vendor in selinux and buildah for darwin compilation

Signed-off-by: baude <bbaude@redhat.com> Closes: #1037 Approved by: baude
2025-12-01 02:27:13 +08:00 · 2018-07-02 10:25:18 -05:00
parent d357703e06
commit 767b3ddc43
10 changed files with 48 additions and 14 deletions
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -130,7 +130,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
 		return nil
 	}

-	exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true}
+	exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true, "/tmp": true, "/home": true, "/run": true, "/var": true, "/root": true}
 	if exclude_paths[path] {
 		return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
 	}
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build selinux,linux

 package selinux

--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -1,4 +1,4 @@
-// +build !linux
+// +build !selinux

 package selinux

@@ -30,6 +30,11 @@ func SetDisabled() {
 	return
 }

+// GetEnabled returns whether selinux is currently enabled.
+func GetEnabled() bool {
+	return false
+}
+
 // SetFileLabel sets the SELinux label for this path or returns an error.
 func SetFileLabel(fpath string, label string) error {
 	return nil
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build selinux,linux

 package selinux

--- a/vendor/github.com/projectatomic/buildah/config_seccomp.go
+++ b/vendor/github.com/projectatomic/buildah/config_seccomp.go
@@ -5,9 +5,9 @@ package buildah
 import (
 	"io/ioutil"

-	"github.com/docker/docker/profiles/seccomp"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
+	seccomp "github.com/seccomp/containers-golang"
 )

 func setupSeccomp(spec *specs.Spec, seccompProfilePath string) error {
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -1145,9 +1145,9 @@ func runUsingRuntimeMain() {
 		os.Exit(1)
 	}
 	// Set ourselves up to read the container's exit status.  We're doing this in a child process
-	// so that we won't mess with the setting in a caller of the library.
-	if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
-		fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err)
+	// so that we won't mess with the setting in a caller of the library. This stubs to OS specific
+	// calls
+	if err := setChildProcess(); err != nil {
 		os.Exit(1)
 	}
 	// Run the container, start to finish.
@@ -1323,7 +1323,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork
 	}()

 	if configureNetwork {
-		teardown, err := runConfigureNetwork(options, configureNetwork, configureNetworks, pid, containerName, spec.Process.Args)
+		teardown, err := runConfigureNetwork(options, configureNetworks, pid, containerName, spec.Process.Args)
 		if teardown != nil {
 			defer teardown()
 		}
@@ -1453,7 +1453,7 @@ func runCollectOutput(fds ...int) string {
 	return b.String()
 }

-func runConfigureNetwork(options RunOptions, configureNetwork bool, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
+func runConfigureNetwork(options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
 	var netconf, undo []*libcni.NetworkConfigList
 	// Scan for CNI configuration files.
 	confdir := options.CNIConfigDir
--- a/vendor/github.com/projectatomic/buildah/run_linux.go
+++ b/vendor/github.com/projectatomic/buildah/run_linux.go
@@ -0,0 +1,17 @@
+// +build linux
+
+package buildah
+
+import (
+	"fmt"
+	"golang.org/x/sys/unix"
+	"os"
+)
+
+func setChildProcess() error {
+	if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
+		fmt.Fprintf(os.Stderr, "prctl(PR_SET_CHILD_SUBREAPER, 1): %v\n", err)
+		return err
+	}
+	return nil
+}
--- a/vendor/github.com/projectatomic/buildah/run_unsupport.go
+++ b/vendor/github.com/projectatomic/buildah/run_unsupport.go
@@ -0,0 +1,11 @@
+// +build !linux
+
+package buildah
+
+import (
+	"github.com/pkg/errors"
+)
+
+func setChildProcess() error {
+	return errors.New("function not supported on non-linux systems")
+}
--- a/vendor/github.com/projectatomic/buildah/vendor.conf
+++ b/vendor/github.com/projectatomic/buildah/vendor.conf
@@ -3,6 +3,7 @@ github.com/blang/semver master
 github.com/BurntSushi/toml master
 github.com/containerd/continuity master
 github.com/containernetworking/cni v0.6.0
+github.com/seccomp/containers-golang master
 github.com/containers/image master
 github.com/containers/storage 0b8ab959bba614a4f88bb3791dbc078c3d47f259
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
@@ -35,13 +36,13 @@ github.com/opencontainers/image-spec v1.0.0
 github.com/opencontainers/runc master
 github.com/opencontainers/runtime-spec v1.0.0
 github.com/opencontainers/runtime-tools master
-github.com/opencontainers/selinux 3b2399ec5682aea5c9160d44fa53387d7e65ccf5
+github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
 github.com/openshift/imagebuilder master
 github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
 github.com/pborman/uuid master
 github.com/pkg/errors master
 github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/projectatomic/libpod 781eec27b52c842fc83c8b1c97fbf825065f3b0c
+github.com/projectatomic/libpod master
 github.com/sirupsen/logrus master
 github.com/syndtr/gocapability master
 github.com/tchap/go-patricia master