Reduce libcontainer dep

Most of the libcontainer imports was just for a single test to marshal a
simple type, meanwhile this caused all kinds of transient imports that
are not really needed.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit a07a1ee9ccdf4c5a3a90eea9fd359f10b5156c84)
Signed-off-by: selansen <elango.siva@docker.com>

libnetwork/libnetwork_linux_test.go

@@ -22,8 +22,6 @@ import (
 	"github.com/docker/libnetwork/osl"
 	"github.com/docker/libnetwork/testutils"
 	"github.com/docker/libnetwork/types"
-	"github.com/opencontainers/runc/libcontainer"
-	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netns"
@@ -521,14 +519,17 @@ func externalKeyTest(t *testing.T, reexec bool) {
 }
 
 func reexecSetKey(key string, containerID string, controllerID string) error {
+	type libcontainerState struct {
+		NamespacePaths map[string]string
+	}
 	var (
-		state libcontainer.State
+		state libcontainerState
 		b     []byte
 		err   error
 	)
 
-	state.NamespacePaths = make(map[configs.NamespaceType]string)
-	state.NamespacePaths[configs.NamespaceType("NEWNET")] = key
+	state.NamespacePaths = make(map[string]string)
+	state.NamespacePaths["NEWNET"] = key
 	if b, err = json.Marshal(state); err != nil {
 		return err
 	}

libnetwork/vendor/github.com/containerd/console/LICENSE

@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

libnetwork/vendor/github.com/containerd/console/README.md

@@ -1,17 +0,0 @@
-# console
-
-[![Build Status](https://travis-ci.org/containerd/console.svg?branch=master)](https://travis-ci.org/containerd/console)
-
-Golang package for dealing with consoles.  Light on deps and a simple API.
-
-## Modifying the current process
-
-```go
-current := console.Current()
-defer current.Reset()
-
-if err := current.SetRaw(); err != nil {
-}
-ws, err := current.Size()
-current.Resize(ws)
-```

libnetwork/vendor/github.com/containerd/console/console.go

@@ -1,78 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"errors"
-	"io"
-	"os"
-)
-
-var ErrNotAConsole = errors.New("provided file is not a console")
-
-type Console interface {
-	io.Reader
-	io.Writer
-	io.Closer
-
-	// Resize resizes the console to the provided window size
-	Resize(WinSize) error
-	// ResizeFrom resizes the calling console to the size of the
-	// provided console
-	ResizeFrom(Console) error
-	// SetRaw sets the console in raw mode
-	SetRaw() error
-	// DisableEcho disables echo on the console
-	DisableEcho() error
-	// Reset restores the console to its orignal state
-	Reset() error
-	// Size returns the window size of the console
-	Size() (WinSize, error)
-	// Fd returns the console's file descriptor
-	Fd() uintptr
-	// Name returns the console's file name
-	Name() string
-}
-
-// WinSize specifies the window size of the console
-type WinSize struct {
-	// Height of the console
-	Height uint16
-	// Width of the console
-	Width uint16
-	x     uint16
-	y     uint16
-}
-
-// Current returns the current processes console
-func Current() Console {
-	c, err := ConsoleFromFile(os.Stdin)
-	if err != nil {
-		// stdin should always be a console for the design
-		// of this function
-		panic(err)
-	}
-	return c
-}
-
-// ConsoleFromFile returns a console using the provided file
-func ConsoleFromFile(f *os.File) (Console, error) {
-	if err := checkConsole(f); err != nil {
-		return nil, err
-	}
-	return newMaster(f)
-}

libnetwork/vendor/github.com/containerd/console/console_linux.go

@@ -1,271 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"io"
-	"os"
-	"sync"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	maxEvents = 128
-)
-
-// Epoller manages multiple epoll consoles using edge-triggered epoll api so we
-// dont have to deal with repeated wake-up of EPOLLER or EPOLLHUP.
-// For more details, see:
-// - https://github.com/systemd/systemd/pull/4262
-// - https://github.com/moby/moby/issues/27202
-//
-// Example usage of Epoller and EpollConsole can be as follow:
-//
-//	epoller, _ := NewEpoller()
-//	epollConsole, _ := epoller.Add(console)
-//	go epoller.Wait()
-//	var (
-//		b  bytes.Buffer
-//		wg sync.WaitGroup
-//	)
-//	wg.Add(1)
-//	go func() {
-//		io.Copy(&b, epollConsole)
-//		wg.Done()
-//	}()
-//	// perform I/O on the console
-//	epollConsole.Shutdown(epoller.CloseConsole)
-//	wg.Wait()
-//	epollConsole.Close()
-type Epoller struct {
-	efd       int
-	mu        sync.Mutex
-	fdMapping map[int]*EpollConsole
-}
-
-// NewEpoller returns an instance of epoller with a valid epoll fd.
-func NewEpoller() (*Epoller, error) {
-	efd, err := unix.EpollCreate1(unix.EPOLL_CLOEXEC)
-	if err != nil {
-		return nil, err
-	}
-	return &Epoller{
-		efd:       efd,
-		fdMapping: make(map[int]*EpollConsole),
-	}, nil
-}
-
-// Add creates a epoll console based on the provided console. The console will
-// be registered with EPOLLET (i.e. using edge-triggered notification) and its
-// file descriptor will be set to non-blocking mode. After this, user should use
-// the return console to perform I/O.
-func (e *Epoller) Add(console Console) (*EpollConsole, error) {
-	sysfd := int(console.Fd())
-	// Set sysfd to non-blocking mode
-	if err := unix.SetNonblock(sysfd, true); err != nil {
-		return nil, err
-	}
-
-	ev := unix.EpollEvent{
-		Events: unix.EPOLLIN | unix.EPOLLOUT | unix.EPOLLRDHUP | unix.EPOLLET,
-		Fd:     int32(sysfd),
-	}
-	if err := unix.EpollCtl(e.efd, unix.EPOLL_CTL_ADD, sysfd, &ev); err != nil {
-		return nil, err
-	}
-	ef := &EpollConsole{
-		Console: console,
-		sysfd:   sysfd,
-		readc:   sync.NewCond(&sync.Mutex{}),
-		writec:  sync.NewCond(&sync.Mutex{}),
-	}
-	e.mu.Lock()
-	e.fdMapping[sysfd] = ef
-	e.mu.Unlock()
-	return ef, nil
-}
-
-// Wait starts the loop to wait for its consoles' notifications and signal
-// appropriate console that it can perform I/O.
-func (e *Epoller) Wait() error {
-	events := make([]unix.EpollEvent, maxEvents)
-	for {
-		n, err := unix.EpollWait(e.efd, events, -1)
-		if err != nil {
-			// EINTR: The call was interrupted by a signal handler before either
-			// any of the requested events occurred or the timeout expired
-			if err == unix.EINTR {
-				continue
-			}
-			return err
-		}
-		for i := 0; i < n; i++ {
-			ev := &events[i]
-			// the console is ready to be read from
-			if ev.Events&(unix.EPOLLIN|unix.EPOLLHUP|unix.EPOLLERR) != 0 {
-				if epfile := e.getConsole(int(ev.Fd)); epfile != nil {
-					epfile.signalRead()
-				}
-			}
-			// the console is ready to be written to
-			if ev.Events&(unix.EPOLLOUT|unix.EPOLLHUP|unix.EPOLLERR) != 0 {
-				if epfile := e.getConsole(int(ev.Fd)); epfile != nil {
-					epfile.signalWrite()
-				}
-			}
-		}
-	}
-}
-
-// Close unregister the console's file descriptor from epoll interface
-func (e *Epoller) CloseConsole(fd int) error {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	delete(e.fdMapping, fd)
-	return unix.EpollCtl(e.efd, unix.EPOLL_CTL_DEL, fd, &unix.EpollEvent{})
-}
-
-func (e *Epoller) getConsole(sysfd int) *EpollConsole {
-	e.mu.Lock()
-	f := e.fdMapping[sysfd]
-	e.mu.Unlock()
-	return f
-}
-
-// Close the epoll fd
-func (e *Epoller) Close() error {
-	return unix.Close(e.efd)
-}
-
-// EpollConsole acts like a console but register its file descriptor with a
-// epoll fd and uses epoll API to perform I/O.
-type EpollConsole struct {
-	Console
-	readc  *sync.Cond
-	writec *sync.Cond
-	sysfd  int
-	closed bool
-}
-
-// Read reads up to len(p) bytes into p. It returns the number of bytes read
-// (0 <= n <= len(p)) and any error encountered.
-//
-// If the console's read returns EAGAIN or EIO, we assumes that its a
-// temporary error because the other side went away and wait for the signal
-// generated by epoll event to continue.
-func (ec *EpollConsole) Read(p []byte) (n int, err error) {
-	var read int
-	ec.readc.L.Lock()
-	defer ec.readc.L.Unlock()
-	for {
-		read, err = ec.Console.Read(p[n:])
-		n += read
-		if err != nil {
-			var hangup bool
-			if perr, ok := err.(*os.PathError); ok {
-				hangup = (perr.Err == unix.EAGAIN || perr.Err == unix.EIO)
-			} else {
-				hangup = (err == unix.EAGAIN || err == unix.EIO)
-			}
-			// if the other end disappear, assume this is temporary and wait for the
-			// signal to continue again. Unless we didnt read anything and the
-			// console is already marked as closed then we should exit
-			if hangup && !(n == 0 && len(p) > 0 && ec.closed) {
-				ec.readc.Wait()
-				continue
-			}
-		}
-		break
-	}
-	// if we didnt read anything then return io.EOF to end gracefully
-	if n == 0 && len(p) > 0 && err == nil {
-		err = io.EOF
-	}
-	// signal for others that we finished the read
-	ec.readc.Signal()
-	return n, err
-}
-
-// Writes len(p) bytes from p to the console. It returns the number of bytes
-// written from p (0 <= n <= len(p)) and any error encountered that caused
-// the write to stop early.
-//
-// If writes to the console returns EAGAIN or EIO, we assumes that its a
-// temporary error because the other side went away and wait for the signal
-// generated by epoll event to continue.
-func (ec *EpollConsole) Write(p []byte) (n int, err error) {
-	var written int
-	ec.writec.L.Lock()
-	defer ec.writec.L.Unlock()
-	for {
-		written, err = ec.Console.Write(p[n:])
-		n += written
-		if err != nil {
-			var hangup bool
-			if perr, ok := err.(*os.PathError); ok {
-				hangup = (perr.Err == unix.EAGAIN || perr.Err == unix.EIO)
-			} else {
-				hangup = (err == unix.EAGAIN || err == unix.EIO)
-			}
-			// if the other end disappear, assume this is temporary and wait for the
-			// signal to continue again.
-			if hangup {
-				ec.writec.Wait()
-				continue
-			}
-		}
-		// unrecoverable error, break the loop and return the error
-		break
-	}
-	if n < len(p) && err == nil {
-		err = io.ErrShortWrite
-	}
-	// signal for others that we finished the write
-	ec.writec.Signal()
-	return n, err
-}
-
-// Close closed the file descriptor and signal call waiters for this fd.
-// It accepts a callback which will be called with the console's fd. The
-// callback typically will be used to do further cleanup such as unregister the
-// console's fd from the epoll interface.
-// User should call Shutdown and wait for all I/O operation to be finished
-// before closing the console.
-func (ec *EpollConsole) Shutdown(close func(int) error) error {
-	ec.readc.L.Lock()
-	defer ec.readc.L.Unlock()
-	ec.writec.L.Lock()
-	defer ec.writec.L.Unlock()
-
-	ec.readc.Broadcast()
-	ec.writec.Broadcast()
-	ec.closed = true
-	return close(ec.sysfd)
-}
-
-// signalRead signals that the console is readable.
-func (ec *EpollConsole) signalRead() {
-	ec.readc.Signal()
-}
-
-// signalWrite signals that the console is writable.
-func (ec *EpollConsole) signalWrite() {
-	ec.writec.Signal()
-}

libnetwork/vendor/github.com/containerd/console/console_unix.go

@@ -1,158 +0,0 @@
-// +build darwin freebsd linux openbsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-// NewPty creates a new pty pair
-// The master is returned as the first console and a string
-// with the path to the pty slave is returned as the second
-func NewPty() (Console, string, error) {
-	f, err := os.OpenFile("/dev/ptmx", unix.O_RDWR|unix.O_NOCTTY|unix.O_CLOEXEC, 0)
-	if err != nil {
-		return nil, "", err
-	}
-	slave, err := ptsname(f)
-	if err != nil {
-		return nil, "", err
-	}
-	if err := unlockpt(f); err != nil {
-		return nil, "", err
-	}
-	m, err := newMaster(f)
-	if err != nil {
-		return nil, "", err
-	}
-	return m, slave, nil
-}
-
-type master struct {
-	f        *os.File
-	original *unix.Termios
-}
-
-func (m *master) Read(b []byte) (int, error) {
-	return m.f.Read(b)
-}
-
-func (m *master) Write(b []byte) (int, error) {
-	return m.f.Write(b)
-}
-
-func (m *master) Close() error {
-	return m.f.Close()
-}
-
-func (m *master) Resize(ws WinSize) error {
-	return tcswinsz(m.f.Fd(), ws)
-}
-
-func (m *master) ResizeFrom(c Console) error {
-	ws, err := c.Size()
-	if err != nil {
-		return err
-	}
-	return m.Resize(ws)
-}
-
-func (m *master) Reset() error {
-	if m.original == nil {
-		return nil
-	}
-	return tcset(m.f.Fd(), m.original)
-}
-
-func (m *master) getCurrent() (unix.Termios, error) {
-	var termios unix.Termios
-	if err := tcget(m.f.Fd(), &termios); err != nil {
-		return unix.Termios{}, err
-	}
-	return termios, nil
-}
-
-func (m *master) SetRaw() error {
-	rawState, err := m.getCurrent()
-	if err != nil {
-		return err
-	}
-	rawState = cfmakeraw(rawState)
-	rawState.Oflag = rawState.Oflag | unix.OPOST
-	return tcset(m.f.Fd(), &rawState)
-}
-
-func (m *master) DisableEcho() error {
-	rawState, err := m.getCurrent()
-	if err != nil {
-		return err
-	}
-	rawState.Lflag = rawState.Lflag &^ unix.ECHO
-	return tcset(m.f.Fd(), &rawState)
-}
-
-func (m *master) Size() (WinSize, error) {
-	return tcgwinsz(m.f.Fd())
-}
-
-func (m *master) Fd() uintptr {
-	return m.f.Fd()
-}
-
-func (m *master) Name() string {
-	return m.f.Name()
-}
-
-// checkConsole checks if the provided file is a console
-func checkConsole(f *os.File) error {
-	var termios unix.Termios
-	if tcget(f.Fd(), &termios) != nil {
-		return ErrNotAConsole
-	}
-	return nil
-}
-
-func newMaster(f *os.File) (Console, error) {
-	m := &master{
-		f: f,
-	}
-	t, err := m.getCurrent()
-	if err != nil {
-		return nil, err
-	}
-	m.original = &t
-	return m, nil
-}
-
-// ClearONLCR sets the necessary tty_ioctl(4)s to ensure that a pty pair
-// created by us acts normally. In particular, a not-very-well-known default of
-// Linux unix98 ptys is that they have +onlcr by default. While this isn't a
-// problem for terminal emulators, because we relay data from the terminal we
-// also relay that funky line discipline.
-func ClearONLCR(fd uintptr) error {
-	return setONLCR(fd, false)
-}
-
-// SetONLCR sets the necessary tty_ioctl(4)s to ensure that a pty pair
-// created by us acts as intended for a terminal emulator.
-func SetONLCR(fd uintptr) error {
-	return setONLCR(fd, true)
-}

libnetwork/vendor/github.com/containerd/console/console_windows.go

@@ -1,216 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/pkg/errors"
-	"golang.org/x/sys/windows"
-)
-
-var (
-	vtInputSupported  bool
-	ErrNotImplemented = errors.New("not implemented")
-)
-
-func (m *master) initStdios() {
-	m.in = windows.Handle(os.Stdin.Fd())
-	if err := windows.GetConsoleMode(m.in, &m.inMode); err == nil {
-		// Validate that windows.ENABLE_VIRTUAL_TERMINAL_INPUT is supported, but do not set it.
-		if err = windows.SetConsoleMode(m.in, m.inMode|windows.ENABLE_VIRTUAL_TERMINAL_INPUT); err == nil {
-			vtInputSupported = true
-		}
-		// Unconditionally set the console mode back even on failure because SetConsoleMode
-		// remembers invalid bits on input handles.
-		windows.SetConsoleMode(m.in, m.inMode)
-	} else {
-		fmt.Printf("failed to get console mode for stdin: %v\n", err)
-	}
-
-	m.out = windows.Handle(os.Stdout.Fd())
-	if err := windows.GetConsoleMode(m.out, &m.outMode); err == nil {
-		if err := windows.SetConsoleMode(m.out, m.outMode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING); err == nil {
-			m.outMode |= windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING
-		} else {
-			windows.SetConsoleMode(m.out, m.outMode)
-		}
-	} else {
-		fmt.Printf("failed to get console mode for stdout: %v\n", err)
-	}
-
-	m.err = windows.Handle(os.Stderr.Fd())
-	if err := windows.GetConsoleMode(m.err, &m.errMode); err == nil {
-		if err := windows.SetConsoleMode(m.err, m.errMode|windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING); err == nil {
-			m.errMode |= windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING
-		} else {
-			windows.SetConsoleMode(m.err, m.errMode)
-		}
-	} else {
-		fmt.Printf("failed to get console mode for stderr: %v\n", err)
-	}
-}
-
-type master struct {
-	in     windows.Handle
-	inMode uint32
-
-	out     windows.Handle
-	outMode uint32
-
-	err     windows.Handle
-	errMode uint32
-}
-
-func (m *master) SetRaw() error {
-	if err := makeInputRaw(m.in, m.inMode); err != nil {
-		return err
-	}
-
-	// Set StdOut and StdErr to raw mode, we ignore failures since
-	// windows.DISABLE_NEWLINE_AUTO_RETURN might not be supported on this version of
-	// Windows.
-
-	windows.SetConsoleMode(m.out, m.outMode|windows.DISABLE_NEWLINE_AUTO_RETURN)
-
-	windows.SetConsoleMode(m.err, m.errMode|windows.DISABLE_NEWLINE_AUTO_RETURN)
-
-	return nil
-}
-
-func (m *master) Reset() error {
-	for _, s := range []struct {
-		fd   windows.Handle
-		mode uint32
-	}{
-		{m.in, m.inMode},
-		{m.out, m.outMode},
-		{m.err, m.errMode},
-	} {
-		if err := windows.SetConsoleMode(s.fd, s.mode); err != nil {
-			return errors.Wrap(err, "unable to restore console mode")
-		}
-	}
-
-	return nil
-}
-
-func (m *master) Size() (WinSize, error) {
-	var info windows.ConsoleScreenBufferInfo
-	err := windows.GetConsoleScreenBufferInfo(m.out, &info)
-	if err != nil {
-		return WinSize{}, errors.Wrap(err, "unable to get console info")
-	}
-
-	winsize := WinSize{
-		Width:  uint16(info.Window.Right - info.Window.Left + 1),
-		Height: uint16(info.Window.Bottom - info.Window.Top + 1),
-	}
-
-	return winsize, nil
-}
-
-func (m *master) Resize(ws WinSize) error {
-	return ErrNotImplemented
-}
-
-func (m *master) ResizeFrom(c Console) error {
-	return ErrNotImplemented
-}
-
-func (m *master) DisableEcho() error {
-	mode := m.inMode &^ windows.ENABLE_ECHO_INPUT
-	mode |= windows.ENABLE_PROCESSED_INPUT
-	mode |= windows.ENABLE_LINE_INPUT
-
-	if err := windows.SetConsoleMode(m.in, mode); err != nil {
-		return errors.Wrap(err, "unable to set console to disable echo")
-	}
-
-	return nil
-}
-
-func (m *master) Close() error {
-	return nil
-}
-
-func (m *master) Read(b []byte) (int, error) {
-	panic("not implemented on windows")
-}
-
-func (m *master) Write(b []byte) (int, error) {
-	panic("not implemented on windows")
-}
-
-func (m *master) Fd() uintptr {
-	return uintptr(m.in)
-}
-
-// on windows, console can only be made from os.Std{in,out,err}, hence there
-// isnt a single name here we can use. Return a dummy "console" value in this
-// case should be sufficient.
-func (m *master) Name() string {
-	return "console"
-}
-
-// makeInputRaw puts the terminal (Windows Console) connected to the given
-// file descriptor into raw mode
-func makeInputRaw(fd windows.Handle, mode uint32) error {
-	// See
-	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
-	// -- https://msdn.microsoft.com/en-us/library/windows/desktop/ms683462(v=vs.85).aspx
-
-	// Disable these modes
-	mode &^= windows.ENABLE_ECHO_INPUT
-	mode &^= windows.ENABLE_LINE_INPUT
-	mode &^= windows.ENABLE_MOUSE_INPUT
-	mode &^= windows.ENABLE_WINDOW_INPUT
-	mode &^= windows.ENABLE_PROCESSED_INPUT
-
-	// Enable these modes
-	mode |= windows.ENABLE_EXTENDED_FLAGS
-	mode |= windows.ENABLE_INSERT_MODE
-	mode |= windows.ENABLE_QUICK_EDIT_MODE
-
-	if vtInputSupported {
-		mode |= windows.ENABLE_VIRTUAL_TERMINAL_INPUT
-	}
-
-	if err := windows.SetConsoleMode(fd, mode); err != nil {
-		return errors.Wrap(err, "unable to set console to raw mode")
-	}
-
-	return nil
-}
-
-func checkConsole(f *os.File) error {
-	var mode uint32
-	if err := windows.GetConsoleMode(windows.Handle(f.Fd()), &mode); err != nil {
-		return err
-	}
-	return nil
-}
-
-func newMaster(f *os.File) (Console, error) {
-	if f != os.Stdin && f != os.Stdout && f != os.Stderr {
-		return nil, errors.New("creating a console from a file is not supported on windows")
-	}
-	m := &master{}
-	m.initStdios()
-	return m, nil
-}

libnetwork/vendor/github.com/containerd/console/tc_darwin.go

@@ -1,53 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"fmt"
-	"os"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cmdTcGet = unix.TIOCGETA
-	cmdTcSet = unix.TIOCSETA
-)
-
-func ioctl(fd, flag, data uintptr) error {
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, fd, flag, data); err != 0 {
-		return err
-	}
-	return nil
-}
-
-// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// unlockpt should be called before opening the slave side of a pty.
-func unlockpt(f *os.File) error {
-	var u int32
-	return ioctl(f.Fd(), unix.TIOCPTYUNLK, uintptr(unsafe.Pointer(&u)))
-}
-
-// ptsname retrieves the name of the first available pts for the given master.
-func ptsname(f *os.File) (string, error) {
-	n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCPTYGNAME)
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("/dev/pts/%d", n), nil
-}

