Update runtime-spec to v1.0.0.rc5

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-04-12 16:12:04 -07:00 · 2017-04-12 16:12:04 -07:00 · 24df2538db
commit 24df2538db
parent b6c022caae
166 changed files with 3544 additions and 15322 deletions
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_action.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_action.go
@ -20,7 +20,7 @@ type SyscallOpts struct {

 // ParseSyscallFlag takes a SyscallOpts struct and the seccomp configuration
 // and sets the new syscall rule accordingly
-func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error {
+func ParseSyscallFlag(args SyscallOpts, config *rspec.LinuxSeccomp) error {
 	var arguments []string
 	if args.Index != "" && args.Value != "" && args.ValueTwo != "" && args.Operator != "" {
 		arguments = []string{args.Action, args.Syscall, args.Index, args.Value,
@ -34,7 +34,7 @@ func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error {
 		return fmt.Errorf("default action already set as %s", action)
 	}

-	var newSyscall rspec.Syscall
+	var newSyscall rspec.LinuxSyscall
 	numOfArgs := len(arguments)
 	if numOfArgs == 6 || numOfArgs == 2 {
 		argStruct, err := parseArguments(arguments[1:])
@ -67,7 +67,7 @@ func ParseSyscallFlag(args SyscallOpts, config *rspec.Seccomp) error {
 	return nil
 }

-var actions = map[string]rspec.Action{
+var actions = map[string]rspec.LinuxSeccompAction{
 	"allow": rspec.ActAllow,
 	"errno": rspec.ActErrno,
 	"kill":  rspec.ActKill,
@ -76,7 +76,7 @@ var actions = map[string]rspec.Action{
 }

 // Take passed action, return the SCMP_ACT_<ACTION> version of it
-func parseAction(action string) (rspec.Action, error) {
+func parseAction(action string) (rspec.LinuxSeccompAction, error) {
 	a, ok := actions[action]
 	if !ok {
 		return "", fmt.Errorf("unrecognized action: %s", action)
@ -86,7 +86,7 @@ func parseAction(action string) (rspec.Action, error) {

 // ParseDefaultAction sets the default action of the seccomp configuration
 // and then removes any rules that were already specified with this action
-func ParseDefaultAction(action string, config *rspec.Seccomp) error {
+func ParseDefaultAction(action string, config *rspec.LinuxSeccomp) error {
 	if action == "" {
 		return nil
 	}
@ -104,7 +104,7 @@ func ParseDefaultAction(action string, config *rspec.Seccomp) error {
 }

 // ParseDefaultActionForce simply sets the default action of the seccomp configuration
-func ParseDefaultActionForce(action string, config *rspec.Seccomp) error {
+func ParseDefaultActionForce(action string, config *rspec.LinuxSeccomp) error {
 	if action == "" {
 		return nil
 	}
@ -117,9 +117,9 @@ func ParseDefaultActionForce(action string, config *rspec.Seccomp) error {
 	return nil
 }

-func newSyscallStruct(name string, action rspec.Action, args []rspec.Arg) rspec.Syscall {
-	syscallStruct := rspec.Syscall{
-		Name:   name,
+func newSyscallStruct(name string, action rspec.LinuxSeccompAction, args []rspec.LinuxSeccompArg) rspec.LinuxSyscall {
+	syscallStruct := rspec.LinuxSyscall{
+		Names:  []string{name},
 		Action: action,
 		Args:   args,
 	}
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_architecture.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_architecture.go
@ -8,7 +8,7 @@ import (

 // ParseArchitectureFlag takes the raw string passed with the --arch flag, parses it
 // and updates the Seccomp config accordingly
-func ParseArchitectureFlag(architectureArg string, config *rspec.Seccomp) error {
+func ParseArchitectureFlag(architectureArg string, config *rspec.LinuxSeccomp) error {
 	correctedArch, err := parseArch(architectureArg)
 	if err != nil {
 		return err
@ -39,6 +39,8 @@ func parseArch(arch string) (rspec.Arch, error) {
 		"mipsel":      rspec.ArchMIPSEL,
 		"mipsel64":    rspec.ArchMIPSEL64,
 		"mipsel64n32": rspec.ArchMIPSEL64N32,
+		"parisc":      rspec.ArchPARISC,
+		"parisc64":    rspec.ArchPARISC64,
 		"ppc":         rspec.ArchPPC,
 		"ppc64":       rspec.ArchPPC64,
 		"ppc64le":     rspec.ArchPPC64LE,
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_arguments.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_arguments.go
@ -9,8 +9,8 @@ import (

