mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #42478 from thaJeztah/bump_selinux
vendor: github.com/opencontainers/selinux v1.8.2
This commit is contained in:
commit
f45ca809a6
19 changed files with 55 additions and 25 deletions
|
@ -179,8 +179,8 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9
|
|||
# metrics
|
||||
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
|
||||
|
||||
github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0
|
||||
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11
|
||||
github.com/opencontainers/selinux 76bc82e11d854d3e40c08889d13c98abcea72ea2 # v1.8.2
|
||||
github.com/bits-and-blooms/bitset 59de210119f50cedaa42d175dc88b6335fcf63f6 # v1.2.0
|
||||
|
||||
|
||||
# archive/tar
|
||||
|
|
|
@ -2,10 +2,9 @@
|
|||
|
||||
*Go language library to map between non-negative integers and boolean values*
|
||||
|
||||
[![Test](https://github.com/willf/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
|
||||
[![Master Coverage Status](https://coveralls.io/repos/willf/bitset/badge.svg?branch=master&service=github)](https://coveralls.io/github/willf/bitset?branch=master)
|
||||
[![Test](https://github.com/bits-and-blooms/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
|
||||
[![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset)
|
||||
[![PkgGoDev](https://pkg.go.dev/badge/github.com/willf/bitset?tab=doc)](https://pkg.go.dev/github.com/willf/bitset?tab=doc)
|
||||
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bits-and-blooms/bitset?tab=doc)](https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc)
|
||||
|
||||
|
||||
## Description
|
||||
|
@ -30,7 +29,7 @@ import (
|
|||
"fmt"
|
||||
"math/rand"
|
||||
|
||||
"github.com/willf/bitset"
|
||||
"github.com/bits-and-blooms/bitset"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -63,7 +62,7 @@ func main() {
|
|||
|
||||
As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets.
|
||||
|
||||
Package documentation is at: https://pkg.go.dev/github.com/willf/bitset?tab=doc
|
||||
Package documentation is at: https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc
|
||||
|
||||
## Memory Usage
|
||||
|
||||
|
@ -78,7 +77,7 @@ It is possible that a later version will match the `math/bits` return signature
|
|||
## Installation
|
||||
|
||||
```bash
|
||||
go get github.com/willf/bitset
|
||||
go get github.com/bits-and-blooms/bitset
|
||||
```
|
||||
|
||||
## Contributing
|
|
@ -209,6 +209,27 @@ func (b *BitSet) Flip(i uint) *BitSet {
|
|||
return b
|
||||
}
|
||||
|
||||
// FlipRange bit in [start, end).
|
||||
// If end>= Cap(), this function will panic.
|
||||
// Warning: using a very large value for 'end'
|
||||
// may lead to a memory shortage and a panic: the caller is responsible
|
||||
// for providing sensible parameters in line with their memory capacity.
|
||||
func (b *BitSet) FlipRange(start, end uint) *BitSet {
|
||||
if start >= end {
|
||||
return b
|
||||
}
|
||||
|
||||
b.extendSetMaybe(end - 1)
|
||||
var startWord uint = start >> log2WordSize
|
||||
var endWord uint = end >> log2WordSize
|
||||
b.set[startWord] ^= ^(^uint64(0) << (start & (wordSize - 1)))
|
||||
for i := startWord; i < endWord; i++ {
|
||||
b.set[i] = ^b.set[i]
|
||||
}
|
||||
b.set[endWord] ^= ^uint64(0) >> (-end & (wordSize - 1))
|
||||
return b
|
||||
}
|
||||
|
||||
// Shrink shrinks BitSet so that the provided value is the last possible
|
||||
// set value. It clears all bits > the provided index and reduces the size
|
||||
// and length of the set.
|
||||
|
@ -519,7 +540,7 @@ func (b *BitSet) Copy(c *BitSet) (count uint) {
|
|||
}
|
||||
|
||||
// Count (number of set bits).
|
||||
// Also known as "popcount" or "popularity count".
|
||||
// Also known as "popcount" or "population count".
|
||||
func (b *BitSet) Count() uint {
|
||||
if b != nil && b.set != nil {
|
||||
return uint(popcntSlice(b.set))
|
3
vendor/github.com/bits-and-blooms/bitset/go.mod
generated
vendored
Normal file
3
vendor/github.com/bits-and-blooms/bitset/go.mod
generated
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
module github.com/bits-and-blooms/bitset
|
||||
|
||||
go 1.14
|
4
vendor/github.com/opencontainers/selinux/go-selinux/doc.go
generated
vendored
4
vendor/github.com/opencontainers/selinux/go-selinux/doc.go
generated
vendored
|
@ -1,10 +1,6 @@
|
|||
/*
|
||||
Package selinux provides a high-level interface for interacting with selinux.