libnetwork/vendor/github.com/containerd/console/tc_freebsd.go

@@ -1,45 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"fmt"
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cmdTcGet = unix.TIOCGETA
-	cmdTcSet = unix.TIOCSETA
-)
-
-// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// unlockpt should be called before opening the slave side of a pty.
-// This does not exist on FreeBSD, it does not allocate controlling terminals on open
-func unlockpt(f *os.File) error {
-	return nil
-}
-
-// ptsname retrieves the name of the first available pts for the given master.
-func ptsname(f *os.File) (string, error) {
-	n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN)
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("/dev/pts/%d", n), nil
-}

libnetwork/vendor/github.com/containerd/console/tc_linux.go

@@ -1,49 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"fmt"
-	"os"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cmdTcGet = unix.TCGETS
-	cmdTcSet = unix.TCSETS
-)
-
-// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// unlockpt should be called before opening the slave side of a pty.
-func unlockpt(f *os.File) error {
-	var u int32
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&u))); err != 0 {
-		return err
-	}
-	return nil
-}
-
-// ptsname retrieves the name of the first available pts for the given master.
-func ptsname(f *os.File) (string, error) {
-	var u uint32
-	if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCGPTN, uintptr(unsafe.Pointer(&u))); err != 0 {
-		return "", err
-	}
-	return fmt.Sprintf("/dev/pts/%d", u), nil
-}

libnetwork/vendor/github.com/containerd/console/tc_solaris_cgo.go

@@ -1,51 +0,0 @@
-// +build solaris,cgo
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-//#include <stdlib.h>
-import "C"
-
-const (
-	cmdTcGet = unix.TCGETS
-	cmdTcSet = unix.TCSETS
-)
-
-// ptsname retrieves the name of the first available pts for the given master.
-func ptsname(f *os.File) (string, error) {
-	ptspath, err := C.ptsname(C.int(f.Fd()))
-	if err != nil {
-		return "", err
-	}
-	return C.GoString(ptspath), nil
-}
-
-// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f.
-// unlockpt should be called before opening the slave side of a pty.
-func unlockpt(f *os.File) error {
-	if _, err := C.grantpt(C.int(f.Fd())); err != nil {
-		return err
-	}
-	return nil
-}

libnetwork/vendor/github.com/containerd/console/tc_solaris_nocgo.go

@@ -1,47 +0,0 @@
-// +build solaris,!cgo
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-//
-// Implementing the functions below requires cgo support.  Non-cgo stubs
-// versions are defined below to enable cross-compilation of source code
-// that depends on these functions, but the resultant cross-compiled
-// binaries cannot actually be used.  If the stub function(s) below are
-// actually invoked they will display an error message and cause the
-// calling process to exit.
-//
-
-package console
-
-import (
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cmdTcGet = unix.TCGETS
-	cmdTcSet = unix.TCSETS
-)
-
-func ptsname(f *os.File) (string, error) {
-	panic("ptsname() support requires cgo.")
-}
-
-func unlockpt(f *os.File) error {
-	panic("unlockpt() support requires cgo.")
-}

libnetwork/vendor/github.com/containerd/console/tc_unix.go

@@ -1,91 +0,0 @@
-// +build darwin freebsd linux openbsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package console
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func tcget(fd uintptr, p *unix.Termios) error {
-	termios, err := unix.IoctlGetTermios(int(fd), cmdTcGet)
-	if err != nil {
-		return err
-	}
-	*p = *termios
-	return nil
-}
-
-func tcset(fd uintptr, p *unix.Termios) error {
-	return unix.IoctlSetTermios(int(fd), cmdTcSet, p)
-}
-
-func tcgwinsz(fd uintptr) (WinSize, error) {
-	var ws WinSize
-
-	uws, err := unix.IoctlGetWinsize(int(fd), unix.TIOCGWINSZ)
-	if err != nil {
-		return ws, err
-	}
-
-	// Translate from unix.Winsize to console.WinSize
-	ws.Height = uws.Row
-	ws.Width = uws.Col
-	ws.x = uws.Xpixel
-	ws.y = uws.Ypixel
-	return ws, nil
-}
-
-func tcswinsz(fd uintptr, ws WinSize) error {
-	// Translate from console.WinSize to unix.Winsize
-
-	var uws unix.Winsize
-	uws.Row = ws.Height
-	uws.Col = ws.Width
-	uws.Xpixel = ws.x
-	uws.Ypixel = ws.y
-
-	return unix.IoctlSetWinsize(int(fd), unix.TIOCSWINSZ, &uws)
-}
-
-func setONLCR(fd uintptr, enable bool) error {
-	var termios unix.Termios
-	if err := tcget(fd, &termios); err != nil {
-		return err
-	}
-	if enable {
-		// Set +onlcr so we can act like a real terminal
-		termios.Oflag |= unix.ONLCR
-	} else {
-		// Set -onlcr so we don't have to deal with \r.
-		termios.Oflag &^= unix.ONLCR
-	}
-	return tcset(fd, &termios)
-}
-
-func cfmakeraw(t unix.Termios) unix.Termios {
-	t.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON)
-	t.Oflag &^= unix.OPOST
-	t.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN)
-	t.Cflag &^= (unix.CSIZE | unix.PARENB)
-	t.Cflag &^= unix.CS8
-	t.Cc[unix.VMIN] = 1
-	t.Cc[unix.VTIME] = 0
-
-	return t
-}

libnetwork/vendor/github.com/coreos/go-systemd/LICENSE

@@ -1,191 +0,0 @@
-Apache License
-Version 2.0, January 2004
-http://www.apache.org/licenses/
-
-TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-1. Definitions.
-
-"License" shall mean the terms and conditions for use, reproduction, and
-distribution as defined by Sections 1 through 9 of this document.
-
-"Licensor" shall mean the copyright owner or entity authorized by the copyright
-owner that is granting the License.
-
-"Legal Entity" shall mean the union of the acting entity and all other entities
-that control, are controlled by, or are under common control with that entity.
-For the purposes of this definition, "control" means (i) the power, direct or
-indirect, to cause the direction or management of such entity, whether by
-contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
-outstanding shares, or (iii) beneficial ownership of such entity.
-
-"You" (or "Your") shall mean an individual or Legal Entity exercising
-permissions granted by this License.
-
-"Source" form shall mean the preferred form for making modifications, including
-but not limited to software source code, documentation source, and configuration
-files.
-
-"Object" form shall mean any form resulting from mechanical transformation or
-translation of a Source form, including but not limited to compiled object code,
-generated documentation, and conversions to other media types.
-
-"Work" shall mean the work of authorship, whether in Source or Object form, made
-available under the License, as indicated by a copyright notice that is included
-in or attached to the work (an example is provided in the Appendix below).
-
-"Derivative Works" shall mean any work, whether in Source or Object form, that
-is based on (or derived from) the Work and for which the editorial revisions,
-annotations, elaborations, or other modifications represent, as a whole, an
-original work of authorship. For the purposes of this License, Derivative Works
-shall not include works that remain separable from, or merely link (or bind by
-name) to the interfaces of, the Work and Derivative Works thereof.
-
-"Contribution" shall mean any work of authorship, including the original version
-of the Work and any modifications or additions to that Work or Derivative Works
-thereof, that is intentionally submitted to Licensor for inclusion in the Work
-by the copyright owner or by an individual or Legal Entity authorized to submit
-on behalf of the copyright owner. For the purposes of this definition,
-"submitted" means any form of electronic, verbal, or written communication sent
-to the Licensor or its representatives, including but not limited to
-communication on electronic mailing lists, source code control systems, and
-issue tracking systems that are managed by, or on behalf of, the Licensor for
-the purpose of discussing and improving the Work, but excluding communication
-that is conspicuously marked or otherwise designated in writing by the copyright
-owner as "Not a Contribution."
-
-"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
-of whom a Contribution has been received by Licensor and subsequently
-incorporated within the Work.
-
-2. Grant of Copyright License.
-
-Subject to the terms and conditions of this License, each Contributor hereby
-grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
-irrevocable copyright license to reproduce, prepare Derivative Works of,
-publicly display, publicly perform, sublicense, and distribute the Work and such
-Derivative Works in Source or Object form.
-
-3. Grant of Patent License.
-
-Subject to the terms and conditions of this License, each Contributor hereby
-grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
-irrevocable (except as stated in this section) patent license to make, have
-made, use, offer to sell, sell, import, and otherwise transfer the Work, where
-such license applies only to those patent claims licensable by such Contributor
-that are necessarily infringed by their Contribution(s) alone or by combination
-of their Contribution(s) with the Work to which such Contribution(s) was
-submitted. If You institute patent litigation against any entity (including a
-cross-claim or counterclaim in a lawsuit) alleging that the Work or a
-Contribution incorporated within the Work constitutes direct or contributory
-patent infringement, then any patent licenses granted to You under this License
-for that Work shall terminate as of the date such litigation is filed.
-
-4. Redistribution.
-
-You may reproduce and distribute copies of the Work or Derivative Works thereof
-in any medium, with or without modifications, and in Source or Object form,
-provided that You meet the following conditions:
-
-You must give any other recipients of the Work or Derivative Works a copy of
-this License; and
-You must cause any modified files to carry prominent notices stating that You
-changed the files; and
-You must retain, in the Source form of any Derivative Works that You distribute,
-all copyright, patent, trademark, and attribution notices from the Source form
-of the Work, excluding those notices that do not pertain to any part of the
-Derivative Works; and
-If the Work includes a "NOTICE" text file as part of its distribution, then any
-Derivative Works that You distribute must include a readable copy of the
-attribution notices contained within such NOTICE file, excluding those notices
-that do not pertain to any part of the Derivative Works, in at least one of the
-following places: within a NOTICE text file distributed as part of the
-Derivative Works; within the Source form or documentation, if provided along
-with the Derivative Works; or, within a display generated by the Derivative
-Works, if and wherever such third-party notices normally appear. The contents of
-the NOTICE file are for informational purposes only and do not modify the
-License. You may add Your own attribution notices within Derivative Works that
-You distribute, alongside or as an addendum to the NOTICE text from the Work,
-provided that such additional attribution notices cannot be construed as
-modifying the License.
-You may add Your own copyright statement to Your modifications and may provide
-additional or different license terms and conditions for use, reproduction, or
-distribution of Your modifications, or for any such Derivative Works as a whole,
-provided Your use, reproduction, and distribution of the Work otherwise complies
-with the conditions stated in this License.
-
-5. Submission of Contributions.
-
-Unless You explicitly state otherwise, any Contribution intentionally submitted
-for inclusion in the Work by You to the Licensor shall be under the terms and
-conditions of this License, without any additional terms or conditions.
-Notwithstanding the above, nothing herein shall supersede or modify the terms of
-any separate license agreement you may have executed with Licensor regarding
-such Contributions.
-
-6. Trademarks.
-
-This License does not grant permission to use the trade names, trademarks,
-service marks, or product names of the Licensor, except as required for
-reasonable and customary use in describing the origin of the Work and
-reproducing the content of the NOTICE file.
-
-7. Disclaimer of Warranty.
-
-Unless required by applicable law or agreed to in writing, Licensor provides the
-Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
-including, without limitation, any warranties or conditions of TITLE,
-NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
-solely responsible for determining the appropriateness of using or
-redistributing the Work and assume any risks associated with Your exercise of
-permissions under this License.
-
-8. Limitation of Liability.
-
-In no event and under no legal theory, whether in tort (including negligence),
-contract, or otherwise, unless required by applicable law (such as deliberate
-and grossly negligent acts) or agreed to in writing, shall any Contributor be
-liable to You for damages, including any direct, indirect, special, incidental,
-or consequential damages of any character arising as a result of this License or
-out of the use or inability to use the Work (including but not limited to
-damages for loss of goodwill, work stoppage, computer failure or malfunction, or
-any and all other commercial damages or losses), even if such Contributor has
-been advised of the possibility of such damages.
-
-9. Accepting Warranty or Additional Liability.
-
-While redistributing the Work or Derivative Works thereof, You may choose to
-offer, and charge a fee for, acceptance of support, warranty, indemnity, or
-other liability obligations and/or rights consistent with this License. However,
-in accepting such obligations, You may act only on Your own behalf and on Your
-sole responsibility, not on behalf of any other Contributor, and only if You
-agree to indemnify, defend, and hold each Contributor harmless for any liability
-incurred by, or claims asserted against, such Contributor by reason of your
-accepting any such warranty or additional liability.
-
-END OF TERMS AND CONDITIONS
-
-APPENDIX: How to apply the Apache License to your work
-
-To apply the Apache License to your work, attach the following boilerplate
-notice, with the fields enclosed by brackets "[]" replaced with your own
-identifying information. (Don't include the brackets!) The text should be
-enclosed in the appropriate comment syntax for the file format. We also
-recommend that a file or class name and description of purpose be included on
-the same "printed page" as the copyright notice for easier identification within
-third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

libnetwork/vendor/github.com/coreos/go-systemd/README.md

@@ -1,69 +0,0 @@
-# go-systemd
-
-[![Build Status](https://travis-ci.org/coreos/go-systemd.png?branch=master)](https://travis-ci.org/coreos/go-systemd)
-[![godoc](https://godoc.org/github.com/coreos/go-systemd?status.svg)](http://godoc.org/github.com/coreos/go-systemd)
-
-Go bindings to systemd. The project has several packages:
-
-- `activation` - for writing and using socket activation from Go
-- `daemon` - for notifying systemd of service status changes
-- `dbus` - for starting/stopping/inspecting running services and units
-- `journal` - for writing to systemd's logging service, journald
-- `sdjournal` - for reading from journald by wrapping its C API
-- `login1` - for integration with the systemd logind API
-- `machine1` - for registering machines/containers with systemd
-- `unit` - for (de)serialization and comparison of unit files
-
-## Socket Activation
-
-An example HTTP server using socket activation can be quickly set up by following this README on a Linux machine running systemd:
-
-https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver
-
-## systemd Service Notification
-
-The `daemon` package is an implementation of the [sd_notify protocol](https://www.freedesktop.org/software/systemd/man/sd_notify.html#Description). It can be used to inform systemd of service start-up completion, watchdog events, and other status changes.
-
-## D-Bus
-
-The `dbus` package connects to the [systemd D-Bus API](http://www.freedesktop.org/wiki/Software/systemd/dbus/) and lets you start, stop and introspect systemd units. The API docs are here:
-
-http://godoc.org/github.com/coreos/go-systemd/dbus
-
-### Debugging
-
-Create `/etc/dbus-1/system-local.conf` that looks like this:
-
-```
-<!DOCTYPE busconfig PUBLIC
-"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
-"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-    <policy user="root">
-        <allow eavesdrop="true"/>
-        <allow eavesdrop="true" send_destination="*"/>
-    </policy>
-</busconfig>
-```
-
-## Journal
-
-### Writing to the Journal
-
-Using the pure-Go `journal` package you can submit journal entries directly to systemd's journal, taking advantage of features like indexed key/value pairs for each log entry.
-
-### Reading from the Journal
-
-The `sdjournal` package provides read access to the journal by wrapping around journald's native C API; consequently it requires cgo and the journal headers to be available.
-
-## logind
-
-The `login1` package provides functions to integrate with the [systemd logind API](http://www.freedesktop.org/wiki/Software/systemd/logind/).
-
-## machined
-
-The `machine1` package allows interaction with the [systemd machined D-Bus API](http://www.freedesktop.org/wiki/Software/systemd/machined/).
-
-## Units
-
-The `unit` package provides various functions for working with [systemd unit files](http://www.freedesktop.org/software/systemd/man/systemd.unit.html).

libnetwork/vendor/github.com/coreos/go-systemd/dbus/dbus.go

@@ -1,240 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
-package dbus
-
-import (
-	"encoding/hex"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/godbus/dbus"
-)
-
-const (
-	alpha        = `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`
-	num          = `0123456789`
-	alphanum     = alpha + num
-	signalBuffer = 100
-)
-
-// needsEscape checks whether a byte in a potential dbus ObjectPath needs to be escaped
-func needsEscape(i int, b byte) bool {
-	// Escape everything that is not a-z-A-Z-0-9
-	// Also escape 0-9 if it's the first character
-	return strings.IndexByte(alphanum, b) == -1 ||
-		(i == 0 && strings.IndexByte(num, b) != -1)
-}
-
-// PathBusEscape sanitizes a constituent string of a dbus ObjectPath using the
-// rules that systemd uses for serializing special characters.
-func PathBusEscape(path string) string {
-	// Special case the empty string
-	if len(path) == 0 {
-		return "_"
-	}
-	n := []byte{}
-	for i := 0; i < len(path); i++ {
-		c := path[i]
-		if needsEscape(i, c) {
-			e := fmt.Sprintf("_%x", c)
-			n = append(n, []byte(e)...)
-		} else {
-			n = append(n, c)
-		}
-	}
-	return string(n)
-}
-
-// pathBusUnescape is the inverse of PathBusEscape.
-func pathBusUnescape(path string) string {
-	if path == "_" {
-		return ""
-	}
-	n := []byte{}
-	for i := 0; i < len(path); i++ {
-		c := path[i]
-		if c == '_' && i+2 < len(path) {
-			res, err := hex.DecodeString(path[i+1 : i+3])
-			if err == nil {
-				n = append(n, res...)
-			}
-			i += 2
-		} else {
-			n = append(n, c)
-		}
-	}
-	return string(n)
-}
-
-// Conn is a connection to systemd's dbus endpoint.
-type Conn struct {
-	// sysconn/sysobj are only used to call dbus methods
-	sysconn *dbus.Conn
-	sysobj  dbus.BusObject
-
-	// sigconn/sigobj are only used to receive dbus signals
-	sigconn *dbus.Conn
-	sigobj  dbus.BusObject
-
-	jobListener struct {
-		jobs map[dbus.ObjectPath]chan<- string
-		sync.Mutex
-	}
-	subStateSubscriber struct {
-		updateCh chan<- *SubStateUpdate
-		errCh    chan<- error
-		sync.Mutex
-		ignore      map[dbus.ObjectPath]int64
-		cleanIgnore int64
-	}
-	propertiesSubscriber struct {
-		updateCh chan<- *PropertiesUpdate
-		errCh    chan<- error
-		sync.Mutex
-	}
-}
-
-// New establishes a connection to any available bus and authenticates.
-// Callers should call Close() when done with the connection.
-func New() (*Conn, error) {
-	conn, err := NewSystemConnection()
-	if err != nil && os.Geteuid() == 0 {
-		return NewSystemdConnection()
-	}
-	return conn, err
-}
-
-// NewSystemConnection establishes a connection to the system bus and authenticates.
-// Callers should call Close() when done with the connection
-func NewSystemConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		return dbusAuthHelloConnection(dbus.SystemBusPrivate)
-	})
-}
-
-// NewUserConnection establishes a connection to the session bus and
-// authenticates. This can be used to connect to systemd user instances.
-// Callers should call Close() when done with the connection.
-func NewUserConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		return dbusAuthHelloConnection(dbus.SessionBusPrivate)
-	})
-}
-
-// NewSystemdConnection establishes a private, direct connection to systemd.
-// This can be used for communicating with systemd without a dbus daemon.
-// Callers should call Close() when done with the connection.
-func NewSystemdConnection() (*Conn, error) {
-	return NewConnection(func() (*dbus.Conn, error) {
-		// We skip Hello when talking directly to systemd.
-		return dbusAuthConnection(func() (*dbus.Conn, error) {
-			return dbus.Dial("unix:path=/run/systemd/private")
-		})
-	})
-}
-
-// Close closes an established connection
-func (c *Conn) Close() {
-	c.sysconn.Close()
-	c.sigconn.Close()
-}
-
-// NewConnection establishes a connection to a bus using a caller-supplied function.
-// This allows connecting to remote buses through a user-supplied mechanism.
-// The supplied function may be called multiple times, and should return independent connections.
-// The returned connection must be fully initialised: the org.freedesktop.DBus.Hello call must have succeeded,
-// and any authentication should be handled by the function.
-func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) {
-	sysconn, err := dialBus()
-	if err != nil {
-		return nil, err
-	}
-
-	sigconn, err := dialBus()
-	if err != nil {
-		sysconn.Close()
-		return nil, err
-	}
-
-	c := &Conn{
-		sysconn: sysconn,
-		sysobj:  systemdObject(sysconn),
-		sigconn: sigconn,
-		sigobj:  systemdObject(sigconn),
-	}
-
-	c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64)
-	c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string)
-
-	// Setup the listeners on jobs so that we can get completions
-	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
-
-	c.dispatch()
-	return c, nil
-}
-
-// GetManagerProperty returns the value of a property on the org.freedesktop.systemd1.Manager
-// interface. The value is returned in its string representation, as defined at
-// https://developer.gnome.org/glib/unstable/gvariant-text.html
-func (c *Conn) GetManagerProperty(prop string) (string, error) {
-	variant, err := c.sysobj.GetProperty("org.freedesktop.systemd1.Manager." + prop)
-	if err != nil {
-		return "", err
-	}
-	return variant.String(), nil
-}
-
-func dbusAuthConnection(createBus func() (*dbus.Conn, error)) (*dbus.Conn, error) {
-	conn, err := createBus()
-	if err != nil {
-		return nil, err
-	}
-
-	// Only use EXTERNAL method, and hardcode the uid (not username)
-	// to avoid a username lookup (which requires a dynamically linked
-	// libc)
-	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
-
-	err = conn.Auth(methods)
-	if err != nil {
-		conn.Close()
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-func dbusAuthHelloConnection(createBus func() (*dbus.Conn, error)) (*dbus.Conn, error) {
-	conn, err := dbusAuthConnection(createBus)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = conn.Hello(); err != nil {
-		conn.Close()
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-func systemdObject(conn *dbus.Conn) dbus.BusObject {
-	return conn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
-}