 // parseArguments takes a list of arguments (delimArgs). It parses and fills out
 // the argument information and returns a slice of arg structs
-func parseArguments(delimArgs []string) ([]rspec.Arg, error) {
-	nilArgSlice := []rspec.Arg{}
+func parseArguments(delimArgs []string) ([]rspec.LinuxSeccompArg, error) {
+	nilArgSlice := []rspec.LinuxSeccompArg{}
 	numberOfArgs := len(delimArgs)

 	// No parameters passed with syscall
@ -40,14 +40,14 @@ func parseArguments(delimArgs []string) ([]rspec.Arg, error) {
 			return nilArgSlice, err
 		}

-		argStruct := rspec.Arg{
+		argStruct := rspec.LinuxSeccompArg{
 			Index:    uint(syscallIndex),
 			Value:    syscallValue,
 			ValueTwo: syscallValueTwo,
 			Op:       syscallOp,
 		}

-		argSlice := []rspec.Arg{}
+		argSlice := []rspec.LinuxSeccompArg{}
 		argSlice = append(argSlice, argStruct)
 		return argSlice, nil
 	}
@ -55,8 +55,8 @@ func parseArguments(delimArgs []string) ([]rspec.Arg, error) {
 	return nilArgSlice, fmt.Errorf("incorrect number of arguments passed with syscall: %d", numberOfArgs)
 }

-func parseOperator(operator string) (rspec.Operator, error) {
-	operators := map[string]rspec.Operator{
+func parseOperator(operator string) (rspec.LinuxSeccompOperator, error) {
+	operators := map[string]rspec.LinuxSeccompOperator{
 		"NE": rspec.OpNotEqual,
 		"LT": rspec.OpLessThan,
 		"LE": rspec.OpLessEqual,
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_remove.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/parse_remove.go
@ -10,7 +10,7 @@ import (

 // RemoveAction takes the argument string that was passed with the --remove flag,
 // parses it, and updates the Seccomp config accordingly
-func RemoveAction(arguments string, config *rspec.Seccomp) error {
+func RemoveAction(arguments string, config *rspec.LinuxSeccomp) error {
 	if config == nil {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
@ -22,28 +22,27 @@ func RemoveAction(arguments string, config *rspec.Seccomp) error {
 		syscallsToRemove = append(syscallsToRemove, arguments)
 	}

-	for _, syscall := range syscallsToRemove {
-		for counter, syscallStruct := range config.Syscalls {
-			if syscallStruct.Name == syscall {
-				config.Syscalls = append(config.Syscalls[:counter], config.Syscalls[counter+1:]...)
-			}
+	for counter, syscallStruct := range config.Syscalls {
+		if reflect.DeepEqual(syscallsToRemove, syscallStruct.Names) {
+			config.Syscalls = append(config.Syscalls[:counter], config.Syscalls[counter+1:]...)
 		}
 	}
+
 	return nil
 }

 // RemoveAllSeccompRules removes all seccomp syscall rules
-func RemoveAllSeccompRules(config *rspec.Seccomp) error {
+func RemoveAllSeccompRules(config *rspec.LinuxSeccomp) error {
 	if config == nil {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
-	newSyscallSlice := []rspec.Syscall{}
+	newSyscallSlice := []rspec.LinuxSyscall{}
 	config.Syscalls = newSyscallSlice
 	return nil
 }

 // RemoveAllMatchingRules will remove any syscall rules that match the specified action
-func RemoveAllMatchingRules(config *rspec.Seccomp, action string) error {
+func RemoveAllMatchingRules(config *rspec.LinuxSeccomp, action string) error {
 	if config == nil {
 		return fmt.Errorf("Cannot remove action from nil Seccomp pointer")
 	}
@ -53,16 +52,11 @@ func RemoveAllMatchingRules(config *rspec.Seccomp, action string) error {
 		return err
 	}

