mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
c231772a5c
Go maintainers started to unconditionally update the minimum go version
for golang.org/x/ dependencies to go1.23, which means that we'll no longer
be able to support any version below that when updating those dependencies;
> all: upgrade go directive to at least 1.23.0 [generated]
>
> By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
> per the Go Release Policy (https://go.dev/doc/devel/release#policy).
>
> For golang/go#69095.
This updates our minimum version to go1.23, as we won't be able to maintain
compatibility with older versions because of the above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7c52c4d92e)
Signed-off-by: Andrey Epifanov <aepifanov@mirantis.com>
# Conflicts:
# api/server/router/container/inspect.go
# api/server/router/grpc/grpc.go
# api/server/router/system/system.go
# api/server/router/system/system_routes.go
# api/types/registry/registry.go
# api/types/registry/registry_test.go
# builder/builder-next/adapters/containerimage/pull.go
# container/view.go
# daemon/container_operations.go
# daemon/containerd/image_inspect.go
# daemon/containerd/image_push_test.go
# daemon/create.go
# daemon/daemon.go
# daemon/daemon_unix.go
# daemon/info.go
# daemon/inspect.go
# daemon/logger/loggerutils/logfile.go
# internal/gocompat/modulegenerator.go
# internal/maputil/maputil.go
# internal/platform/platform_linux.go
# internal/sliceutil/sliceutil.go
# libnetwork/config/config.go
# libnetwork/drivers/bridge/port_mapping_linux.go
# libnetwork/drivers/overlay/peerdb.go
# libnetwork/endpoint.go
# libnetwork/endpoint_store.go
# libnetwork/internal/l2disco/unsol_arp_linux.go
# libnetwork/internal/l2disco/unsol_na_linux.go
# libnetwork/internal/nftables/nftables_linux.go
# libnetwork/internal/resolvconf/resolvconf.go
# libnetwork/internal/setmatrix/setmatrix.go
# libnetwork/ipams/defaultipam/address_space.go
# libnetwork/ipamutils/utils.go
# libnetwork/iptables/iptables.go
# libnetwork/netutils/utils_linux.go
# libnetwork/network.go
# libnetwork/network_store.go
# libnetwork/networkdb/networkdb.go
# libnetwork/options/options.go
# libnetwork/osl/interface_linux.go
# libnetwork/osl/route_linux.go
# libnetwork/portallocator/portallocator.go
# libnetwork/sandbox.go
# libnetwork/service.go
# oci/defaults.go
# plugin/v2/plugin_linux.go
# testutil/daemon/daemon.go
# testutil/helpers.go
200 lines
5.0 KiB
Go
200 lines
5.0 KiB
Go
// TODO(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
|
|
//go:build go1.23
|
|
|
|
package oci // import "github.com/docker/docker/oci"
|
|
|
|
import (
|
|
"runtime"
|
|
|
|
"github.com/docker/docker/oci/caps"
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
)
|
|
|
|
func iPtr(i int64) *int64 { return &i }
|
|
|
|
const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
|
|
// DefaultPathEnv is unix style list of directories to search for
|
|
// executables. Each directory is separated from the next by a colon
|
|
// ':' character .
|
|
// For Windows containers, an empty string is returned as the default
|
|
// path will be set by the container, and Docker has no context of what the
|
|
// default path should be.
