opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-12 08:45:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

[v5.5] Bump buildah from v1.40.0 to v1.40.1

Browse Source 
Bump the version of buildah that we use from v1.40.0 to v1.40.1.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit is contained in:
Nalin Dahyabhai
2025-06-04 13:58:46 -04:00
parent b1938316c3
commit 4ef6a8715c
16 changed files with 160 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -12,7 +12,7 @@ require (
github.com/checkpoint-restore/checkpointctl v1.3.0 github.com/checkpoint-restore/checkpointctl v1.3.0
github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/checkpoint-restore/go-criu/v7 v7.2.0
github.com/containernetworking/plugins v1.6.2 github.com/containernetworking/plugins v1.6.2
github.com/containers/buildah v1.40.0 github.com/containers/buildah v1.40.1
github.com/containers/common v0.63.1 github.com/containers/common v0.63.1
github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon v2.0.20+incompatible
github.com/containers/gvisor-tap-vsock v0.8.6 github.com/containers/gvisor-tap-vsock v0.8.6

4
go.sum
View File

@ -66,8 +66,8 @@ github.com/containernetworking/cni v1.3.0 h1:v6EpN8RznAZj9765HhXQrtXgX+ECGebEYEm
github.com/containernetworking/cni v1.3.0/go.mod h1:Bs8glZjjFfGPHMw6hQu82RUgEPNGEaBb9KS5KtNMnJ4= github.com/containernetworking/cni v1.3.0/go.mod h1:Bs8glZjjFfGPHMw6hQu82RUgEPNGEaBb9KS5KtNMnJ4=
github.com/containernetworking/plugins v1.6.2 h1:pqP8Mq923TLyef5g97XfJ/xpDeVek4yF8A4mzy9Tc4U= github.com/containernetworking/plugins v1.6.2 h1:pqP8Mq923TLyef5g97XfJ/xpDeVek4yF8A4mzy9Tc4U=
github.com/containernetworking/plugins v1.6.2/go.mod h1:SP5UG3jDO9LtmfbBJdP+nl3A1atOtbj2MBOYsnaxy64= github.com/containernetworking/plugins v1.6.2/go.mod h1:SP5UG3jDO9LtmfbBJdP+nl3A1atOtbj2MBOYsnaxy64=
github.com/containers/buildah v1.40.0 h1:qCHTKnL/UEutxT6ZS8Zvhy7QUpe719jEIeGMSlcN3j4= github.com/containers/buildah v1.40.1 h1:RW+Fbelwblzg1mJfKfyGZPS4Nbc5QtT866fJ9pYFtYo=
github.com/containers/buildah v1.40.0/go.mod h1:U6qj0nseq6t97T2kkNpjgo0WBVRYIXASIOlS5eWvlhM= github.com/containers/buildah v1.40.1/go.mod h1:1UCQBc3LZrT4u5R/u7igGgUQxeDlJmn/OyYDQ9mumFk=
github.com/containers/common v0.63.1 h1:6g02gbW34PaRVH4Heb2Pk11x0SdbQ+8AfeKKeQGqYBE= github.com/containers/common v0.63.1 h1:6g02gbW34PaRVH4Heb2Pk11x0SdbQ+8AfeKKeQGqYBE=
github.com/containers/common v0.63.1/go.mod h1:+3GCotSqNdIqM3sPs152VvW7m5+Mg8Kk+PExT3G9hZw= github.com/containers/common v0.63.1/go.mod h1:+3GCotSqNdIqM3sPs152VvW7m5+Mg8Kk+PExT3G9hZw=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=

