diff --git a/go.mod b/go.mod index 39a78e489e..e7edbed742 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.2.0 github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07 - github.com/containers/common v0.53.1-0.20230502134647-9cd0cc23c80f + github.com/containers/common v0.53.1-0.20230504080917-ea87b34db578 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.25.0 github.com/containers/libhvee v0.0.5 diff --git a/go.sum b/go.sum index bdb2acbcef..369ad71722 100644 --- a/go.sum +++ b/go.sum @@ -239,8 +239,8 @@ github.com/containernetworking/plugins v1.2.0 h1:SWgg3dQG1yzUo4d9iD8cwSVh1VqI+bP github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07 h1:Bs2sNFh/fSYr4J6JJLFqzyn3dp6HhlA6ewFwRYUpeIE= github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07/go.mod h1:6A/BK0YJLXL8+AqlbceKJrhUT+NtEgsvAc51F7TAllc= -github.com/containers/common v0.53.1-0.20230502134647-9cd0cc23c80f h1:NGr0tr+qnavYQ3m+ajnrCLCp7y/YlGj14OXsYD5RhqY= -github.com/containers/common v0.53.1-0.20230502134647-9cd0cc23c80f/go.mod h1:uG5iTo9KbPxcyj3nsq0OPbBRTrSsrXKIMNRw4D6rt/w= +github.com/containers/common v0.53.1-0.20230504080917-ea87b34db578 h1:L1R4f5YgYarBGyBlDJENxGLpgGctZuZM4XW9E/ApZAc= +github.com/containers/common v0.53.1-0.20230504080917-ea87b34db578/go.mod h1:kak9YKgTl0M43pCQTkAI6SwVm1LDsItO+7A/2cFp7FE= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.25.0 h1:TJ0unmalbU+scd0i3Txap2wjGsAnv06MSCwgn6bsizk= diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 140f10651f..dbf32a80c6 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -143,6 +143,12 @@ type ContainersConfig struct { // Labeling to separate containers (SELinux) EnableLabeling bool `toml:"label,omitempty"` + // EnableLabeledUsers indicates whether to enforce confined users with + // containers on SELinux systems. This option causes containers to + // maintain the current user and role field of the calling process. + // Otherwise containers run with user system_u, and the role system_r. + EnableLabeledUsers bool `toml:"label_users,omitempty"` + // Env is the environment variable list for container process. Env []string `toml:"env,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 5d6e2efe35..71526bdeb0 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -173,6 +173,12 @@ default_sysctls = [ # #label = true +# label_users indicates whether to enforce confined users in containers on +# SELinux systems. This option causes containers to maintain the current user +# and role field of the calling process. By default SELinux containers run with +# the user system_u, and the role system_r. +#label_users = false + # Logging driver for the container. Available options: k8s-file and journald. # #log_driver = "k8s-file" diff --git a/vendor/modules.txt b/vendor/modules.txt index d2b424eee1..33fd4b0750 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -125,7 +125,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.53.1-0.20230502134647-9cd0cc23c80f +# github.com/containers/common v0.53.1-0.20230504080917-ea87b34db578 ## explicit; go 1.18 github.com/containers/common/libimage github.com/containers/common/libimage/define