opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-20 20:54:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Vendor common

Browse Source 
Added patch provided by rhatdan to add support for shareable

[NO NEW TESTS NEEDED]

Signed-off-by: rvandernoort <s.r.vandernoort@student.tudelft.nl>
This commit is contained in:
rvandernoort
2022-03-23 14:01:58 +01:00
parent a8743d3327
commit 446c35efdf
12 changed files with 107 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
vendor/github.com/containers/common/libimage/filters.go generated vendored
View File

@ -95,9 +95,15 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp
for _, f := range options.Filters {
var key, value string
var filter filterFunc
split := strings.SplitN(f, "=", 2)
if len(split) != 2 {
return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value")
negate := false
split := strings.SplitN(f, "!=", 2)
if len(split) == 2 {
negate = true
} else {
split = strings.SplitN(f, "=", 2)
if len(split) != 2 {
return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value or filter!=value")
}
}
key = split[0]
@ -182,12 +188,22 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp
default:
return nil, errors.Errorf("unsupported image filter %q", key)
}
if negate {
filter = negateFilter(filter)
}
filters[key] = append(filters[key], filter)
}
return filters, nil
}
func negateFilter(f filterFunc) filterFunc {
return func(img *Image) (bool, error) {
b, err := f(img)
return !b, err
}
}
func (r *Runtime) containers(duplicate map[string]string, key, value string, externalFunc IsExternalContainerFunc) error {
if exists, ok := duplicate[key]; ok && exists != value {
return errors.Errorf("specifying %q filter more than once with different values is not supported", key)

8
vendor/github.com/containers/common/pkg/config/containers.conf generated vendored
View File

@ -133,10 +133,12 @@ default_sysctls = [
# Default way to to create an IPC namespace (POSIX SysV IPC) for the container
# Options are:
# `private` Create private IPC Namespace for the container.
# `host` Share host IPC Namespace with the container.
# "host" Share host IPC Namespace with the container.
# "none" Create shareable IPC Namespace for the container without a private /dev/shm.
# "private" Create private IPC Namespace for the container, other containers are not allowed to share it.
# "shareable" Create shareable IPC Namespace for the container.
#
#ipcns = "private"
#ipcns = "shareable"
# keyring tells the container engine whether to create
# a kernel keyring for use within the container.

2
vendor/github.com/containers/common/pkg/config/default.go generated vendored
View File

@ -205,7 +205,7 @@ func DefaultConfig() (*Config, error) {
HTTPProxy: true,
Init: false,
InitPath: "",
IPCNS: "private",
IPCNS: "shareable",
LogDriver: defaultLogDriver(),
LogSizeMax: DefaultLogSizeMax,
NetNS: "private",

33
vendor/github.com/containers/common/pkg/seccomp/default_linux.go generated vendored
View File

@ -169,6 +169,7 @@ func DefaultProfile() *Seccomp {
"futex",
"futex_time64",
"futimesat",
"get_mempolicy",
"get_robust_list",
"get_thread_area",
"getcpu",
@ -184,7 +185,6 @@ func DefaultProfile() *Seccomp {
"getgroups",
"getgroups32",
"getitimer",
"get_mempolicy",
"getpeername",
"getpgid",
"getpgrp",
@ -274,9 +274,9 @@ func DefaultProfile() *Seccomp {
"nanosleep",
"newfstatat",
"open",
"open_tree",
"openat",
"openat2",
"open_tree",
"pause",
"pidfd_getfd",
"pidfd_open",
@ -296,8 +296,11 @@ func DefaultProfile() *Seccomp {
"preadv2",
"prlimit64",
"process_mrelease",
"process_vm_readv",
"process_vm_writev",
"pselect6",
"pselect6_time64",
"ptrace",
"pwrite64",
"pwritev",
"pwritev2",
@ -356,7 +359,6 @@ func DefaultProfile() *Seccomp {
"sendmmsg",
"sendmsg",
"sendto",
"setns",
"set_mempolicy",
"set_robust_list",
"set_thread_area",
@ -370,6 +372,7 @@ func DefaultProfile() *Seccomp {
"setgroups",
"setgroups32",
"setitimer",
"setns",
"setpgid",
"setpriority",
"setregid",
@ -527,10 +530,10 @@ func DefaultProfile() *Seccomp {
Names: []string{
"arm_fadvise64_64",
"arm_sync_file_range",
"sync_file_range2",
"breakpoint",
"cacheflush",
"set_tls",
"sync_file_range2",
},
Action: ActAllow,
Args: []*Arg{},
@ -653,8 +656,8 @@ func DefaultProfile() *Seccomp {
{
Names: []string{
"delete_module",
"init_module",
"finit_module",
"init_module",
"query_module",
},
Action: ActAllow,
@ -666,8 +669,8 @@ func DefaultProfile() *Seccomp {
{
Names: []string{
"delete_module",
"init_module",
"finit_module",
"init_module",
"query_module",
},
Action: ActErrno,
@ -704,9 +707,6 @@ func DefaultProfile() *Seccomp {
Names: []string{
"kcmp",
"process_madvise",
"process_vm_readv",
"process_vm_writev",
"ptrace",
},
Action: ActAllow,
Args: []*Arg{},
@ -718,9 +718,6 @@ func DefaultProfile() *Seccomp {
Names: []string{
"kcmp",
"process_madvise",
"process_vm_readv",
"process_vm_writev",
"ptrace",
},
Action: ActErrno,
Errno: "EPERM",
@ -732,8 +729,8 @@ func DefaultProfile() *Seccomp {
},
{
Names: []string{
"iopl",
"ioperm",
"iopl",
},
Action: ActAllow,
Args: []*Arg{},
@ -743,8 +740,8 @@ func DefaultProfile() *Seccomp {
},
{
Names: []string{
"iopl",
"ioperm",
"iopl",
},
Action: ActErrno,
Errno: "EPERM",
@ -756,10 +753,10 @@ func DefaultProfile() *Seccomp {
},
{
Names: []string{
"settimeofday",
"stime",
"clock_settime",
"clock_settime64",
"settimeofday",
"stime",
},
Action: ActAllow,
Args: []*Arg{},
@ -769,10 +766,10 @@ func DefaultProfile() *Seccomp {
},
{
Names: []string{
"settimeofday",
"stime",
"clock_settime",
"clock_settime64",
"settimeofday",
"stime",
},
Action: ActErrno,
Errno: "EPERM",

