vendor: bump runc to rc95
runc rc95 contains a fix for CVE-2021-30465. runc rc94 provides fixes and improvements. One notable change is cgroup manager's Set now accept Resources rather than Cgroup (see https://github.com/opencontainers/runc/pull/2906). Modify the code accordingly. Also update runc dependencies (as hinted by hack/lint-depdendencies.sh): github.com/cilium/ebpf v0.5.0 github.com/containerd/console v1.0.2 github.com/coreos/go-systemd/v22 v22.3.1 github.com/godbus/dbus/v5 v5.0.4 github.com/moby/sys/mountinfo v0.4.1 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887 github.com/google/go-cmp v0.5.4 github.com/kr/pretty v0.2.1 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
13
vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
generated
vendored
13
vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
generated
vendored
@@ -598,10 +598,13 @@ type VMImage struct {
|
||||
|
||||
// LinuxSeccomp represents syscall restrictions
|
||||
type LinuxSeccomp struct {
|
||||
DefaultAction LinuxSeccompAction `json:"defaultAction"`
|
||||
Architectures []Arch `json:"architectures,omitempty"`
|
||||
Flags []LinuxSeccompFlag `json:"flags,omitempty"`
|
||||
Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
|
||||
DefaultAction LinuxSeccompAction `json:"defaultAction"`
|
||||
DefaultErrnoRet *uint `json:"defaultErrnoRet,omitempty"`
|
||||
Architectures []Arch `json:"architectures,omitempty"`
|
||||
Flags []LinuxSeccompFlag `json:"flags,omitempty"`
|
||||
ListenerPath string `json:"listenerPath,omitempty"`
|
||||
ListenerMetadata string `json:"listenerMetadata,omitempty"`
|
||||
Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
|
||||
}
|
||||
|
||||
// Arch used for additional architectures
|
||||
@@ -641,11 +644,13 @@ type LinuxSeccompAction string
|
||||
const (
|
||||
ActKill LinuxSeccompAction = "SCMP_ACT_KILL"
|
||||
ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS"
|
||||
ActKillThread LinuxSeccompAction = "SCMP_ACT_KILL_THREAD"
|
||||
ActTrap LinuxSeccompAction = "SCMP_ACT_TRAP"
|
||||
ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO"
|
||||
ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
|
||||
ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
|
||||
ActLog LinuxSeccompAction = "SCMP_ACT_LOG"
|
||||
ActNotify LinuxSeccompAction = "SCMP_ACT_NOTIFY"
|
||||
)
|
||||
|
||||
// LinuxSeccompOperator used to match syscall arguments in Seccomp
|
||||
|
||||
29
vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
generated
vendored
29
vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
generated
vendored
@@ -5,17 +5,17 @@ type ContainerState string
|
||||
|
||||
const (
|
||||
// StateCreating indicates that the container is being created
|
||||
StateCreating ContainerState = "creating"
|
||||
StateCreating ContainerState = "creating"
|
||||
|
||||
// StateCreated indicates that the runtime has finished the create operation
|
||||
StateCreated ContainerState = "created"
|
||||
StateCreated ContainerState = "created"
|
||||
|
||||
// StateRunning indicates that the container process has executed the
|
||||
// user-specified program but has not exited
|
||||
StateRunning ContainerState = "running"
|
||||
StateRunning ContainerState = "running"
|
||||
|
||||
// StateStopped indicates that the container process has exited
|
||||
StateStopped ContainerState = "stopped"
|
||||
StateStopped ContainerState = "stopped"
|
||||
)
|
||||
|
||||
// State holds information about the runtime state of the container.
|
||||
@@ -33,3 +33,24 @@ type State struct {
|
||||
// Annotations are key values associated with the container.
|
||||
Annotations map[string]string `json:"annotations,omitempty"`
|
||||
}
|
||||
|
||||
const (
|
||||
// SeccompFdName is the name of the seccomp notify file descriptor.
|
||||
SeccompFdName string = "seccompFd"
|
||||
)
|
||||
|
||||
// ContainerProcessState holds information about the state of a container process.
|
||||
type ContainerProcessState struct {
|
||||
// Version is the version of the specification that is supported.
|
||||
Version string `json:"ociVersion"`
|
||||
// Fds is a string array containing the names of the file descriptors passed.
|
||||
// The index of the name in this array corresponds to index of the file
|
||||
// descriptor in the `SCM_RIGHTS` array.
|
||||
Fds []string `json:"fds"`
|
||||
// Pid is the process ID as seen by the runtime.
|
||||
Pid int `json:"pid"`
|
||||
// Opaque metadata.
|
||||
Metadata string `json:"metadata,omitempty"`
|
||||
// State of the container.
|
||||
State State `json:"state"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user