libnetwork/vendor/github.com/coreos/go-systemd/dbus/methods.go

@@ -1,592 +0,0 @@
-// Copyright 2015, 2018 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"errors"
-	"fmt"
-	"path"
-	"strconv"
-
-	"github.com/godbus/dbus"
-)
-
-func (c *Conn) jobComplete(signal *dbus.Signal) {
-	var id uint32
-	var job dbus.ObjectPath
-	var unit string
-	var result string
-	dbus.Store(signal.Body, &id, &job, &unit, &result)
-	c.jobListener.Lock()
-	out, ok := c.jobListener.jobs[job]
-	if ok {
-		out <- result
-		delete(c.jobListener.jobs, job)
-	}
-	c.jobListener.Unlock()
-}
-
-func (c *Conn) startJob(ch chan<- string, job string, args ...interface{}) (int, error) {
-	if ch != nil {
-		c.jobListener.Lock()
-		defer c.jobListener.Unlock()
-	}
-
-	var p dbus.ObjectPath
-	err := c.sysobj.Call(job, 0, args...).Store(&p)
-	if err != nil {
-		return 0, err
-	}
-
-	if ch != nil {
-		c.jobListener.jobs[p] = ch
-	}
-
-	// ignore error since 0 is fine if conversion fails
-	jobID, _ := strconv.Atoi(path.Base(string(p)))
-
-	return jobID, nil
-}
-
-// StartUnit enqueues a start job and depending jobs, if any (unless otherwise
-// specified by the mode string).
-//
-// Takes the unit to activate, plus a mode string. The mode needs to be one of
-// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
-// "replace" the call will start the unit and its dependencies, possibly
-// replacing already queued jobs that conflict with this. If "fail" the call
-// will start the unit and its dependencies, but will fail if this would change
-// an already queued job. If "isolate" the call will start the unit in question
-// and terminate all units that aren't dependencies of it. If
-// "ignore-dependencies" it will start a unit but ignore all its dependencies.
-// If "ignore-requirements" it will start a unit but only ignore the
-// requirement dependencies. It is not recommended to make use of the latter
-// two options.
-//
-// If the provided channel is non-nil, a result string will be sent to it upon
-// job completion: one of done, canceled, timeout, failed, dependency, skipped.
-// done indicates successful execution of a job. canceled indicates that a job
-// has been canceled  before it finished execution. timeout indicates that the
-// job timeout was reached. failed indicates that the job failed. dependency
-// indicates that a job this job has been depending on failed and the job hence
-// has been removed too. skipped indicates that a job was skipped because it
-// didn't apply to the units current state.
-//
-// If no error occurs, the ID of the underlying systemd job will be returned. There
-// does exist the possibility for no error to be returned, but for the returned job
-// ID to be 0. In this case, the actual underlying ID is not 0 and this datapoint
-// should not be considered authoritative.
-//
-// If an error does occur, it will be returned to the user alongside a job ID of 0.
-func (c *Conn) StartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StartUnit", name, mode)
-}
-
-// StopUnit is similar to StartUnit but stops the specified unit rather
-// than starting it.
-func (c *Conn) StopUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StopUnit", name, mode)
-}
-
-// ReloadUnit reloads a unit.  Reloading is done only if the unit is already running and fails otherwise.
-func (c *Conn) ReloadUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
-}
-
-// RestartUnit restarts a service.  If a service is restarted that isn't
-// running it will be started.
-func (c *Conn) RestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
-}
-
-// TryRestartUnit is like RestartUnit, except that a service that isn't running
-// is not affected by the restart.
-func (c *Conn) TryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
-}
-
-// ReloadOrRestart attempts a reload if the unit supports it and use a restart
-// otherwise.
-func (c *Conn) ReloadOrRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
-}
-
-// ReloadOrTryRestart attempts a reload if the unit supports it and use a "Try"
-// flavored restart otherwise.
-func (c *Conn) ReloadOrTryRestartUnit(name string, mode string, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
-}
-
-// StartTransientUnit() may be used to create and start a transient unit, which
-// will be released as soon as it is not running or referenced anymore or the
-// system is rebooted. name is the unit name including suffix, and must be
-// unique. mode is the same as in StartUnit(), properties contains properties
-// of the unit.
-func (c *Conn) StartTransientUnit(name string, mode string, properties []Property, ch chan<- string) (int, error) {
-	return c.startJob(ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
-}
-
-// KillUnit takes the unit name and a UNIX signal number to send.  All of the unit's
-// processes are killed.
-func (c *Conn) KillUnit(name string, signal int32) {
-	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
-}
-
-// ResetFailedUnit resets the "failed" state of a specific unit.
-func (c *Conn) ResetFailedUnit(name string) error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.ResetFailedUnit", 0, name).Store()
-}
-
-// SystemState returns the systemd state. Equivalent to `systemctl is-system-running`.
-func (c *Conn) SystemState() (*Property, error) {
-	var err error
-	var prop dbus.Variant
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", "/org/freedesktop/systemd1")
-	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, "org.freedesktop.systemd1.Manager", "SystemState").Store(&prop)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Property{Name: "SystemState", Value: prop}, nil
-}
-
-// getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface
-func (c *Conn) getProperties(path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) {
-	var err error
-	var props map[string]dbus.Variant
-
-	if !path.IsValid() {
-		return nil, fmt.Errorf("invalid unit name: %v", path)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
-	if err != nil {
-		return nil, err
-	}
-
-	out := make(map[string]interface{}, len(props))
-	for k, v := range props {
-		out[k] = v.Value()
-	}
-
-	return out, nil
-}
-
-// GetUnitProperties takes the (unescaped) unit name and returns all of its dbus object properties.
-func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
-	path := unitPath(unit)
-	return c.getProperties(path, "org.freedesktop.systemd1.Unit")
-}
-
-// GetUnitProperties takes the (escaped) unit path and returns all of its dbus object properties.
-func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) {
-	return c.getProperties(path, "org.freedesktop.systemd1.Unit")
-}
-
-func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
-	var err error
-	var prop dbus.Variant
-
-	path := unitPath(unit)
-	if !path.IsValid() {
-		return nil, errors.New("invalid unit name: " + unit)
-	}
-
-	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Property{Name: propertyName, Value: prop}, nil
-}
-
-func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
-}
-
-// GetServiceProperty returns property for given service name and property name
-func (c *Conn) GetServiceProperty(service string, propertyName string) (*Property, error) {
-	return c.getProperty(service, "org.freedesktop.systemd1.Service", propertyName)
-}
-
-// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
-// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
-// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
-func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
-	path := unitPath(unit)
-	return c.getProperties(path, "org.freedesktop.systemd1."+unitType)
-}
-
-// SetUnitProperties() may be used to modify certain unit properties at runtime.
-// Not all properties may be changed at runtime, but many resource management
-// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
-// instantly, and stored on disk for future boots, unless runtime is true, in which
-// case the settings only apply until the next reboot. name is the name of the unit
-// to modify. properties are the settings to set, encoded as an array of property
-// name and value pairs.
-func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store()
-}
-
-func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
-	return c.getProperty(unit, "org.freedesktop.systemd1."+unitType, propertyName)
-}
-
-type UnitStatus struct {
-	Name        string          // The primary unit name as string
-	Description string          // The human readable description string
-	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
-	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
-	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
-	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
-	Path        dbus.ObjectPath // The unit object path
-	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
-	JobType     string          // The job type as string
-	JobPath     dbus.ObjectPath // The job object path
-}
-
-type storeFunc func(retvalues ...interface{}) error
-
-func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) {
-	result := make([][]interface{}, 0)
-	err := f(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	status := make([]UnitStatus, len(result))
-	statusInterface := make([]interface{}, len(status))
-	for i := range status {
-		statusInterface[i] = &status[i]
-	}
-
-	err = dbus.Store(resultInterface, statusInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return status, nil
-}
-
-// ListUnits returns an array with all currently loaded units. Note that
-// units may be known by multiple names at the same time, and hence there might
-// be more unit names loaded than actual units behind them.
-func (c *Conn) ListUnits() ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnits", 0).Store)
-}
-
-// ListUnitsFiltered returns an array with units filtered by state.
-// It takes a list of units' statuses to filter.
-func (c *Conn) ListUnitsFiltered(states []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store)
-}
-
-// ListUnitsByPatterns returns an array with units.
-// It takes a list of units' statuses and names to filter.
-// Note that units may be known by multiple names at the same time,
-// and hence there might be more unit names loaded than actual units behind them.
-func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store)
-}
-
-// ListUnitsByNames returns an array with units. It takes a list of units'
-// names and returns an UnitStatus array. Comparing to ListUnitsByPatterns
-// method, this method returns statuses even for inactive or non-existing
-// units. Input array should contain exact unit names, but not patterns.
-// Note: Requires systemd v230 or higher
-func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) {
-	return c.listUnitsInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store)
-}
-
-type UnitFile struct {
-	Path string
-	Type string
-}
-
-func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) {
-	result := make([][]interface{}, 0)
-	err := f(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	files := make([]UnitFile, len(result))
-	fileInterface := make([]interface{}, len(files))
-	for i := range files {
-		fileInterface[i] = &files[i]
-	}
-
-	err = dbus.Store(resultInterface, fileInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return files, nil
-}
-
-// ListUnitFiles returns an array of all available units on disk.
-func (c *Conn) ListUnitFiles() ([]UnitFile, error) {
-	return c.listUnitFilesInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store)
-}
-
-// ListUnitFilesByPatterns returns an array of all available units on disk matched the patterns.
-func (c *Conn) ListUnitFilesByPatterns(states []string, patterns []string) ([]UnitFile, error) {
-	return c.listUnitFilesInternal(c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store)
-}
-
-type LinkUnitFileChange EnableUnitFileChange
-
-// LinkUnitFiles() links unit files (that are located outside of the
-// usual unit search paths) into the unit search path.
-//
-// It takes a list of absolute paths to unit files to link and two
-// booleans. The first boolean controls whether the unit shall be
-// enabled for runtime only (true, /run), or persistently (false,
-// /etc).
-// The second controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns a list of the changes made. The list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]LinkUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-// EnableUnitFiles() may be used to enable one or more units in the system (by
-// creating symlinks to them in /etc or /run).
-//
-// It takes a list of unit files to enable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and two booleans: the first controls whether the unit shall
-// be enabled for runtime only (true, /run), or persistently (false, /etc).
-// The second one controls whether symlinks pointing to other units shall
-// be replaced if necessary.
-//
-// This call returns one boolean and an array with the changes made. The
-// boolean signals whether the unit files contained any enablement
-// information (i.e. an [Install]) section. The changes list consists of
-// structures with three strings: the type of the change (one of symlink
-// or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
-	var carries_install_info bool
-
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
-	if err != nil {
-		return false, nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]EnableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return false, nil, err
-	}
-
-	return carries_install_info, changes, nil
-}
-
-type EnableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// DisableUnitFiles() may be used to disable one or more units in the system (by
-// removing symlinks to them from /etc or /run).
-//
-// It takes a list of unit files to disable (either just file names or full
-// absolute paths if the unit files are residing outside the usual unit
-// search paths), and one boolean: whether the unit was enabled for runtime
-// only (true, /run), or persistently (false, /etc).
-//
-// This call returns an array with the changes made. The changes list
-// consists of structures with three strings: the type of the change (one of
-// symlink or unlink), the file name of the symlink and the destination of the
-// symlink.
-func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]DisableUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type DisableUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// MaskUnitFiles masks one or more units in the system
-//
-// It takes three arguments:
-//   * list of units to mask (either just file names or full
-//     absolute paths if the unit files are residing outside
-//     the usual unit search paths)
-//   * runtime to specify whether the unit was enabled for runtime
-//     only (true, /run/systemd/..), or persistently (false, /etc/systemd/..)
-//   * force flag
-func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]MaskUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type MaskUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// UnmaskUnitFiles unmasks one or more units in the system
-//
-// It takes two arguments:
-//   * list of unit files to mask (either just file names or full
-//     absolute paths if the unit files are residing outside
-//     the usual unit search paths)
-//   * runtime to specify whether the unit was enabled for runtime
-//     only (true, /run/systemd/..), or persistently (false, /etc/systemd/..)
-func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileChange, error) {
-	result := make([][]interface{}, 0)
-	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result)
-	if err != nil {
-		return nil, err
-	}
-
-	resultInterface := make([]interface{}, len(result))
-	for i := range result {
-		resultInterface[i] = result[i]
-	}
-
-	changes := make([]UnmaskUnitFileChange, len(result))
-	changesInterface := make([]interface{}, len(changes))
-	for i := range changes {
-		changesInterface[i] = &changes[i]
-	}
-
-	err = dbus.Store(resultInterface, changesInterface...)
-	if err != nil {
-		return nil, err
-	}
-
-	return changes, nil
-}
-
-type UnmaskUnitFileChange struct {
-	Type        string // Type of the change (one of symlink or unlink)
-	Filename    string // File name of the symlink
-	Destination string // Destination of the symlink
-}
-
-// Reload instructs systemd to scan for and reload unit files. This is
-// equivalent to a 'systemctl daemon-reload'.
-func (c *Conn) Reload() error {
-	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
-}
-
-func unitPath(name string) dbus.ObjectPath {
-	return dbus.ObjectPath("/org/freedesktop/systemd1/unit/" + PathBusEscape(name))
-}
-
-// unitName returns the unescaped base element of the supplied escaped path
-func unitName(dpath dbus.ObjectPath) string {
-	return pathBusUnescape(path.Base(string(dpath)))
-}

libnetwork/vendor/github.com/coreos/go-systemd/dbus/properties.go

@@ -1,237 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"github.com/godbus/dbus"
-)
-
-// From the systemd docs:
-//
-// The properties array of StartTransientUnit() may take many of the settings
-// that may also be configured in unit files. Not all parameters are currently
-// accepted though, but we plan to cover more properties with future release.
-// Currently you may set the Description, Slice and all dependency types of
-// units, as well as RemainAfterExit, ExecStart for service units,
-// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
-// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
-// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
-// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
-// directly to their counterparts in unit files and as normal D-Bus object
-// properties. The exception here is the PIDs field of scope units which is
-// used for construction of the scope only and specifies the initial PIDs to
-// add to the scope object.
-
-type Property struct {
-	Name  string
-	Value dbus.Variant
-}
-
-type PropertyCollection struct {
-	Name       string
-	Properties []Property
-}
-
-type execStart struct {
-	Path             string   // the binary path to execute
-	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
-	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
-}
-
-// PropExecStart sets the ExecStart service property.  The first argument is a
-// slice with the binary path to execute followed by the arguments to pass to
-// the executed command. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
-func PropExecStart(command []string, uncleanIsFailure bool) Property {
-	execStarts := []execStart{
-		execStart{
-			Path:             command[0],
-			Args:             command,
-			UncleanIsFailure: uncleanIsFailure,
-		},
-	}
-
-	return Property{
-		Name:  "ExecStart",
-		Value: dbus.MakeVariant(execStarts),
-	}
-}
-
-// PropRemainAfterExit sets the RemainAfterExit service property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
-func PropRemainAfterExit(b bool) Property {
-	return Property{
-		Name:  "RemainAfterExit",
-		Value: dbus.MakeVariant(b),
-	}
-}
-
-// PropType sets the Type service property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
-func PropType(t string) Property {
-	return Property{
-		Name:  "Type",
-		Value: dbus.MakeVariant(t),
-	}
-}
-
-// PropDescription sets the Description unit property. See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
-func PropDescription(desc string) Property {
-	return Property{
-		Name:  "Description",
-		Value: dbus.MakeVariant(desc),
-	}
-}
-
-func propDependency(name string, units []string) Property {
-	return Property{
-		Name:  name,
-		Value: dbus.MakeVariant(units),
-	}
-}
-
-// PropRequires sets the Requires unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
-func PropRequires(units ...string) Property {
-	return propDependency("Requires", units)
-}
-
-// PropRequiresOverridable sets the RequiresOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
-func PropRequiresOverridable(units ...string) Property {
-	return propDependency("RequiresOverridable", units)
-}
-
-// PropRequisite sets the Requisite unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
-func PropRequisite(units ...string) Property {
-	return propDependency("Requisite", units)
-}
-
-// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
-func PropRequisiteOverridable(units ...string) Property {
-	return propDependency("RequisiteOverridable", units)
-}
-
-// PropWants sets the Wants unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
-func PropWants(units ...string) Property {
-	return propDependency("Wants", units)
-}
-
-// PropBindsTo sets the BindsTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
-func PropBindsTo(units ...string) Property {
-	return propDependency("BindsTo", units)
-}
-
-// PropRequiredBy sets the RequiredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
-func PropRequiredBy(units ...string) Property {
-	return propDependency("RequiredBy", units)
-}
-
-// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
-func PropRequiredByOverridable(units ...string) Property {
-	return propDependency("RequiredByOverridable", units)
-}
-
-// PropWantedBy sets the WantedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
-func PropWantedBy(units ...string) Property {
-	return propDependency("WantedBy", units)
-}
-
-// PropBoundBy sets the BoundBy unit property.  See
-// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
-func PropBoundBy(units ...string) Property {
-	return propDependency("BoundBy", units)
-}
-
-// PropConflicts sets the Conflicts unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
-func PropConflicts(units ...string) Property {
-	return propDependency("Conflicts", units)
-}
-
-// PropConflictedBy sets the ConflictedBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
-func PropConflictedBy(units ...string) Property {
-	return propDependency("ConflictedBy", units)
-}
-
-// PropBefore sets the Before unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
-func PropBefore(units ...string) Property {
-	return propDependency("Before", units)
-}
-
-// PropAfter sets the After unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
-func PropAfter(units ...string) Property {
-	return propDependency("After", units)
-}
-
-// PropOnFailure sets the OnFailure unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
-func PropOnFailure(units ...string) Property {
-	return propDependency("OnFailure", units)
-}
-
-// PropTriggers sets the Triggers unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
-func PropTriggers(units ...string) Property {
-	return propDependency("Triggers", units)
-}
-
-// PropTriggeredBy sets the TriggeredBy unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
-func PropTriggeredBy(units ...string) Property {
-	return propDependency("TriggeredBy", units)
-}
-
-// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
-func PropPropagatesReloadTo(units ...string) Property {
-	return propDependency("PropagatesReloadTo", units)
-}
-
-// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
-func PropRequiresMountsFor(units ...string) Property {
-	return propDependency("RequiresMountsFor", units)
-}
-
-// PropSlice sets the Slice unit property.  See
-// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
-func PropSlice(slice string) Property {
-	return Property{
-		Name:  "Slice",
-		Value: dbus.MakeVariant(slice),
-	}
-}
-
-// PropPids sets the PIDs field of scope units used in the initial construction
-// of the scope only and specifies the initial PIDs to add to the scope object.
-// See https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/#properties
-func PropPids(pids ...uint32) Property {
-	return Property{
-		Name:  "PIDs",
-		Value: dbus.MakeVariant(pids),
-	}
-}

libnetwork/vendor/github.com/coreos/go-systemd/dbus/set.go

@@ -1,47 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-type set struct {
-	data map[string]bool
-}
-
-func (s *set) Add(value string) {
-	s.data[value] = true
-}
-
-func (s *set) Remove(value string) {
-	delete(s.data, value)
-}
-
-func (s *set) Contains(value string) (exists bool) {
-	_, exists = s.data[value]
-	return
-}
-
-func (s *set) Length() int {
-	return len(s.data)
-}
-
-func (s *set) Values() (values []string) {
-	for val := range s.data {
-		values = append(values, val)
-	}
-	return
-}
-
-func newSet() *set {
-	return &set{make(map[string]bool)}
-}