47
vendor/github.com/containers/common/pkg/seccomp/seccomp.json generated vendored
View File

@ -176,6 +176,7 @@
"futex",
"futex_time64",
"futimesat",
"get_mempolicy",
"get_robust_list",
"get_thread_area",
"getcpu",
@ -191,7 +192,6 @@
"getgroups",
"getgroups32",
"getitimer",
"get_mempolicy",
"getpeername",
"getpgid",
"getpgrp",
@ -281,9 +281,9 @@
"nanosleep",
"newfstatat",
"open",
"open_tree",
"openat",
"openat2",
"open_tree",
"pause",
"pidfd_getfd",
"pidfd_open",
@ -303,8 +303,11 @@
"preadv2",
"prlimit64",
"process_mrelease",
"process_vm_readv",
"process_vm_writev",
"pselect6",
"pselect6_time64",
"ptrace",
"pwrite64",
"pwritev",
"pwritev2",
@ -363,7 +366,6 @@
"sendmmsg",
"sendmsg",
"sendto",
"setns",
"set_mempolicy",
"set_robust_list",
"set_thread_area",
@ -377,6 +379,7 @@
"setgroups",
"setgroups32",
"setitimer",
"setns",
"setpgid",
"setpriority",
"setregid",
@ -571,10 +574,10 @@
"names": [
"arm_fadvise64_64",
"arm_sync_file_range",
"sync_file_range2",
"breakpoint",
"cacheflush",
"set_tls"
"set_tls",
"sync_file_range2"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -742,8 +745,8 @@
{
"names": [
"delete_module",
"init_module",
"finit_module",
"init_module",
"query_module"
],
"action": "SCMP_ACT_ALLOW",
@ -759,8 +762,8 @@
{
"names": [
"delete_module",
"init_module",
"finit_module",
"init_module",
"query_module"
],
"action": "SCMP_ACT_ERRNO",
@ -808,10 +811,7 @@
{
"names": [
"kcmp",
"process_madvise",
"process_vm_readv",
"process_vm_writev",
"ptrace"
"process_madvise"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -826,10 +826,7 @@
{
"names": [
"kcmp",
"process_madvise",
"process_vm_readv",
"process_vm_writev",
"ptrace"
"process_madvise"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
@ -845,8 +842,8 @@
},
{
"names": [
"iopl",
"ioperm"
"ioperm",
"iopl"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -860,8 +857,8 @@
},
{
"names": [
"iopl",
"ioperm"
"ioperm",
"iopl"
],
"action": "SCMP_ACT_ERRNO",
"args": [],
@ -877,10 +874,10 @@
},
{
"names": [
"settimeofday",
"stime",
"clock_settime",
"clock_settime64"
"clock_settime64",
"settimeofday",
"stime"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
@ -894,10 +891,10 @@
},
{
"names": [
"settimeofday",
"stime",
"clock_settime",
"clock_settime64"
"clock_settime64",
"settimeofday",
"stime"
],
"action": "SCMP_ACT_ERRNO",
"args": [],