mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	Vendor in latest projectatomic/buildah
Buildah Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link Print out a digest message on successful push. We should not drop the Bounding set when running as a non priv user in podman build Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1483 Approved by: rhatdan
This commit is contained in:
		 Daniel J Walsh
					Daniel J Walsh
				
			
				
					committed by
					
						 Atomic Bot
						Atomic Bot
					
				
			
			
				
	
			
			
			 Atomic Bot
						Atomic Bot
					
				
			
						parent
						
							70189f0223
						
					
				
				
					commit
					5e4f7e915e
				
			| @ -90,7 +90,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/ | |||||||
| k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils | k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils | ||||||
| github.com/mrunalp/fileutils master | github.com/mrunalp/fileutils master | ||||||
| github.com/varlink/go master | github.com/varlink/go master | ||||||
| github.com/projectatomic/buildah 9c8c58c33b0b6e15f2fa780042ef46552a8a26d4 | github.com/projectatomic/buildah af5bbde0180026ae87b7fc81c2dc124aa73ec959 | ||||||
| github.com/Nvveen/Gotty master | github.com/Nvveen/Gotty master | ||||||
| github.com/fsouza/go-dockerclient master | github.com/fsouza/go-dockerclient master | ||||||
| github.com/openshift/imagebuilder master | github.com/openshift/imagebuilder master | ||||||
|  | |||||||
							
								
								
									
										34
									
								
								vendor/github.com/projectatomic/buildah/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										34
									
								
								vendor/github.com/projectatomic/buildah/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -15,6 +15,8 @@ The Buildah package provides a command line tool that can be used to | |||||||
| * delete a working container or an image | * delete a working container or an image | ||||||
| * rename a local container | * rename a local container | ||||||
|  |  | ||||||
|  | ## Buildah Information for Developers | ||||||
|  |  | ||||||
| **[Buildah Demos](demos)** | **[Buildah Demos](demos)** | ||||||
|  |  | ||||||
| **[Changelog](CHANGELOG.md)** | **[Changelog](CHANGELOG.md)** | ||||||
| @ -29,6 +31,38 @@ The Buildah package provides a command line tool that can be used to | |||||||
|  |  | ||||||
| **[Tutorials](docs/tutorials)** | **[Tutorials](docs/tutorials)** | ||||||
|  |  | ||||||
|  | ## Buildah and Podman relationship | ||||||
|  |  | ||||||
|  | Buildah and Podman are two complementary Open-source projects that are available on | ||||||
|  | most Linux platforms and both projects reside at [GitHub.com](https://github.com) | ||||||
|  | with Buildah [here](https://github.com/projectatomic/buildah) and | ||||||
|  | Podman [here](https://github.com/containers/libpod).  Both Buildah and Podman are | ||||||
|  | command line tools that work on OCI images and containers.  The two projects | ||||||
|  | differentiate in their specialization. | ||||||
|  |  | ||||||
|  | Buildah specializes in building OCI images.  Buildah's commands replicate all | ||||||
|  | of the commands that are found in a Dockerfile. Buildah’s goal is also to | ||||||
|  | provide a lower level coreutils interface to build images, allowing people to build | ||||||
|  | containers without requiring a Dockerfile.  The intent with Buildah is to allow other | ||||||
|  | scripting languages to build container images, without requiring a daemon. | ||||||
|  |  | ||||||
|  | Podman specializes in all of the commands and functions that help you to maintain and modify | ||||||
|  | OCI images, such as pulling and tagging.  It also allows you to create, run, and maintain those containers | ||||||
|  | created from those images. | ||||||
|  |  | ||||||
|  | A major difference between Podman and Buildah is their concept of a container.  Podman | ||||||
|  | allows users to create "traditional containers" where the intent of these containers is | ||||||
|  | to be long lived.  While Buildah containers are really just created to allow content | ||||||
|  | to be added back to the container image.   An easy way to think of it is the | ||||||
|  | `buildah run` command emulates the RUN command in a Dockerfile while the `podman run` | ||||||
|  | command emulates the `docker run` command in functionality.  Because of this and their underlying | ||||||
|  | storage differences, you can not see Podman containers from within Buildah or vice versa. | ||||||
|  |  | ||||||
|  | In short Buildah is an efficient way to create OCI images  while Podman allows | ||||||
|  | you to manage and maintain those images and containers in a production environment using | ||||||
|  | familiar container cli commands.  For more details, see the  | ||||||
|  | [Container Tools Guide](https://github.com/projectatomic/buildah/tree/master/docs/containertools). | ||||||
|  |  | ||||||
| ## Example | ## Example | ||||||
|  |  | ||||||
| From [`./examples/lighttpd.sh`](examples/lighttpd.sh): | From [`./examples/lighttpd.sh`](examples/lighttpd.sh): | ||||||
|  | |||||||
							