libnetwork/vendor/github.com/coreos/go-systemd/dbus/subscription.go

@@ -1,333 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"errors"
-	"log"
-	"time"
-
-	"github.com/godbus/dbus"
-)
-
-const (
-	cleanIgnoreInterval = int64(10 * time.Second)
-	ignoreInterval      = int64(30 * time.Millisecond)
-)
-
-// Subscribe sets up this connection to subscribe to all systemd dbus events.
-// This is required before calling SubscribeUnits. When the connection closes
-// systemd will automatically stop sending signals so there is no need to
-// explicitly call Unsubscribe().
-func (c *Conn) Subscribe() error {
-	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal',interface='org.freedesktop.systemd1.Manager',member='UnitNew'")
-	c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
-		"type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'")
-
-	return c.sigobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()
-}
-
-// Unsubscribe this connection from systemd dbus events.
-func (c *Conn) Unsubscribe() error {
-	return c.sigobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()
-}
-
-func (c *Conn) dispatch() {
-	ch := make(chan *dbus.Signal, signalBuffer)
-
-	c.sigconn.Signal(ch)
-
-	go func() {
-		for {
-			signal, ok := <-ch
-			if !ok {
-				return
-			}
-
-			if signal.Name == "org.freedesktop.systemd1.Manager.JobRemoved" {
-				c.jobComplete(signal)
-			}
-
-			if c.subStateSubscriber.updateCh == nil &&
-				c.propertiesSubscriber.updateCh == nil {
-				continue
-			}
-
-			var unitPath dbus.ObjectPath
-			switch signal.Name {
-			case "org.freedesktop.systemd1.Manager.JobRemoved":
-				unitName := signal.Body[2].(string)
-				c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath)
-			case "org.freedesktop.systemd1.Manager.UnitNew":
-				unitPath = signal.Body[1].(dbus.ObjectPath)
-			case "org.freedesktop.DBus.Properties.PropertiesChanged":
-				if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" {
-					unitPath = signal.Path
-
-					if len(signal.Body) >= 2 {
-						if changed, ok := signal.Body[1].(map[string]dbus.Variant); ok {
-							c.sendPropertiesUpdate(unitPath, changed)
-						}
-					}
-				}
-			}
-
-			if unitPath == dbus.ObjectPath("") {
-				continue
-			}
-
-			c.sendSubStateUpdate(unitPath)
-		}
-	}()
-}
-
-// Returns two unbuffered channels which will receive all changed units every
-// interval.  Deleted units are sent as nil.
-func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) {
-	return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil)
-}
-
-// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer
-// size of the channels, the comparison function for detecting changes and a filter
-// function for cutting down on the noise that your channel receives.
-func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
-	old := make(map[string]*UnitStatus)
-	statusChan := make(chan map[string]*UnitStatus, buffer)
-	errChan := make(chan error, buffer)
-
-	go func() {
-		for {
-			timerChan := time.After(interval)
-
-			units, err := c.ListUnits()
-			if err == nil {
-				cur := make(map[string]*UnitStatus)
-				for i := range units {
-					if filterUnit != nil && filterUnit(units[i].Name) {
-						continue
-					}
-					cur[units[i].Name] = &units[i]
-				}
-
-				// add all new or changed units
-				changed := make(map[string]*UnitStatus)
-				for n, u := range cur {
-					if oldU, ok := old[n]; !ok || isChanged(oldU, u) {
-						changed[n] = u
-					}
-					delete(old, n)
-				}
-
-				// add all deleted units
-				for oldN := range old {
-					changed[oldN] = nil
-				}
-
-				old = cur
-
-				if len(changed) != 0 {
-					statusChan <- changed
-				}
-			} else {
-				errChan <- err
-			}
-
-			<-timerChan
-		}
-	}()
-
-	return statusChan, errChan
-}
-
-type SubStateUpdate struct {
-	UnitName string
-	SubState string
-}
-
-// SetSubStateSubscriber writes to updateCh when any unit's substate changes.
-// Although this writes to updateCh on every state change, the reported state
-// may be more recent than the change that generated it (due to an unavoidable
-// race in the systemd dbus interface).  That is, this method provides a good
-// way to keep a current view of all units' states, but is not guaranteed to
-// show every state transition they go through.  Furthermore, state changes
-// will only be written to the channel with non-blocking writes.  If updateCh
-// is full, it attempts to write an error to errCh; if errCh is full, the error
-// passes silently.
-func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) {
-	if c == nil {
-		msg := "nil receiver"
-		select {
-		case errCh <- errors.New(msg):
-		default:
-			log.Printf("full error channel while reporting: %s\n", msg)
-		}
-		return
-	}
-
-	c.subStateSubscriber.Lock()
-	defer c.subStateSubscriber.Unlock()
-	c.subStateSubscriber.updateCh = updateCh
-	c.subStateSubscriber.errCh = errCh
-}
-
-func (c *Conn) sendSubStateUpdate(unitPath dbus.ObjectPath) {
-	c.subStateSubscriber.Lock()
-	defer c.subStateSubscriber.Unlock()
-
-	if c.subStateSubscriber.updateCh == nil {
-		return
-	}
-
-	isIgnored := c.shouldIgnore(unitPath)
-	defer c.cleanIgnore()
-	if isIgnored {
-		return
-	}
-
-	info, err := c.GetUnitPathProperties(unitPath)
-	if err != nil {
-		select {
-		case c.subStateSubscriber.errCh <- err:
-		default:
-			log.Printf("full error channel while reporting: %s\n", err)
-		}
-		return
-	}
-	defer c.updateIgnore(unitPath, info)
-
-	name, ok := info["Id"].(string)
-	if !ok {
-		msg := "failed to cast info.Id"
-		select {
-		case c.subStateSubscriber.errCh <- errors.New(msg):
-		default:
-			log.Printf("full error channel while reporting: %s\n", err)
-		}
-		return
-	}
-	substate, ok := info["SubState"].(string)
-	if !ok {
-		msg := "failed to cast info.SubState"
-		select {
-		case c.subStateSubscriber.errCh <- errors.New(msg):
-		default:
-			log.Printf("full error channel while reporting: %s\n", msg)
-		}
-		return
-	}
-
-	update := &SubStateUpdate{name, substate}
-	select {
-	case c.subStateSubscriber.updateCh <- update:
-	default:
-		msg := "update channel is full"
-		select {
-		case c.subStateSubscriber.errCh <- errors.New(msg):
-		default:
-			log.Printf("full error channel while reporting: %s\n", msg)
-		}
-		return
-	}
-}
-
-// The ignore functions work around a wart in the systemd dbus interface.
-// Requesting the properties of an unloaded unit will cause systemd to send a
-// pair of UnitNew/UnitRemoved signals.  Because we need to get a unit's
-// properties on UnitNew (as that's the only indication of a new unit coming up
-// for the first time), we would enter an infinite loop if we did not attempt
-// to detect and ignore these spurious signals.  The signal themselves are
-// indistinguishable from relevant ones, so we (somewhat hackishly) ignore an
-// unloaded unit's signals for a short time after requesting its properties.
-// This means that we will miss e.g. a transient unit being restarted
-// *immediately* upon failure and also a transient unit being started
-// immediately after requesting its status (with systemctl status, for example,
-// because this causes a UnitNew signal to be sent which then causes us to fetch
-// the properties).
-
-func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool {
-	t, ok := c.subStateSubscriber.ignore[path]
-	return ok && t >= time.Now().UnixNano()
-}
-
-func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) {
-	loadState, ok := info["LoadState"].(string)
-	if !ok {
-		return
-	}
-
-	// unit is unloaded - it will trigger bad systemd dbus behavior
-	if loadState == "not-found" {
-		c.subStateSubscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval
-	}
-}
-
-// without this, ignore would grow unboundedly over time
-func (c *Conn) cleanIgnore() {
-	now := time.Now().UnixNano()
-	if c.subStateSubscriber.cleanIgnore < now {
-		c.subStateSubscriber.cleanIgnore = now + cleanIgnoreInterval
-
-		for p, t := range c.subStateSubscriber.ignore {
-			if t < now {
-				delete(c.subStateSubscriber.ignore, p)
-			}
-		}
-	}
-}
-
-// PropertiesUpdate holds a map of a unit's changed properties
-type PropertiesUpdate struct {
-	UnitName string
-	Changed  map[string]dbus.Variant
-}
-
-// SetPropertiesSubscriber writes to updateCh when any unit's properties
-// change. Every property change reported by systemd will be sent; that is, no
-// transitions will be "missed" (as they might be with SetSubStateSubscriber).
-// However, state changes will only be written to the channel with non-blocking
-// writes.  If updateCh is full, it attempts to write an error to errCh; if
-// errCh is full, the error passes silently.
-func (c *Conn) SetPropertiesSubscriber(updateCh chan<- *PropertiesUpdate, errCh chan<- error) {
-	c.propertiesSubscriber.Lock()
-	defer c.propertiesSubscriber.Unlock()
-	c.propertiesSubscriber.updateCh = updateCh
-	c.propertiesSubscriber.errCh = errCh
-}
-
-// we don't need to worry about shouldIgnore() here because
-// sendPropertiesUpdate doesn't call GetProperties()
-func (c *Conn) sendPropertiesUpdate(unitPath dbus.ObjectPath, changedProps map[string]dbus.Variant) {
-	c.propertiesSubscriber.Lock()
-	defer c.propertiesSubscriber.Unlock()
-
-	if c.propertiesSubscriber.updateCh == nil {
-		return
-	}
-
-	update := &PropertiesUpdate{unitName(unitPath), changedProps}
-
-	select {
-	case c.propertiesSubscriber.updateCh <- update:
-	default:
-		msg := "update channel is full"
-		select {
-		case c.propertiesSubscriber.errCh <- errors.New(msg):
-		default:
-			log.Printf("full error channel while reporting: %s\n", msg)
-		}
-		return
-	}
-}

libnetwork/vendor/github.com/coreos/go-systemd/dbus/subscription_set.go

@@ -1,57 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package dbus
-
-import (
-	"time"
-)
-
-// SubscriptionSet returns a subscription set which is like conn.Subscribe but
-// can filter to only return events for a set of units.
-type SubscriptionSet struct {
-	*set
-	conn *Conn
-}
-
-func (s *SubscriptionSet) filter(unit string) bool {
-	return !s.Contains(unit)
-}
-
-// Subscribe starts listening for dbus events for all of the units in the set.
-// Returns channels identical to conn.SubscribeUnits.
-func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) {
-	// TODO: Make fully evented by using systemd 209 with properties changed values
-	return s.conn.SubscribeUnitsCustom(time.Second, 0,
-		mismatchUnitStatus,
-		func(unit string) bool { return s.filter(unit) },
-	)
-}
-
-// NewSubscriptionSet returns a new subscription set.
-func (conn *Conn) NewSubscriptionSet() *SubscriptionSet {
-	return &SubscriptionSet{newSet(), conn}
-}
-
-// mismatchUnitStatus returns true if the provided UnitStatus objects
-// are not equivalent. false is returned if the objects are equivalent.
-// Only the Name, Description and state-related fields are used in
-// the comparison.
-func mismatchUnitStatus(u1, u2 *UnitStatus) bool {
-	return u1.Name != u2.Name ||
-		u1.Description != u2.Description ||
-		u1.LoadState != u2.LoadState ||
-		u1.ActiveState != u2.ActiveState ||
-		u1.SubState != u2.SubState
-}

libnetwork/vendor/github.com/coreos/go-systemd/util/util.go

@@ -1,90 +0,0 @@
-// Copyright 2015 CoreOS, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package util contains utility functions related to systemd that applications
-// can use to check things like whether systemd is running.  Note that some of
-// these functions attempt to manually load systemd libraries at runtime rather
-// than linking against them.
-package util
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"strings"
-)
-
-var (
-	ErrNoCGO = fmt.Errorf("go-systemd built with CGO disabled")
-)
-
-// GetRunningSlice attempts to retrieve the name of the systemd slice in which
-// the current process is running.
-// This function is a wrapper around the libsystemd C library; if it cannot be
-// opened, an error is returned.
-func GetRunningSlice() (string, error) {
-	return getRunningSlice()
-}
-
-// RunningFromSystemService tries to detect whether the current process has
-// been invoked from a system service. The condition for this is whether the
-// process is _not_ a user process. User processes are those running in session
-// scopes or under per-user `systemd --user` instances.
-//
-// To avoid false positives on systems without `pam_systemd` (which is
-// responsible for creating user sessions), this function also uses a heuristic
-// to detect whether it's being invoked from a session leader process. This is
-// the case if the current process is executed directly from a service file
-// (e.g. with `ExecStart=/this/cmd`). Note that this heuristic will fail if the
-// command is instead launched in a subshell or similar so that it is not
-// session leader (e.g. `ExecStart=/bin/bash -c "/this/cmd"`)
-//
-// This function is a wrapper around the libsystemd C library; if this is
-// unable to successfully open a handle to the library for any reason (e.g. it
-// cannot be found), an error will be returned.
-func RunningFromSystemService() (bool, error) {
-	return runningFromSystemService()
-}
-
-// CurrentUnitName attempts to retrieve the name of the systemd system unit
-// from which the calling process has been invoked. It wraps the systemd
-// `sd_pid_get_unit` call, with the same caveat: for processes not part of a
-// systemd system unit, this function will return an error.
-func CurrentUnitName() (string, error) {
-	return currentUnitName()
-}
-
-// IsRunningSystemd checks whether the host was booted with systemd as its init
-// system. This functions similarly to systemd's `sd_booted(3)`: internally, it
-// checks whether /run/systemd/system/ exists and is a directory.
-// http://www.freedesktop.org/software/systemd/man/sd_booted.html
-func IsRunningSystemd() bool {
-	fi, err := os.Lstat("/run/systemd/system")
-	if err != nil {
-		return false
-	}
-	return fi.IsDir()
-}
-
-// GetMachineID returns a host's 128-bit machine ID as a string. This functions
-// similarly to systemd's `sd_id128_get_machine`: internally, it simply reads
-// the contents of /etc/machine-id
-// http://www.freedesktop.org/software/systemd/man/sd_id128_get_machine.html
-func GetMachineID() (string, error) {
-	machineID, err := ioutil.ReadFile("/etc/machine-id")
-	if err != nil {
-		return "", fmt.Errorf("failed to read /etc/machine-id: %v", err)
-	}
-	return strings.TrimSpace(string(machineID)), nil
-}

libnetwork/vendor/github.com/coreos/pkg/LICENSE

@@ -1,202 +0,0 @@
-Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-

libnetwork/vendor/github.com/cyphar/filepath-securejoin/LICENSE

@@ -1,28 +0,0 @@
-Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved.
-Copyright (C) 2017 SUSE LLC. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

libnetwork/vendor/github.com/docker/docker/pkg/symlink/fs.go

@@ -1,144 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE.BSD file.
-
-// This code is a modified version of path/filepath/symlink.go from the Go standard library.
-
-package symlink // import "github.com/docker/docker/pkg/symlink"
-
-import (
-	"bytes"
-	"errors"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/pkg/system"
-)
-
-// FollowSymlinkInScope is a wrapper around evalSymlinksInScope that returns an
-// absolute path. This function handles paths in a platform-agnostic manner.
-func FollowSymlinkInScope(path, root string) (string, error) {
-	path, err := filepath.Abs(filepath.FromSlash(path))
-	if err != nil {
-		return "", err
-	}
-	root, err = filepath.Abs(filepath.FromSlash(root))
-	if err != nil {
-		return "", err
-	}
-	return evalSymlinksInScope(path, root)
-}
-
-// evalSymlinksInScope will evaluate symlinks in `path` within a scope `root` and return
-// a result guaranteed to be contained within the scope `root`, at the time of the call.
-// Symlinks in `root` are not evaluated and left as-is.
-// Errors encountered while attempting to evaluate symlinks in path will be returned.
-// Non-existing paths are valid and do not constitute an error.
-// `path` has to contain `root` as a prefix, or else an error will be returned.
-// Trying to break out from `root` does not constitute an error.
-//
-// Example:
-//   If /foo/bar -> /outside,
-//   FollowSymlinkInScope("/foo/bar", "/foo") == "/foo/outside" instead of "/outside"
-//
-// IMPORTANT: it is the caller's responsibility to call evalSymlinksInScope *after* relevant symlinks
-// are created and not to create subsequently, additional symlinks that could potentially make a
-// previously-safe path, unsafe. Example: if /foo/bar does not exist, evalSymlinksInScope("/foo/bar", "/foo")
-// would return "/foo/bar". If one makes /foo/bar a symlink to /baz subsequently, then "/foo/bar" should
-// no longer be considered safely contained in "/foo".
-func evalSymlinksInScope(path, root string) (string, error) {
-	root = filepath.Clean(root)
-	if path == root {
-		return path, nil
-	}
-	if !strings.HasPrefix(path, root) {
-		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
-	}
-	const maxIter = 255
-	originalPath := path
-	// given root of "/a" and path of "/a/b/../../c" we want path to be "/b/../../c"
-	path = path[len(root):]
-	if root == string(filepath.Separator) {
-		path = string(filepath.Separator) + path
-	}
-	if !strings.HasPrefix(path, string(filepath.Separator)) {
-		return "", errors.New("evalSymlinksInScope: " + path + " is not in " + root)
-	}
-	path = filepath.Clean(path)
-	// consume path by taking each frontmost path element,
-	// expanding it if it's a symlink, and appending it to b
-	var b bytes.Buffer
-	// b here will always be considered to be the "current absolute path inside
-	// root" when we append paths to it, we also append a slash and use
-	// filepath.Clean after the loop to trim the trailing slash
-	for n := 0; path != ""; n++ {
-		if n > maxIter {
-			return "", errors.New("evalSymlinksInScope: too many links in " + originalPath)
-		}
-
-		// find next path component, p
-		i := strings.IndexRune(path, filepath.Separator)
-		var p string
-		if i == -1 {
-			p, path = path, ""
-		} else {
-			p, path = path[:i], path[i+1:]
-		}
-
-		if p == "" {
-			continue
-		}
-
-		// this takes a b.String() like "b/../" and a p like "c" and turns it
-		// into "/b/../c" which then gets filepath.Cleaned into "/c" and then
-		// root gets prepended and we Clean again (to remove any trailing slash
-		// if the first Clean gave us just "/")
-		cleanP := filepath.Clean(string(filepath.Separator) + b.String() + p)
-		if isDriveOrRoot(cleanP) {
-			// never Lstat "/" itself, or drive letters on Windows
-			b.Reset()
-			continue
-		}
-		fullP := filepath.Clean(root + cleanP)
-
-		fi, err := os.Lstat(fullP)
-		if os.IsNotExist(err) {
-			// if p does not exist, accept it
-			b.WriteString(p)
-			b.WriteRune(filepath.Separator)
-			continue
-		}
-		if err != nil {
-			return "", err
-		}
-		if fi.Mode()&os.ModeSymlink == 0 {
-			b.WriteString(p)
-			b.WriteRune(filepath.Separator)
-			continue
-		}
-
-		// it's a symlink, put it at the front of path
-		dest, err := os.Readlink(fullP)
-		if err != nil {
-			return "", err
-		}
-		if system.IsAbs(dest) {
-			b.Reset()
-		}
-		path = dest + string(filepath.Separator) + path
-	}
-
-	// see note above on "fullP := ..." for why this is double-cleaned and
-	// what's happening here
-	return filepath.Clean(root + filepath.Clean(string(filepath.Separator)+b.String())), nil
-}
-
-// EvalSymlinks returns the path name after the evaluation of any symbolic
-// links.
-// If path is relative the result will be relative to the current directory,
-// unless one of the components is an absolute symbolic link.
-// This version has been updated to support long paths prepended with `\\?\`.
-func EvalSymlinks(path string) (string, error) {
-	return evalSymlinks(path)
-}

libnetwork/vendor/github.com/docker/docker/pkg/symlink/fs_unix.go

@@ -1,15 +0,0 @@
-// +build !windows
-
-package symlink // import "github.com/docker/docker/pkg/symlink"
-
-import (
-	"path/filepath"
-)
-
-func evalSymlinks(path string) (string, error) {
-	return filepath.EvalSymlinks(path)
-}
-
-func isDriveOrRoot(p string) bool {
-	return p == string(filepath.Separator)
-}

libnetwork/vendor/github.com/docker/docker/pkg/symlink/fs_windows.go

@@ -1,169 +0,0 @@
-package symlink // import "github.com/docker/docker/pkg/symlink"
-
-import (
-	"bytes"
-	"errors"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/docker/docker/pkg/longpath"
-	"golang.org/x/sys/windows"
-)
-
-func toShort(path string) (string, error) {
-	p, err := windows.UTF16FromString(path)
-	if err != nil {
-		return "", err
-	}
-	b := p // GetShortPathName says we can reuse buffer
-	n, err := windows.GetShortPathName(&p[0], &b[0], uint32(len(b)))
-	if err != nil {
-		return "", err
-	}
-	if n > uint32(len(b)) {
-		b = make([]uint16, n)
-		if _, err = windows.GetShortPathName(&p[0], &b[0], uint32(len(b))); err != nil {
-			return "", err
-		}
-	}
-	return windows.UTF16ToString(b), nil
-}
-
-func toLong(path string) (string, error) {
-	p, err := windows.UTF16FromString(path)
-	if err != nil {
-		return "", err
-	}
-	b := p // GetLongPathName says we can reuse buffer
-	n, err := windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
-	if err != nil {
-		return "", err
-	}
-	if n > uint32(len(b)) {
-		b = make([]uint16, n)
-		n, err = windows.GetLongPathName(&p[0], &b[0], uint32(len(b)))
-		if err != nil {
-			return "", err
-		}
-	}
-	b = b[:n]
-	return windows.UTF16ToString(b), nil
-}
-
-func evalSymlinks(path string) (string, error) {
-	path, err := walkSymlinks(path)
-	if err != nil {
-		return "", err
-	}
-
-	p, err := toShort(path)
-	if err != nil {
-		return "", err
-	}
-	p, err = toLong(p)
-	if err != nil {
-		return "", err
-	}
-	// windows.GetLongPathName does not change the case of the drive letter,
-	// but the result of EvalSymlinks must be unique, so we have
-	// EvalSymlinks(`c:\a`) == EvalSymlinks(`C:\a`).
-	// Make drive letter upper case.
-	if len(p) >= 2 && p[1] == ':' && 'a' <= p[0] && p[0] <= 'z' {
-		p = string(p[0]+'A'-'a') + p[1:]
-	} else if len(p) >= 6 && p[5] == ':' && 'a' <= p[4] && p[4] <= 'z' {
-		p = p[:3] + string(p[4]+'A'-'a') + p[5:]
-	}
-	return filepath.Clean(p), nil
-}
-
-const utf8RuneSelf = 0x80
-
-func walkSymlinks(path string) (string, error) {
-	const maxIter = 255
-	originalPath := path
-	// consume path by taking each frontmost path element,
-	// expanding it if it's a symlink, and appending it to b
-	var b bytes.Buffer
-	for n := 0; path != ""; n++ {
-		if n > maxIter {
-			return "", errors.New("EvalSymlinks: too many links in " + originalPath)
-		}
-
-		// A path beginning with `\\?\` represents the root, so automatically
-		// skip that part and begin processing the next segment.
-		if strings.HasPrefix(path, longpath.Prefix) {
-			b.WriteString(longpath.Prefix)
-			path = path[4:]
-			continue
-		}
-
-		// find next path component, p
-		var i = -1
-		for j, c := range path {
-			if c < utf8RuneSelf && os.IsPathSeparator(uint8(c)) {
-				i = j
-				break
-			}
-		}
-		var p string
-		if i == -1 {
-			p, path = path, ""
-		} else {
-			p, path = path[:i], path[i+1:]
-		}
-
-		if p == "" {
-			if b.Len() == 0 {
-				// must be absolute path
-				b.WriteRune(filepath.Separator)
-			}
-			continue
-		}
-
-		// If this is the first segment after the long path prefix, accept the
-		// current segment as a volume root or UNC share and move on to the next.
-		if b.String() == longpath.Prefix {
-			b.WriteString(p)
-			b.WriteRune(filepath.Separator)
-			continue
-		}
-
-		fi, err := os.Lstat(b.String() + p)
-		if err != nil {
-			return "", err
-		}
-		if fi.Mode()&os.ModeSymlink == 0 {
-			b.WriteString(p)
-			if path != "" || (b.Len() == 2 && len(p) == 2 && p[1] == ':') {
-				b.WriteRune(filepath.Separator)
-			}
-			continue
-		}
-
-		// it's a symlink, put it at the front of path
-		dest, err := os.Readlink(b.String() + p)
-		if err != nil {
-			return "", err
-		}
-		if filepath.IsAbs(dest) || os.IsPathSeparator(dest[0]) {
-			b.Reset()
-		}
-		path = dest + string(filepath.Separator) + path
-	}
-	return filepath.Clean(b.String()), nil
-}
-
-func isDriveOrRoot(p string) bool {
-	if p == string(filepath.Separator) {
-		return true
-	}
-
-	length := len(p)
-	if length >= 2 {
-		if p[length-1] == ':' && (('a' <= p[length-2] && p[length-2] <= 'z') || ('A' <= p[length-2] && p[length-2] <= 'Z')) {
-			return true
-		}
-	}
-	return false
-}

libnetwork/vendor/github.com/golang/protobuf/LICENSE

@@ -1,31 +0,0 @@
-Go support for Protocol Buffers - Google's data interchange format
-
-Copyright 2010 The Go Authors.  All rights reserved.
-https://github.com/golang/protobuf
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-    * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-

