github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vendor: cadvisor v0.39.0

Browse Source 
Main upgrades:
- github.com/opencontainers/runc v1.0.0-rc93
- github.com/containerd/containerd v1.4.4
- github.com/docker/docker v20.10.2
- github.com/mrunalp/fileutils v0.5.0
- github.com/opencontainers/selinux v1.8.0
- github.com/cilium/ebpf v0.2.0
This commit is contained in:
David Porter
2021-03-08 22:09:22 -08:00
parent faa3a5fbd4
commit b5dd78da3d
286 changed files with 7427 additions and 4415 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go → vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go generated vendored
View File

@@ -1,8 +1,7 @@
// +build apparmor,linux
package apparmor
import (
"bytes"
"fmt"
"io/ioutil"
"os"
@@ -12,11 +11,9 @@ import (
// IsEnabled returns true if apparmor is enabled for the host.
func IsEnabled() bool {
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
return err == nil && len(buf) > 1 && buf[0] == 'Y'
}
if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
return err == nil && bytes.HasPrefix(buf, []byte("Y"))
}
return false
}
@@ -24,9 +21,7 @@ func IsEnabled() bool {
func setProcAttr(attr, value string) error {
// Under AppArmor you can only change your own attr, so use /proc/self/
// instead of /proc/<tid>/ like libapparmor does
path := fmt.Sprintf("/proc/self/attr/%s", attr)
f, err := os.OpenFile(path, os.O_WRONLY, 0)
f, err := os.OpenFile("/proc/self/attr/"+attr, os.O_WRONLY, 0)
if err != nil {
return err
}
@@ -36,14 +31,13 @@ func setProcAttr(attr, value string) error {
return err
}
_, err = fmt.Fprintf(f, "%s", value)
_, err = f.WriteString(value)
return err
}
// changeOnExec reimplements aa_change_onexec from libapparmor in Go
func changeOnExec(name string) error {
value := "exec " + name
if err := setProcAttr("exec", value); err != nil {
if err := setProcAttr("exec", "exec "+name); err != nil {
return fmt.Errorf("apparmor failed to apply profile: %s", err)
}
return nil

2
vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go → vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_unsupported.go generated vendored
View File

@@ -1,4 +1,4 @@
// +build !apparmor !linux
// +build !linux
package apparmor