								
								
									
										28
									
								
								vendor/github.com/projectatomic/buildah/add.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										28
									
								
								vendor/github.com/projectatomic/buildah/add.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -168,9 +168,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | |||||||
| 			return errors.Wrapf(syscall.ENOENT, "no files found matching %q", src) | 			return errors.Wrapf(syscall.ENOENT, "no files found matching %q", src) | ||||||
| 		} | 		} | ||||||
| 		for _, gsrc := range glob { | 		for _, gsrc := range glob { | ||||||
| 			srcfi, err := os.Stat(gsrc) | 			esrc, err := filepath.EvalSymlinks(gsrc) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				return errors.Wrapf(err, "error reading %q", gsrc) | 				return errors.Wrapf(err, "error evaluating symlinks %q", gsrc) | ||||||
|  | 			} | ||||||
|  | 			srcfi, err := os.Stat(esrc) | ||||||
|  | 			if err != nil { | ||||||
|  | 				return errors.Wrapf(err, "error reading %q", esrc) | ||||||
| 			} | 			} | ||||||
| 			if srcfi.IsDir() { | 			if srcfi.IsDir() { | ||||||
| 				// The source is a directory, so copy the contents of | 				// The source is a directory, so copy the contents of | ||||||
| @ -180,13 +184,13 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | |||||||
| 				if err = idtools.MkdirAllAndChownNew(dest, 0755, hostOwner); err != nil { | 				if err = idtools.MkdirAllAndChownNew(dest, 0755, hostOwner); err != nil { | ||||||
| 					return err | 					return err | ||||||
| 				} | 				} | ||||||
| 				logrus.Debugf("copying %q to %q", gsrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") | 				logrus.Debugf("copying %q to %q", esrc+string(os.PathSeparator)+"*", dest+string(os.PathSeparator)+"*") | ||||||
| 				if err := copyWithTar(gsrc, dest); err != nil { | 				if err := copyWithTar(esrc, dest); err != nil { | ||||||
| 					return errors.Wrapf(err, "error copying %q to %q", gsrc, dest) | 					return errors.Wrapf(err, "error copying %q to %q", esrc, dest) | ||||||
| 				} | 				} | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 			if !extract || !archive.IsArchivePath(gsrc) { | 			if !extract || !archive.IsArchivePath(esrc) { | ||||||
| 				// This source is a file, and either it's not an | 				// This source is a file, and either it's not an | ||||||
| 				// archive, or we don't care whether or not it's an | 				// archive, or we don't care whether or not it's an | ||||||
| 				// archive. | 				// archive. | ||||||
| @ -195,16 +199,16 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption | |||||||
| 					d = filepath.Join(dest, filepath.Base(gsrc)) | 					d = filepath.Join(dest, filepath.Base(gsrc)) | ||||||
| 				} | 				} | ||||||
| 				// Copy the file, preserving attributes. | 				// Copy the file, preserving attributes. | ||||||
| 				logrus.Debugf("copying %q to %q", gsrc, d) | 				logrus.Debugf("copying %q to %q", esrc, d) | ||||||
| 				if err := copyFileWithTar(gsrc, d); err != nil { | 				if err := copyFileWithTar(esrc, d); err != nil { | ||||||
| 					return errors.Wrapf(err, "error copying %q to %q", gsrc, d) | 					return errors.Wrapf(err, "error copying %q to %q", esrc, d) | ||||||
| 				} | 				} | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 			// We're extracting an archive into the destination directory. | 			// We're extracting an archive into the destination directory. | ||||||
| 			logrus.Debugf("extracting contents of %q into %q", gsrc, dest) | 			logrus.Debugf("extracting contents of %q into %q", esrc, dest) | ||||||
| 			if err := untarPath(gsrc, dest); err != nil { | 			if err := untarPath(esrc, dest); err != nil { | ||||||
| 				return errors.Wrapf(err, "error extracting %q into %q", gsrc, dest) | 				return errors.Wrapf(err, "error extracting %q into %q", esrc, dest) | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|  | |||||||
							