libnetwork/vendor/github.com/golang/protobuf/README.md

@@ -1,283 +0,0 @@
-# Go support for Protocol Buffers
-
-[![Build Status](https://travis-ci.org/golang/protobuf.svg?branch=master)](https://travis-ci.org/golang/protobuf)
-[![GoDoc](https://godoc.org/github.com/golang/protobuf?status.svg)](https://godoc.org/github.com/golang/protobuf)
-
-Google's data interchange format.
-Copyright 2010 The Go Authors.
-https://github.com/golang/protobuf
-
-This package and the code it generates requires at least Go 1.6.
-
-This software implements Go bindings for protocol buffers.  For
-information about protocol buffers themselves, see
-	https://developers.google.com/protocol-buffers/
-
-## Installation ##
-
-To use this software, you must:
-- Install the standard C++ implementation of protocol buffers from
-	https://developers.google.com/protocol-buffers/
-- Of course, install the Go compiler and tools from
-	https://golang.org/
-  See
-	https://golang.org/doc/install
-  for details or, if you are using gccgo, follow the instructions at
-	https://golang.org/doc/install/gccgo
-- Grab the code from the repository and install the proto package.
-  The simplest way is to run `go get -u github.com/golang/protobuf/protoc-gen-go`.
-  The compiler plugin, protoc-gen-go, will be installed in $GOBIN,
-  defaulting to $GOPATH/bin.  It must be in your $PATH for the protocol
-  compiler, protoc, to find it.
-
-This software has two parts: a 'protocol compiler plugin' that
-generates Go source files that, once compiled, can access and manage
-protocol buffers; and a library that implements run-time support for
-encoding (marshaling), decoding (unmarshaling), and accessing protocol
-buffers.
-
-There is support for gRPC in Go using protocol buffers.
-See the note at the bottom of this file for details.
-
-There are no insertion points in the plugin.
-
-
-## Using protocol buffers with Go ##
-
-Once the software is installed, there are two steps to using it.
-First you must compile the protocol buffer definitions and then import
-them, with the support library, into your program.
-
-To compile the protocol buffer definition, run protoc with the --go_out
-parameter set to the directory you want to output the Go code to.
-
-	protoc --go_out=. *.proto
-
-The generated files will be suffixed .pb.go.  See the Test code below
-for an example using such a file.
-
-## Packages and input paths ##
-
-The protocol buffer language has a concept of "packages" which does not
-correspond well to the Go notion of packages. In generated Go code,
-each source `.proto` file is associated with a single Go package. The
-name and import path for this package is specified with the `go_package`
-proto option:
-
-	option go_package = "github.com/golang/protobuf/ptypes/any";
-
-The protocol buffer compiler will attempt to derive a package name and
-import path if a `go_package` option is not present, but it is
-best to always specify one explicitly.
-
-There is a one-to-one relationship between source `.proto` files and
-generated `.pb.go` files, but any number of `.pb.go` files may be
-contained in the same Go package.
-
-The output name of a generated file is produced by replacing the
-`.proto` suffix with `.pb.go` (e.g., `foo.proto` produces `foo.pb.go`).
-However, the output directory is selected in one of two ways.  Let
-us say we have `inputs/x.proto` with a `go_package` option of
-`github.com/golang/protobuf/p`. The corresponding output file may
-be:
-
-- Relative to the import path:
-
-	protoc --go_out=. inputs/x.proto
-	# writes ./github.com/golang/protobuf/p/x.pb.go
-
-  (This can work well with `--go_out=$GOPATH`.)
-
-- Relative to the input file:
-
-	protoc --go_out=paths=source_relative:. inputs/x.proto
-	# generate ./inputs/x.pb.go
-
-## Generated code ##
-
-The package comment for the proto library contains text describing
-the interface provided in Go for protocol buffers. Here is an edited
-version.
-
-The proto package converts data structures to and from the
-wire format of protocol buffers.  It works in concert with the
-Go source code generated for .proto files by the protocol compiler.
-
-A summary of the properties of the protocol buffer interface
-for a protocol buffer variable v:
-
-  - Names are turned from camel_case to CamelCase for export.
-  - There are no methods on v to set fields; just treat
-  	them as structure fields.
-  - There are getters that return a field's value if set,
-	and return the field's default value if unset.
-	The getters work even if the receiver is a nil message.
-  - The zero value for a struct is its correct initialization state.
-	All desired fields must be set before marshaling.
-  - A Reset() method will restore a protobuf struct to its zero state.
-  - Non-repeated fields are pointers to the values; nil means unset.
-	That is, optional or required field int32 f becomes F *int32.
-  - Repeated fields are slices.
-  - Helper functions are available to aid the setting of fields.
-	Helpers for getting values are superseded by the
-	GetFoo methods and their use is deprecated.
-		msg.Foo = proto.String("hello") // set field
-  - Constants are defined to hold the default values of all fields that
-	have them.  They have the form Default_StructName_FieldName.
-	Because the getter methods handle defaulted values,
-	direct use of these constants should be rare.
-  - Enums are given type names and maps from names to values.
-	Enum values are prefixed with the enum's type name. Enum types have
-	a String method, and a Enum method to assist in message construction.
-  - Nested groups and enums have type names prefixed with the name of
-  	the surrounding message type.
-  - Extensions are given descriptor names that start with E_,
-	followed by an underscore-delimited list of the nested messages
-	that contain it (if any) followed by the CamelCased name of the
-	extension field itself.  HasExtension, ClearExtension, GetExtension
-	and SetExtension are functions for manipulating extensions.
-  - Oneof field sets are given a single field in their message,
-	with distinguished wrapper types for each possible field value.
-  - Marshal and Unmarshal are functions to encode and decode the wire format.
-
-When the .proto file specifies `syntax="proto3"`, there are some differences:
-
-  - Non-repeated fields of non-message type are values instead of pointers.
-  - Enum types do not get an Enum method.
-
-Consider file test.proto, containing
-
-```proto
-	syntax = "proto2";
-	package example;
-
-	enum FOO { X = 17; };
-
-	message Test {
-	  required string label = 1;
-	  optional int32 type = 2 [default=77];
-	  repeated int64 reps = 3;
-	  optional group OptionalGroup = 4 {
-	    required string RequiredField = 5;
-	  }
-	}
-```
-
-To create and play with a Test object from the example package,
-
-```go
-	package main
-
-	import (
-		"log"
-
-		"github.com/golang/protobuf/proto"
-		"path/to/example"
-	)
-
-	func main() {
-		test := &example.Test {
-			Label: proto.String("hello"),
-			Type:  proto.Int32(17),
-			Reps:  []int64{1, 2, 3},
-			Optionalgroup: &example.Test_OptionalGroup {
-				RequiredField: proto.String("good bye"),
-			},
-		}
-		data, err := proto.Marshal(test)
-		if err != nil {
-			log.Fatal("marshaling error: ", err)
-		}
-		newTest := &example.Test{}
-		err = proto.Unmarshal(data, newTest)
-		if err != nil {
-			log.Fatal("unmarshaling error: ", err)
-		}
-		// Now test and newTest contain the same data.
-		if test.GetLabel() != newTest.GetLabel() {
-			log.Fatalf("data mismatch %q != %q", test.GetLabel(), newTest.GetLabel())
-		}
-		// etc.
-	}
-```
-
-## Parameters ##
-
-To pass extra parameters to the plugin, use a comma-separated
-parameter list separated from the output directory by a colon:
-
-	protoc --go_out=plugins=grpc,import_path=mypackage:. *.proto
-
-- `paths=(import | source_relative)` - specifies how the paths of
-  generated files are structured. See the "Packages and imports paths"
-  section above. The default is `import`.
-- `plugins=plugin1+plugin2` - specifies the list of sub-plugins to
-  load. The only plugin in this repo is `grpc`.
-- `Mfoo/bar.proto=quux/shme` - declares that foo/bar.proto is
-  associated with Go package quux/shme.  This is subject to the
-  import_prefix parameter.
-
-The following parameters are deprecated and should not be used:
-
-- `import_prefix=xxx` - a prefix that is added onto the beginning of
-  all imports.
-- `import_path=foo/bar` - used as the package if no input files
-  declare `go_package`. If it contains slashes, everything up to the
-  rightmost slash is ignored.
-
-## gRPC Support ##
-
-If a proto file specifies RPC services, protoc-gen-go can be instructed to
-generate code compatible with gRPC (http://www.grpc.io/). To do this, pass
-the `plugins` parameter to protoc-gen-go; the usual way is to insert it into
-the --go_out argument to protoc:
-
-	protoc --go_out=plugins=grpc:. *.proto
-
-## Compatibility ##
-
-The library and the generated code are expected to be stable over time.
-However, we reserve the right to make breaking changes without notice for the
-following reasons:
-
-- Security. A security issue in the specification or implementation may come to
-  light whose resolution requires breaking compatibility. We reserve the right
-  to address such security issues.
-- Unspecified behavior.  There are some aspects of the Protocol Buffers
-  specification that are undefined.  Programs that depend on such unspecified
-  behavior may break in future releases.
-- Specification errors or changes. If it becomes necessary to address an
-  inconsistency, incompleteness, or change in the Protocol Buffers
-  specification, resolving the issue could affect the meaning or legality of
-  existing programs.  We reserve the right to address such issues, including
-  updating the implementations.
-- Bugs.  If the library has a bug that violates the specification, a program
-  that depends on the buggy behavior may break if the bug is fixed.  We reserve
-  the right to fix such bugs.
-- Adding methods or fields to generated structs.  These may conflict with field
-  names that already exist in a schema, causing applications to break.  When the
-  code generator encounters a field in the schema that would collide with a
-  generated field or method name, the code generator will append an underscore
-  to the generated field or method name.
-- Adding, removing, or changing methods or fields in generated structs that
-  start with `XXX`.  These parts of the generated code are exported out of
-  necessity, but should not be considered part of the public API.
-- Adding, removing, or changing unexported symbols in generated code.
-
-Any breaking changes outside of these will be announced 6 months in advance to
-protobuf@googlegroups.com.
-
-You should, whenever possible, use generated code created by the `protoc-gen-go`
-tool built at the same commit as the `proto` package.  The `proto` package
-declares package-level constants in the form `ProtoPackageIsVersionX`.
-Application code and generated code may depend on one of these constants to
-ensure that compilation will fail if the available version of the proto library
-is too old.  Whenever we make a change to the generated code that requires newer
-library support, in the same commit we will increment the version number of the
-generated code and declare a new package-level constant whose name incorporates
-the latest version number.  Removing a compatibility constant is considered a
-breaking change and would be subject to the announcement policy stated above.
-
-The `protoc-gen-go/generator` package exposes a plugin interface,
-which is used by the gRPC code generation. This interface is not
-supported and is subject to incompatible changes without notice.

libnetwork/vendor/github.com/golang/protobuf/proto/clone.go

@@ -1,253 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2011 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Protocol buffer deep copy and merge.
-// TODO: RawMessage.
-
-package proto
-
-import (
-	"fmt"
-	"log"
-	"reflect"
-	"strings"
-)
-
-// Clone returns a deep copy of a protocol buffer.
-func Clone(src Message) Message {
-	in := reflect.ValueOf(src)
-	if in.IsNil() {
-		return src
-	}
-	out := reflect.New(in.Type().Elem())
-	dst := out.Interface().(Message)
-	Merge(dst, src)
-	return dst
-}
-
-// Merger is the interface representing objects that can merge messages of the same type.
-type Merger interface {
-	// Merge merges src into this message.
-	// Required and optional fields that are set in src will be set to that value in dst.
-	// Elements of repeated fields will be appended.
-	//
-	// Merge may panic if called with a different argument type than the receiver.
-	Merge(src Message)
-}
-
-// generatedMerger is the custom merge method that generated protos will have.
-// We must add this method since a generate Merge method will conflict with
-// many existing protos that have a Merge data field already defined.
-type generatedMerger interface {
-	XXX_Merge(src Message)
-}
-
-// Merge merges src into dst.
-// Required and optional fields that are set in src will be set to that value in dst.
-// Elements of repeated fields will be appended.
-// Merge panics if src and dst are not the same type, or if dst is nil.
-func Merge(dst, src Message) {
-	if m, ok := dst.(Merger); ok {
-		m.Merge(src)
-		return
-	}
-
-	in := reflect.ValueOf(src)
-	out := reflect.ValueOf(dst)
-	if out.IsNil() {
-		panic("proto: nil destination")
-	}
-	if in.Type() != out.Type() {
-		panic(fmt.Sprintf("proto.Merge(%T, %T) type mismatch", dst, src))
-	}
-	if in.IsNil() {
-		return // Merge from nil src is a noop
-	}
-	if m, ok := dst.(generatedMerger); ok {
-		m.XXX_Merge(src)
-		return
-	}
-	mergeStruct(out.Elem(), in.Elem())
-}
-
-func mergeStruct(out, in reflect.Value) {
-	sprop := GetProperties(in.Type())
-	for i := 0; i < in.NumField(); i++ {
-		f := in.Type().Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		mergeAny(out.Field(i), in.Field(i), false, sprop.Prop[i])
-	}
-
-	if emIn, err := extendable(in.Addr().Interface()); err == nil {
-		emOut, _ := extendable(out.Addr().Interface())
-		mIn, muIn := emIn.extensionsRead()
-		if mIn != nil {
-			mOut := emOut.extensionsWrite()
-			muIn.Lock()
-			mergeExtension(mOut, mIn)
-			muIn.Unlock()
-		}
-	}
-
-	uf := in.FieldByName("XXX_unrecognized")
-	if !uf.IsValid() {
-		return
-	}
-	uin := uf.Bytes()
-	if len(uin) > 0 {
-		out.FieldByName("XXX_unrecognized").SetBytes(append([]byte(nil), uin...))
-	}
-}
-
-// mergeAny performs a merge between two values of the same type.
-// viaPtr indicates whether the values were indirected through a pointer (implying proto2).
-// prop is set if this is a struct field (it may be nil).
-func mergeAny(out, in reflect.Value, viaPtr bool, prop *Properties) {
-	if in.Type() == protoMessageType {
-		if !in.IsNil() {
-			if out.IsNil() {
-				out.Set(reflect.ValueOf(Clone(in.Interface().(Message))))
-			} else {
-				Merge(out.Interface().(Message), in.Interface().(Message))
-			}
-		}
-		return
-	}
-	switch in.Kind() {
-	case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64,
-		reflect.String, reflect.Uint32, reflect.Uint64:
-		if !viaPtr && isProto3Zero(in) {
-			return
-		}
-		out.Set(in)
-	case reflect.Interface:
-		// Probably a oneof field; copy non-nil values.
-		if in.IsNil() {
-			return
-		}
-		// Allocate destination if it is not set, or set to a different type.
-		// Otherwise we will merge as normal.
-		if out.IsNil() || out.Elem().Type() != in.Elem().Type() {
-			out.Set(reflect.New(in.Elem().Elem().Type())) // interface -> *T -> T -> new(T)
-		}
-		mergeAny(out.Elem(), in.Elem(), false, nil)
-	case reflect.Map:
-		if in.Len() == 0 {
-			return
-		}
-		if out.IsNil() {
-			out.Set(reflect.MakeMap(in.Type()))
-		}
-		// For maps with value types of *T or []byte we need to deep copy each value.
-		elemKind := in.Type().Elem().Kind()
-		for _, key := range in.MapKeys() {
-			var val reflect.Value
-			switch elemKind {
-			case reflect.Ptr:
-				val = reflect.New(in.Type().Elem().Elem())
-				mergeAny(val, in.MapIndex(key), false, nil)
-			case reflect.Slice:
-				val = in.MapIndex(key)
-				val = reflect.ValueOf(append([]byte{}, val.Bytes()...))
-			default:
-				val = in.MapIndex(key)
-			}
-			out.SetMapIndex(key, val)
-		}
-	case reflect.Ptr:
-		if in.IsNil() {
-			return
-		}
-		if out.IsNil() {
-			out.Set(reflect.New(in.Elem().Type()))
-		}
-		mergeAny(out.Elem(), in.Elem(), true, nil)
-	case reflect.Slice:
-		if in.IsNil() {
-			return
-		}
-		if in.Type().Elem().Kind() == reflect.Uint8 {
-			// []byte is a scalar bytes field, not a repeated field.
-
-			// Edge case: if this is in a proto3 message, a zero length
-			// bytes field is considered the zero value, and should not
-			// be merged.
-			if prop != nil && prop.proto3 && in.Len() == 0 {
-				return
-			}
-
-			// Make a deep copy.
-			// Append to []byte{} instead of []byte(nil) so that we never end up
-			// with a nil result.
-			out.SetBytes(append([]byte{}, in.Bytes()...))
-			return
-		}
-		n := in.Len()
-		if out.IsNil() {
-			out.Set(reflect.MakeSlice(in.Type(), 0, n))
-		}
-		switch in.Type().Elem().Kind() {
-		case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64,
-			reflect.String, reflect.Uint32, reflect.Uint64:
-			out.Set(reflect.AppendSlice(out, in))
-		default:
-			for i := 0; i < n; i++ {
-				x := reflect.Indirect(reflect.New(in.Type().Elem()))
-				mergeAny(x, in.Index(i), false, nil)
-				out.Set(reflect.Append(out, x))
-			}
-		}
-	case reflect.Struct:
-		mergeStruct(out, in)
-	default:
-		// unknown type, so not a protocol buffer
-		log.Printf("proto: don't know how to copy %v", in)
-	}
-}
-
-func mergeExtension(out, in map[int32]Extension) {
-	for extNum, eIn := range in {
-		eOut := Extension{desc: eIn.desc}
-		if eIn.value != nil {
-			v := reflect.New(reflect.TypeOf(eIn.value)).Elem()
-			mergeAny(v, reflect.ValueOf(eIn.value), false, nil)
-			eOut.value = v.Interface()
-		}
-		if eIn.enc != nil {
-			eOut.enc = make([]byte, len(eIn.enc))
-			copy(eOut.enc, eIn.enc)
-		}
-
-		out[extNum] = eOut
-	}
-}

libnetwork/vendor/github.com/golang/protobuf/proto/decode.go

@@ -1,428 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Routines for decoding protocol buffer data to construct in-memory representations.
- */
-
-import (
-	"errors"
-	"fmt"
-	"io"
-)
-
-// errOverflow is returned when an integer is too large to be represented.
-var errOverflow = errors.New("proto: integer overflow")
-
-// ErrInternalBadWireType is returned by generated code when an incorrect
-// wire type is encountered. It does not get returned to user code.
-var ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof")
-
-// DecodeVarint reads a varint-encoded integer from the slice.
-// It returns the integer and the number of bytes consumed, or
-// zero if there is not enough.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func DecodeVarint(buf []byte) (x uint64, n int) {
-	for shift := uint(0); shift < 64; shift += 7 {
-		if n >= len(buf) {
-			return 0, 0
-		}
-		b := uint64(buf[n])
-		n++
-		x |= (b & 0x7F) << shift
-		if (b & 0x80) == 0 {
-			return x, n
-		}
-	}
-
-	// The number is too large to represent in a 64-bit value.
-	return 0, 0
-}
-
-func (p *Buffer) decodeVarintSlow() (x uint64, err error) {
-	i := p.index
-	l := len(p.buf)
-
-	for shift := uint(0); shift < 64; shift += 7 {
-		if i >= l {
-			err = io.ErrUnexpectedEOF
-			return
-		}
-		b := p.buf[i]
-		i++
-		x |= (uint64(b) & 0x7F) << shift
-		if b < 0x80 {
-			p.index = i
-			return
-		}
-	}
-
-	// The number is too large to represent in a 64-bit value.
-	err = errOverflow
-	return
-}
-
-// DecodeVarint reads a varint-encoded integer from the Buffer.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func (p *Buffer) DecodeVarint() (x uint64, err error) {
-	i := p.index
-	buf := p.buf
-
-	if i >= len(buf) {
-		return 0, io.ErrUnexpectedEOF
-	} else if buf[i] < 0x80 {
-		p.index++
-		return uint64(buf[i]), nil
-	} else if len(buf)-i < 10 {
-		return p.decodeVarintSlow()
-	}
-
-	var b uint64
-	// we already checked the first byte
-	x = uint64(buf[i]) - 0x80
-	i++
-
-	b = uint64(buf[i])
-	i++
-	x += b << 7
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 7
-
-	b = uint64(buf[i])
-	i++
-	x += b << 14
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 14
-
-	b = uint64(buf[i])
-	i++
-	x += b << 21
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 21
-
-	b = uint64(buf[i])
-	i++
-	x += b << 28
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 28
-
-	b = uint64(buf[i])
-	i++
-	x += b << 35
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 35
-
-	b = uint64(buf[i])
-	i++
-	x += b << 42
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 42
-
-	b = uint64(buf[i])
-	i++
-	x += b << 49
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 49
-
-	b = uint64(buf[i])
-	i++
-	x += b << 56
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 56
-
-	b = uint64(buf[i])
-	i++
-	x += b << 63
-	if b&0x80 == 0 {
-		goto done
-	}
-	// x -= 0x80 << 63 // Always zero.
-
-	return 0, errOverflow
-
-done:
-	p.index = i
-	return x, nil
-}
-
-// DecodeFixed64 reads a 64-bit integer from the Buffer.
-// This is the format for the
-// fixed64, sfixed64, and double protocol buffer types.
-func (p *Buffer) DecodeFixed64() (x uint64, err error) {
-	// x, err already 0
-	i := p.index + 8
-	if i < 0 || i > len(p.buf) {
-		err = io.ErrUnexpectedEOF
-		return
-	}
-	p.index = i
-
-	x = uint64(p.buf[i-8])
-	x |= uint64(p.buf[i-7]) << 8
-	x |= uint64(p.buf[i-6]) << 16
-	x |= uint64(p.buf[i-5]) << 24
-	x |= uint64(p.buf[i-4]) << 32
-	x |= uint64(p.buf[i-3]) << 40
-	x |= uint64(p.buf[i-2]) << 48
-	x |= uint64(p.buf[i-1]) << 56
-	return
-}
-
-// DecodeFixed32 reads a 32-bit integer from the Buffer.
-// This is the format for the
-// fixed32, sfixed32, and float protocol buffer types.
-func (p *Buffer) DecodeFixed32() (x uint64, err error) {
-	// x, err already 0
-	i := p.index + 4
-	if i < 0 || i > len(p.buf) {
-		err = io.ErrUnexpectedEOF
-		return
-	}
-	p.index = i
-
-	x = uint64(p.buf[i-4])
-	x |= uint64(p.buf[i-3]) << 8
-	x |= uint64(p.buf[i-2]) << 16
-	x |= uint64(p.buf[i-1]) << 24
-	return
-}
-
-// DecodeZigzag64 reads a zigzag-encoded 64-bit integer
-// from the Buffer.
-// This is the format used for the sint64 protocol buffer type.
-func (p *Buffer) DecodeZigzag64() (x uint64, err error) {
-	x, err = p.DecodeVarint()
-	if err != nil {
-		return
-	}
-	x = (x >> 1) ^ uint64((int64(x&1)<<63)>>63)
-	return
-}
-
-// DecodeZigzag32 reads a zigzag-encoded 32-bit integer
-// from  the Buffer.
-// This is the format used for the sint32 protocol buffer type.
-func (p *Buffer) DecodeZigzag32() (x uint64, err error) {
-	x, err = p.DecodeVarint()
-	if err != nil {
-		return
-	}
-	x = uint64((uint32(x) >> 1) ^ uint32((int32(x&1)<<31)>>31))
-	return
-}
-
-// DecodeRawBytes reads a count-delimited byte buffer from the Buffer.
-// This is the format used for the bytes protocol buffer
-// type and for embedded messages.
-func (p *Buffer) DecodeRawBytes(alloc bool) (buf []byte, err error) {
-	n, err := p.DecodeVarint()
-	if err != nil {
-		return nil, err
-	}
-
-	nb := int(n)
-	if nb < 0 {
-		return nil, fmt.Errorf("proto: bad byte length %d", nb)
-	}
-	end := p.index + nb
-	if end < p.index || end > len(p.buf) {
-		return nil, io.ErrUnexpectedEOF
-	}
-
-	if !alloc {
-		// todo: check if can get more uses of alloc=false
-		buf = p.buf[p.index:end]
-		p.index += nb
-		return
-	}
-
-	buf = make([]byte, nb)
-	copy(buf, p.buf[p.index:])
-	p.index += nb
-	return
-}
-
-// DecodeStringBytes reads an encoded string from the Buffer.
-// This is the format used for the proto2 string type.
-func (p *Buffer) DecodeStringBytes() (s string, err error) {
-	buf, err := p.DecodeRawBytes(false)
-	if err != nil {
-		return
-	}
-	return string(buf), nil
-}
-
-// Unmarshaler is the interface representing objects that can
-// unmarshal themselves.  The argument points to data that may be
-// overwritten, so implementations should not keep references to the
-// buffer.
-// Unmarshal implementations should not clear the receiver.
-// Any unmarshaled data should be merged into the receiver.
-// Callers of Unmarshal that do not want to retain existing data
-// should Reset the receiver before calling Unmarshal.
-type Unmarshaler interface {
-	Unmarshal([]byte) error
-}
-
-// newUnmarshaler is the interface representing objects that can
-// unmarshal themselves. The semantics are identical to Unmarshaler.
-//
-// This exists to support protoc-gen-go generated messages.
-// The proto package will stop type-asserting to this interface in the future.
-//
-// DO NOT DEPEND ON THIS.
-type newUnmarshaler interface {
-	XXX_Unmarshal([]byte) error
-}
-
-// Unmarshal parses the protocol buffer representation in buf and places the
-// decoded result in pb.  If the struct underlying pb does not match
-// the data in buf, the results can be unpredictable.
-//
-// Unmarshal resets pb before starting to unmarshal, so any
-// existing data in pb is always removed. Use UnmarshalMerge
-// to preserve and append to existing data.
-func Unmarshal(buf []byte, pb Message) error {
-	pb.Reset()
-	if u, ok := pb.(newUnmarshaler); ok {
-		return u.XXX_Unmarshal(buf)
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		return u.Unmarshal(buf)
-	}
-	return NewBuffer(buf).Unmarshal(pb)
-}
-
-// UnmarshalMerge parses the protocol buffer representation in buf and
-// writes the decoded result to pb.  If the struct underlying pb does not match
-// the data in buf, the results can be unpredictable.
-//
-// UnmarshalMerge merges into existing data in pb.
-// Most code should use Unmarshal instead.
-func UnmarshalMerge(buf []byte, pb Message) error {
-	if u, ok := pb.(newUnmarshaler); ok {
-		return u.XXX_Unmarshal(buf)
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		// NOTE: The history of proto have unfortunately been inconsistent
-		// whether Unmarshaler should or should not implicitly clear itself.
-		// Some implementations do, most do not.
-		// Thus, calling this here may or may not do what people want.
-		//
-		// See https://github.com/golang/protobuf/issues/424
-		return u.Unmarshal(buf)
-	}
-	return NewBuffer(buf).Unmarshal(pb)
-}
-
-// DecodeMessage reads a count-delimited message from the Buffer.
-func (p *Buffer) DecodeMessage(pb Message) error {
-	enc, err := p.DecodeRawBytes(false)
-	if err != nil {
-		return err
-	}
-	return NewBuffer(enc).Unmarshal(pb)
-}
-
-// DecodeGroup reads a tag-delimited group from the Buffer.
-// StartGroup tag is already consumed. This function consumes
-// EndGroup tag.
-func (p *Buffer) DecodeGroup(pb Message) error {
-	b := p.buf[p.index:]
-	x, y := findEndGroup(b)
-	if x < 0 {
-		return io.ErrUnexpectedEOF
-	}
-	err := Unmarshal(b[:x], pb)
-	p.index += y
-	return err
-}
-
-// Unmarshal parses the protocol buffer representation in the
-// Buffer and places the decoded result in pb.  If the struct
-// underlying pb does not match the data in the buffer, the results can be
-// unpredictable.
-//
-// Unlike proto.Unmarshal, this does not reset pb before starting to unmarshal.
-func (p *Buffer) Unmarshal(pb Message) error {
-	// If the object can unmarshal itself, let it.
-	if u, ok := pb.(newUnmarshaler); ok {
-		err := u.XXX_Unmarshal(p.buf[p.index:])
-		p.index = len(p.buf)
-		return err
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		// NOTE: The history of proto have unfortunately been inconsistent
-		// whether Unmarshaler should or should not implicitly clear itself.
-		// Some implementations do, most do not.
-		// Thus, calling this here may or may not do what people want.
-		//
-		// See https://github.com/golang/protobuf/issues/424
-		err := u.Unmarshal(p.buf[p.index:])
-		p.index = len(p.buf)
-		return err
-	}
-
-	// Slow workaround for messages that aren't Unmarshalers.
-	// This includes some hand-coded .pb.go files and
-	// bootstrap protos.
-	// TODO: fix all of those and then add Unmarshal to
-	// the Message interface. Then:
-	// The cast above and code below can be deleted.
-	// The old unmarshaler can be deleted.
-	// Clients can call Unmarshal directly (can already do that, actually).
-	var info InternalMessageInfo
-	err := info.Unmarshal(pb, p.buf[p.index:])
-	p.index = len(p.buf)
-	return err
-}

