full diff: https://github.com/containerd/consolve/compare/v1.0.0...v1.0.1
vendor golang.org/x/sys 2334cc1a136f0a5b4384f1a27e3634457be08553
full diff: ed371f2e16...2334cc1a13
- unix: add Darwin support for clonefile syscalls
- Adds openat2 for linux
openat2 is a new syscall added to Linux 5.6. It provides a superset of
openat(2) functionality, extending it with flags telling the kernel how
to resolve the paths.
For more info, see https://lwn.net/Articles/803237/
NOTE that this is a second attempt to add the call; the previous one
(https://golang.org/cl/227280) was reverted
(https://golang.org/cl/227846) due to the test case failure on ARM
(https://golang.org/issue/38357).
This CL has the test case reworked to be less assumptive to the testing
environment. In particular, it first tries if the most simplistic
openat2() call succeeds, and skips the test otherwise. It is done that
way because CI can be under under different kernels and in various
envrionments -- in particular, Docker+seccomp can result in EPERM from a
system call (which is not expected otherwise).
For previous discussions about the test case, see
https://golang.org/cl/227865.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This prepares us to be able to update docker/docker vendoring to a
recent commit.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Includes 6635b4f0c6,
which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