95
vendor/github.com/containers/buildah/.cirrus.yml generated vendored
View File

@ -6,7 +6,7 @@ env:
#### Global variables used for all tasks #### Global variables used for all tasks
#### ####
# Name of the ultimate destination branch for this CI run, PR or post-merge. # Name of the ultimate destination branch for this CI run, PR or post-merge.
DEST_BRANCH: "main" DEST_BRANCH: "release-1.40"
GOPATH: "/var/tmp/go" GOPATH: "/var/tmp/go"
GOSRC: "${GOPATH}/src/github.com/containers/buildah" GOSRC: "${GOPATH}/src/github.com/containers/buildah"
GOCACHE: "/tmp/go-build" GOCACHE: "/tmp/go-build"
@ -22,18 +22,20 @@ env:
IN_PODMAN: 'false' IN_PODMAN: 'false'
# root or rootless # root or rootless
PRIV_NAME: root PRIV_NAME: root
# default "mention the $BUILDAH_RUNTIME in the task alias, with initial whitespace" value
RUNTIME_N: ""
#### ####
#### Cache-image names to test with #### Cache-image names to test with
#### ####
# GCE project where images live # GCE project where images live
IMAGE_PROJECT: "libpod-218412" IMAGE_PROJECT: "libpod-218412"
FEDORA_NAME: "fedora-41" FEDORA_NAME: "fedora-42"
PRIOR_FEDORA_NAME: "fedora-40" PRIOR_FEDORA_NAME: "fedora-41"
DEBIAN_NAME: "debian-13" DEBIAN_NAME: "debian-13"
# Image identifiers # Image identifiers
IMAGE_SUFFIX: "c20250324t111922z-f41f40d13" IMAGE_SUFFIX: "c20250422t130822z-f42f41d13"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
@ -122,7 +124,7 @@ vendor_task:
# Runs within Cirrus's "community cluster" # Runs within Cirrus's "community cluster"
container: container:
image: docker.io/library/golang:1.23 image: docker.io/library/golang:1.23.3
cpu: 1 cpu: 1
memory: 1 memory: 1
@ -196,7 +198,7 @@ conformance_task:
integration_task: integration_task:
name: "Integration $DISTRO_NV w/ $STORAGE_DRIVER" name: "Integration $DISTRO_NV$RUNTIME_N w/ $STORAGE_DRIVER"
alias: integration alias: integration
skip: *not_build_docs skip: *not_build_docs
depends_on: *smoke_vendor depends_on: *smoke_vendor
@ -207,11 +209,26 @@ integration_task:
DISTRO_NV: "${FEDORA_NAME}" DISTRO_NV: "${FEDORA_NAME}"
IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'vfs' STORAGE_DRIVER: 'vfs'
# Disabled until we update to f41/42 as f40 does not have go 1.22 BUILDAH_RUNTIME: crun
# - env: RUNTIME_N: " using crun"
# DISTRO_NV: "${PRIOR_FEDORA_NAME}" - env:
# IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" DISTRO_NV: "${FEDORA_NAME}"
# STORAGE_DRIVER: 'vfs' IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'vfs'
BUILDAH_RUNTIME: runc
RUNTIME_N: " using runc"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'vfs'
BUILDAH_RUNTIME: crun
RUNTIME_N: " using crun"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'vfs'
BUILDAH_RUNTIME: runc
RUNTIME_N: " using runc"
- env: - env:
DISTRO_NV: "${DEBIAN_NAME}" DISTRO_NV: "${DEBIAN_NAME}"
IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}"
@ -221,11 +238,26 @@ integration_task:
DISTRO_NV: "${FEDORA_NAME}" DISTRO_NV: "${FEDORA_NAME}"
IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay' STORAGE_DRIVER: 'overlay'
# Disabled until we update to f41/42 as f40 does not have go 1.22 BUILDAH_RUNTIME: crun
# - env: RUNTIME_N: " using crun"
# DISTRO_NV: "${PRIOR_FEDORA_NAME}" - env:
# IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" DISTRO_NV: "${FEDORA_NAME}"
# STORAGE_DRIVER: 'overlay' IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay'
BUILDAH_RUNTIME: runc
RUNTIME_N: " using runc"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay'
BUILDAH_RUNTIME: crun
RUNTIME_N: " using crun"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay'
BUILDAH_RUNTIME: runc
RUNTIME_N: " using runc"
- env: - env:
DISTRO_NV: "${DEBIAN_NAME}" DISTRO_NV: "${DEBIAN_NAME}"
IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}"
@ -255,7 +287,7 @@ integration_task:
golang_version_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh golang' golang_version_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh golang'
integration_rootless_task: integration_rootless_task:
name: "Integration rootless $DISTRO_NV w/ $STORAGE_DRIVER" name: "Integration rootless $DISTRO_NV$RUNTIME_N w/ $STORAGE_DRIVER"
alias: integration_rootless alias: integration_rootless
skip: *not_build_docs skip: *not_build_docs
depends_on: *smoke_vendor depends_on: *smoke_vendor
@ -268,12 +300,29 @@ integration_rootless_task:
IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay' STORAGE_DRIVER: 'overlay'
PRIV_NAME: rootless PRIV_NAME: rootless
# Disabled until we update to f40/41 as f39 does not have go 1.22 BUILDAH_RUNTIME: runc
# - env: RUNTIME_N: " using runc"
# DISTRO_NV: "${PRIOR_FEDORA_NAME}" - env:
# IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" DISTRO_NV: "${FEDORA_NAME}"
# STORAGE_DRIVER: 'overlay' IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}"
# PRIV_NAME: rootless STORAGE_DRIVER: 'overlay'
PRIV_NAME: rootless
BUILDAH_RUNTIME: crun
RUNTIME_N: " using crun"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay'
PRIV_NAME: rootless
BUILDAH_RUNTIME: runc
RUNTIME_N: " using runc"
- env:
DISTRO_NV: "${PRIOR_FEDORA_NAME}"
IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
STORAGE_DRIVER: 'overlay'
PRIV_NAME: rootless
BUILDAH_RUNTIME: crun
RUNTIME_N: " using crun"
- env: - env:
DISTRO_NV: "${DEBIAN_NAME}" DISTRO_NV: "${DEBIAN_NAME}"
IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}"