libnetwork/vendor/github.com/golang/protobuf/proto/encode.go

@@ -1,221 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Routines for encoding data into the wire format for protocol buffers.
- */
-
-import (
-	"errors"
-	"fmt"
-	"reflect"
-)
-
-// RequiredNotSetError is the error returned if Marshal is called with
-// a protocol buffer struct whose required fields have not
-// all been initialized. It is also the error returned if Unmarshal is
-// called with an encoded protocol buffer that does not include all the
-// required fields.
-//
-// When printed, RequiredNotSetError reports the first unset required field in a
-// message. If the field cannot be precisely determined, it is reported as
-// "{Unknown}".
-type RequiredNotSetError struct {
-	field string
-}
-
-func (e *RequiredNotSetError) Error() string {
-	return fmt.Sprintf("proto: required field %q not set", e.field)
-}
-
-var (
-	// errRepeatedHasNil is the error returned if Marshal is called with
-	// a struct with a repeated field containing a nil element.
-	errRepeatedHasNil = errors.New("proto: repeated field has nil element")
-
-	// errOneofHasNil is the error returned if Marshal is called with
-	// a struct with a oneof field containing a nil element.
-	errOneofHasNil = errors.New("proto: oneof field has nil value")
-
-	// ErrNil is the error returned if Marshal is called with nil.
-	ErrNil = errors.New("proto: Marshal called with nil")
-
-	// ErrTooLarge is the error returned if Marshal is called with a
-	// message that encodes to >2GB.
-	ErrTooLarge = errors.New("proto: message encodes to over 2 GB")
-)
-
-// The fundamental encoders that put bytes on the wire.
-// Those that take integer types all accept uint64 and are
-// therefore of type valueEncoder.
-
-const maxVarintBytes = 10 // maximum length of a varint
-
-// EncodeVarint returns the varint encoding of x.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-// Not used by the package itself, but helpful to clients
-// wishing to use the same encoding.
-func EncodeVarint(x uint64) []byte {
-	var buf [maxVarintBytes]byte
-	var n int
-	for n = 0; x > 127; n++ {
-		buf[n] = 0x80 | uint8(x&0x7F)
-		x >>= 7
-	}
-	buf[n] = uint8(x)
-	n++
-	return buf[0:n]
-}
-
-// EncodeVarint writes a varint-encoded integer to the Buffer.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func (p *Buffer) EncodeVarint(x uint64) error {
-	for x >= 1<<7 {
-		p.buf = append(p.buf, uint8(x&0x7f|0x80))
-		x >>= 7
-	}
-	p.buf = append(p.buf, uint8(x))
-	return nil
-}
-
-// SizeVarint returns the varint encoding size of an integer.
-func SizeVarint(x uint64) int {
-	switch {
-	case x < 1<<7:
-		return 1
-	case x < 1<<14:
-		return 2
-	case x < 1<<21:
-		return 3
-	case x < 1<<28:
-		return 4
-	case x < 1<<35:
-		return 5
-	case x < 1<<42:
-		return 6
-	case x < 1<<49:
-		return 7
-	case x < 1<<56:
-		return 8
-	case x < 1<<63:
-		return 9
-	}
-	return 10
-}
-
-// EncodeFixed64 writes a 64-bit integer to the Buffer.
-// This is the format for the
-// fixed64, sfixed64, and double protocol buffer types.
-func (p *Buffer) EncodeFixed64(x uint64) error {
-	p.buf = append(p.buf,
-		uint8(x),
-		uint8(x>>8),
-		uint8(x>>16),
-		uint8(x>>24),
-		uint8(x>>32),
-		uint8(x>>40),
-		uint8(x>>48),
-		uint8(x>>56))
-	return nil
-}
-
-// EncodeFixed32 writes a 32-bit integer to the Buffer.
-// This is the format for the
-// fixed32, sfixed32, and float protocol buffer types.
-func (p *Buffer) EncodeFixed32(x uint64) error {
-	p.buf = append(p.buf,
-		uint8(x),
-		uint8(x>>8),
-		uint8(x>>16),
-		uint8(x>>24))
-	return nil
-}
-
-// EncodeZigzag64 writes a zigzag-encoded 64-bit integer
-// to the Buffer.
-// This is the format used for the sint64 protocol buffer type.
-func (p *Buffer) EncodeZigzag64(x uint64) error {
-	// use signed number to get arithmetic right shift.
-	return p.EncodeVarint(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-
-// EncodeZigzag32 writes a zigzag-encoded 32-bit integer
-// to the Buffer.
-// This is the format used for the sint32 protocol buffer type.
-func (p *Buffer) EncodeZigzag32(x uint64) error {
-	// use signed number to get arithmetic right shift.
-	return p.EncodeVarint(uint64((uint32(x) << 1) ^ uint32((int32(x) >> 31))))
-}
-
-// EncodeRawBytes writes a count-delimited byte buffer to the Buffer.
-// This is the format used for the bytes protocol buffer
-// type and for embedded messages.
-func (p *Buffer) EncodeRawBytes(b []byte) error {
-	p.EncodeVarint(uint64(len(b)))
-	p.buf = append(p.buf, b...)
-	return nil
-}
-
-// EncodeStringBytes writes an encoded string to the Buffer.
-// This is the format used for the proto2 string type.
-func (p *Buffer) EncodeStringBytes(s string) error {
-	p.EncodeVarint(uint64(len(s)))
-	p.buf = append(p.buf, s...)
-	return nil
-}
-
-// Marshaler is the interface representing objects that can marshal themselves.
-type Marshaler interface {
-	Marshal() ([]byte, error)
-}
-
-// EncodeMessage writes the protocol buffer to the Buffer,
-// prefixed by a varint-encoded length.
-func (p *Buffer) EncodeMessage(pb Message) error {
-	siz := Size(pb)
-	p.EncodeVarint(uint64(siz))
-	return p.Marshal(pb)
-}
-
-// All protocol buffer fields are nillable, but be careful.
-func isNil(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-		return v.IsNil()
-	}
-	return false
-}

libnetwork/vendor/github.com/golang/protobuf/proto/equal.go

@@ -1,300 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2011 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Protocol buffer comparison.
-
-package proto
-
-import (
-	"bytes"
-	"log"
-	"reflect"
-	"strings"
-)
-
-/*
-Equal returns true iff protocol buffers a and b are equal.
-The arguments must both be pointers to protocol buffer structs.
-
-Equality is defined in this way:
-  - Two messages are equal iff they are the same type,
-    corresponding fields are equal, unknown field sets
-    are equal, and extensions sets are equal.
-  - Two set scalar fields are equal iff their values are equal.
-    If the fields are of a floating-point type, remember that
-    NaN != x for all x, including NaN. If the message is defined
-    in a proto3 .proto file, fields are not "set"; specifically,
-    zero length proto3 "bytes" fields are equal (nil == {}).
-  - Two repeated fields are equal iff their lengths are the same,
-    and their corresponding elements are equal. Note a "bytes" field,
-    although represented by []byte, is not a repeated field and the
-    rule for the scalar fields described above applies.
-  - Two unset fields are equal.
-  - Two unknown field sets are equal if their current
-    encoded state is equal.
-  - Two extension sets are equal iff they have corresponding
-    elements that are pairwise equal.
-  - Two map fields are equal iff their lengths are the same,
-    and they contain the same set of elements. Zero-length map
-    fields are equal.
-  - Every other combination of things are not equal.
-
-The return value is undefined if a and b are not protocol buffers.
-*/
-func Equal(a, b Message) bool {
-	if a == nil || b == nil {
-		return a == b
-	}
-	v1, v2 := reflect.ValueOf(a), reflect.ValueOf(b)
-	if v1.Type() != v2.Type() {
-		return false
-	}
-	if v1.Kind() == reflect.Ptr {
-		if v1.IsNil() {
-			return v2.IsNil()
-		}
-		if v2.IsNil() {
-			return false
-		}
-		v1, v2 = v1.Elem(), v2.Elem()
-	}
-	if v1.Kind() != reflect.Struct {
-		return false
-	}
-	return equalStruct(v1, v2)
-}
-
-// v1 and v2 are known to have the same type.
-func equalStruct(v1, v2 reflect.Value) bool {
-	sprop := GetProperties(v1.Type())
-	for i := 0; i < v1.NumField(); i++ {
-		f := v1.Type().Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		f1, f2 := v1.Field(i), v2.Field(i)
-		if f.Type.Kind() == reflect.Ptr {
-			if n1, n2 := f1.IsNil(), f2.IsNil(); n1 && n2 {
-				// both unset
-				continue
-			} else if n1 != n2 {
-				// set/unset mismatch
-				return false
-			}
-			f1, f2 = f1.Elem(), f2.Elem()
-		}
-		if !equalAny(f1, f2, sprop.Prop[i]) {
-			return false
-		}
-	}
-
-	if em1 := v1.FieldByName("XXX_InternalExtensions"); em1.IsValid() {
-		em2 := v2.FieldByName("XXX_InternalExtensions")
-		if !equalExtensions(v1.Type(), em1.Interface().(XXX_InternalExtensions), em2.Interface().(XXX_InternalExtensions)) {
-			return false
-		}
-	}
-
-	if em1 := v1.FieldByName("XXX_extensions"); em1.IsValid() {
-		em2 := v2.FieldByName("XXX_extensions")
-		if !equalExtMap(v1.Type(), em1.Interface().(map[int32]Extension), em2.Interface().(map[int32]Extension)) {
-			return false
-		}
-	}
-
-	uf := v1.FieldByName("XXX_unrecognized")
-	if !uf.IsValid() {
-		return true
-	}
-
-	u1 := uf.Bytes()
-	u2 := v2.FieldByName("XXX_unrecognized").Bytes()
-	return bytes.Equal(u1, u2)
-}
-
-// v1 and v2 are known to have the same type.
-// prop may be nil.
-func equalAny(v1, v2 reflect.Value, prop *Properties) bool {
-	if v1.Type() == protoMessageType {
-		m1, _ := v1.Interface().(Message)
-		m2, _ := v2.Interface().(Message)
-		return Equal(m1, m2)
-	}
-	switch v1.Kind() {
-	case reflect.Bool:
-		return v1.Bool() == v2.Bool()
-	case reflect.Float32, reflect.Float64:
-		return v1.Float() == v2.Float()
-	case reflect.Int32, reflect.Int64:
-		return v1.Int() == v2.Int()
-	case reflect.Interface:
-		// Probably a oneof field; compare the inner values.
-		n1, n2 := v1.IsNil(), v2.IsNil()
-		if n1 || n2 {
-			return n1 == n2
-		}
-		e1, e2 := v1.Elem(), v2.Elem()
-		if e1.Type() != e2.Type() {
-			return false
-		}
-		return equalAny(e1, e2, nil)
-	case reflect.Map:
-		if v1.Len() != v2.Len() {
-			return false
-		}
-		for _, key := range v1.MapKeys() {
-			val2 := v2.MapIndex(key)
-			if !val2.IsValid() {
-				// This key was not found in the second map.
-				return false
-			}
-			if !equalAny(v1.MapIndex(key), val2, nil) {
-				return false
-			}
-		}
-		return true
-	case reflect.Ptr:
-		// Maps may have nil values in them, so check for nil.
-		if v1.IsNil() && v2.IsNil() {
-			return true
-		}
-		if v1.IsNil() != v2.IsNil() {
-			return false
-		}
-		return equalAny(v1.Elem(), v2.Elem(), prop)
-	case reflect.Slice:
-		if v1.Type().Elem().Kind() == reflect.Uint8 {
-			// short circuit: []byte
-
-			// Edge case: if this is in a proto3 message, a zero length
-			// bytes field is considered the zero value.
-			if prop != nil && prop.proto3 && v1.Len() == 0 && v2.Len() == 0 {
-				return true
-			}
-			if v1.IsNil() != v2.IsNil() {
-				return false
-			}
-			return bytes.Equal(v1.Interface().([]byte), v2.Interface().([]byte))
-		}
-
-		if v1.Len() != v2.Len() {
-			return false
-		}
-		for i := 0; i < v1.Len(); i++ {
-			if !equalAny(v1.Index(i), v2.Index(i), prop) {
-				return false
-			}
-		}
-		return true
-	case reflect.String:
-		return v1.Interface().(string) == v2.Interface().(string)
-	case reflect.Struct:
-		return equalStruct(v1, v2)
-	case reflect.Uint32, reflect.Uint64:
-		return v1.Uint() == v2.Uint()
-	}
-
-	// unknown type, so not a protocol buffer
-	log.Printf("proto: don't know how to compare %v", v1)
-	return false
-}
-
-// base is the struct type that the extensions are based on.
-// x1 and x2 are InternalExtensions.
-func equalExtensions(base reflect.Type, x1, x2 XXX_InternalExtensions) bool {
-	em1, _ := x1.extensionsRead()
-	em2, _ := x2.extensionsRead()
-	return equalExtMap(base, em1, em2)
-}
-
-func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool {
-	if len(em1) != len(em2) {
-		return false
-	}
-
-	for extNum, e1 := range em1 {
-		e2, ok := em2[extNum]
-		if !ok {
-			return false
-		}
-
-		m1, m2 := e1.value, e2.value
-
-		if m1 == nil && m2 == nil {
-			// Both have only encoded form.
-			if bytes.Equal(e1.enc, e2.enc) {
-				continue
-			}
-			// The bytes are different, but the extensions might still be
-			// equal. We need to decode them to compare.
-		}
-
-		if m1 != nil && m2 != nil {
-			// Both are unencoded.
-			if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) {
-				return false
-			}
-			continue
-		}
-
-		// At least one is encoded. To do a semantically correct comparison
-		// we need to unmarshal them first.
-		var desc *ExtensionDesc
-		if m := extensionMaps[base]; m != nil {
-			desc = m[extNum]
-		}
-		if desc == nil {
-			// If both have only encoded form and the bytes are the same,
-			// it is handled above. We get here when the bytes are different.
-			// We don't know how to decode it, so just compare them as byte
-			// slices.
-			log.Printf("proto: don't know how to compare extension %d of %v", extNum, base)
-			return false
-		}
-		var err error
-		if m1 == nil {
-			m1, err = decodeExtension(e1.enc, desc)
-		}
-		if m2 == nil && err == nil {
-			m2, err = decodeExtension(e2.enc, desc)
-		}
-		if err != nil {
-			// The encoded form is invalid.
-			log.Printf("proto: badly encoded extension %d of %v: %v", extNum, base, err)
-			return false
-		}
-		if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) {
-			return false
-		}
-	}
-
-	return true
-}

