @@ func reOpenDevNull(rootfs string) error {
 func createDevices(config *configs.Config) error {
 	oldMask := syscall.Umask(0000)
 	for _, node := range config.Devices {
-		if err := createDeviceNode(config.Rootfs, node); err != nil {
+		// containers running in a user namespace are not allowed to mknod
+		// devices so we can just bind mount it from the host.
+		if err := createDeviceNode(config.Rootfs, node, config.Namespaces.Contains(configs.NEWUSER)); err != nil {
 			syscall.Umask(oldMask)
 			return err
 		}
@ -196,20 +198,13 @@ func createDevices(config *configs.Config) error {
 }

 // Creates the device node in the rootfs of the container.
-func createDeviceNode(rootfs string, node *configs.Device) error {
+func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
 	dest := filepath.Join(rootfs, node.Path)
 	if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil {
 		return err
 	}
-	if err := mknodDevice(dest, node); err != nil {
-		if os.IsExist(err) {
-			return nil
-		}
-		if err != syscall.EPERM {
-			return err
-		}
-		// containers running in a user namespace are not allowed to mknod
-		// devices so we can just bind mount it from the host.
+
+	if bind {
 		f, err := os.Create(dest)
 		if err != nil && !os.IsExist(err) {
 			return err
@ -219,6 +214,12 @@ func createDeviceNode(rootfs string, node *configs.Device) error {
 		}
 		return syscall.Mount(node.Path, dest, "bind", syscall.MS_BIND, "")
 	}
+	if err := mknodDevice(dest, node); err != nil {
+		if os.IsExist(err) {
+			return nil
+		}
+		return err
+	}
 	return nil
 }

--- a/vendor/src/github.com/docker/libcontainer/update-vendor.sh
+++ b/vendor/src/github.com/docker/libcontainer/update-vendor.sh
@ -44,6 +44,6 @@ clone git github.com/codegangsta/cli 1.1.0
 clone git github.com/coreos/go-systemd v2
 clone git github.com/godbus/dbus v2
 clone git github.com/Sirupsen/logrus v0.6.6
-clone git github.com/syndtr/gocapability e55e583369
+clone git github.com/syndtr/gocapability 8e4cdcb

 # intentionally not vendoring Docker itself...  that'd be a circle :)
--- a/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
+++ b/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
@ -417,10 +417,6 @@ func (c *capsV3) Load() (err error) {
 }

 func (c *capsV3) Apply(kind CapType) (err error) {
-	err = initLastCap()
-	if err != nil {
-		return
-	}
 	if kind&BOUNDS == BOUNDS {
 		var data [2]capData
 		err = capget(&c.hdr, &data[0])
@ -428,7 +424,7 @@ func (c *capsV3) Apply(kind CapType) (err error) {
 			return
 		}
 		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
-			for i := Cap(0); i <= capLastCap; i++ {
+			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
 				if c.Get(BOUNDING, i) {
 					continue
 				}