|
|
//
|
|
// TODO(thaJeztah) align Windows default with BuildKit; see https://github.com/moby/buildkit/pull/1747
|
|
// TODO(thaJeztah) use defaults from containerd (but align it with BuildKit; see https://github.com/moby/buildkit/pull/1747)
|
|
func DefaultPathEnv(os string) string {
|
|
if os == "windows" {
|
|
return ""
|
|
}
|
|
return defaultUnixPathEnv
|
|
}
|
|
|
|
// DefaultSpec returns the default spec used by docker for the current Platform
|
|
func DefaultSpec() specs.Spec {
|
|
if runtime.GOOS == "windows" {
|
|
return DefaultWindowsSpec()
|
|
}
|
|
return DefaultLinuxSpec()
|
|
}
|
|
|
|
// DefaultWindowsSpec create a default spec for running Windows containers
|
|
func DefaultWindowsSpec() specs.Spec {
|
|
return specs.Spec{
|
|
Version: specs.Version,
|
|
Windows: &specs.Windows{},
|
|
Process: &specs.Process{},
|
|
Root: &specs.Root{},
|
|
}
|
|
}
|
|
|
|
// DefaultLinuxSpec create a default spec for running Linux containers
|
|
func DefaultLinuxSpec() specs.Spec {
|
|
return specs.Spec{
|
|
Version: specs.Version,
|
|
Process: &specs.Process{
|
|
Capabilities: &specs.LinuxCapabilities{
|
|
Bounding: caps.DefaultCapabilities(),
|
|
Permitted: caps.DefaultCapabilities(),
|
|
Effective: caps.DefaultCapabilities(),
|
|
},
|
|
},
|
|
Root: &specs.Root{},
|
|
Mounts: []specs.Mount{
|
|
{
|
|
Destination: "/proc",
|
|
Type: "proc",
|
|
Source: "proc",
|
|
Options: []string{"nosuid", "noexec", "nodev"},
|
|
},
|
|
{
|
|
Destination: "/dev",
|
|
Type: "tmpfs",
|
|
Source: "tmpfs",
|
|
Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
|
|
},
|
|
{
|
|
Destination: "/dev/pts",
|
|
Type: "devpts",
|
|
Source: "devpts",
|
|
Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
|
|
},
|
|
{
|
|
Destination: "/sys",
|
|
Type: "sysfs",
|
|
Source: "sysfs",
|
|
Options: []string{"nosuid", "noexec", "nodev", "ro"},
|
|
},
|
|
{
|
|
Destination: "/sys/fs/cgroup",
|
|
Type: "cgroup",
|
|
Source: "cgroup",
|
|
Options: []string{"ro", "nosuid", "noexec", "nodev"},
|
|
},
|
|
{
|
|
Destination: "/dev/mqueue",
|
|
Type: "mqueue",
|
|
Source: "mqueue",
|
|
Options: []string{"nosuid", "noexec", "nodev"},
|
|
},
|
|
{
|
|
Destination: "/dev/shm",
|
|
Type: "tmpfs",
|
|
Source: "shm",
|
|
Options: []string{"nosuid", "noexec", "nodev", "mode=1777"},
|
|
},
|
|
},
|
|
Linux: &specs.Linux{
|
|
MaskedPaths: []string{
|
|
"/proc/asound",
|
|
"/proc/acpi",
|
|
"/proc/kcore",
|
|
"/proc/keys",
|
|
"/proc/latency_stats",
|
|
"/proc/timer_list",
|
|
"/proc/timer_stats",
|
|
"/proc/sched_debug",
|
|
"/proc/scsi",
|
|
"/sys/firmware",
|
|
"/sys/devices/virtual/powercap",
|
|
},
|
|
ReadonlyPaths: []string{
|
|
"/proc/bus",
|
|
"/proc/fs",
|
|
"/proc/irq",
|
|
"/proc/sys",
|
|
"/proc/sysrq-trigger",
|
|
},
|
|
Namespaces: []specs.LinuxNamespace{
|
|
{Type: specs.MountNamespace},
|
|
{Type: specs.NetworkNamespace},
|
|
{Type: specs.UTSNamespace},
|
|
{Type: specs.PIDNamespace},
|
|
{Type: specs.IPCNamespace},
|
|
},
|
|
// Devices implicitly contains the following devices:
|
|
// null, zero, full, random, urandom, tty, console, and ptmx.
|
|
// ptmx is a bind mount or symlink of the container's ptmx.
|
|
// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
|
|
Devices: []specs.LinuxDevice{},
|
|
Resources: &specs.LinuxResources{
|
|
Devices: []specs.LinuxDeviceCgroup{
|
|
{
|
|
Allow: false,
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(1),
|
|
Minor: iPtr(5),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(1),
|
|
Minor: iPtr(3),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(1),
|
|
Minor: iPtr(9),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(1),
|
|
Minor: iPtr(8),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(5),
|
|
Minor: iPtr(0),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: true,
|
|
Type: "c",
|
|
Major: iPtr(5),
|
|
Minor: iPtr(1),
|
|
Access: "rwm",
|
|
},
|
|
{
|
|
Allow: false,
|
|
Type: "c",
|
|
Major: iPtr(10),
|
|
Minor: iPtr(229),
|
|
Access: "rwm",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|