libnetwork/vendor/github.com/golang/protobuf/proto/extensions.go

@@ -1,543 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Types and routines for supporting protocol buffer extensions.
- */
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"reflect"
-	"strconv"
-	"sync"
-)
-
-// ErrMissingExtension is the error returned by GetExtension if the named extension is not in the message.
-var ErrMissingExtension = errors.New("proto: missing extension")
-
-// ExtensionRange represents a range of message extensions for a protocol buffer.
-// Used in code generated by the protocol compiler.
-type ExtensionRange struct {
-	Start, End int32 // both inclusive
-}
-
-// extendableProto is an interface implemented by any protocol buffer generated by the current
-// proto compiler that may be extended.
-type extendableProto interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-	extensionsWrite() map[int32]Extension
-	extensionsRead() (map[int32]Extension, sync.Locker)
-}
-
-// extendableProtoV1 is an interface implemented by a protocol buffer generated by the previous
-// version of the proto compiler that may be extended.
-type extendableProtoV1 interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-	ExtensionMap() map[int32]Extension
-}
-
-// extensionAdapter is a wrapper around extendableProtoV1 that implements extendableProto.
-type extensionAdapter struct {
-	extendableProtoV1
-}
-
-func (e extensionAdapter) extensionsWrite() map[int32]Extension {
-	return e.ExtensionMap()
-}
-
-func (e extensionAdapter) extensionsRead() (map[int32]Extension, sync.Locker) {
-	return e.ExtensionMap(), notLocker{}
-}
-
-// notLocker is a sync.Locker whose Lock and Unlock methods are nops.
-type notLocker struct{}
-
-func (n notLocker) Lock()   {}
-func (n notLocker) Unlock() {}
-
-// extendable returns the extendableProto interface for the given generated proto message.
-// If the proto message has the old extension format, it returns a wrapper that implements
-// the extendableProto interface.
-func extendable(p interface{}) (extendableProto, error) {
-	switch p := p.(type) {
-	case extendableProto:
-		if isNilPtr(p) {
-			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
-		}
-		return p, nil
-	case extendableProtoV1:
-		if isNilPtr(p) {
-			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
-		}
-		return extensionAdapter{p}, nil
-	}
-	// Don't allocate a specific error containing %T:
-	// this is the hot path for Clone and MarshalText.
-	return nil, errNotExtendable
-}
-
-var errNotExtendable = errors.New("proto: not an extendable proto.Message")
-
-func isNilPtr(x interface{}) bool {
-	v := reflect.ValueOf(x)
-	return v.Kind() == reflect.Ptr && v.IsNil()
-}
-
-// XXX_InternalExtensions is an internal representation of proto extensions.
-//
-// Each generated message struct type embeds an anonymous XXX_InternalExtensions field,
-// thus gaining the unexported 'extensions' method, which can be called only from the proto package.
-//
-// The methods of XXX_InternalExtensions are not concurrency safe in general,
-// but calls to logically read-only methods such as has and get may be executed concurrently.
-type XXX_InternalExtensions struct {
-	// The struct must be indirect so that if a user inadvertently copies a
-	// generated message and its embedded XXX_InternalExtensions, they
-	// avoid the mayhem of a copied mutex.
-	//
-	// The mutex serializes all logically read-only operations to p.extensionMap.
-	// It is up to the client to ensure that write operations to p.extensionMap are
-	// mutually exclusive with other accesses.
-	p *struct {
-		mu           sync.Mutex
-		extensionMap map[int32]Extension
-	}
-}
-
-// extensionsWrite returns the extension map, creating it on first use.
-func (e *XXX_InternalExtensions) extensionsWrite() map[int32]Extension {
-	if e.p == nil {
-		e.p = new(struct {
-			mu           sync.Mutex
-			extensionMap map[int32]Extension
-		})
-		e.p.extensionMap = make(map[int32]Extension)
-	}
-	return e.p.extensionMap
-}
-
-// extensionsRead returns the extensions map for read-only use.  It may be nil.
-// The caller must hold the returned mutex's lock when accessing Elements within the map.
-func (e *XXX_InternalExtensions) extensionsRead() (map[int32]Extension, sync.Locker) {
-	if e.p == nil {
-		return nil, nil
-	}
-	return e.p.extensionMap, &e.p.mu
-}
-
-// ExtensionDesc represents an extension specification.
-// Used in generated code from the protocol compiler.
-type ExtensionDesc struct {
-	ExtendedType  Message     // nil pointer to the type that is being extended
-	ExtensionType interface{} // nil pointer to the extension type
-	Field         int32       // field number
-	Name          string      // fully-qualified name of extension, for text formatting
-	Tag           string      // protobuf tag style
-	Filename      string      // name of the file in which the extension is defined
-}
-
-func (ed *ExtensionDesc) repeated() bool {
-	t := reflect.TypeOf(ed.ExtensionType)
-	return t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8
-}
-
-// Extension represents an extension in a message.
-type Extension struct {
-	// When an extension is stored in a message using SetExtension
-	// only desc and value are set. When the message is marshaled
-	// enc will be set to the encoded form of the message.
-	//
-	// When a message is unmarshaled and contains extensions, each
-	// extension will have only enc set. When such an extension is
-	// accessed using GetExtension (or GetExtensions) desc and value
-	// will be set.
-	desc  *ExtensionDesc
-	value interface{}
-	enc   []byte
-}
-
-// SetRawExtension is for testing only.
-func SetRawExtension(base Message, id int32, b []byte) {
-	epb, err := extendable(base)
-	if err != nil {
-		return
-	}
-	extmap := epb.extensionsWrite()
-	extmap[id] = Extension{enc: b}
-}
-
-// isExtensionField returns true iff the given field number is in an extension range.
-func isExtensionField(pb extendableProto, field int32) bool {
-	for _, er := range pb.ExtensionRangeArray() {
-		if er.Start <= field && field <= er.End {
-			return true
-		}
-	}
-	return false
-}
-
-// checkExtensionTypes checks that the given extension is valid for pb.
-func checkExtensionTypes(pb extendableProto, extension *ExtensionDesc) error {
-	var pbi interface{} = pb
-	// Check the extended type.
-	if ea, ok := pbi.(extensionAdapter); ok {
-		pbi = ea.extendableProtoV1
-	}
-	if a, b := reflect.TypeOf(pbi), reflect.TypeOf(extension.ExtendedType); a != b {
-		return fmt.Errorf("proto: bad extended type; %v does not extend %v", b, a)
-	}
-	// Check the range.
-	if !isExtensionField(pb, extension.Field) {
-		return errors.New("proto: bad extension number; not in declared ranges")
-	}
-	return nil
-}
-
-// extPropKey is sufficient to uniquely identify an extension.
-type extPropKey struct {
-	base  reflect.Type
-	field int32
-}
-
-var extProp = struct {
-	sync.RWMutex
-	m map[extPropKey]*Properties
-}{
-	m: make(map[extPropKey]*Properties),
-}
-
-func extensionProperties(ed *ExtensionDesc) *Properties {
-	key := extPropKey{base: reflect.TypeOf(ed.ExtendedType), field: ed.Field}
-
-	extProp.RLock()
-	if prop, ok := extProp.m[key]; ok {
-		extProp.RUnlock()
-		return prop
-	}
-	extProp.RUnlock()
-
-	extProp.Lock()
-	defer extProp.Unlock()
-	// Check again.
-	if prop, ok := extProp.m[key]; ok {
-		return prop
-	}
-
-	prop := new(Properties)
-	prop.Init(reflect.TypeOf(ed.ExtensionType), "unknown_name", ed.Tag, nil)
-	extProp.m[key] = prop
-	return prop
-}
-
-// HasExtension returns whether the given extension is present in pb.
-func HasExtension(pb Message, extension *ExtensionDesc) bool {
-	// TODO: Check types, field numbers, etc.?
-	epb, err := extendable(pb)
-	if err != nil {
-		return false
-	}
-	extmap, mu := epb.extensionsRead()
-	if extmap == nil {
-		return false
-	}
-	mu.Lock()
-	_, ok := extmap[extension.Field]
-	mu.Unlock()
-	return ok
-}
-
-// ClearExtension removes the given extension from pb.
-func ClearExtension(pb Message, extension *ExtensionDesc) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return
-	}
-	// TODO: Check types, field numbers, etc.?
-	extmap := epb.extensionsWrite()
-	delete(extmap, extension.Field)
-}
-
-// GetExtension retrieves a proto2 extended field from pb.
-//
-// If the descriptor is type complete (i.e., ExtensionDesc.ExtensionType is non-nil),
-// then GetExtension parses the encoded field and returns a Go value of the specified type.
-// If the field is not present, then the default value is returned (if one is specified),
-// otherwise ErrMissingExtension is reported.
-//
-// If the descriptor is not type complete (i.e., ExtensionDesc.ExtensionType is nil),
-// then GetExtension returns the raw encoded bytes of the field extension.
-func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
-	}
-
-	if extension.ExtendedType != nil {
-		// can only check type if this is a complete descriptor
-		if err := checkExtensionTypes(epb, extension); err != nil {
-			return nil, err
-		}
-	}
-
-	emap, mu := epb.extensionsRead()
-	if emap == nil {
-		return defaultExtensionValue(extension)
-	}
-	mu.Lock()
-	defer mu.Unlock()
-	e, ok := emap[extension.Field]
-	if !ok {
-		// defaultExtensionValue returns the default value or
-		// ErrMissingExtension if there is no default.
-		return defaultExtensionValue(extension)
-	}
-
-	if e.value != nil {
-		// Already decoded. Check the descriptor, though.
-		if e.desc != extension {
-			// This shouldn't happen. If it does, it means that
-			// GetExtension was called twice with two different
-			// descriptors with the same field number.
-			return nil, errors.New("proto: descriptor conflict")
-		}
-		return e.value, nil
-	}
-
-	if extension.ExtensionType == nil {
-		// incomplete descriptor
-		return e.enc, nil
-	}
-
-	v, err := decodeExtension(e.enc, extension)
-	if err != nil {
-		return nil, err
-	}
-
-	// Remember the decoded version and drop the encoded version.
-	// That way it is safe to mutate what we return.
-	e.value = v
-	e.desc = extension
-	e.enc = nil
-	emap[extension.Field] = e
-	return e.value, nil
-}
-
-// defaultExtensionValue returns the default value for extension.
-// If no default for an extension is defined ErrMissingExtension is returned.
-func defaultExtensionValue(extension *ExtensionDesc) (interface{}, error) {
-	if extension.ExtensionType == nil {
-		// incomplete descriptor, so no default
-		return nil, ErrMissingExtension
-	}
-
-	t := reflect.TypeOf(extension.ExtensionType)
-	props := extensionProperties(extension)
-
-	sf, _, err := fieldDefault(t, props)
-	if err != nil {
-		return nil, err
-	}
-
-	if sf == nil || sf.value == nil {
-		// There is no default value.
-		return nil, ErrMissingExtension
-	}
-
-	if t.Kind() != reflect.Ptr {
-		// We do not need to return a Ptr, we can directly return sf.value.
-		return sf.value, nil
-	}
-
-	// We need to return an interface{} that is a pointer to sf.value.
-	value := reflect.New(t).Elem()
-	value.Set(reflect.New(value.Type().Elem()))
-	if sf.kind == reflect.Int32 {
-		// We may have an int32 or an enum, but the underlying data is int32.
-		// Since we can't set an int32 into a non int32 reflect.value directly
-		// set it as a int32.
-		value.Elem().SetInt(int64(sf.value.(int32)))
-	} else {
-		value.Elem().Set(reflect.ValueOf(sf.value))
-	}
-	return value.Interface(), nil
-}
-
-// decodeExtension decodes an extension encoded in b.
-func decodeExtension(b []byte, extension *ExtensionDesc) (interface{}, error) {
-	t := reflect.TypeOf(extension.ExtensionType)
-	unmarshal := typeUnmarshaler(t, extension.Tag)
-
-	// t is a pointer to a struct, pointer to basic type or a slice.
-	// Allocate space to store the pointer/slice.
-	value := reflect.New(t).Elem()
-
-	var err error
-	for {
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		wire := int(x) & 7
-
-		b, err = unmarshal(b, valToPointer(value.Addr()), wire)
-		if err != nil {
-			return nil, err
-		}
-
-		if len(b) == 0 {
-			break
-		}
-	}
-	return value.Interface(), nil
-}
-
-// GetExtensions returns a slice of the extensions present in pb that are also listed in es.
-// The returned slice has the same length as es; missing extensions will appear as nil elements.
-func GetExtensions(pb Message, es []*ExtensionDesc) (extensions []interface{}, err error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
-	}
-	extensions = make([]interface{}, len(es))
-	for i, e := range es {
-		extensions[i], err = GetExtension(epb, e)
-		if err == ErrMissingExtension {
-			err = nil
-		}
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-
-// ExtensionDescs returns a new slice containing pb's extension descriptors, in undefined order.
-// For non-registered extensions, ExtensionDescs returns an incomplete descriptor containing
-// just the Field field, which defines the extension's field number.
-func ExtensionDescs(pb Message) ([]*ExtensionDesc, error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
-	}
-	registeredExtensions := RegisteredExtensions(pb)
-
-	emap, mu := epb.extensionsRead()
-	if emap == nil {
-		return nil, nil
-	}
-	mu.Lock()
-	defer mu.Unlock()
-	extensions := make([]*ExtensionDesc, 0, len(emap))
-	for extid, e := range emap {
-		desc := e.desc
-		if desc == nil {
-			desc = registeredExtensions[extid]
-			if desc == nil {
-				desc = &ExtensionDesc{Field: extid}
-			}
-		}
-
-		extensions = append(extensions, desc)
-	}
-	return extensions, nil
-}
-
-// SetExtension sets the specified extension of pb to the specified value.
-func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error {
-	epb, err := extendable(pb)
-	if err != nil {
-		return err
-	}
-	if err := checkExtensionTypes(epb, extension); err != nil {
-		return err
-	}
-	typ := reflect.TypeOf(extension.ExtensionType)
-	if typ != reflect.TypeOf(value) {
-		return errors.New("proto: bad extension value type")
-	}
-	// nil extension values need to be caught early, because the
-	// encoder can't distinguish an ErrNil due to a nil extension
-	// from an ErrNil due to a missing field. Extensions are
-	// always optional, so the encoder would just swallow the error
-	// and drop all the extensions from the encoded message.
-	if reflect.ValueOf(value).IsNil() {
-		return fmt.Errorf("proto: SetExtension called with nil value of type %T", value)
-	}
-
-	extmap := epb.extensionsWrite()
-	extmap[extension.Field] = Extension{desc: extension, value: value}
-	return nil
-}
-
-// ClearAllExtensions clears all extensions from pb.
-func ClearAllExtensions(pb Message) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return
-	}
-	m := epb.extensionsWrite()
-	for k := range m {
-		delete(m, k)
-	}
-}
-
-// A global registry of extensions.
-// The generated code will register the generated descriptors by calling RegisterExtension.
-
-var extensionMaps = make(map[reflect.Type]map[int32]*ExtensionDesc)
-
-// RegisterExtension is called from the generated code.
-func RegisterExtension(desc *ExtensionDesc) {
-	st := reflect.TypeOf(desc.ExtendedType).Elem()
-	m := extensionMaps[st]
-	if m == nil {
-		m = make(map[int32]*ExtensionDesc)
-		extensionMaps[st] = m
-	}
-	if _, ok := m[desc.Field]; ok {
-		panic("proto: duplicate extension registered: " + st.String() + " " + strconv.Itoa(int(desc.Field)))
-	}
-	m[desc.Field] = desc
-}
-
-// RegisteredExtensions returns a map of the registered extensions of a
-// protocol buffer struct, indexed by the extension number.
-// The argument pb should be a nil pointer to the struct type.
-func RegisteredExtensions(pb Message) map[int32]*ExtensionDesc {
-	return extensionMaps[reflect.TypeOf(pb).Elem()]
-}

