update vendor

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2018-09-25 12:27:46 -04:00 · 2018-09-25 12:27:46 -04:00 · 94d1cfbfbf
commit 94d1cfbfbf
parent 19a32db84d
10501 changed files with 2307943 additions and 29279 deletions
--- a/vendor/github.com/docker/docker-ce/components/engine/oci/defaults.go
+++ b/vendor/github.com/docker/docker-ce/components/engine/oci/defaults.go
@ -0,0 +1,212 @@
+package oci // import "github.com/docker/docker/oci"
+
+import (
+	"os"
+	"runtime"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func iPtr(i int64) *int64        { return &i }
+func u32Ptr(i int64) *uint32     { u := uint32(i); return &u }
+func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
+
+func defaultCapabilities() []string {
+	return []string{
+		"CAP_CHOWN",
+		"CAP_DAC_OVERRIDE",
+		"CAP_FSETID",
+		"CAP_FOWNER",
+		"CAP_MKNOD",
+		"CAP_NET_RAW",
+		"CAP_SETGID",
+		"CAP_SETUID",
+		"CAP_SETFCAP",
+		"CAP_SETPCAP",
+		"CAP_NET_BIND_SERVICE",
+		"CAP_SYS_CHROOT",
+		"CAP_KILL",
+		"CAP_AUDIT_WRITE",
+	}
+}
+
+// DefaultSpec returns the default spec used by docker for the current Platform
+func DefaultSpec() specs.Spec {
+	return DefaultOSSpec(runtime.GOOS)
+}
+
+// DefaultOSSpec returns the spec for a given OS
+func DefaultOSSpec(osName string) specs.Spec {
+	if osName == "windows" {
+		return DefaultWindowsSpec()
+	}
+	return DefaultLinuxSpec()
+}
+
+// DefaultWindowsSpec create a default spec for running Windows containers
+func DefaultWindowsSpec() specs.Spec {
+	return specs.Spec{
+		Version: specs.Version,
+		Windows: &specs.Windows{},
+		Process: &specs.Process{},
+		Root:    &specs.Root{},
+	}
+}
+
+// DefaultLinuxSpec create a default spec for running Linux containers
+func DefaultLinuxSpec() specs.Spec {
+	s := specs.Spec{
+		Version: specs.Version,
+		Process: &specs.Process{
+			Capabilities: &specs.LinuxCapabilities{
+				Bounding:    defaultCapabilities(),
+				Permitted:   defaultCapabilities(),
+				Inheritable: defaultCapabilities(),
+				Effective:   defaultCapabilities(),
+			},
+		},
+		Root: &specs.Root{},
+	}
+	s.Mounts = []specs.Mount{
+		{
+			Destination: "/proc",
+			Type:        "proc",
+			Source:      "proc",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/dev",
+			Type:        "tmpfs",
+			Source:      "tmpfs",
+			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+		},
+		{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+		},
+		{
+			Destination: "/sys",
+			Type:        "sysfs",
+			Source:      "sysfs",
+			Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+		},
+		{
+			Destination: "/sys/fs/cgroup",
+			Type:        "cgroup",
+			Source:      "cgroup",
+			Options:     []string{"ro", "nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/dev/mqueue",
+			Type:        "mqueue",
+			Source:      "mqueue",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+		{
+			Destination: "/dev/shm",
+			Type:        "tmpfs",
+			Source:      "shm",
+			Options:     []string{"nosuid", "noexec", "nodev", "mode=1777"},
+		},
+	}
+
+	s.Linux = &specs.Linux{
+		MaskedPaths: []string{
+			"/proc/acpi",
+			"/proc/kcore",
+			"/proc/keys",
+			"/proc/latency_stats",
+			"/proc/timer_list",
+			"/proc/timer_stats",
+			"/proc/sched_debug",
+			"/proc/scsi",
+			"/sys/firmware",
+		},
+		ReadonlyPaths: []string{
+			"/proc/asound",
+			"/proc/bus",
+			"/proc/fs",
+			"/proc/irq",
+			"/proc/sys",
+			"/proc/sysrq-trigger",
+		},
+		Namespaces: []specs.LinuxNamespace{
+			{Type: "mount"},
+			{Type: "network"},
+			{Type: "uts"},
+			{Type: "pid"},
+			{Type: "ipc"},
+		},
+		// Devices implicitly contains the following devices:
+		// null, zero, full, random, urandom, tty, console, and ptmx.
+		// ptmx is a bind mount or symlink of the container's ptmx.