								
								
									
										5
									
								
								vendor/github.com/projectatomic/buildah/chroot/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										5
									
								
								vendor/github.com/projectatomic/buildah/chroot/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -1075,11 +1075,14 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( | |||||||
| 			// The target isn't there yet, so create it, and make a | 			// The target isn't there yet, so create it, and make a | ||||||
| 			// note to remove it later. | 			// note to remove it later. | ||||||
| 			if srcinfo.IsDir() { | 			if srcinfo.IsDir() { | ||||||
| 				if err = os.Mkdir(target, 0111); err != nil { | 				if err = os.MkdirAll(target, 0111); err != nil { | ||||||
| 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | ||||||
| 				} | 				} | ||||||
| 				removes = append(removes, target) | 				removes = append(removes, target) | ||||||
| 			} else { | 			} else { | ||||||
|  | 				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil { | ||||||
|  | 					return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target)) | ||||||
|  | 				} | ||||||
| 				var file *os.File | 				var file *os.File | ||||||
| 				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil { | 				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil { | ||||||
| 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) | ||||||
|  | |||||||
							
								
								
									
										6
									
								
								vendor/github.com/projectatomic/buildah/commit.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								vendor/github.com/projectatomic/buildah/commit.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -171,7 +171,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options | |||||||
| 		return errors.Wrapf(err, "error creating new signature policy context") | 		return errors.Wrapf(err, "error creating new signature policy context") | ||||||
| 	} | 	} | ||||||
| 	// Look up the image. | 	// Look up the image. | ||||||
| 	src, _, err := util.FindImage(options.Store, "", systemContext, image) | 	src, img, err := util.FindImage(options.Store, "", systemContext, image) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @ -181,7 +181,9 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options | |||||||
| 		return errors.Wrapf(err, "error copying layers and metadata") | 		return errors.Wrapf(err, "error copying layers and metadata") | ||||||
| 	} | 	} | ||||||
| 	if options.ReportWriter != nil { | 	if options.ReportWriter != nil { | ||||||
| 		fmt.Fprintf(options.ReportWriter, "\n") | 		fmt.Fprintf(options.ReportWriter, "") | ||||||
| 	} | 	} | ||||||
|  | 	digest := "@" + img.Digest.Hex() | ||||||
|  | 	fmt.Printf("Successfully pushed %s%s\n", dest.StringWithinTransport(), digest) | ||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  | |||||||
							
								
								
									
										31
									
								
								vendor/github.com/projectatomic/buildah/new.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										31
									