10
vendor/github.com/containers/buildah/CHANGELOG.md generated vendored
View File

@ -2,6 +2,16 @@
# Changelog # Changelog
## v1.40.1 (2025-06-04)
vendor: update c/common to v0.63.1
CI: run integration tests on Fedora with both crun and runc
buildah-build(1): clarify that --cgroup-parent affects RUN instructions
runUsingRuntime: use named constants for runtime states
Add a dummy "runtime" that just dumps its config file
run: handle relabeling bind mounts ourselves
Tweak our handling of variant values, again
## v1.40.0 (2025-04-17) ## v1.40.0 (2025-04-17)
Bump c/storage to v1.58.0, c/image v5.35.0, c/common v0.63.0 Bump c/storage to v1.58.0, c/image v5.35.0, c/common v0.63.0

5
vendor/github.com/containers/buildah/Makefile generated vendored
View File

@ -59,7 +59,7 @@ export GOLANGCI_LINT_VERSION := 2.1.0
# Note: Uses the -N -l go compiler options to disable compiler optimizations # Note: Uses the -N -l go compiler options to disable compiler optimizations
# and inlining. Using these build options allows you to subsequently # and inlining. Using these build options allows you to subsequently
# use source debugging tools like delve. # use source debugging tools like delve.
all: bin/buildah bin/imgtype bin/copy bin/inet bin/tutorial docs all: bin/buildah bin/imgtype bin/copy bin/inet bin/tutorial bin/dumpspec docs
# Update nix/nixpkgs.json its latest stable commit # Update nix/nixpkgs.json its latest stable commit
.PHONY: nixpkgs .PHONY: nixpkgs
@ -107,6 +107,9 @@ bin/buildah.%: $(SOURCES)
mkdir -p ./bin mkdir -p ./bin
GOOS=$(word 2,$(subst ., ,$@)) GOARCH=$(word 3,$(subst ., ,$@)) $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah GOOS=$(word 2,$(subst ., ,$@)) GOARCH=$(word 3,$(subst ., ,$@)) $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ -tags "containers_image_openpgp" ./cmd/buildah
bin/dumpspec: $(SOURCES)
$(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/dumpspec
bin/imgtype: $(SOURCES) bin/imgtype: $(SOURCES)
$(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go $(GO_BUILD) $(BUILDAH_LDFLAGS) -o $@ $(BUILDFLAGS) ./tests/imgtype/imgtype.go

