Browse code
Update runc and spec dependencies for mount label
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Set up the mount label in the spec for a container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Mrunal Patel authored on 2016/04/26 04:55:28Showing 11 changed files
- Dockerfile
- Dockerfile.aarch64
- Dockerfile.armhf
- Dockerfile.gccgo
- Dockerfile.ppc64le
- Dockerfile.s390x
- Dockerfile.simple
- daemon/oci_linux.go
- hack/vendor.sh
- vendor/src/github.com/opencontainers/specs/specs-go/config.go
- vendor/src/github.com/opencontainers/specs/specs-go/version.go
| ... | ... |
@@ -258,7 +258,7 @@ RUN set -x \ |
| 258 | 258 |
&& rm -rf "$GOPATH" |
| 259 | 259 |
|
| 260 | 260 |
# Install runc |
| 261 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 261 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 262 | 262 |
RUN set -x \ |
| 263 | 263 |
&& export GOPATH="$(mktemp -d)" \ |
| 264 | 264 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -181,7 +181,7 @@ RUN set -x \ |
| 181 | 181 |
&& rm -rf "$GOPATH" |
| 182 | 182 |
|
| 183 | 183 |
# Install runc |
| 184 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 184 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 185 | 185 |
RUN set -x \ |
| 186 | 186 |
&& export GOPATH="$(mktemp -d)" \ |
| 187 | 187 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -200,7 +200,7 @@ RUN set -x \ |
| 200 | 200 |
&& rm -rf "$GOPATH" |
| 201 | 201 |
|
| 202 | 202 |
# Install runc |
| 203 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 203 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 204 | 204 |
RUN set -x \ |
| 205 | 205 |
&& export GOPATH="$(mktemp -d)" \ |
| 206 | 206 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -74,7 +74,7 @@ WORKDIR /go/src/github.com/docker/docker |
| 74 | 74 |
ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
| 75 | 75 |
|
| 76 | 76 |
# Install runc |
| 77 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 77 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 78 | 78 |
RUN set -x \ |
| 79 | 79 |
&& export GOPATH="$(mktemp -d)" \ |
| 80 | 80 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -196,7 +196,7 @@ RUN set -x \ |
| 196 | 196 |
&& rm -rf "$GOPATH" |
| 197 | 197 |
|
| 198 | 198 |
# Install runc |
| 199 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 199 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 200 | 200 |
RUN set -x \ |
| 201 | 201 |
&& export GOPATH="$(mktemp -d)" \ |
| 202 | 202 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -178,7 +178,7 @@ RUN set -x \ |
| 178 | 178 |
&& rm -rf "$GOPATH" |
| 179 | 179 |
|
| 180 | 180 |
# Install runc |
| 181 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 181 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 182 | 182 |
RUN set -x \ |
| 183 | 183 |
&& export GOPATH="$(mktemp -d)" \ |
| 184 | 184 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -57,7 +57,7 @@ ENV GOPATH /go:/go/src/github.com/docker/docker/vendor |
| 57 | 57 |
ENV CGO_LDFLAGS -L/lib |
| 58 | 58 |
|
| 59 | 59 |
# Install runc |
| 60 |
-ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 |
|
| 60 |
+ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa |
|
| 61 | 61 |
RUN set -x \ |
| 62 | 62 |
&& export GOPATH="$(mktemp -d)" \ |
| 63 | 63 |
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ |
| ... | ... |
@@ -672,6 +672,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e |
| 672 | 672 |
} |
| 673 | 673 |
s.Process.SelinuxLabel = c.GetProcessLabel() |
| 674 | 674 |
s.Process.NoNewPrivileges = c.NoNewPrivileges |
| 675 |
+ s.Linux.MountLabel = c.MountLabel |
|
| 675 | 676 |
|
| 676 | 677 |
return (*libcontainerd.Spec)(&s), nil |
| 677 | 678 |
} |
| ... | ... |
@@ -61,7 +61,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e |
| 61 | 61 |
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c |
| 62 | 62 |
|
| 63 | 63 |
clone git github.com/opencontainers/runc 2441732d6fcc0fb0a542671a4372e0c7bc99c19e # libcontainer |
| 64 |
-clone git github.com/opencontainers/specs 93ca97e83ca7fb4fba6d9e30d5470f99ddc02d11 # specs |
|
| 64 |
+clone git github.com/opencontainers/specs f955d90e70a98ddfb886bd930ffd076da9b67998 # specs |
|
| 65 | 65 |
clone git github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 |
| 66 | 66 |
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) |
| 67 | 67 |
clone git github.com/coreos/go-systemd v4 |
| ... | ... |
@@ -49,7 +49,7 @@ type Process struct {
|
| 49 | 49 |
|
| 50 | 50 |
// ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent) |
| 51 | 51 |
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` |
| 52 |
- // SelinuxProcessLabel specifies the selinux context that the container process is run as. (this field is platform dependent) |
|
| 52 |
+ // SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent) |
|
| 53 | 53 |
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` |
| 54 | 54 |
} |
| 55 | 55 |
|
| ... | ... |
@@ -140,6 +140,8 @@ type Linux struct {
|
| 140 | 140 |
MaskedPaths []string `json:"maskedPaths,omitempty"` |
| 141 | 141 |
// ReadonlyPaths sets the provided paths as RO inside the container. |
| 142 | 142 |
ReadonlyPaths []string `json:"readonlyPaths,omitempty"` |
| 143 |
+ // MountLabel specifies the selinux context for the mounts in the container. |
|
| 144 |
+ MountLabel string `json:"mountLabel,omitempty"` |
|
| 143 | 145 |
} |
| 144 | 146 |
|
| 145 | 147 |
// Namespace is the configuration for a Linux namespace |
| ... | ... |
@@ -6,7 +6,7 @@ const ( |
| 6 | 6 |
// VersionMajor is for an API incompatible changes |
| 7 | 7 |
VersionMajor = 0 |
| 8 | 8 |
// VersionMinor is for functionality in a backwards-compatible manner |
| 9 |
- VersionMinor = 5 |
|
| 9 |
+ VersionMinor = 6 |
|
| 10 | 10 |
// VersionPatch is for backwards-compatible bug fixes |
| 11 | 11 |
VersionPatch = 0 |
| 12 | 12 |
|