vendor: bump runc to 1.0.1

The commands used were (roughly): hack/pin-dependency.sh github.com/opencontainers/runc v1.0.1 hack/lint-dependencies.sh # Follow its recommendations. hack/pin-dependency.sh github.com/cilium/ebpf v0.6.2 hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2 hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1 # Recheck. hack/lint-dependencies.sh GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset hack/update-vendor.sh # Recheck. hack/lint-dependencies.sh hack/update-internal-modules.sh # Recheck. hack/lint-dependencies.sh Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-07-16 12:35:27 -07:00
parent 33aba7ee02
commit eb5df869ba
154 changed files with 3345 additions and 1376 deletions
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -16,9 +16,9 @@ import (
 	"strings"
 	"sync"

+	"github.com/bits-and-blooms/bitset"
 	"github.com/opencontainers/selinux/pkg/pwalk"
 	"github.com/pkg/errors"
-	"github.com/willf/bitset"
 	"golang.org/x/sys/unix"
 )

@@ -892,13 +892,13 @@ func openContextFile() (*os.File, error) {
 	return os.Open(lxcPath)
 }

-var labels = loadLabels()
+var labels, privContainerMountLabel = loadLabels()

-func loadLabels() map[string]string {
+func loadLabels() (map[string]string, string) {
 	labels := make(map[string]string)
 	in, err := openContextFile()
 	if err != nil {
-		return labels
+		return labels, ""
 	}
 	defer in.Close()

@@ -920,7 +920,10 @@ func loadLabels() map[string]string {
 		}
 	}

-	return labels
+	con, _ := NewContext(labels["file"])
+	con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
+	reserveLabel(con.get())
+	return labels, con.get()
 }

 // kvmContainerLabels returns the default processLabel and mountLabel to be used