10 年之前 · 839660ada1
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -64,7 +64,7 @@ if [ "$1" = '--go' ]; then
 
				 	mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
			
 
				 fi
			
 
				 
			
 
				-clone git github.com/docker/libcontainer b3570267c7b7995d5d618974d8f7be4fe5ab076a
			
 
				+clone git github.com/docker/libcontainer 4f409628d80b9842004a3f17c9228e54e73da258
			
 
				 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
			
 
				 rm -rf src/github.com/docker/libcontainer/vendor
			
 
				 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli')"
			
--- a/vendor/src/github.com/docker/libcontainer/Makefile
+++ b/vendor/src/github.com/docker/libcontainer/Makefile
@@ -9,7 +9,7 @@ test:
 
				 sh:
			
 
				 	docker run --rm -it --privileged -w /busybox docker/libcontainer nsinit exec sh
			
 
				 
			
 
				-GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
			
 
				+GO_PACKAGES = $(shell find . -not \( -wholename ./vendor -prune -o -wholename ./.git -prune \) -name '*.go' -print0 | xargs -0n1 dirname | sort -u)
			
 
				 
			
 
				 direct-test:
			
 
				 	go test -cover -v $(GO_PACKAGES)
			
--- a/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/cgroups_test.go
@@ -20,7 +20,7 @@ const (
 
				 
			
 
				 func TestParseCgroups(t *testing.T) {
			
 
				 	r := bytes.NewBuffer([]byte(cgroupsContents))
			
 
				-	_, err := parseCgroupFile("blkio", r)
			
 
				+	_, err := ParseCgroupFile("blkio", r)
			
 
				 	if err != nil {
			
 
				 		t.Fatal(err)
			
 
				 	}
			
--- a/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
+++ b/vendor/src/github.com/docker/libcontainer/cgroups/utils.go
@@ -115,7 +115,7 @@ func GetThisCgroupDir(subsystem string) (string, error) {
 
				 	}
			
 
				 	defer f.Close()
			
 
				 
			
 
				-	return parseCgroupFile(subsystem, f)
			
 
				+	return ParseCgroupFile(subsystem, f)
			
 
				 }
			
 
				 
			
 
				 func GetInitCgroupDir(subsystem string) (string, error) {
			
@@ -125,7 +125,7 @@ func GetInitCgroupDir(subsystem string) (string, error) {
 
				 	}
			
 
				 	defer f.Close()
			
 
				 
			
 
				-	return parseCgroupFile(subsystem, f)
			
 
				+	return ParseCgroupFile(subsystem, f)
			
 
				 }
			
 
				 
			
 
				 func ReadProcsFile(dir string) ([]int, error) {
			
@@ -152,7 +152,7 @@ func ReadProcsFile(dir string) ([]int, error) {
 
				 	return out, nil
			
 
				 }
			
 
				 
			
 
				-func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
			
 
				+func ParseCgroupFile(subsystem string, r io.Reader) (string, error) {
			
 
				 	s := bufio.NewScanner(r)
			
 
				 
			
 
				 	for s.Scan() {
			
--- a/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
+++ b/vendor/src/github.com/docker/libcontainer/label/label_selinux.go
@@ -67,20 +67,17 @@ func FormatMountLabel(src, mountLabel string) string {
 
				 // SetProcessLabel takes a process label and tells the kernel to assign the
			
 
				 // label to the next program executed by the current process.
			
 
				 func SetProcessLabel(processLabel string) error {
			
 
				-	if selinux.SelinuxEnabled() {
			
 
				-		return selinux.Setexeccon(processLabel)
			
 
				+	if processLabel == "" {
			
 
				+		return nil
			
 
				 	}
			
 
				-	return nil
			
 
				+	return selinux.Setexeccon(processLabel)
			
 
				 }
			
 
				 
			
 
				 // GetProcessLabel returns the process label that the kernel will assign
			
 
				 // to the next program executed by the current process.  If "" is returned
			
 
				 // this indicates that the default labeling will happen for the process.
			
 
				 func GetProcessLabel() (string, error) {
			
 
				-	if selinux.SelinuxEnabled() {
			
 
				-		return selinux.Getexeccon()
			
 
				-	}
			
 
				-	return "", nil
			
 
				+	return selinux.Getexeccon()
			
 
				 }
			
 
				 
			
 
				 // SetFileLabel modifies the "path" label to the specified file label
			
@@ -110,9 +107,6 @@ func Relabel(path string, fileLabel string, relabel string) error {
 
				 
			
 
				 // GetPidLabel will return the label of the process running with the specified pid
			
 
				 func GetPidLabel(pid int) (string, error) {
			
 
				-	if !selinux.SelinuxEnabled() {
			
 
				-		return "", nil
			
 
				-	}
			
 
				 	return selinux.Getpidcon(pid)
			
 
				 }
			
 
				 
			
--- a/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
+++ b/vendor/src/github.com/docker/libcontainer/selinux/selinux.go
@@ -173,13 +173,10 @@ func Getpidcon(pid int) (string, error) {
 
				 }
			
 
				 
			
 
				 func Getexeccon() (string, error) {
			
 
				-	return readCon("/proc/self/attr/exec")
			
 
				+	return readCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()))
			
 
				 }
			
 
				 
			
 
				 func writeCon(name string, val string) error {
			
 
				-	if !SelinuxEnabled() {
			
 
				-		return nil
			
 
				-	}
			
 
				 	out, err := os.OpenFile(name, os.O_WRONLY, 0)
			
 
				 	if err != nil {
			
 
				 		return err
			
@@ -388,9 +385,6 @@ func SecurityCheckContext(val string) error {
 
				 }
			
 
				 
			
 
				 func CopyLevel(src, dest string) (string, error) {
			
 
				-	if !SelinuxEnabled() {
			
 
				-		return "", nil
			
 
				-	}
			
 
				 	if src == "" {
			
 
				 		return "", nil
			
 
				 	}
			
@@ -424,7 +418,7 @@ func badPrefix(fpath string) error {
 
				 // If the fpath is a directory and recurse is true Chcon will walk the
			
 
				 // directory tree setting the label
			
 
				 func Chcon(fpath string, scon string, recurse bool) error {
			
 
				-	if !SelinuxEnabled() {
			
 
				+	if scon == "" {
			
 
				 		return nil
			
 
				 	}
			
 
				 	if err := badPrefix(fpath); err != nil {