Bump Buildah to v1.24.0

Bumps Buildah to v1.24.0 and adopts the new values for pull: true, false, never, and always. The pull-never and pull-always options for the build command are still usable, but they have been removed from the man page documentation with this change. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2025-12-01 18:49:18 +08:00 · 2022-01-26 20:39:58 -05:00
parent 09589fccfd
commit 4a4d86d40f
42 changed files with 848 additions and 339 deletions
--- a/vendor/github.com/containers/buildah/chroot/run.go
+++ b/vendor/github.com/containers/buildah/chroot/run.go
@@ -883,11 +883,14 @@ func setApparmorProfile(spec *specs.Spec) error {

 // setCapabilities sets capabilities for ourselves, to be more or less inherited by any processes that we'll start.
 func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
-	currentCaps, err := capability.NewPid(0)
+	currentCaps, err := capability.NewPid2(0)
 	if err != nil {
 		return errors.Wrapf(err, "error reading capabilities of current process")
 	}
-	caps, err := capability.NewPid(0)
+	if err := currentCaps.Load(); err != nil {
+		return errors.Wrapf(err, "error loading capabilities")
+	}
+	caps, err := capability.NewPid2(0)
 	if err != nil {
 		return errors.Wrapf(err, "error reading capabilities of current process")
 	}
@@ -899,7 +902,6 @@ func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
 		capability.AMBIENT:     spec.Process.Capabilities.Ambient,
 	}
 	knownCaps := capability.List()
-	caps.Clear(capability.CAPS | capability.BOUNDS | capability.AMBS)
 	for capType, capList := range capMap {
 		for _, capToSet := range capList {
 			cap := capability.CAP_LAST_CAP