Vendor in latest buildah to add masks for /proc/keys and /proc/acpi

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1062 Approved by: baude
2025-12-01 02:27:13 +08:00 · 2018-07-08 07:59:35 -04:00
parent f661e1d21d
commit c7424b6991
7 changed files with 21 additions and 16 deletions
--- a/vendor.conf
+++ b/vendor.conf
@@ -89,7 +89,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/
 k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils
 github.com/mrunalp/fileutils master
 github.com/varlink/go master
-github.com/projectatomic/buildah 5cd9be61ef71a518749ccbde5e449adac5e4b8c0
+github.com/projectatomic/buildah 3fb864bb93ef18b1defee69ebb410fa0b06ebbed
 github.com/Nvveen/Gotty master
 github.com/fsouza/go-dockerclient master
 github.com/openshift/imagebuilder master
--- a/vendor/github.com/projectatomic/buildah/README.md
+++ b/vendor/github.com/projectatomic/buildah/README.md
@@ -5,8 +5,6 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/projectatomic/buildah)](https://goreportcard.com/report/github.com/projectatomic/buildah)
 [![Travis](https://travis-ci.org/projectatomic/buildah.svg?branch=master)](https://travis-ci.org/projectatomic/buildah)

-Note: this package is in alpha, but is close to being feature-complete.
-
 The Buildah package provides a command line tool that can be used to
 * create a working container, either from scratch or using an image as a starting point
 * create an image, either from a working container or via the instructions in a Dockerfile
@@ -16,13 +14,19 @@ The Buildah package provides a command line tool that can be used to
 * use the updated contents of a container's root filesystem as a filesystem layer to create a new image
 * delete a working container or an image

+**[Buildah Demos](demos)**
+
 **[Changelog](CHANGELOG.md)**

+**[Contributing](CONTRIBUTING.md)**
+
+**[Development Plan](developmentplan.md)**
+
 **[Installation notes](install.md)**

 **[Troubleshooting Guide](troubleshooting.md)**

-**[Tutorials](docs/tutorials/README.md)**
+**[Tutorials](docs/tutorials)**

 ## Example

--- a/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
+++ b/vendor/github.com/projectatomic/buildah/pkg/cli/common.go
@@ -139,6 +139,10 @@ var (
 			Name:  "logfile",
 			Usage: "log to `file` instead of stdout/stderr",
 		},
+		cli.IntFlag{
+			Name:  "loglevel",
+			Usage: "adjust logging level (range from -2 to 3)",
+		},
 		cli.BoolTFlag{
 			Name:  "pull",
 			Usage: "pull the image if not present",
--- a/vendor/github.com/projectatomic/buildah/pull.go
+++ b/vendor/github.com/projectatomic/buildah/pull.go
@@ -167,14 +167,14 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio
 	}()

 	logrus.Debugf("copying %q to %q", spec, destName)
-	err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, options.SystemContext, nil, ""))
+	err = cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, ""))
 	if err == nil {
 		return destRef, nil
 	}

 	// If no image was found, we should handle.  Lets be nicer to the user and see if we can figure out why.
-	registryPath := sysregistries.RegistriesConfPath(&types.SystemContext{})
-	searchRegistries, err := getRegistries()
+	registryPath := sysregistries.RegistriesConfPath(sc)
+	searchRegistries, err := getRegistries(sc)
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/projectatomic/buildah/run.go
+++ b/vendor/github.com/projectatomic/buildah/run.go
@@ -598,7 +598,9 @@ func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDP

 func setupMaskedPaths(g *generate.Generator) {
 	for _, mp := range []string{
+		"/proc/acpi",
 		"/proc/kcore",
+		"/proc/keys",
 		"/proc/latency_stats",
 		"/proc/timer_list",
 		"/proc/timer_stats",
@@ -749,7 +751,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
 	// If we've got mappings, we're going to have to create a user namespace.
 	if len(idmapOptions.UIDMap) > 0 || len(idmapOptions.GIDMap) > 0 || configureUserns {
 		if hostPidns {
-			return false, nil, false, errors.Wrapf(err, "unable to mix host PID namespace with user namespace")
+			return false, nil, false, errors.New("unable to mix host PID namespace with user namespace")
 		}
 		if err := g.AddOrReplaceLinuxNamespace(specs.UserNamespace, ""); err != nil {
 			return false, nil, false, errors.Wrapf(err, "error adding new %q namespace for run", string(specs.UserNamespace))
--- a/vendor/github.com/projectatomic/buildah/util.go
+++ b/vendor/github.com/projectatomic/buildah/util.go
@@ -167,13 +167,8 @@ func (b *Builder) tarPath() func(path string) (io.ReadCloser, error) {
 }

 // getRegistries obtains the list of registries defined in the global registries file.
-func getRegistries() ([]string, error) {
-	registryConfigPath := ""
-	envOverride := os.Getenv("REGISTRIES_CONFIG_PATH")
-	if len(envOverride) > 0 {
-		registryConfigPath = envOverride
-	}
-	searchRegistries, err := sysregistries.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registryConfigPath})
+func getRegistries(sc *types.SystemContext) ([]string, error) {
+	searchRegistries, err := sysregistries.GetRegistries(sc)
 	if err != nil {
 		return nil, errors.Wrapf(err, "unable to parse the registries.conf file")
 	}
--- a/vendor/github.com/projectatomic/buildah/vendor.conf
+++ b/vendor/github.com/projectatomic/buildah/vendor.conf
@@ -5,7 +5,7 @@ github.com/containerd/continuity master
 github.com/containernetworking/cni v0.6.0
 github.com/seccomp/containers-golang master
 github.com/containers/image master
-github.com/containers/storage 0b8ab959bba614a4f88bb3791dbc078c3d47f259
+github.com/containers/storage 9cbb6cb3fc2044eae8b8fd8d8da081fe812858c4
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
 github.com/docker/docker b8571fd81c7d2223c9ecbf799c693e3ef1daaea9
 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1