+		// See also: https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#default-devices
+		Devices: []specs.LinuxDevice{},
+		Resources: &specs.LinuxResources{
+			Devices: []specs.LinuxDeviceCgroup{
+				{
+					Allow:  false,
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(1),
+					Minor:  iPtr(5),
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(1),
+					Minor:  iPtr(3),
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(1),
+					Minor:  iPtr(9),
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(1),
+					Minor:  iPtr(8),
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(5),
+					Minor:  iPtr(0),
+					Access: "rwm",
+				},
+				{
+					Allow:  true,
+					Type:   "c",
+					Major:  iPtr(5),
+					Minor:  iPtr(1),
+					Access: "rwm",
+				},
+				{
+					Allow:  false,
+					Type:   "c",
+					Major:  iPtr(10),
+					Minor:  iPtr(229),
+					Access: "rwm",
+				},
+			},
+		},
+	}
+
+	// For LCOW support, populate a blank Windows spec
+	if runtime.GOOS == "windows" {
+		s.Windows = &specs.Windows{}
+	}
+
+	return s
+}
--- a/vendor/github.com/docker/docker-ce/components/engine/oci/devices_linux.go
+++ b/vendor/github.com/docker/docker-ce/components/engine/oci/devices_linux.go
@ -0,0 +1,86 @@
+package oci // import "github.com/docker/docker/oci"
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/opencontainers/runc/libcontainer/devices"
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.
+func Device(d *configs.Device) specs.LinuxDevice {
+	return specs.LinuxDevice{
+		Type:     string(d.Type),
+		Path:     d.Path,
+		Major:    d.Major,
+		Minor:    d.Minor,
+		FileMode: fmPtr(int64(d.FileMode)),
+		UID:      u32Ptr(int64(d.Uid)),
+		GID:      u32Ptr(int64(d.Gid)),
+	}
+}
+
+func deviceCgroup(d *configs.Device) specs.LinuxDeviceCgroup {
+	t := string(d.Type)
+	return specs.LinuxDeviceCgroup{
+		Allow:  true,
+		Type:   t,
+		Major:  &d.Major,
+		Minor:  &d.Minor,
+		Access: d.Permissions,
+	}
+}
+
+// DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.LinuxDevice, devPermissions []specs.LinuxDeviceCgroup, err error) {
+	resolvedPathOnHost := pathOnHost
+
+	// check if it is a symbolic link
+	if src, e := os.Lstat(pathOnHost); e == nil && src.Mode()&os.ModeSymlink == os.ModeSymlink {
+		if linkedPathOnHost, e := filepath.EvalSymlinks(pathOnHost); e == nil {
+			resolvedPathOnHost = linkedPathOnHost
+		}
+	}
+
+	device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
+	// if there was no error, return the device
+	if err == nil {
+		device.Path = pathInContainer
+		return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
+	}
+
+	// if the device is not a device node
+	// try to see if it's a directory holding many devices
+	if err == devices.ErrNotADevice {
+
+		// check if it is a directory
+		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
+
+			// mount the internal devices recursively
+			filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, e error) error {
+				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
+				if e != nil {
+					// ignore the device
+					return nil
+				}
+
+				// add the device to userSpecified devices
+				childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
+				devs = append(devs, Device(childDevice))
+				devPermissions = append(devPermissions, deviceCgroup(childDevice))
+
+				return nil
+			})
+		}
+	}
+
+	if len(devs) > 0 {
+		return devs, devPermissions, nil
+	}
+
+	return devs, devPermissions, fmt.Errorf("error gathering device information while adding custom device %q: %s", pathOnHost, err)
+}
--- a/vendor/github.com/docker/docker-ce/components/engine/oci/devices_unsupported.go
+++ b/vendor/github.com/docker/docker-ce/components/engine/oci/devices_unsupported.go
@ -0,0 +1,20 @@
+// +build !linux
+
+package oci // import "github.com/docker/docker/oci"
+
+import (
+	"errors"
+
+	"github.com/opencontainers/runc/libcontainer/configs"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// Device transforms a libcontainer configs.Device to a specs.Device object.
+// Not implemented
+func Device(d *configs.Device) specs.LinuxDevice { return specs.LinuxDevice{} }
+
+// DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
+// Not implemented
+func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.LinuxDevice, devPermissions []specs.LinuxDeviceCgroup, err error) {
+	return nil, nil, errors.New("oci/devices: unsupported platform")
+}
--- a/vendor/github.com/docker/docker-ce/components/engine/oci/namespaces.go
+++ b/vendor/github.com/docker/docker-ce/components/engine/oci/namespaces.go
@ -0,0 +1,13 @@
+package oci // import "github.com/docker/docker/oci"
+
+import "github.com/opencontainers/runtime-spec/specs-go"
+
+// RemoveNamespace removes the `nsType` namespace from OCI spec `s`
+func RemoveNamespace(s *specs.Spec, nsType specs.LinuxNamespaceType) {
+	for i, n := range s.Linux.Namespaces {
+		if n.Type == nsType {
+			s.Linux.Namespaces = append(s.Linux.Namespaces[:i], s.Linux.Namespaces[i+1:]...)
+			return
+		}
+	}
+}