opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-02 19:28:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bump github.com/containers/buildah from 1.16.2 to 1.16.4

Browse Source 
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.16.2...v1.16.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
dependabot-preview[bot]
2020-10-02 08:18:09 +00:00
committed by Daniel J Walsh
parent defd427503
commit 9212e0499b
11 changed files with 123 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
vendor/github.com/containers/buildah/chroot/run.go generated vendored
View File

@@ -1047,7 +1047,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subDev := filepath.Join(spec.Root.Path, "/dev")
if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
if os.IsNotExist(err) {
err = os.Mkdir(subDev, 0700)
err = os.Mkdir(subDev, 0755)
if err == nil {
err = unix.Mount("/dev", subDev, "bind", devFlags, "")
}
@@ -1071,7 +1071,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subProc := filepath.Join(spec.Root.Path, "/proc")
if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
if os.IsNotExist(err) {
err = os.Mkdir(subProc, 0700)
err = os.Mkdir(subProc, 0755)
if err == nil {
err = unix.Mount("/proc", subProc, "bind", procFlags, "")
}
@@ -1086,7 +1086,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
subSys := filepath.Join(spec.Root.Path, "/sys")
if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
if os.IsNotExist(err) {
err = os.Mkdir(subSys, 0700)
err = os.Mkdir(subSys, 0755)
if err == nil {
err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
}
@@ -1163,15 +1163,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
}
// The target isn't there yet, so create it.
if srcinfo.IsDir() {
if err = os.MkdirAll(target, 0111); err != nil {
if err = os.MkdirAll(target, 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
} else {
if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
}
var file *os.File
if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil {
if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
}
file.Close()

26
vendor/github.com/containers/buildah/chroot/seccomp.go generated vendored
View File

@@ -15,18 +15,28 @@ func setSeccomp(spec *specs.Spec) error {
if spec.Linux.Seccomp == nil {
return nil
}
mapAction := func(specAction specs.LinuxSeccompAction) libseccomp.ScmpAction {
mapAction := func(specAction specs.LinuxSeccompAction, errnoRet *uint) libseccomp.ScmpAction {
switch specAction {
case specs.ActKill:
return libseccomp.ActKill
case specs.ActTrap:
return libseccomp.ActTrap
case specs.ActErrno:
return libseccomp.ActErrno
action := libseccomp.ActErrno
if errnoRet != nil {
action = action.SetReturnCode(int16(*errnoRet))
}
return action
case specs.ActTrace:
return libseccomp.ActTrace
case specs.ActAllow:
return libseccomp.ActAllow
case specs.ActLog:
return libseccomp.ActLog
case specs.ActKillProcess:
return libseccomp.ActKillProcess
default:
logrus.Errorf("unmappable action %v", specAction)
}
return libseccomp.ActInvalid
}
@@ -68,6 +78,8 @@ func setSeccomp(spec *specs.Spec) error {
/* fallthrough */ /* for now */
case specs.ArchPARISC64:
/* fallthrough */ /* for now */
default:
logrus.Errorf("unmappable arch %v", specArch)
}
return libseccomp.ArchInvalid
}
@@ -87,11 +99,13 @@ func setSeccomp(spec *specs.Spec) error {
return libseccomp.CompareGreater
case specs.OpMaskedEqual:
return libseccomp.CompareMaskedEqual
default:
logrus.Errorf("unmappable op %v", op)
}
return libseccomp.CompareInvalid
}
filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction))
filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction, nil))
if err != nil {
return errors.Wrapf(err, "error creating seccomp filter with default action %q", spec.Linux.Seccomp.DefaultAction)
}
@@ -112,7 +126,7 @@ func setSeccomp(spec *specs.Spec) error {
}
for scnum := range scnames {
if len(rule.Args) == 0 {
if err = filter.AddRule(scnum, mapAction(rule.Action)); err != nil {
if err = filter.AddRule(scnum, mapAction(rule.Action, rule.ErrnoRet)); err != nil {
return errors.Wrapf(err, "error adding a rule (%q:%q) to seccomp filter", scnames[scnum], rule.Action)
}
continue
@@ -129,7 +143,7 @@ func setSeccomp(spec *specs.Spec) error {
}
conditions = append(conditions, condition)
}
if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions); err != nil {
if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions); err != nil {
// Okay, if the rules specify multiple equality
// checks, assume someone thought that they
// were OR'd, when in fact they're ordinarily
@@ -137,7 +151,7 @@ func setSeccomp(spec *specs.Spec) error {
// different rules to get that OR effect.
if len(rule.Args) > 1 && opsAreAllEquality && err.Error() == "two checks on same syscall argument" {
for i := range conditions {
if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions[i:i+1]); err != nil {
if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions[i:i+1]); err != nil {
return errors.Wrapf(err, "error adding a conditional rule (%q:%q[%d]) to seccomp filter", scnames[scnum], rule.Action, i)
}
}