|
||||
|
||||
This package uses a selinux build tag to enable the selinux functionality. This
|
||||
allows non-linux and linux users who do not have selinux support to still use
|
||||
tools that rely on this library.
|
||||
|
||||
Usage:
|
||||
|
||||
import "github.com/opencontainers/selinux/go-selinux"
|
||||
|
|
5
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
generated
vendored
5
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
generated
vendored
|
@ -25,6 +25,8 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
|
|||
// the container. A list of options can be passed into this function to alter
|
||||
// the labels. The labels returned will include a random MCS String, that is
|
||||
// guaranteed to be unique.
|
||||
// If the disabled flag is passed in, the process label will not be set, but the mount label will be set
|
||||
// to the container_file label with the maximum category. This label is not usable by any confined label.
|
||||
func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
|
||||
if !selinux.GetEnabled() {
|
||||
return "", "", nil
|
||||
|
@ -47,7 +49,8 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
|
|||
}
|
||||
for _, opt := range options {
|
||||
if opt == "disable" {
|
||||
return "", mountLabel, nil
|
||||
selinux.ReleaseLabel(mountLabel)
|
||||
return "", selinux.PrivContainerMountLabel(), nil
|
||||
}
|
||||
if i := strings.Index(opt, ":"); i == -1 {
|
||||
return "", "", errors.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt)
|
||||
|
|
10
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
generated
vendored
10
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
generated
vendored
|
@ -11,9 +11,10 @@ const (
|
|||
Permissive = 0
|
||||
// Disabled constant to indicate SELinux is disabled
|
||||
Disabled = -1
|
||||
|
||||
// maxCategory is the maximum number of categories used within containers
|
||||
maxCategory = 1024
|
||||
// DefaultCategoryRange is the upper bound on the category range
|
||||
DefaultCategoryRange = uint32(1024)
|
||||
DefaultCategoryRange = uint32(maxCategory)
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -276,3 +277,8 @@ func DisableSecOpt() []string {
|
|||
func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
|
||||
return getDefaultContextWithLevel(user, level, scon)
|
||||
}
|
||||
|
||||
// PrivContainerMountLabel returns mount label for privileged containers
|
||||
func PrivContainerMountLabel() string {
|
||||
return privContainerMountLabel
|
||||
}
|
||||
|
|
13
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
13
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
|
@ -16,9 +16,9 @@ import (
|
|||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/bits-and-blooms/bitset"
|
||||
"github.com/opencontainers/selinux/pkg/pwalk"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/willf/bitset"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
|
@ -892,13 +892,13 @@ func openContextFile() (*os.File, error) {
|
|||
return os.Open(lxcPath)
|
||||
}
|
||||
|
||||
var labels = loadLabels()
|
||||
var labels, privContainerMountLabel = loadLabels()
|
||||
|
||||
func loadLabels() map[string]string {
|
||||
func loadLabels() (map[string]string, string) {
|
||||
labels := make(map[string]string)
|
||||
in, err := openContextFile()
|
||||
if err != nil {
|
||||
return labels
|
||||
return labels, ""
|
||||
}
|
||||
defer in.Close()
|
||||
|
||||
|
@ -920,7 +920,10 @@ func loadLabels() map[string]string {
|
|||
}
|
||||
}
|
||||
|
||||
return labels
|
||||
con, _ := NewContext(labels["file"])
|
||||
con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
|
||||
reserveLabel(con.get())
|
||||
return labels, con.get()
|
||||
}
|
||||
|
||||
// kvmContainerLabels returns the default processLabel and mountLabel to be used
|
||||
|
|
2
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
2
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
|
@ -2,6 +2,8 @@
|
|||
|
||||
package selinux
|
||||
|
||||
const privContainerMountLabel = ""
|
||||
|
||||
func setDisabled() {
|
||||
}
|
||||
|
||||
|
|
2
vendor/github.com/opencontainers/selinux/go.mod
generated
vendored
2
vendor/github.com/opencontainers/selinux/go.mod
generated
vendored
|
@ -3,7 +3,7 @@ module github.com/opencontainers/selinux
|
|||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/bits-and-blooms/bitset v1.2.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/willf/bitset v1.1.11
|
||||
golang.org/x/sys v0.0.0-20191115151921-52ab43148777
|
||||
)
|
||||
|
|
3
vendor/github.com/willf/bitset/go.mod
generated
vendored
3
vendor/github.com/willf/bitset/go.mod
generated
vendored
|
@ -1,3 +0,0 @@
|
|||
module github.com/willf/bitset
|
||||
|
||||
go 1.14
|
Loading…
Reference in a new issue