InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754

Browse Source 
last commit before it updated to runtime-spec v1.3.0

full diff: 0ea5ed0382...e5b4542027

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2025-12-12 14:45:48 +01:00
parent 4384364748
commit 52f33797f3
7 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@@ -201,7 +201,7 @@ require (
github.com/moby/sys/capability v0.4.0 // indirect github.com/moby/sys/capability v0.4.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 // indirect github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754 // indirect
github.com/package-url/packageurl-go v0.1.1 // indirect github.com/package-url/packageurl-go v0.1.1 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect

4
go.sum
View File

@@ -494,8 +494,8 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww=
github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 h1:2xZEHOdeQBV6PW8ZtimN863bIOl7OCW/X10K0cnxKeA= github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754 h1:4Mrk65ZaCobj22KCQJhUB/l09g6tF6f2PtREEYbG3cc=
github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2/go.mod h1:MXdPzqAA8pHC58USHqNCSjyLnRQ6D+NjbpP+02Z1U/0= github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754/go.mod h1:MXdPzqAA8pHC58USHqNCSjyLnRQ6D+NjbpP+02Z1U/0=
github.com/opencontainers/selinux v1.13.1 h1:A8nNeceYngH9Ow++M+VVEwJVpdFmrlxsN22F+ISDCJE= github.com/opencontainers/selinux v1.13.1 h1:A8nNeceYngH9Ow++M+VVEwJVpdFmrlxsN22F+ISDCJE=
github.com/opencontainers/selinux v1.13.1/go.mod h1:S10WXZ/osk2kWOYKy1x2f/eXF5ZHJoUs8UU/2caNRbg= github.com/opencontainers/selinux v1.13.1/go.mod h1:S10WXZ/osk2kWOYKy1x2f/eXF5ZHJoUs8UU/2caNRbg=
github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU= github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU=

16
vendor/github.com/opencontainers/runtime-tools/generate/generate.go generated vendored
View File

@@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"io" "io"
"os" "os"
"slices"
"strings" "strings"
"github.com/moby/sys/capability" "github.com/moby/sys/capability"
@@ -88,7 +89,8 @@ func New(os string) (generator Generator, err error) {
} }
} }
if os == "linux" { switch os {
case "linux":
config.Process.Capabilities = &rspec.LinuxCapabilities{ config.Process.Capabilities = &rspec.LinuxCapabilities{
Bounding: []string{ Bounding: []string{
"CAP_CHOWN", "CAP_CHOWN",
@@ -237,7 +239,7 @@ func New(os string) (generator Generator, err error) {
}, },
Seccomp: seccomp.DefaultProfile(&config), Seccomp: seccomp.DefaultProfile(&config),
} }
} else if os == "freebsd" { case "freebsd":
config.Mounts = []rspec.Mount{ config.Mounts = []rspec.Mount{
{ {
Destination: "/dev", Destination: "/dev",
@@ -593,12 +595,10 @@ func (g *Generator) ClearProcessAdditionalGids() {
} }
// AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids. // AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids.
func (g *Generator) AddProcessAdditionalGid(gid uint32) { func (g *Generator) AddProcessAdditionalGid(gid uint32) { //nolint:staticcheck // Ignore ST1003: method AddProcessAdditionalGid should be AddProcessAdditionalGID
g.initConfigProcess() g.initConfigProcess()
for _, group := range g.Config.Process.User.AdditionalGids { if slices.Contains(g.Config.Process.User.AdditionalGids, gid) {
if group == gid { return
return
}
} }
g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid) g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid)
} }
@@ -868,7 +868,7 @@ func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) {
} }
} }
// AddLinuxResourcesUnified sets the g.Config.Linux.Resources.Unified // SetLinuxResourcesUnified sets the g.Config.Linux.Resources.Unified.
func (g *Generator) SetLinuxResourcesUnified(unified map[string]string) { func (g *Generator) SetLinuxResourcesUnified(unified map[string]string) {
g.initConfigLinuxResourcesUnified() g.initConfigLinuxResourcesUnified()
for k, v := range unified { for k, v := range unified {

3
vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go generated vendored
View File

@@ -3,7 +3,6 @@ package seccomp
import ( import (
"runtime" "runtime"
"github.com/opencontainers/runtime-spec/specs-go"
rspec "github.com/opencontainers/runtime-spec/specs-go" rspec "github.com/opencontainers/runtime-spec/specs-go"
) )
@@ -31,7 +30,7 @@ func arches() []rspec.Arch {
} }
// DefaultProfile defines the whitelist for the default seccomp profile. // DefaultProfile defines the whitelist for the default seccomp profile.
func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp { func DefaultProfile(rs *rspec.Spec) *rspec.LinuxSeccomp {
syscalls := []rspec.LinuxSyscall{ syscalls := []rspec.LinuxSyscall{
{ {
Names: []string{ Names: []string{

1
vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go generated vendored
View File

@@ -1,5 +1,4 @@
//go:build linux //go:build linux
// +build linux
package seccomp package seccomp

1
vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go generated vendored
View File

@@ -1,5 +1,4 @@
//go:build !linux //go:build !linux
// +build !linux
package seccomp package seccomp

2
vendor/modules.txt vendored
View File

@@ -1220,7 +1220,7 @@ github.com/opencontainers/image-spec/specs-go/v1
## explicit ## explicit
github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go
github.com/opencontainers/runtime-spec/specs-go/features github.com/opencontainers/runtime-spec/specs-go/features
# github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 # github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754
## explicit; go 1.21 ## explicit; go 1.21
github.com/opencontainers/runtime-tools/generate github.com/opencontainers/runtime-tools/generate
github.com/opencontainers/runtime-tools/generate/seccomp github.com/opencontainers/runtime-tools/generate/seccomp