-	syscallsToRemove := []string{}
 	for _, syscall := range config.Syscalls {
 		if reflect.DeepEqual(syscall.Action, seccompAction) {
-			syscallsToRemove = append(syscallsToRemove, syscall.Name)
+			RemoveAction(strings.Join(syscall.Names, ","), config)
 		}
 	}

-	for i := range syscallsToRemove {
-		RemoveAction(syscallsToRemove[i], config)
-	}
-
 	return nil
 }
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/syscall_compare.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/syscall_compare.go
@ -11,12 +11,12 @@ import (

 // Determine if a new syscall rule should be appended, overwrite an existing rule
 // or if no action should be taken at all
-func decideCourseOfAction(newSyscall *rspec.Syscall, syscalls []rspec.Syscall) (string, error) {
+func decideCourseOfAction(newSyscall *rspec.LinuxSyscall, syscalls []rspec.LinuxSyscall) (string, error) {
 	ruleForSyscallAlreadyExists := false

 	var sliceOfDeterminedActions []string
 	for i, syscall := range syscalls {
-		if syscall.Name == newSyscall.Name {
+		if sameName(&syscall, newSyscall) {
 			ruleForSyscallAlreadyExists = true

 			if identical(newSyscall, &syscall) {
@ -83,16 +83,16 @@ func decideCourseOfAction(newSyscall *rspec.Syscall, syscalls []rspec.Syscall) (
 	return "", fmt.Errorf("Trouble determining action: %s", sliceOfDeterminedActions)
 }

-func hasArguments(config *rspec.Syscall) bool {
-	nilSyscall := new(rspec.Syscall)
+func hasArguments(config *rspec.LinuxSyscall) bool {
+	nilSyscall := new(rspec.LinuxSyscall)
 	return !sameArgs(nilSyscall, config)
 }

-func identical(config1, config2 *rspec.Syscall) bool {
+func identical(config1, config2 *rspec.LinuxSyscall) bool {
 	return reflect.DeepEqual(config1, config2)
 }

-func identicalExceptAction(config1, config2 *rspec.Syscall) bool {
+func identicalExceptAction(config1, config2 *rspec.LinuxSyscall) bool {
 	samename := sameName(config1, config2)
 	sameAction := sameAction(config1, config2)
 	sameArgs := sameArgs(config1, config2)
@ -100,7 +100,7 @@ func identicalExceptAction(config1, config2 *rspec.Syscall) bool {
 	return samename && !sameAction && sameArgs
 }

-func identicalExceptArgs(config1, config2 *rspec.Syscall) bool {
+func identicalExceptArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	samename := sameName(config1, config2)
 	sameAction := sameAction(config1, config2)
 	sameArgs := sameArgs(config1, config2)
@ -108,33 +108,33 @@ func identicalExceptArgs(config1, config2 *rspec.Syscall) bool {
 	return samename && sameAction && !sameArgs
 }

-func sameName(config1, config2 *rspec.Syscall) bool {
-	return config1.Name == config2.Name
+func sameName(config1, config2 *rspec.LinuxSyscall) bool {
+	return reflect.DeepEqual(config1.Names, config2.Names)
 }

-func sameAction(config1, config2 *rspec.Syscall) bool {
+func sameAction(config1, config2 *rspec.LinuxSyscall) bool {
 	return config1.Action == config2.Action
 }

-func sameArgs(config1, config2 *rspec.Syscall) bool {
+func sameArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	return reflect.DeepEqual(config1.Args, config2.Args)
 }

-func bothHaveArgs(config1, config2 *rspec.Syscall) bool {
+func bothHaveArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	return hasArguments(config1) && hasArguments(config2)
 }

-func onlyOneHasArgs(config1, config2 *rspec.Syscall) bool {
+func onlyOneHasArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	conf1 := hasArguments(config1)
 	conf2 := hasArguments(config2)

 	return (conf1 && !conf2) || (!conf1 && conf2)
 }

-func neitherHasArgs(config1, config2 *rspec.Syscall) bool {
+func neitherHasArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	return !hasArguments(config1) && !hasArguments(config2)
 }

-func firstParamOnlyHasArgs(config1, config2 *rspec.Syscall) bool {
+func firstParamOnlyHasArgs(config1, config2 *rspec.LinuxSyscall) bool {
 	return !hasArguments(config1) && hasArguments(config2)
 }