This vendoring fixes two issues.
1. When a user specifies an SELinux MCS Label (level) to override moby picking
an unigue MCS label, the code currently picks a label then overrides with the
user selected. This works fine, except the unique MCS Label is leaked and will
not be used until the daemon is restarted.
2. The override label, is not reserved. This could potentially cause an issue
where the daemon could pick the same MCS Label again for a different container.
(~ 1/500,000 Chance).
The updated selinux go bindings, now release the overriden unigue label, and reserve
the one specified by the user.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 73c82386148fe14a47cc515c622bd23b9b7d99b9
Component: engine
This fix updates runc to 0351df1c5a66838d0c392b4ac4cf9450de844e2d
With this fix the warnings generated by netgo and dlopen by go 1.9
are addressed.
See
- opencontainers/runc#1577
- opencontainers/runc#1579
This fix is part of the efforts for go 1.9 (#33892)
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: e0ff1d147bc12234f1be25a620bf6b3bf3179d97
Component: engine
This also update:
- runc to 3f2f8b84a77f73d38244dd690525642a72156c64
- runtime-specs to v1.0.0
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 45d85c99139bbd16004bbedb7d5bac6a60264538
Component: engine
Add forks for changes which only make logrus change without functional
change.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Upstream-commit: 4f3616fb1c112e206b88cb7a9922bf49067a7756
Component: engine
this commit matches what's used in SwarmKit
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9fc66ec869ecd963d7a30b96f5c0b1de69cf5090
Component: engine
The current use of the types from distribution brings in some
unfortunate dependencies, including other distribution packages and the
gorilla/mux and gorilla/context packages. Using the OCI types avoids
the extra dependencies for client users.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 309f99edae5849327ab9c3ec9335b42ba5612202
Component: engine
* run latest vndr so as to collect more LICENSE files
* remove unused packages
* vendor github.com/philhofer/fwd with LICENSE.md (MIT)
* vendor github.com/bsphere/le_go with LICENSE (MIT)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: 5a1b06d7fd6a0c8722a4f7aee1edf46d8e2a115b
Component: engine
Until we can support existing behaviour with `sudo` disable
ambient capabilities in runc build.
Add tests that non root user cannot use default capabilities,
and that capabilities are working as expected.
Test for #27590
Update runc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: c5251f7116e3d9095a7169fc31bd170dff997c2e
Component: engine
