From 32b4c88dc2b315d45907925980f187af38b95579 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 28 Mar 2019 14:23:11 +0100 Subject: [PATCH] bump syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 relevant changes: - syndtr/gocapability#14 capability: Deprecate NewPid and NewFile for NewPid2 and NewFile2 - syndtr/gocapability#16 Fix capHeader.pid type Signed-off-by: Sebastiaan van Stijn --- libcontainer/capabilities_linux.go | 6 +- vendor.conf | 2 +- .../gocapability/capability/capability.go | 71 +++++++++++++++++-- .../capability/capability_linux.go | 12 +--- .../gocapability/capability/syscall_linux.go | 2 +- 5 files changed, 75 insertions(+), 18 deletions(-) diff --git a/libcontainer/capabilities_linux.go b/libcontainer/capabilities_linux.go index 7c66f572580..9daef29e480 100644 --- a/libcontainer/capabilities_linux.go +++ b/libcontainer/capabilities_linux.go @@ -71,7 +71,11 @@ func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilitie } ambient = append(ambient, v) } - pid, err := capability.NewPid(0) + pid, err := capability.NewPid2(0) + if err != nil { + return nil, err + } + err = pid.Load() if err != nil { return nil, err } diff --git a/vendor.conf b/vendor.conf index 36ab19e917f..5a121604d9d 100644 --- a/vendor.conf +++ b/vendor.conf @@ -9,7 +9,7 @@ github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08 github.com/opencontainers/selinux 3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2 github.com/seccomp/libseccomp-golang 689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1 github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f # v1.4.1 -github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 +github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5cfa31361f270 # systemd integration. diff --git a/vendor/github.com/syndtr/gocapability/capability/capability.go b/vendor/github.com/syndtr/gocapability/capability/capability.go index c07c55794de..61a90775e59 100644 --- a/vendor/github.com/syndtr/gocapability/capability/capability.go +++ b/vendor/github.com/syndtr/gocapability/capability/capability.go @@ -60,13 +60,74 @@ type Capabilities interface { Apply(kind CapType) error } -// NewPid create new initialized Capabilities object for given pid when it -// is nonzero, or for the current pid if pid is 0 +// NewPid initializes a new Capabilities object for given pid when +// it is nonzero, or for the current process if pid is 0. +// +// Deprecated: Replace with NewPid2. For example, replace: +// +// c, err := NewPid(0) +// if err != nil { +// return err +// } +// +// with: +// +// c, err := NewPid2(0) +// if err != nil { +// return err +// } +// err = c.Load() +// if err != nil { +// return err +// } func NewPid(pid int) (Capabilities, error) { + c, err := newPid(pid) + if err != nil { + return c, err + } + err = c.Load() + return c, err +} + +// NewPid2 initializes a new Capabilities object for given pid when +// it is nonzero, or for the current process if pid is 0. This +// does not load the process's current capabilities; to do that you +// must call Load explicitly. +func NewPid2(pid int) (Capabilities, error) { return newPid(pid) } -// NewFile create new initialized Capabilities object for given named file. -func NewFile(name string) (Capabilities, error) { - return newFile(name) +// NewFile initializes a new Capabilities object for given file path. +// +// Deprecated: Replace with NewFile2. For example, replace: +// +// c, err := NewFile(path) +// if err != nil { +// return err +// } +// +// with: +// +// c, err := NewFile2(path) +// if err != nil { +// return err +// } +// err = c.Load() +// if err != nil { +// return err +// } +func NewFile(path string) (Capabilities, error) { + c, err := newFile(path) + if err != nil { + return c, err + } + err = c.Load() + return c, err +} + +// NewFile2 creates a new initialized Capabilities object for given +// file path. This does not load the process's current capabilities; +// to do that you must call Load explicitly. +func NewFile2(path string) (Capabilities, error) { + return newFile(path) } diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go index 205e0f7013a..1567dc81040 100644 --- a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go +++ b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go @@ -103,21 +103,17 @@ func newPid(pid int) (c Capabilities, err error) { case linuxCapVer1: p := new(capsV1) p.hdr.version = capVers - p.hdr.pid = pid + p.hdr.pid = int32(pid) c = p case linuxCapVer2, linuxCapVer3: p := new(capsV3) p.hdr.version = capVers - p.hdr.pid = pid + p.hdr.pid = int32(pid) c = p default: err = errUnknownVers return } - err = c.Load() - if err != nil { - c = nil - } return } @@ -492,10 +488,6 @@ func (c *capsV3) Apply(kind CapType) (err error) { func newFile(path string) (c Capabilities, err error) { c = &capsFile{path: path} - err = c.Load() - if err != nil { - c = nil - } return } diff --git a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go b/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go index eb7170083a3..3d2bf6927f3 100644 --- a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go +++ b/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go @@ -13,7 +13,7 @@ import ( type capHeader struct { version uint32 - pid int + pid int32 } type capData struct {