9
vendor/github.com/containers/buildah/changelog.txt generated vendored
View File

@ -1,3 +1,12 @@
- Changelog for v1.40.1 (2025-06-04)
* vendor: update c/common to v0.63.1
* CI: run integration tests on Fedora with both crun and runc
* buildah-build(1): clarify that --cgroup-parent affects RUN instructions
* runUsingRuntime: use named constants for runtime states
* Add a dummy "runtime" that just dumps its config file
* run: handle relabeling bind mounts ourselves
* Tweak our handling of variant values, again
- Changelog for v1.40.0 (2025-04-17) - Changelog for v1.40.0 (2025-04-17)
* Bump c/storage to v1.58.0, c/image v5.35.0, c/common v0.63.0 * Bump c/storage to v1.58.0, c/image v5.35.0, c/common v0.63.0
* fix(deps): update module github.com/docker/docker to v28.1.0+incompatible * fix(deps): update module github.com/docker/docker to v28.1.0+incompatible

11
vendor/github.com/containers/buildah/chroot/pty_unsupported.go generated vendored
View File

@ -1,11 +0,0 @@
//go:build !linux && !(freebsd && cgo)
package chroot
import (
"errors"
)
func getPtyDescriptors() (int, int, error) {
return -1, -1, errors.New("getPtyDescriptors not supported on this platform")
}

3
vendor/github.com/containers/buildah/chroot/run_common.go generated vendored
View File

@ -18,6 +18,7 @@ import (
"syscall" "syscall"
"github.com/containers/buildah/bind" "github.com/containers/buildah/bind"
"github.com/containers/buildah/internal/pty"
"github.com/containers/buildah/util" "github.com/containers/buildah/util"
"github.com/containers/storage/pkg/ioutils" "github.com/containers/storage/pkg/ioutils"
"github.com/containers/storage/pkg/reexec" "github.com/containers/storage/pkg/reexec"
@ -217,7 +218,7 @@ func runUsingChrootMain() {
var stderr io.Writer var stderr io.Writer
fdDesc := make(map[int]string) fdDesc := make(map[int]string)
if options.Spec.Process.Terminal { if options.Spec.Process.Terminal {
ptyMasterFd, ptyFd, err := getPtyDescriptors() ptyMasterFd, ptyFd, err := pty.GetPtyDescriptors()
if err != nil { if err != nil {
logrus.Errorf("error opening PTY descriptors: %v", err) logrus.Errorf("error opening PTY descriptors: %v", err)
os.Exit(1) os.Exit(1)

11
vendor/github.com/containers/buildah/config.go generated vendored
View File

@ -146,18 +146,9 @@ func (b *Builder) fixupConfig(sys *types.SystemContext) {
if b.Architecture() == "" { if b.Architecture() == "" {
if sys != nil && sys.ArchitectureChoice != "" { if sys != nil && sys.ArchitectureChoice != "" {
b.SetArchitecture(sys.ArchitectureChoice) b.SetArchitecture(sys.ArchitectureChoice)
} else {
b.SetArchitecture(currentPlatformSpecification.Architecture)
}
// in case the arch string we started with was shorthand for a known arch+variant pair, normalize it
ps := internalUtil.NormalizePlatform(ociv1.Platform{OS: b.OS(), Architecture: b.Architecture(), Variant: b.Variant()})
b.SetArchitecture(ps.Architecture)
b.SetVariant(ps.Variant)
}
if b.Variant() == "" {
if sys != nil && sys.VariantChoice != "" {
b.SetVariant(sys.VariantChoice) b.SetVariant(sys.VariantChoice)
} else { } else {
b.SetArchitecture(currentPlatformSpecification.Architecture)
b.SetVariant(currentPlatformSpecification.Variant) b.SetVariant(currentPlatformSpecification.Variant)
} }
// in case the arch string we started with was shorthand for a known arch+variant pair, normalize it // in case the arch string we started with was shorthand for a known arch+variant pair, normalize it

