opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-17 23:20:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove No New Privs from DB as it's already in the spec

Browse Source 
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #383
Approved by: rhatdan
This commit is contained in:
Matthew Heon
2018-02-22 12:55:39 -05:00
committed by Atomic Bot
parent 6a4fcb168a
commit 8eadc208e1
5 changed files with 7 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpod/container.go
View File

@ -176,8 +176,6 @@ type ContainerConfig struct {
// Security Config
// Whether the container is privileged
Privileged bool `json:"privileged"`
// Whether to set the No New Privileges flag
NoNewPrivs bool `json:"noNewPrivs"`
// SELinux process label for container
ProcessLabel string `json:"ProcessLabel,omitempty"`
// SELinux mount label for root filesystem

58
libpod/container_ffjson.go
View File

@ -106,11 +106,6 @@ func (j *ContainerConfig) MarshalJSONBuf(buf fflib.EncodingBuffer) error {
} else {
buf.WriteString(`"privileged":false`)
}
if j.NoNewPrivs {
buf.WriteString(`,"noNewPrivs":true`)
} else {
buf.WriteString(`,"noNewPrivs":false`)
}
buf.WriteByte(',')
if len(j.ProcessLabel) != 0 {
buf.WriteString(`"ProcessLabel":`)
@ -343,8 +338,6 @@ const (
ffjtContainerConfigPrivileged
ffjtContainerConfigNoNewPrivs
ffjtContainerConfigProcessLabel
ffjtContainerConfigMountLabel
@ -416,8 +409,6 @@ var ffjKeyContainerConfigMounts = []byte("mounts")
var ffjKeyContainerConfigPrivileged = []byte("privileged")
var ffjKeyContainerConfigNoNewPrivs = []byte("noNewPrivs")
var ffjKeyContainerConfigProcessLabel = []byte("ProcessLabel")
var ffjKeyContainerConfigMountLabel = []byte("MountLabel")
@ -649,11 +640,6 @@ mainparse:
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigNoNewPrivs, kn) {
currentKey = ffjtContainerConfigNoNewPrivs
state = fflib.FFParse_want_colon
goto mainparse
} else if bytes.Equal(ffjKeyContainerConfigNetNsCtr, kn) {
currentKey = ffjtContainerConfigNetNsCtr
state = fflib.FFParse_want_colon
@ -887,12 +873,6 @@ mainparse:
goto mainparse
}
if fflib.EqualFoldRight(ffjKeyContainerConfigNoNewPrivs, kn) {
currentKey = ffjtContainerConfigNoNewPrivs
state = fflib.FFParse_want_colon
goto mainparse
}
if fflib.SimpleLetterEqualFold(ffjKeyContainerConfigPrivileged, kn) {
currentKey = ffjtContainerConfigPrivileged
state = fflib.FFParse_want_colon
@ -1018,9 +998,6 @@ mainparse:
case ffjtContainerConfigPrivileged:
goto handle_Privileged
case ffjtContainerConfigNoNewPrivs:
goto handle_NoNewPrivs
case ffjtContainerConfigProcessLabel:
goto handle_ProcessLabel
@ -1480,41 +1457,6 @@ handle_Privileged:
state = fflib.FFParse_after_value
goto mainparse
handle_NoNewPrivs:
/* handler: j.NoNewPrivs type=bool kind=bool quoted=false*/
{
if tok != fflib.FFTok_bool && tok != fflib.FFTok_null {
return fs.WrapErr(fmt.Errorf("cannot unmarshal %s into Go value for bool", tok))
}
}
{
if tok == fflib.FFTok_null {
} else {
tmpb := fs.Output.Bytes()
if bytes.Compare([]byte{'t', 'r', 'u', 'e'}, tmpb) == 0 {
j.NoNewPrivs = true
} else if bytes.Compare([]byte{'f', 'a', 'l', 's', 'e'}, tmpb) == 0 {
j.NoNewPrivs = false
} else {
err = errors.New("unexpected bytes for true/false value")
return fs.WrapErr(err)
}
}
}
state = fflib.FFParse_after_value
goto mainparse
handle_ProcessLabel:
/* handler: j.ProcessLabel type=string kind=string quoted=false*/

2
libpod/sql_state.go
View File

@ -14,7 +14,7 @@ import (
// DBSchema is the current DB schema version
// Increments every time a change is made to the database's tables
const DBSchema = 10
const DBSchema = 11
// SQLState is a state implementation backed by a persistent SQLite3 database
type SQLState struct {

8
libpod/sql_state_internal.go
View File

@ -213,7 +213,6 @@ func prepareDB(db *sql.DB) (err error) {
LogPath TEXT NOT NULL,
Privileged INTEGER NOT NULL,
NoNewPrivs INTEGER NOT NULL,
ProcessLabel TEXT NOT NULL,
MountLabel TEXT NOT NULL,
User TEXT NOT NULL,
@ -242,7 +241,6 @@ func prepareDB(db *sql.DB) (err error) {
CHECK (ImageVolumes IN (0, 1)),
CHECK (SHMSize>=0),
CHECK (Privileged IN (0, 1)),
CHECK (NoNewPrivs IN (0, 1)),
CHECK (CreateNetNS IN (0, 1)),
CHECK (Stdin IN (0, 1)),
CHECK (StopSignal>=0),
@ -448,7 +446,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
logPath string
privileged int
noNewPrivs int
processLabel string
mountLabel string
user string
@ -503,7 +500,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
&logPath,
&privileged,
&noNewPrivs,
&processLabel,
&mountLabel,
&user,
@ -566,7 +562,6 @@ func (s *SQLState) ctrFromScannable(row scannable) (*Container, error) {
ctr.config.LogPath = logPath
ctr.config.Privileged = boolFromSQL(privileged)
ctr.config.NoNewPrivs = boolFromSQL(noNewPrivs)
ctr.config.ProcessLabel = processLabel
ctr.config.MountLabel = mountLabel
ctr.config.User = user
@ -753,7 +748,7 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
?, ?, ?, ?, ?,
?, ?, ?, ?, ?,
?, ?, ?, ?, ?,
?, ?, ?, ?
?, ?, ?
);`
addCtrState = `INSERT INTO containerState VALUES (
?, ?, ?, ?, ?,
@ -881,7 +876,6 @@ func (s *SQLState) addContainer(ctr *Container, pod *Pod) (err error) {
ctr.config.LogPath,
boolToSQL(ctr.config.Privileged),
boolToSQL(ctr.config.NoNewPrivs),
ctr.config.ProcessLabel,
ctr.config.MountLabel,
ctr.config.User,

5
libpod/test_common.go
View File

@ -106,6 +106,11 @@ func testContainersEqual(t *testing.T, a, b *Container) {
assert.NotNil(t, a)
assert.NotNil(t, b)
assert.NotNil(t, a.config)
assert.NotNil(t, b.config)
assert.NotNil(t, a.state)
assert.NotNil(t, b.state)
aConfig := new(ContainerConfig)
bConfig := new(ContainerConfig)
aState := new(containerState)