opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-01 02:27:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

vendor: update c/{buildah,common,image,storage} to main

Browse Source 
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2025-05-28 14:53:37 +02:00
parent e98e128012
commit b551939be6
123 changed files with 2454 additions and 1568 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
vendor/github.com/containers/buildah/pkg/parse/parse.go generated vendored
View File

@@ -35,6 +35,7 @@ import (
securejoin "github.com/cyphar/filepath-securejoin"
units "github.com/docker/go-units"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux"
"github.com/openshift/imagebuilder"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -81,6 +82,25 @@ func CommonBuildOptions(c *cobra.Command) (*define.CommonBuildOptions, error) {
return CommonBuildOptionsFromFlagSet(c.Flags(), c.Flag)
}
// If user selected to run with currentLabelOpts then append on the current user and role
func currentLabelOpts() ([]string, error) {
label, err := selinux.CurrentLabel()
if err != nil {
return nil, err
}
if label == "" {
return nil, nil
}
con, err := selinux.NewContext(label)
if err != nil {
return nil, err
}
return []string{
fmt.Sprintf("label=user:%s", con["user"]),
fmt.Sprintf("label=role:%s", con["role"]),
}, nil
}
// CommonBuildOptionsFromFlagSet parses the build options from the bud cli
func CommonBuildOptionsFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name string) *pflag.Flag) (*define.CommonBuildOptions, error) {
var (
@@ -201,6 +221,18 @@ func CommonBuildOptionsFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name
OCIHooksDir: ociHooks,
}
securityOpts, _ := flags.GetStringArray("security-opt")
defConfig, err := config.Default()
if err != nil {
return nil, fmt.Errorf("failed to get container config: %w", err)
}
if defConfig.Containers.EnableLabeledUsers {
defSecurityOpts, err := currentLabelOpts()
if err != nil {
return nil, err
}
securityOpts = append(defSecurityOpts, securityOpts...)
}
if err := parseSecurityOpts(securityOpts, commonOpts); err != nil {
return nil, err
}

3
vendor/github.com/containers/buildah/pkg/parse/parse_unix.go generated vendored
View File

@@ -8,6 +8,7 @@ import (
"path/filepath"
"github.com/containers/buildah/define"
"github.com/opencontainers/cgroups/devices/config"
"github.com/opencontainers/runc/libcontainer/devices"
)
@@ -47,7 +48,7 @@ func DeviceFromPath(device string) (define.ContainerDevices, error) {
}
for _, d := range srcDevices {
d.Path = filepath.Join(dst, filepath.Base(d.Path))
d.Permissions = devices.Permissions(permissions)
d.Permissions = config.Permissions(permissions)
device := define.BuildahDevice{Device: *d, Source: src, Destination: dst}
devs = append(devs, device)
}