2
vendor/github.com/containers/buildah/define/types.go generated vendored
View File

@ -29,7 +29,7 @@ const (
// identify working containers. // identify working containers.
Package = "buildah" Package = "buildah"
// Version for the Package. Also used by .packit.sh for Packit builds. // Version for the Package. Also used by .packit.sh for Packit builds.
Version = "1.40.0" Version = "1.40.1"
// DefaultRuntime if containers.conf fails. // DefaultRuntime if containers.conf fails.
DefaultRuntime = "runc" DefaultRuntime = "runc"

6
vendor/github.com/containers/buildah/chroot/pty_posix.go → vendor/github.com/containers/buildah/internal/pty/pty_posix.go generated vendored
View File

@ -1,6 +1,6 @@
//go:build freebsd && cgo //go:build freebsd && cgo
package chroot package pty
// #include <fcntl.h> // #include <fcntl.h>
// #include <stdlib.h> // #include <stdlib.h>
@ -37,7 +37,9 @@ func unlockpt(fd int) error {
return nil return nil
} }
func getPtyDescriptors() (int, int, error) { // GetPtyDescriptors allocates a new pseudoterminal and returns the control and
// pseudoterminal file descriptors.
func GetPtyDescriptors() (int, int, error) {
// Create a pseudo-terminal and open the control side // Create a pseudo-terminal and open the control side
controlFd, err := openpt() controlFd, err := openpt()
if err != nil { if err != nil {

10
vendor/github.com/containers/buildah/chroot/pty_ptmx.go → vendor/github.com/containers/buildah/internal/pty/pty_ptmx.go generated vendored
View File

@ -1,6 +1,6 @@
//go:build linux //go:build linux
package chroot package pty
import ( import (
"fmt" "fmt"
@ -11,9 +11,11 @@ import (
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
// Open a PTY using the /dev/ptmx device. The main advantage of using // GetPtyDescriptors allocates a new pseudoterminal and returns the control and
// this instead of posix_openpt is that it avoids cgo. // pseudoterminal file descriptors. This implementation uses the /dev/ptmx
func getPtyDescriptors() (int, int, error) { // device. The main advantage of using this instead of posix_openpt is that it
// avoids cgo.
func GetPtyDescriptors() (int, int, error) {
// Create a pseudo-terminal -- open a copy of the master side. // Create a pseudo-terminal -- open a copy of the master side.
controlFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0o600) controlFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0o600)
if err != nil { if err != nil {

13
vendor/github.com/containers/buildah/internal/pty/pty_unsupported.go generated vendored Normal file
View File

@ -0,0 +1,13 @@
//go:build !linux && !(freebsd && cgo)
package pty
import (
"errors"
)
// GetPtyDescriptors would allocate a new pseudoterminal and return the control and
// pseudoterminal file descriptors, if only it could.
func GetPtyDescriptors() (int, int, error) {
return -1, -1, errors.New("GetPtyDescriptors not supported on this platform")
}

5
vendor/github.com/containers/buildah/run_common.go generated vendored
View File

@ -696,8 +696,9 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
return 1, fmt.Errorf("parsing container state %q from %s: %w", string(stateOutput), runtime, err) return 1, fmt.Errorf("parsing container state %q from %s: %w", string(stateOutput), runtime, err)
} }
switch state.Status { switch state.Status {
case "running": case specs.StateCreating, specs.StateCreated, specs.StateRunning:
case "stopped": // all fine
case specs.StateStopped:
atomic.StoreUint32(&stopped, 1) atomic.StoreUint32(&stopped, 1)
default: default:
return 1, fmt.Errorf("container status unexpectedly changed to %q", state.Status) return 1, fmt.Errorf("container status unexpectedly changed to %q", state.Status)

