Browse code
Merge pull request #210 from thaJeztah/19.03_backport_bump_runc_1.0.0-rc.8
[19.03 backport] Bump runc 1.0.0-rc8, opencontainers/selinux v1.2.2
Andrew Hsu authored on 2019/05/14 11:06:00Showing 4 changed files
- hack/dockerfile/install/runc.installer
- vendor.conf
- vendor/github.com/opencontainers/runc/vendor.conf
- vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
# The version of runc should match the version that is used by the containerd |
| 5 | 5 |
# version that is used. If you need to update runc, open a pull request in |
| 6 | 6 |
# the containerd project first, and update both after that is merged. |
| 7 |
-RUNC_COMMIT=029124da7af7360afa781a0234d1b083550f797c # v1.0.0-rc7-6-g029124da |
|
| 7 |
+RUNC_COMMIT=425e105d5a03fabd737a126ad93d62a9eeede87f # v1.0.0-rc8 |
|
| 8 | 8 |
|
| 9 | 9 |
install_runc() {
|
| 10 | 10 |
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting |
| ... | ... |
@@ -80,7 +80,7 @@ google.golang.org/grpc 7a6a684ca69eb4cae85ad0a484f2 |
| 80 | 80 |
# the containerd project first, and update both after that is merged. |
| 81 | 81 |
# This commit does not need to match RUNC_COMMIT as it is used for helper |
| 82 | 82 |
# packages but should be newer or equal. |
| 83 |
-github.com/opencontainers/runc 029124da7af7360afa781a0234d1b083550f797c # v1.0.0-rc7-6-g029124da |
|
| 83 |
+github.com/opencontainers/runc 425e105d5a03fabd737a126ad93d62a9eeede87f # v1.0.0-rc8 |
|
| 84 | 84 |
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db |
| 85 | 85 |
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1 |
| 86 | 86 |
github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 |
| ... | ... |
@@ -162,6 +162,6 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9 |
| 162 | 162 |
# metrics |
| 163 | 163 |
github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18 |
| 164 | 164 |
|
| 165 |
-github.com/opencontainers/selinux 0bb7b9fa9ba5c1120e9d22caed4961fca4228408 # v1.2.1 |
|
| 165 |
+github.com/opencontainers/selinux 3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2 |
|
| 166 | 166 |
|
| 167 | 167 |
# DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects -------- |
| ... | ... |
@@ -5,7 +5,7 @@ github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 |
| 5 | 5 |
# Core libcontainer functionality. |
| 6 | 6 |
github.com/checkpoint-restore/go-criu v3.11 |
| 7 | 7 |
github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08 |
| 8 |
-github.com/opencontainers/selinux v1.2.1 |
|
| 8 |
+github.com/opencontainers/selinux v1.2.2 |
|
| 9 | 9 |
github.com/seccomp/libseccomp-golang 84e90a91acea0f4e51e62bc1a75de18b1fc0790f |
| 10 | 10 |
github.com/sirupsen/logrus a3f95b5c423586578a4e099b11a46c2479628cac |
| 11 | 11 |
github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 |
| ... | ... |
@@ -406,7 +406,14 @@ func SocketLabel() (string, error) {
|
| 406 | 406 |
// SetKeyLabel takes a process label and tells the kernel to assign the |
| 407 | 407 |
// label to the next kernel keyring that gets created |
| 408 | 408 |
func SetKeyLabel(label string) error {
|
| 409 |
- return writeCon("/proc/self/attr/keycreate", label)
|
|
| 409 |
+ err := writeCon("/proc/self/attr/keycreate", label)
|
|
| 410 |
+ if os.IsNotExist(err) {
|
|
| 411 |
+ return nil |
|
| 412 |
+ } |
|
| 413 |
+ if label == "" && os.IsPermission(err) && !GetEnabled() {
|
|
| 414 |
+ return nil |
|
| 415 |
+ } |
|
| 416 |
+ return err |
|
| 410 | 417 |
} |
| 411 | 418 |
|
| 412 | 419 |
// KeyLabel retrieves the current kernel keyring label setting |