10 years ago · 3d9cbf0e71
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -75,7 +75,7 @@ rm -rf src/github.com/docker/distribution
 
				 mkdir -p src/github.com/docker/distribution
			
 
				 mv tmp-digest src/github.com/docker/distribution/digest
			
 
				 
			
 
				-clone git github.com/docker/libcontainer fd0087d3acdc4c5865de1829d4accee5e3ebb658
			
 
				+clone git github.com/docker/libcontainer a6044b701c166fe538fc760f9e2dcea3d737cd2a
			
 
				 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
			
 
				 rm -rf src/github.com/docker/libcontainer/vendor
			
 
				 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')"
			
--- a/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -173,9 +173,6 @@ func (m *Manager) Freeze(state configs.FreezerState) error {
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				-	if !cgroups.PathExists(dir) {
			
 
				-		return cgroups.NewNotFoundError("freezer")
			
 
				-	}
			
 
				 
			
 
				 	prevState := m.Cgroups.Freezer
			
 
				 	m.Cgroups.Freezer = state
			
@@ -200,9 +197,6 @@ func (m *Manager) GetPids() ([]int, error) {
 
				 	if err != nil {
			
 
				 		return nil, err
			
 
				 	}
			
 
				-	if !cgroups.PathExists(dir) {
			
 
				-		return nil, cgroups.NewNotFoundError("devices")
			
 
				-	}
			
 
				 
			
 
				 	return cgroups.ReadProcsFile(dir)
			
 
				 }
			
--- a/vendor/src/github.com/docker/libcontainer/init_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/init_linux.go
@@ -91,7 +91,7 @@ func populateProcessEnvironment(env []string) error {
 
				 
			
 
				 // finalizeNamespace drops the caps, sets the correct user
			
 
				 // and working dir, and closes any leaked file descriptors
			
 
				-// before execing the command inside the namespace
			
 
				+// before executing the command inside the namespace
			
 
				 func finalizeNamespace(config *initConfig) error {
			
 
				 	// Ensure that all non-standard fds we may have accidentally
			
 
				 	// inherited are marked close-on-exec so they stay out of the
			
--- a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
@@ -186,7 +186,9 @@ func reOpenDevNull(rootfs string) error {
 
				 func createDevices(config *configs.Config) error {
			
 
				 	oldMask := syscall.Umask(0000)
			
 
				 	for _, node := range config.Devices {
			
 
				-		if err := createDeviceNode(config.Rootfs, node); err != nil {
			
 
				+		// containers running in a user namespace are not allowed to mknod
			
 
				+		// devices so we can just bind mount it from the host.
			
 
				+		if err := createDeviceNode(config.Rootfs, node, config.Namespaces.Contains(configs.NEWUSER)); err != nil {
			
 
				 			syscall.Umask(oldMask)
			
 
				 			return err
			
 
				 		}
			
@@ -196,20 +198,13 @@ func createDevices(config *configs.Config) error {
 
				 }
			
 
				 
			
 
				 // Creates the device node in the rootfs of the container.
			
 
				-func createDeviceNode(rootfs string, node *configs.Device) error {
			
 
				+func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
			
 
				 	dest := filepath.Join(rootfs, node.Path)
			
 
				 	if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil {
			
 
				 		return err
			
 
				 	}
			
 
				-	if err := mknodDevice(dest, node); err != nil {
			
 
				-		if os.IsExist(err) {
			
 
				-			return nil
			
 
				-		}
			
 
				-		if err != syscall.EPERM {
			
 
				-			return err
			
 
				-		}
			
 
				-		// containers running in a user namespace are not allowed to mknod
			
 
				-		// devices so we can just bind mount it from the host.
			
 
				+
			
 
				+	if bind {
			
 
				 		f, err := os.Create(dest)
			
 
				 		if err != nil && !os.IsExist(err) {
			
 
				 			return err
			
@@ -219,6 +214,12 @@ func createDeviceNode(rootfs string, node *configs.Device) error {
 
				 		}
			
 
				 		return syscall.Mount(node.Path, dest, "bind", syscall.MS_BIND, "")
			
 
				 	}
			
 
				+	if err := mknodDevice(dest, node); err != nil {
			
 
				+		if os.IsExist(err) {
			
 
				+			return nil
			
 
				+		}
			
 
				+		return err
			
 
				+	}
			
 
				 	return nil
			
 
				 }
			
 
				 
			
--- a/vendor/src/github.com/docker/libcontainer/update-vendor.sh
+++ b/vendor/src/github.com/docker/libcontainer/update-vendor.sh
@@ -44,6 +44,6 @@ clone git github.com/codegangsta/cli 1.1.0
 
				 clone git github.com/coreos/go-systemd v2
			
 
				 clone git github.com/godbus/dbus v2
			
 
				 clone git github.com/Sirupsen/logrus v0.6.6
			
 
				-clone git github.com/syndtr/gocapability e55e583369
			
 
				+clone git github.com/syndtr/gocapability 8e4cdcb
			
 
				 
			
 
				 # intentionally not vendoring Docker itself...  that'd be a circle :)
			
--- a/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
+++ b/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
@@ -417,10 +417,6 @@ func (c *capsV3) Load() (err error) {
 
				 }
			
 
				 
			
 
				 func (c *capsV3) Apply(kind CapType) (err error) {
			
 
				-	err = initLastCap()
			
 
				-	if err != nil {
			
 
				-		return
			
 
				-	}
			
 
				 	if kind&BOUNDS == BOUNDS {
			
 
				 		var data [2]capData
			
 
				 		err = capget(&c.hdr, &data[0])
			
@@ -428,7 +424,7 @@ func (c *capsV3) Apply(kind CapType) (err error) {
 
				 			return
			
 
				 		}
			
 
				 		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
			
 
				-			for i := Cap(0); i <= capLastCap; i++ {
			
 
				+			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
			
 
				 				if c.Get(BOUNDING, i) {
			
 
				 					continue
			
 
				 				}