								
								vendor/github.com/projectatomic/buildah/new.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -12,6 +12,7 @@ import ( | |||||||
| 	"github.com/containers/image/transports/alltransports" | 	"github.com/containers/image/transports/alltransports" | ||||||
| 	"github.com/containers/image/types" | 	"github.com/containers/image/types" | ||||||
| 	"github.com/containers/storage" | 	"github.com/containers/storage" | ||||||
|  | 	multierror "github.com/hashicorp/go-multierror" | ||||||
| 	"github.com/opencontainers/selinux/go-selinux" | 	"github.com/opencontainers/selinux/go-selinux" | ||||||
| 	"github.com/opencontainers/selinux/go-selinux/label" | 	"github.com/opencontainers/selinux/go-selinux/label" | ||||||
| 	"github.com/openshift/imagebuilder" | 	"github.com/openshift/imagebuilder" | ||||||
| @ -144,6 +145,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) | 		return nil, nil, errors.Wrapf(err, "error parsing reference to image %q", options.FromImage) | ||||||
| 	} | 	} | ||||||
|  | 	var pullErrors *multierror.Error | ||||||
| 	for _, image := range images { | 	for _, image := range images { | ||||||
| 		var err error | 		var err error | ||||||
| 		if len(image) >= minimumTruncatedIDLength { | 		if len(image) >= minimumTruncatedIDLength { | ||||||
| @ -158,6 +160,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 		if options.PullPolicy == PullAlways { | 		if options.PullPolicy == PullAlways { | ||||||
| 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
|  | 				pullErrors = multierror.Append(pullErrors, err) | ||||||
| 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| @ -169,6 +172,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 		srcRef, err := alltransports.ParseImageName(image) | 		srcRef, err := alltransports.ParseImageName(image) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			if options.Transport == "" { | 			if options.Transport == "" { | ||||||
|  | 				pullErrors = multierror.Append(pullErrors, err) | ||||||
| 				logrus.Debugf("error parsing image name %q: %v", image, err) | 				logrus.Debugf("error parsing image name %q: %v", image, err) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| @ -178,6 +182,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 			} | 			} | ||||||
| 			srcRef2, err := alltransports.ParseImageName(transport + image) | 			srcRef2, err := alltransports.ParseImageName(transport + image) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
|  | 				pullErrors = multierror.Append(pullErrors, err) | ||||||
| 				logrus.Debugf("error parsing image name %q: %v", image, err) | 				logrus.Debugf("error parsing image name %q: %v", image, err) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| @ -199,11 +204,13 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 		img, err = is.Transport.GetStoreImage(store, ref) | 		img, err = is.Transport.GetStoreImage(store, ref) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing { | 			if errors.Cause(err) == storage.ErrImageUnknown && options.PullPolicy != PullIfMissing { | ||||||
|  | 				pullErrors = multierror.Append(pullErrors, err) | ||||||
| 				logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err) | 				logrus.Debugf("no such image %q: %v", transports.ImageName(ref), err) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | 			pulledImg, pulledReference, err := pullAndFindImage(ctx, store, image, options, systemContext) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
|  | 				pullErrors = multierror.Append(pullErrors, err) | ||||||
| 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | 				logrus.Debugf("unable to pull and read image %q: %v", image, err) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| @ -212,6 +219,11 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store | |||||||
| 		} | 		} | ||||||
| 		break | 		break | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	if img == nil && pullErrors != nil { | ||||||
|  | 		return nil, nil, pullErrors | ||||||
|  | 	} | ||||||
|  |  | ||||||
| 	return ref, img, nil | 	return ref, img, nil | ||||||
| } | } | ||||||
|  |  | ||||||
| @ -262,26 +274,23 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions | |||||||
| 	if options.Container != "" { | 	if options.Container != "" { | ||||||
| 		name = options.Container | 		name = options.Container | ||||||
| 	} else { | 	} else { | ||||||
| 		var err2 error |  | ||||||
| 		if image != "" { | 		if image != "" { | ||||||
| 			name = imageNamePrefix(image) + "-" + name | 			name = imageNamePrefix(image) + "-" + name | ||||||
| 		} | 		} | ||||||
| 		suffix := 1 |  | ||||||
| 		tmpName := name |  | ||||||
| 		for errors.Cause(err2) != storage.ErrContainerUnknown { |  | ||||||
| 			_, err2 = store.Container(tmpName) |  | ||||||
| 			if err2 == nil { |  | ||||||
| 				suffix++ |  | ||||||
| 				tmpName = fmt.Sprintf("%s-%d", name, suffix) |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 		name = tmpName |  | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	coptions := storage.ContainerOptions{} | 	coptions := storage.ContainerOptions{} | ||||||
| 	coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions) | 	coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions) | ||||||
|  |  | ||||||
| 	container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions) | 	container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions) | ||||||
|  | 	suffix := 1 | ||||||
|  | 	for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" { | ||||||
|  | 		suffix++ | ||||||
|  | 		tmpName := fmt.Sprintf("%s-%d", name, suffix) | ||||||
|  | 		if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil { | ||||||
|  | 			name = tmpName | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, errors.Wrapf(err, "error creating container") | 		return nil, errors.Wrapf(err, "error creating container") | ||||||
| 	} | 	} | ||||||
|  | |||||||
							