30
vendor/github.com/containers/buildah/run_linux.go generated vendored
View File

@ -543,6 +543,33 @@ rootless=%d
defer b.cleanupTempVolumes() defer b.cleanupTempVolumes()
// Handle mount flags that request that the source locations for "bind" mountpoints be
// relabeled, and filter those flags out of the list of mount options we pass to the
// runtime.
for i := range spec.Mounts {
switch spec.Mounts[i].Type {
default:
continue
case "bind", "rbind":
// all good, keep going
}
zflag := ""
for _, opt := range spec.Mounts[i].Options {
if opt == "z" || opt == "Z" {
zflag = opt
}
}
if zflag == "" {
continue
}
spec.Mounts[i].Options = slices.DeleteFunc(spec.Mounts[i].Options, func(opt string) bool {
return opt == "z" || opt == "Z"
})
if err := relabel(spec.Mounts[i].Source, b.MountLabel, zflag == "z"); err != nil {
return fmt.Errorf("setting file label %q on %q: %w", b.MountLabel, spec.Mounts[i].Source, err)
}
}
switch isolation { switch isolation {
case define.IsolationOCI: case define.IsolationOCI:
var moreCreateArgs []string var moreCreateArgs []string
@ -1139,16 +1166,19 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
if err := relabel(host, mountLabel, true); err != nil { if err := relabel(host, mountLabel, true); err != nil {
return specs.Mount{}, err return specs.Mount{}, err
} }
options = slices.DeleteFunc(options, func(o string) bool { return o == "z" })
} }
if foundZ { if foundZ {
if err := relabel(host, mountLabel, false); err != nil { if err := relabel(host, mountLabel, false); err != nil {
return specs.Mount{}, err return specs.Mount{}, err
} }
options = slices.DeleteFunc(options, func(o string) bool { return o == "Z" })
} }
if foundU { if foundU {
if err := chown.ChangeHostPathOwnership(host, true, idMaps.processUID, idMaps.processGID); err != nil { if err := chown.ChangeHostPathOwnership(host, true, idMaps.processUID, idMaps.processGID); err != nil {
return specs.Mount{}, err return specs.Mount{}, err
} }
options = slices.DeleteFunc(options, func(o string) bool { return o == "U" })
} }
if foundO { if foundO {
if (upperDir != "" && workDir == "") || (workDir != "" && upperDir == "") { if (upperDir != "" && workDir == "") || (workDir != "" && upperDir == "") {

3
vendor/modules.txt vendored
View File

@ -110,7 +110,7 @@ github.com/containernetworking/cni/pkg/version
# github.com/containernetworking/plugins v1.6.2 # github.com/containernetworking/plugins v1.6.2
## explicit; go 1.23 ## explicit; go 1.23
github.com/containernetworking/plugins/pkg/ns github.com/containernetworking/plugins/pkg/ns
# github.com/containers/buildah v1.40.0 # github.com/containers/buildah v1.40.1
## explicit; go 1.23.3 ## explicit; go 1.23.3
github.com/containers/buildah github.com/containers/buildah
github.com/containers/buildah/bind github.com/containers/buildah/bind
@ -125,6 +125,7 @@ github.com/containers/buildah/internal/mkcw
github.com/containers/buildah/internal/mkcw/types github.com/containers/buildah/internal/mkcw/types
github.com/containers/buildah/internal/open github.com/containers/buildah/internal/open
github.com/containers/buildah/internal/parse github.com/containers/buildah/internal/parse
github.com/containers/buildah/internal/pty
github.com/containers/buildah/internal/sbom github.com/containers/buildah/internal/sbom
github.com/containers/buildah/internal/tmpdir github.com/containers/buildah/internal/tmpdir
github.com/containers/buildah/internal/util github.com/containers/buildah/internal/util