1. docker
  2. Commit 6f0e2c8c8b29bdd9c9eb39f747207ec4dc081be1
Browse code

Bump runc to version a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>

Kenfe-Mickael Laventure authored on 2017/02/23 04:45:43
Showing 4 changed files
hack/dockerfile/binaries-commits
History View file @ 6f0e2c8
... ... 
@@ -1,7 +1,9 @@
1 1 
 #!/bin/sh
2 2
3 3 
 TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
4 
-RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7
4 
+
5 
+# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
6 
+RUNC_COMMIT=a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70
5 7 
 CONTAINERD_COMMIT=78fb8f45890a601e0fd9051cf9f9f74923e950fd
6 8 
 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
7 9 
 LIBNETWORK_COMMIT=7b2b1feb1de4817d522cc372af149ff48d25028e
vendor.conf
History View file @ 6f0e2c8
... ... 
@@ -60,7 +60,8 @@ github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
60 60 
 github.com/docker/go v1.5.1-1-1-gbaf439e
61 61 
 github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
62 62
63 
-github.com/opencontainers/runc 51371867a01c467f08af739783b8beafc15 # libcontainer
63 
+# When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly
64 
+github.com/opencontainers/runc a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70 https://github.com/docker/runc.git # libcontainer
64 65 
 github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
65 66 
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
66 67 
 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go
History View file @ 6f0e2c8
... ... 
@@ -33,19 +33,15 @@ func InitLabels(options []string) (string, string, error) {
33 33 
 		pcon := selinux.NewContext(processLabel)
34 34 
 		mcon := selinux.NewContext(mountLabel)
35 35 
 		for _, opt := range options {
36 
-			val := strings.SplitN(opt, "=", 2)
37 
-			if val[0] != "label" {
38 
-				continue
39 
-			}
40 
-			if len(val) < 2 {
41 
-				return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
42 
-			}
43 
-			if val[1] == "disable" {
36 
+			if opt == "disable" {
44 37 
 				return "", "", nil
45 38 
 			}
46 
-			con := strings.SplitN(val[1], ":", 2)
47 
-			if len(con) < 2 || !validOptions[con[0]] {
48 
-				return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0])
39 
+			if i := strings.Index(opt, ":"); i == -1 {
40 
+				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
41 
+			}
42 
+			con := strings.SplitN(opt, ":", 2)
43 
+			if !validOptions[con[0]] {
44 
+				return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0])
49 45
50 46 
 			}
51 47 
 			pcon[con[0]] = con[1]
... ... 
@@ -146,7 +142,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
146 146 
 		fileLabel = c.Get()
147 147 
 	}
148 148 
 	if err := selinux.Chcon(path, fileLabel, true); err != nil {
149 
-		return fmt.Errorf("SELinux relabeling of %s is not allowed: %q", path, err)
149 
+		return err
150 150 
 	}
151 151 
 	return nil
152 152 
 }
vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
History View file @ 6f0e2c8
... ... 
@@ -435,6 +435,11 @@ void nsexec(void)
435 435 
 	if (pipenum == -1)
436 436 
 		return;
437 437
438 
+	/* make the process non-dumpable */
439 
+	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) {
440 
+		bail("failed to set process as non-dumpable");
441 
+	}
442 
+
438 443 
 	/* Parse all of the netlink configuration. */
439 444 
 	nl_parse(pipenum, &config);
440 445