								
								
									
										8
									
								
								vendor/github.com/projectatomic/buildah/pull.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/github.com/projectatomic/buildah/pull.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -190,8 +190,8 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio | |||||||
| 	}() | 	}() | ||||||
|  |  | ||||||
| 	logrus.Debugf("copying %q to %q", spec, destName) | 	logrus.Debugf("copying %q to %q", spec, destName) | ||||||
| 	err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) | 	pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, "")) | ||||||
| 	if err == nil { | 	if pullError == nil { | ||||||
| 		return destRef, nil | 		return destRef, nil | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| @ -206,9 +206,9 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio | |||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
| 	if !hasRegistryInName && len(searchRegistries) == 0 { | 	if !hasRegistryInName && len(searchRegistries) == 0 { | ||||||
| 		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s.", registryPath) | 		return nil, errors.Errorf("image name provided is a short name and no search registries are defined in %s: %s", registryPath, pullError) | ||||||
| 	} | 	} | ||||||
| 	return nil, errors.Errorf("unable to find image in the registries defined in %q", registryPath) | 	return nil, pullError | ||||||
| } | } | ||||||
|  |  | ||||||
| // getImageDigest creates an image object and uses the hex value of the digest as the image ID | // getImageDigest creates an image object and uses the hex value of the digest as the image ID | ||||||
|  | |||||||
							
								
								
									
										4
									
								
								vendor/github.com/projectatomic/buildah/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								vendor/github.com/projectatomic/buildah/run.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -868,9 +868,11 @@ func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, opti | |||||||
| 		g.AddProcessAdditionalGid(gid) | 		g.AddProcessAdditionalGid(gid) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	// Remove capabilities if not running as root | 	// Remove capabilities if not running as root except Bounding set | ||||||
| 	if user.UID != 0 { | 	if user.UID != 0 { | ||||||
|  | 		bounding := g.Config.Process.Capabilities.Bounding | ||||||
| 		g.ClearProcessCapabilities() | 		g.ClearProcessCapabilities() | ||||||
|  | 		g.Config.Process.Capabilities.Bounding = bounding | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	return nil | 	return nil | ||||||
|  | |||||||
							
								
								
									
										6
									
								
								vendor/github.com/projectatomic/buildah/vendor.conf
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								vendor/github.com/projectatomic/buildah/vendor.conf
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -4,8 +4,8 @@ github.com/BurntSushi/toml master | |||||||
| github.com/containerd/continuity master | github.com/containerd/continuity master | ||||||
| github.com/containernetworking/cni v0.7.0-alpha1 | github.com/containernetworking/cni v0.7.0-alpha1 | ||||||
| github.com/seccomp/containers-golang master | github.com/seccomp/containers-golang master | ||||||
| github.com/containers/image 5df44e095ed826fbe2beeaabb329c749d7d6c3b6 | github.com/containers/image d8b5cf2b804a48489e5203d51254ef576794049d | ||||||
| github.com/containers/storage 9fcbb57eb6c732e7b67003bb8ed861f169d33d63 | github.com/containers/storage 243c4cd616afdf06b4a975f18c4db083d26b1641 | ||||||
| github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 | github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 | ||||||
| github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 | github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 | ||||||
| github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 | github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 | ||||||
| @ -42,7 +42,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 | |||||||
| github.com/pborman/uuid master | github.com/pborman/uuid master | ||||||
| github.com/pkg/errors master | github.com/pkg/errors master | ||||||
| github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac | github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac | ||||||
| github.com/containers/libpod d20f3a51463ce75d139dd830e19a173906b0b0cb | github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75 | ||||||
| github.com/sirupsen/logrus master | github.com/sirupsen/logrus master | ||||||
| github.com/syndtr/gocapability master | github.com/syndtr/gocapability master | ||||||
| github.com/tchap/go-patricia master | github.com/tchap/go-patricia master | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user