mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #30729 from dmcgowan/update-go-connections
Update go-connections package
This commit is contained in:
commit
d8b0d2b9e9
7 changed files with 49 additions and 57 deletions
32
pkg/listeners/group_unix.go
Normal file
32
pkg/listeners/group_unix.go
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
// +build !windows
|
||||||
|
|
||||||
|
package listeners
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/opencontainers/runc/libcontainer/user"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
func lookupGID(name string) (int, error) {
|
||||||
|
groupFile, err := user.GetGroupPath()
|
||||||
|
if err != nil {
|
||||||
|
return -1, errors.Wrap(err, "error looking up groups")
|
||||||
|
}
|
||||||
|
groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
|
||||||
|
return g.Name == name || strconv.Itoa(g.Gid) == name
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return -1, errors.Wrapf(err, "error parsing groups for %s", name)
|
||||||
|
}
|
||||||
|
if groups != nil && len(groups) > 0 {
|
||||||
|
return groups[0].Gid, nil
|
||||||
|
}
|
||||||
|
gid, err := strconv.Atoi(name)
|
||||||
|
if err == nil {
|
||||||
|
return gid, nil
|
||||||
|
}
|
||||||
|
return -1, fmt.Errorf("group %s not found", name)
|
||||||
|
}
|
|
@ -18,7 +18,11 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
|
||||||
}
|
}
|
||||||
ls = append(ls, l)
|
ls = append(ls, l)
|
||||||
case "unix":
|
case "unix":
|
||||||
l, err := sockets.NewUnixSocket(addr, socketGroup)
|
gid, err := lookupGID(socketGroup)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
l, err := sockets.NewUnixSocket(addr, gid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
|
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,11 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listene
|
||||||
}
|
}
|
||||||
ls = append(ls, l)
|
ls = append(ls, l)
|
||||||
case "unix":
|
case "unix":
|
||||||
l, err := sockets.NewUnixSocket(addr, socketGroup)
|
gid, err := lookupGID(socketGroup)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
l, err := sockets.NewUnixSocket(addr, gid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
|
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
|
||||||
golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
|
golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
|
||||||
golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
|
golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
|
||||||
github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
|
github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
|
||||||
github.com/docker/go-connections 4ccf312bf1d35e5dbda654e57a9be4c3f3cd0366
|
github.com/docker/go-connections 7da10c8c50cad14494ec818dcdfb6506265c0086
|
||||||
golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
|
golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
|
||||||
|
|
||||||
github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
|
github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
|
||||||
|
|
56
vendor/github.com/docker/go-connections/sockets/unix_socket.go
generated
vendored
56
vendor/github.com/docker/go-connections/sockets/unix_socket.go
generated
vendored
|
@ -1,30 +1,26 @@
|
||||||
// +build linux freebsd solaris
|
// +build !windows
|
||||||
|
|
||||||
package sockets
|
package sockets
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
|
||||||
"github.com/opencontainers/runc/libcontainer/user"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewUnixSocket creates a unix socket with the specified path and group.
|
// NewUnixSocket creates a unix socket with the specified path and group.
|
||||||
func NewUnixSocket(path, group string) (net.Listener, error) {
|
func NewUnixSocket(path string, gid int) (net.Listener, error) {
|
||||||
if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
|
if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
mask := syscall.Umask(0777)
|
mask := syscall.Umask(0777)
|
||||||
defer syscall.Umask(mask)
|
defer syscall.Umask(mask)
|
||||||
|
|
||||||
l, err := net.Listen("unix", path)
|
l, err := net.Listen("unix", path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if err := setSocketGroup(path, group); err != nil {
|
if err := os.Chown(path, 0, gid); err != nil {
|
||||||
l.Close()
|
l.Close()
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -34,47 +30,3 @@ func NewUnixSocket(path, group string) (net.Listener, error) {
|
||||||
}
|
}
|
||||||
return l, nil
|
return l, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func setSocketGroup(path, group string) error {
|
|
||||||
if group == "" {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
if err := changeGroup(path, group); err != nil {
|
|
||||||
if group != "docker" {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
logrus.Debugf("Warning: could not change group %s to docker: %v", path, err)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func changeGroup(path string, nameOrGid string) error {
|
|
||||||
gid, err := lookupGidByName(nameOrGid)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
logrus.Debugf("%s group found. gid: %d", nameOrGid, gid)
|
|
||||||
return os.Chown(path, 0, gid)
|
|
||||||
}
|
|
||||||
|
|
||||||
func lookupGidByName(nameOrGid string) (int, error) {
|
|
||||||
groupFile, err := user.GetGroupPath()
|
|
||||||
if err != nil {
|
|
||||||
return -1, err
|
|
||||||
}
|
|
||||||
groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
|
|
||||||
return g.Name == nameOrGid || strconv.Itoa(g.Gid) == nameOrGid
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
return -1, err
|
|
||||||
}
|
|
||||||
if groups != nil && len(groups) > 0 {
|
|
||||||
return groups[0].Gid, nil
|
|
||||||
}
|
|
||||||
gid, err := strconv.Atoi(nameOrGid)
|
|
||||||
if err == nil {
|
|
||||||
logrus.Warnf("Could not find GID %d", gid)
|
|
||||||
return gid, nil
|
|
||||||
}
|
|
||||||
return -1, fmt.Errorf("Group %s not found", nameOrGid)
|
|
||||||
}
|
|
||||||
|
|
2
vendor/github.com/docker/go-connections/tlsconfig/certpool_go17.go
generated
vendored
2
vendor/github.com/docker/go-connections/tlsconfig/certpool_go17.go
generated
vendored
|
@ -14,7 +14,7 @@ import (
|
||||||
func SystemCertPool() (*x509.CertPool, error) {
|
func SystemCertPool() (*x509.CertPool, error) {
|
||||||
certpool, err := x509.SystemCertPool()
|
certpool, err := x509.SystemCertPool()
|
||||||
if err != nil && runtime.GOOS == "windows" {
|
if err != nil && runtime.GOOS == "windows" {
|
||||||
logrus.Warnf("Unable to use system certificate pool: %v", err)
|
logrus.Infof("Unable to use system certificate pool: %v", err)
|
||||||
return x509.NewCertPool(), nil
|
return x509.NewCertPool(), nil
|
||||||
}
|
}
|
||||||
return certpool, err
|
return certpool, err
|
||||||
|
|
2
vendor/github.com/docker/go-connections/tlsconfig/config.go
generated
vendored
2
vendor/github.com/docker/go-connections/tlsconfig/config.go
generated
vendored
|
@ -118,7 +118,7 @@ func Server(options Options) (*tls.Config, error) {
|
||||||
return nil, fmt.Errorf("Error reading X509 key pair (cert: %q, key: %q): %v. Make sure the key is not encrypted.", options.CertFile, options.KeyFile, err)
|
return nil, fmt.Errorf("Error reading X509 key pair (cert: %q, key: %q): %v. Make sure the key is not encrypted.", options.CertFile, options.KeyFile, err)
|
||||||
}
|
}
|
||||||
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
tlsConfig.Certificates = []tls.Certificate{tlsCert}
|
||||||
if options.ClientAuth >= tls.VerifyClientCertIfGiven {
|
if options.ClientAuth >= tls.VerifyClientCertIfGiven && options.CAFile != "" {
|
||||||
CAs, err := certPool(options.CAFile)
|
CAs, err := certPool(options.CAFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
Loading…
Reference in a new issue