libnetwork/vendor/github.com/golang/protobuf/proto/lib.go

@@ -1,921 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-/*
-Package proto converts data structures to and from the wire format of
-protocol buffers.  It works in concert with the Go source code generated
-for .proto files by the protocol compiler.
-
-A summary of the properties of the protocol buffer interface
-for a protocol buffer variable v:
-
-  - Names are turned from camel_case to CamelCase for export.
-  - There are no methods on v to set fields; just treat
-	them as structure fields.
-  - There are getters that return a field's value if set,
-	and return the field's default value if unset.
-	The getters work even if the receiver is a nil message.
-  - The zero value for a struct is its correct initialization state.
-	All desired fields must be set before marshaling.
-  - A Reset() method will restore a protobuf struct to its zero state.
-  - Non-repeated fields are pointers to the values; nil means unset.
-	That is, optional or required field int32 f becomes F *int32.
-  - Repeated fields are slices.
-  - Helper functions are available to aid the setting of fields.
-	msg.Foo = proto.String("hello") // set field
-  - Constants are defined to hold the default values of all fields that
-	have them.  They have the form Default_StructName_FieldName.
-	Because the getter methods handle defaulted values,
-	direct use of these constants should be rare.
-  - Enums are given type names and maps from names to values.
-	Enum values are prefixed by the enclosing message's name, or by the
-	enum's type name if it is a top-level enum. Enum types have a String
-	method, and a Enum method to assist in message construction.
-  - Nested messages, groups and enums have type names prefixed with the name of
-	the surrounding message type.
-  - Extensions are given descriptor names that start with E_,
-	followed by an underscore-delimited list of the nested messages
-	that contain it (if any) followed by the CamelCased name of the
-	extension field itself.  HasExtension, ClearExtension, GetExtension
-	and SetExtension are functions for manipulating extensions.
-  - Oneof field sets are given a single field in their message,
-	with distinguished wrapper types for each possible field value.
-  - Marshal and Unmarshal are functions to encode and decode the wire format.
-
-When the .proto file specifies `syntax="proto3"`, there are some differences:
-
-  - Non-repeated fields of non-message type are values instead of pointers.
-  - Enum types do not get an Enum method.
-
-The simplest way to describe this is to see an example.
-Given file test.proto, containing
-
-	package example;
-
-	enum FOO { X = 17; }
-
-	message Test {
-	  required string label = 1;
-	  optional int32 type = 2 [default=77];
-	  repeated int64 reps = 3;
-	  optional group OptionalGroup = 4 {
-	    required string RequiredField = 5;
-	  }
-	  oneof union {
-	    int32 number = 6;
-	    string name = 7;
-	  }
-	}
-
-The resulting file, test.pb.go, is:
-
-	package example
-
-	import proto "github.com/golang/protobuf/proto"
-	import math "math"
-
-	type FOO int32
-	const (
-		FOO_X FOO = 17
-	)
-	var FOO_name = map[int32]string{
-		17: "X",
-	}
-	var FOO_value = map[string]int32{
-		"X": 17,
-	}
-
-	func (x FOO) Enum() *FOO {
-		p := new(FOO)
-		*p = x
-		return p
-	}
-	func (x FOO) String() string {
-		return proto.EnumName(FOO_name, int32(x))
-	}
-	func (x *FOO) UnmarshalJSON(data []byte) error {
-		value, err := proto.UnmarshalJSONEnum(FOO_value, data)
-		if err != nil {
-			return err
-		}
-		*x = FOO(value)
-		return nil
-	}
-
-	type Test struct {
-		Label         *string             `protobuf:"bytes,1,req,name=label" json:"label,omitempty"`
-		Type          *int32              `protobuf:"varint,2,opt,name=type,def=77" json:"type,omitempty"`
-		Reps          []int64             `protobuf:"varint,3,rep,name=reps" json:"reps,omitempty"`
-		Optionalgroup *Test_OptionalGroup `protobuf:"group,4,opt,name=OptionalGroup" json:"optionalgroup,omitempty"`
-		// Types that are valid to be assigned to Union:
-		//	*Test_Number
-		//	*Test_Name
-		Union            isTest_Union `protobuf_oneof:"union"`
-		XXX_unrecognized []byte       `json:"-"`
-	}
-	func (m *Test) Reset()         { *m = Test{} }
-	func (m *Test) String() string { return proto.CompactTextString(m) }
-	func (*Test) ProtoMessage() {}
-
-	type isTest_Union interface {
-		isTest_Union()
-	}
-
-	type Test_Number struct {
-		Number int32 `protobuf:"varint,6,opt,name=number"`
-	}
-	type Test_Name struct {
-		Name string `protobuf:"bytes,7,opt,name=name"`
-	}
-
-	func (*Test_Number) isTest_Union() {}
-	func (*Test_Name) isTest_Union()   {}
-
-	func (m *Test) GetUnion() isTest_Union {
-		if m != nil {
-			return m.Union
-		}
-		return nil
-	}
-	const Default_Test_Type int32 = 77
-
-	func (m *Test) GetLabel() string {
-		if m != nil && m.Label != nil {
-			return *m.Label
-		}
-		return ""
-	}
-
-	func (m *Test) GetType() int32 {
-		if m != nil && m.Type != nil {
-			return *m.Type
-		}
-		return Default_Test_Type
-	}
-
-	func (m *Test) GetOptionalgroup() *Test_OptionalGroup {
-		if m != nil {
-			return m.Optionalgroup
-		}
-		return nil
-	}
-
-	type Test_OptionalGroup struct {
-		RequiredField *string `protobuf:"bytes,5,req" json:"RequiredField,omitempty"`
-	}
-	func (m *Test_OptionalGroup) Reset()         { *m = Test_OptionalGroup{} }
-	func (m *Test_OptionalGroup) String() string { return proto.CompactTextString(m) }
-
-	func (m *Test_OptionalGroup) GetRequiredField() string {
-		if m != nil && m.RequiredField != nil {
-			return *m.RequiredField
-		}
-		return ""
-	}
-
-	func (m *Test) GetNumber() int32 {
-		if x, ok := m.GetUnion().(*Test_Number); ok {
-			return x.Number
-		}
-		return 0
-	}
-
-	func (m *Test) GetName() string {
-		if x, ok := m.GetUnion().(*Test_Name); ok {
-			return x.Name
-		}
-		return ""
-	}
-
-	func init() {
-		proto.RegisterEnum("example.FOO", FOO_name, FOO_value)
-	}
-
-To create and play with a Test object:
-
-	package main
-
-	import (
-		"log"
-
-		"github.com/golang/protobuf/proto"
-		pb "./example.pb"
-	)
-
-	func main() {
-		test := &pb.Test{
-			Label: proto.String("hello"),
-			Type:  proto.Int32(17),
-			Reps:  []int64{1, 2, 3},
-			Optionalgroup: &pb.Test_OptionalGroup{
-				RequiredField: proto.String("good bye"),
-			},
-			Union: &pb.Test_Name{"fred"},
-		}
-		data, err := proto.Marshal(test)
-		if err != nil {
-			log.Fatal("marshaling error: ", err)
-		}
-		newTest := &pb.Test{}
-		err = proto.Unmarshal(data, newTest)
-		if err != nil {
-			log.Fatal("unmarshaling error: ", err)
-		}
-		// Now test and newTest contain the same data.
-		if test.GetLabel() != newTest.GetLabel() {
-			log.Fatalf("data mismatch %q != %q", test.GetLabel(), newTest.GetLabel())
-		}
-		// Use a type switch to determine which oneof was set.
-		switch u := test.Union.(type) {
-		case *pb.Test_Number: // u.Number contains the number.
-		case *pb.Test_Name: // u.Name contains the string.
-		}
-		// etc.
-	}
-*/
-package proto
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"log"
-	"reflect"
-	"sort"
-	"strconv"
-	"sync"
-)
-
-var errInvalidUTF8 = errors.New("proto: invalid UTF-8 string")
-
-// Message is implemented by generated protocol buffer messages.
-type Message interface {
-	Reset()
-	String() string
-	ProtoMessage()
-}
-
-// Stats records allocation details about the protocol buffer encoders
-// and decoders.  Useful for tuning the library itself.
-type Stats struct {
-	Emalloc uint64 // mallocs in encode
-	Dmalloc uint64 // mallocs in decode
-	Encode  uint64 // number of encodes
-	Decode  uint64 // number of decodes
-	Chit    uint64 // number of cache hits
-	Cmiss   uint64 // number of cache misses
-	Size    uint64 // number of sizes
-}
-
-// Set to true to enable stats collection.
-const collectStats = false
-
-var stats Stats
-
-// GetStats returns a copy of the global Stats structure.
-func GetStats() Stats { return stats }
-
-// A Buffer is a buffer manager for marshaling and unmarshaling
-// protocol buffers.  It may be reused between invocations to
-// reduce memory usage.  It is not necessary to use a Buffer;
-// the global functions Marshal and Unmarshal create a
-// temporary Buffer and are fine for most applications.
-type Buffer struct {
-	buf   []byte // encode/decode byte stream
-	index int    // read point
-
-	deterministic bool
-}
-
-// NewBuffer allocates a new Buffer and initializes its internal data to
-// the contents of the argument slice.
-func NewBuffer(e []byte) *Buffer {
-	return &Buffer{buf: e}
-}
-
-// Reset resets the Buffer, ready for marshaling a new protocol buffer.
-func (p *Buffer) Reset() {
-	p.buf = p.buf[0:0] // for reading/writing
-	p.index = 0        // for reading
-}
-
-// SetBuf replaces the internal buffer with the slice,
-// ready for unmarshaling the contents of the slice.
-func (p *Buffer) SetBuf(s []byte) {
-	p.buf = s
-	p.index = 0
-}
-
-// Bytes returns the contents of the Buffer.
-func (p *Buffer) Bytes() []byte { return p.buf }
-
-// SetDeterministic sets whether to use deterministic serialization.
-//
-// Deterministic serialization guarantees that for a given binary, equal
-// messages will always be serialized to the same bytes. This implies:
-//
-//   - Repeated serialization of a message will return the same bytes.
-//   - Different processes of the same binary (which may be executing on
-//     different machines) will serialize equal messages to the same bytes.
-//
-// Note that the deterministic serialization is NOT canonical across
-// languages. It is not guaranteed to remain stable over time. It is unstable
-// across different builds with schema changes due to unknown fields.
-// Users who need canonical serialization (e.g., persistent storage in a
-// canonical form, fingerprinting, etc.) should define their own
-// canonicalization specification and implement their own serializer rather
-// than relying on this API.
-//
-// If deterministic serialization is requested, map entries will be sorted
-// by keys in lexographical order. This is an implementation detail and
-// subject to change.
-func (p *Buffer) SetDeterministic(deterministic bool) {
-	p.deterministic = deterministic
-}
-
-/*
- * Helper routines for simplifying the creation of optional fields of basic type.
- */
-
-// Bool is a helper routine that allocates a new bool value
-// to store v and returns a pointer to it.
-func Bool(v bool) *bool {
-	return &v
-}
-
-// Int32 is a helper routine that allocates a new int32 value
-// to store v and returns a pointer to it.
-func Int32(v int32) *int32 {
-	return &v
-}
-
-// Int is a helper routine that allocates a new int32 value
-// to store v and returns a pointer to it, but unlike Int32
-// its argument value is an int.
-func Int(v int) *int32 {
-	p := new(int32)
-	*p = int32(v)
-	return p
-}
-
-// Int64 is a helper routine that allocates a new int64 value
-// to store v and returns a pointer to it.
-func Int64(v int64) *int64 {
-	return &v
-}
-
-// Float32 is a helper routine that allocates a new float32 value
-// to store v and returns a pointer to it.
-func Float32(v float32) *float32 {
-	return &v
-}
-
-// Float64 is a helper routine that allocates a new float64 value
-// to store v and returns a pointer to it.
-func Float64(v float64) *float64 {
-	return &v
-}
-
-// Uint32 is a helper routine that allocates a new uint32 value
-// to store v and returns a pointer to it.
-func Uint32(v uint32) *uint32 {
-	return &v
-}
-
-// Uint64 is a helper routine that allocates a new uint64 value
-// to store v and returns a pointer to it.
-func Uint64(v uint64) *uint64 {
-	return &v
-}
-
-// String is a helper routine that allocates a new string value
-// to store v and returns a pointer to it.
-func String(v string) *string {
-	return &v
-}
-
-// EnumName is a helper function to simplify printing protocol buffer enums
-// by name.  Given an enum map and a value, it returns a useful string.
-func EnumName(m map[int32]string, v int32) string {
-	s, ok := m[v]
-	if ok {
-		return s
-	}
-	return strconv.Itoa(int(v))
-}
-
-// UnmarshalJSONEnum is a helper function to simplify recovering enum int values
-// from their JSON-encoded representation. Given a map from the enum's symbolic
-// names to its int values, and a byte buffer containing the JSON-encoded
-// value, it returns an int32 that can be cast to the enum type by the caller.
-//
-// The function can deal with both JSON representations, numeric and symbolic.
-func UnmarshalJSONEnum(m map[string]int32, data []byte, enumName string) (int32, error) {
-	if data[0] == '"' {
-		// New style: enums are strings.
-		var repr string
-		if err := json.Unmarshal(data, &repr); err != nil {
-			return -1, err
-		}
-		val, ok := m[repr]
-		if !ok {
-			return 0, fmt.Errorf("unrecognized enum %s value %q", enumName, repr)
-		}
-		return val, nil
-	}
-	// Old style: enums are ints.
-	var val int32
-	if err := json.Unmarshal(data, &val); err != nil {
-		return 0, fmt.Errorf("cannot unmarshal %#q into enum %s", data, enumName)
-	}
-	return val, nil
-}
-
-// DebugPrint dumps the encoded data in b in a debugging format with a header
-// including the string s. Used in testing but made available for general debugging.
-func (p *Buffer) DebugPrint(s string, b []byte) {
-	var u uint64
-
-	obuf := p.buf
-	index := p.index
-	p.buf = b
-	p.index = 0
-	depth := 0
-
-	fmt.Printf("\n--- %s ---\n", s)
-
-out:
-	for {
-		for i := 0; i < depth; i++ {
-			fmt.Print("  ")
-		}
-
-		index := p.index
-		if index == len(p.buf) {
-			break
-		}
-
-		op, err := p.DecodeVarint()
-		if err != nil {
-			fmt.Printf("%3d: fetching op err %v\n", index, err)
-			break out
-		}
-		tag := op >> 3
-		wire := op & 7
-
-		switch wire {
-		default:
-			fmt.Printf("%3d: t=%3d unknown wire=%d\n",
-				index, tag, wire)
-			break out
-
-		case WireBytes:
-			var r []byte
-
-			r, err = p.DecodeRawBytes(false)
-			if err != nil {
-				break out
-			}
-			fmt.Printf("%3d: t=%3d bytes [%d]", index, tag, len(r))
-			if len(r) <= 6 {
-				for i := 0; i < len(r); i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-			} else {
-				for i := 0; i < 3; i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-				fmt.Printf(" ..")
-				for i := len(r) - 3; i < len(r); i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-			}
-			fmt.Printf("\n")
-
-		case WireFixed32:
-			u, err = p.DecodeFixed32()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d fix32 err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d fix32 %d\n", index, tag, u)
-
-		case WireFixed64:
-			u, err = p.DecodeFixed64()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d fix64 err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d fix64 %d\n", index, tag, u)
-
-		case WireVarint:
-			u, err = p.DecodeVarint()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d varint err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d varint %d\n", index, tag, u)
-
-		case WireStartGroup:
-			fmt.Printf("%3d: t=%3d start\n", index, tag)
-			depth++
-
-		case WireEndGroup:
-			depth--
-			fmt.Printf("%3d: t=%3d end\n", index, tag)
-		}
-	}
-
-	if depth != 0 {
-		fmt.Printf("%3d: start-end not balanced %d\n", p.index, depth)
-	}
-	fmt.Printf("\n")
-
-	p.buf = obuf
-	p.index = index
-}
-
-// SetDefaults sets unset protocol buffer fields to their default values.
-// It only modifies fields that are both unset and have defined defaults.
-// It recursively sets default values in any non-nil sub-messages.
-func SetDefaults(pb Message) {
-	setDefaults(reflect.ValueOf(pb), true, false)
-}
-
-// v is a pointer to a struct.
-func setDefaults(v reflect.Value, recur, zeros bool) {
-	v = v.Elem()
-
-	defaultMu.RLock()
-	dm, ok := defaults[v.Type()]
-	defaultMu.RUnlock()
-	if !ok {
-		dm = buildDefaultMessage(v.Type())
-		defaultMu.Lock()
-		defaults[v.Type()] = dm
-		defaultMu.Unlock()
-	}
-
-	for _, sf := range dm.scalars {
-		f := v.Field(sf.index)
-		if !f.IsNil() {
-			// field already set
-			continue
-		}
-		dv := sf.value
-		if dv == nil && !zeros {
-			// no explicit default, and don't want to set zeros
-			continue
-		}
-		fptr := f.Addr().Interface() // **T
-		// TODO: Consider batching the allocations we do here.
-		switch sf.kind {
-		case reflect.Bool:
-			b := new(bool)
-			if dv != nil {
-				*b = dv.(bool)
-			}
-			*(fptr.(**bool)) = b
-		case reflect.Float32:
-			f := new(float32)
-			if dv != nil {
-				*f = dv.(float32)
-			}
-			*(fptr.(**float32)) = f
-		case reflect.Float64:
-			f := new(float64)
-			if dv != nil {
-				*f = dv.(float64)
-			}
-			*(fptr.(**float64)) = f
-		case reflect.Int32:
-			// might be an enum
-			if ft := f.Type(); ft != int32PtrType {
-				// enum
-				f.Set(reflect.New(ft.Elem()))
-				if dv != nil {
-					f.Elem().SetInt(int64(dv.(int32)))
-				}
-			} else {
-				// int32 field
-				i := new(int32)
-				if dv != nil {
-					*i = dv.(int32)
-				}
-				*(fptr.(**int32)) = i
-			}
-		case reflect.Int64:
-			i := new(int64)
-			if dv != nil {
-				*i = dv.(int64)
-			}
-			*(fptr.(**int64)) = i
-		case reflect.String:
-			s := new(string)
-			if dv != nil {
-				*s = dv.(string)
-			}
-			*(fptr.(**string)) = s
-		case reflect.Uint8:
-			// exceptional case: []byte
-			var b []byte
-			if dv != nil {
-				db := dv.([]byte)
-				b = make([]byte, len(db))
-				copy(b, db)
-			} else {
-				b = []byte{}
-			}
-			*(fptr.(*[]byte)) = b
-		case reflect.Uint32:
-			u := new(uint32)
-			if dv != nil {
-				*u = dv.(uint32)
-			}
-			*(fptr.(**uint32)) = u
-		case reflect.Uint64:
-			u := new(uint64)
-			if dv != nil {
-				*u = dv.(uint64)
-			}
-			*(fptr.(**uint64)) = u
-		default:
-			log.Printf("proto: can't set default for field %v (sf.kind=%v)", f, sf.kind)
-		}
-	}
-
-	for _, ni := range dm.nested {
-		f := v.Field(ni)
-		// f is *T or []*T or map[T]*T
-		switch f.Kind() {
-		case reflect.Ptr:
-			if f.IsNil() {
-				continue
-			}
-			setDefaults(f, recur, zeros)
-
-		case reflect.Slice:
-			for i := 0; i < f.Len(); i++ {
-				e := f.Index(i)
-				if e.IsNil() {
-					continue
-				}
-				setDefaults(e, recur, zeros)
-			}
-
-		case reflect.Map:
-			for _, k := range f.MapKeys() {
-				e := f.MapIndex(k)
-				if e.IsNil() {
-					continue
-				}
-				setDefaults(e, recur, zeros)
-			}
-		}
-	}
-}
-
-var (
-	// defaults maps a protocol buffer struct type to a slice of the fields,
-	// with its scalar fields set to their proto-declared non-zero default values.
-	defaultMu sync.RWMutex
-	defaults  = make(map[reflect.Type]defaultMessage)
-
-	int32PtrType = reflect.TypeOf((*int32)(nil))
-)
-
-// defaultMessage represents information about the default values of a message.
-type defaultMessage struct {
-	scalars []scalarField
-	nested  []int // struct field index of nested messages
-}
-
-type scalarField struct {
-	index int          // struct field index
-	kind  reflect.Kind // element type (the T in *T or []T)
-	value interface{}  // the proto-declared default value, or nil
-}
-
-// t is a struct type.
-func buildDefaultMessage(t reflect.Type) (dm defaultMessage) {
-	sprop := GetProperties(t)
-	for _, prop := range sprop.Prop {
-		fi, ok := sprop.decoderTags.get(prop.Tag)
-		if !ok {
-			// XXX_unrecognized
-			continue
-		}
-		ft := t.Field(fi).Type
-
-		sf, nested, err := fieldDefault(ft, prop)
-		switch {
-		case err != nil:
-			log.Print(err)
-		case nested:
-			dm.nested = append(dm.nested, fi)
-		case sf != nil:
-			sf.index = fi
-			dm.scalars = append(dm.scalars, *sf)
-		}
-	}
-
-	return dm
-}
-
-// fieldDefault returns the scalarField for field type ft.
-// sf will be nil if the field can not have a default.
-// nestedMessage will be true if this is a nested message.
-// Note that sf.index is not set on return.
-func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMessage bool, err error) {
-	var canHaveDefault bool
-	switch ft.Kind() {
-	case reflect.Ptr:
-		if ft.Elem().Kind() == reflect.Struct {
-			nestedMessage = true
-		} else {
-			canHaveDefault = true // proto2 scalar field
-		}
-
-	case reflect.Slice:
-		switch ft.Elem().Kind() {
-		case reflect.Ptr:
-			nestedMessage = true // repeated message
-		case reflect.Uint8:
-			canHaveDefault = true // bytes field
-		}
-
-	case reflect.Map:
-		if ft.Elem().Kind() == reflect.Ptr {
-			nestedMessage = true // map with message values
-		}
-	}
-
-	if !canHaveDefault {
-		if nestedMessage {
-			return nil, true, nil
-		}
-		return nil, false, nil
-	}
-
-	// We now know that ft is a pointer or slice.
-	sf = &scalarField{kind: ft.Elem().Kind()}
-
-	// scalar fields without defaults
-	if !prop.HasDefault {
-		return sf, false, nil
-	}
-
-	// a scalar field: either *T or []byte
-	switch ft.Elem().Kind() {
-	case reflect.Bool:
-		x, err := strconv.ParseBool(prop.Default)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default bool %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.Float32:
-		x, err := strconv.ParseFloat(prop.Default, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default float32 %q: %v", prop.Default, err)
-		}
-		sf.value = float32(x)
-	case reflect.Float64:
-		x, err := strconv.ParseFloat(prop.Default, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default float64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.Int32:
-		x, err := strconv.ParseInt(prop.Default, 10, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default int32 %q: %v", prop.Default, err)
-		}
-		sf.value = int32(x)
-	case reflect.Int64:
-		x, err := strconv.ParseInt(prop.Default, 10, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default int64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.String:
-		sf.value = prop.Default
-	case reflect.Uint8:
-		// []byte (not *uint8)
-		sf.value = []byte(prop.Default)
-	case reflect.Uint32:
-		x, err := strconv.ParseUint(prop.Default, 10, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default uint32 %q: %v", prop.Default, err)
-		}
-		sf.value = uint32(x)
-	case reflect.Uint64:
-		x, err := strconv.ParseUint(prop.Default, 10, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default uint64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	default:
-		return nil, false, fmt.Errorf("proto: unhandled def kind %v", ft.Elem().Kind())
-	}
-
-	return sf, false, nil
-}
-
-// mapKeys returns a sort.Interface to be used for sorting the map keys.
-// Map fields may have key types of non-float scalars, strings and enums.
-func mapKeys(vs []reflect.Value) sort.Interface {
-	s := mapKeySorter{vs: vs}
-
-	// Type specialization per https://developers.google.com/protocol-buffers/docs/proto#maps.
-	if len(vs) == 0 {
-		return s
-	}
-	switch vs[0].Kind() {
-	case reflect.Int32, reflect.Int64:
-		s.less = func(a, b reflect.Value) bool { return a.Int() < b.Int() }
-	case reflect.Uint32, reflect.Uint64:
-		s.less = func(a, b reflect.Value) bool { return a.Uint() < b.Uint() }
-	case reflect.Bool:
-		s.less = func(a, b reflect.Value) bool { return !a.Bool() && b.Bool() } // false < true
-	case reflect.String:
-		s.less = func(a, b reflect.Value) bool { return a.String() < b.String() }
-	default:
-		panic(fmt.Sprintf("unsupported map key type: %v", vs[0].Kind()))
-	}
-
-	return s
-}
-
-type mapKeySorter struct {
-	vs   []reflect.Value
-	less func(a, b reflect.Value) bool
-}
-
-func (s mapKeySorter) Len() int      { return len(s.vs) }
-func (s mapKeySorter) Swap(i, j int) { s.vs[i], s.vs[j] = s.vs[j], s.vs[i] }
-func (s mapKeySorter) Less(i, j int) bool {
-	return s.less(s.vs[i], s.vs[j])
-}
-
-// isProto3Zero reports whether v is a zero proto3 value.
-func isProto3Zero(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Bool:
-		return !v.Bool()
-	case reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint32, reflect.Uint64:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() == 0
-	case reflect.String:
-		return v.String() == ""
-	}
-	return false
-}
-
-// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const ProtoPackageIsVersion2 = true
-
-// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
-// to assert that that code is compatible with this version of the proto package.
-const ProtoPackageIsVersion1 = true
-
-// InternalMessageInfo is a type used internally by generated .pb.go files.
-// This type is not intended to be used by non-generated code.
-// This type is not subject to any compatibility guarantee.
-type InternalMessageInfo struct {
-	marshal   *marshalInfo
-	unmarshal *unmarshalInfo
-	merge     *mergeInfo
-	discard   *discardInfo
-}

libnetwork/vendor/github.com/golang/protobuf/proto/message_set.go

@@ -1,314 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Support for message sets.
- */
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"reflect"
-	"sort"
-	"sync"
-)
-
-// errNoMessageTypeID occurs when a protocol buffer does not have a message type ID.
-// A message type ID is required for storing a protocol buffer in a message set.
-var errNoMessageTypeID = errors.New("proto does not have a message type ID")
-
-// The first two types (_MessageSet_Item and messageSet)
-// model what the protocol compiler produces for the following protocol message:
-//   message MessageSet {
-//     repeated group Item = 1 {
-//       required int32 type_id = 2;
-//       required string message = 3;
-//     };
-//   }
-// That is the MessageSet wire format. We can't use a proto to generate these
-// because that would introduce a circular dependency between it and this package.
-
-type _MessageSet_Item struct {
-	TypeId  *int32 `protobuf:"varint,2,req,name=type_id"`
-	Message []byte `protobuf:"bytes,3,req,name=message"`
-}
-
-type messageSet struct {
-	Item             []*_MessageSet_Item `protobuf:"group,1,rep"`
-	XXX_unrecognized []byte
-	// TODO: caching?
-}
-
-// Make sure messageSet is a Message.
-var _ Message = (*messageSet)(nil)
-
-// messageTypeIder is an interface satisfied by a protocol buffer type
-// that may be stored in a MessageSet.
-type messageTypeIder interface {
-	MessageTypeId() int32
-}
-
-func (ms *messageSet) find(pb Message) *_MessageSet_Item {
-	mti, ok := pb.(messageTypeIder)
-	if !ok {
-		return nil
-	}
-	id := mti.MessageTypeId()
-	for _, item := range ms.Item {
-		if *item.TypeId == id {
-			return item
-		}
-	}
-	return nil
-}
-
-func (ms *messageSet) Has(pb Message) bool {
-	return ms.find(pb) != nil
-}
-
-func (ms *messageSet) Unmarshal(pb Message) error {
-	if item := ms.find(pb); item != nil {
-		return Unmarshal(item.Message, pb)
-	}
-	if _, ok := pb.(messageTypeIder); !ok {
-		return errNoMessageTypeID
-	}
-	return nil // TODO: return error instead?
-}
-
-func (ms *messageSet) Marshal(pb Message) error {
-	msg, err := Marshal(pb)
-	if err != nil {
-		return err
-	}
-	if item := ms.find(pb); item != nil {
-		// reuse existing item
-		item.Message = msg
-		return nil
-	}
-
-	mti, ok := pb.(messageTypeIder)
-	if !ok {
-		return errNoMessageTypeID
-	}
-
-	mtid := mti.MessageTypeId()
-	ms.Item = append(ms.Item, &_MessageSet_Item{
-		TypeId:  &mtid,
-		Message: msg,
-	})
-	return nil
-}
-
-func (ms *messageSet) Reset()         { *ms = messageSet{} }
-func (ms *messageSet) String() string { return CompactTextString(ms) }
-func (*messageSet) ProtoMessage()     {}
-
-// Support for the message_set_wire_format message option.
-
-func skipVarint(buf []byte) []byte {
-	i := 0
-	for ; buf[i]&0x80 != 0; i++ {
-	}
-	return buf[i+1:]
-}
-
-// MarshalMessageSet encodes the extension map represented by m in the message set wire format.
-// It is called by generated Marshal methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSet(exts interface{}) ([]byte, error) {
-	return marshalMessageSet(exts, false)
-}
-
-// marshaMessageSet implements above function, with the opt to turn on / off deterministic during Marshal.
-func marshalMessageSet(exts interface{}, deterministic bool) ([]byte, error) {
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		var u marshalInfo
-		siz := u.sizeMessageSet(exts)
-		b := make([]byte, 0, siz)
-		return u.appendMessageSet(b, exts, deterministic)
-
-	case map[int32]Extension:
-		// This is an old-style extension map.
-		// Wrap it in a new-style XXX_InternalExtensions.
-		ie := XXX_InternalExtensions{
-			p: &struct {
-				mu           sync.Mutex
-				extensionMap map[int32]Extension
-			}{
-				extensionMap: exts,
-			},
-		}
-
-		var u marshalInfo
-		siz := u.sizeMessageSet(&ie)
-		b := make([]byte, 0, siz)
-		return u.appendMessageSet(b, &ie, deterministic)
-
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-}
-
-// UnmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
-// It is called by Unmarshal methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSet(buf []byte, exts interface{}) error {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		m = exts.extensionsWrite()
-	case map[int32]Extension:
-		m = exts
-	default:
-		return errors.New("proto: not an extension map")
-	}
-
-	ms := new(messageSet)
-	if err := Unmarshal(buf, ms); err != nil {
-		return err
-	}
-	for _, item := range ms.Item {
-		id := *item.TypeId
-		msg := item.Message
-
-		// Restore wire type and field number varint, plus length varint.
-		// Be careful to preserve duplicate items.
-		b := EncodeVarint(uint64(id)<<3 | WireBytes)
-		if ext, ok := m[id]; ok {
-			// Existing data; rip off the tag and length varint
-			// so we join the new data correctly.
-			// We can assume that ext.enc is set because we are unmarshaling.
-			o := ext.enc[len(b):]   // skip wire type and field number
-			_, n := DecodeVarint(o) // calculate length of length varint
-			o = o[n:]               // skip length varint
-			msg = append(o, msg...) // join old data and new data
-		}
-		b = append(b, EncodeVarint(uint64(len(msg)))...)
-		b = append(b, msg...)
-
-		m[id] = Extension{enc: b}
-	}
-	return nil
-}
-
-// MarshalMessageSetJSON encodes the extension map represented by m in JSON format.
-// It is called by generated MarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func MarshalMessageSetJSON(exts interface{}) ([]byte, error) {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		var mu sync.Locker
-		m, mu = exts.extensionsRead()
-		if m != nil {
-			// Keep the extensions map locked until we're done marshaling to prevent
-			// races between marshaling and unmarshaling the lazily-{en,de}coded
-			// values.
-			mu.Lock()
-			defer mu.Unlock()
-		}
-	case map[int32]Extension:
-		m = exts
-	default:
-		return nil, errors.New("proto: not an extension map")
-	}
-	var b bytes.Buffer
-	b.WriteByte('{')
-
-	// Process the map in key order for deterministic output.
-	ids := make([]int32, 0, len(m))
-	for id := range m {
-		ids = append(ids, id)
-	}
-	sort.Sort(int32Slice(ids)) // int32Slice defined in text.go
-
-	for i, id := range ids {
-		ext := m[id]
-		msd, ok := messageSetMap[id]
-		if !ok {
-			// Unknown type; we can't render it, so skip it.
-			continue
-		}
-
-		if i > 0 && b.Len() > 1 {
-			b.WriteByte(',')
-		}
-
-		fmt.Fprintf(&b, `"[%s]":`, msd.name)
-
-		x := ext.value
-		if x == nil {
-			x = reflect.New(msd.t.Elem()).Interface()
-			if err := Unmarshal(ext.enc, x.(Message)); err != nil {
-				return nil, err
-			}
-		}
-		d, err := json.Marshal(x)
-		if err != nil {
-			return nil, err
-		}
-		b.Write(d)
-	}
-	b.WriteByte('}')
-	return b.Bytes(), nil
-}
-
-// UnmarshalMessageSetJSON decodes the extension map encoded in buf in JSON format.
-// It is called by generated UnmarshalJSON methods on protocol buffer messages with the message_set_wire_format option.
-func UnmarshalMessageSetJSON(buf []byte, exts interface{}) error {
-	// Common-case fast path.
-	if len(buf) == 0 || bytes.Equal(buf, []byte("{}")) {
-		return nil
-	}
-
-	// This is fairly tricky, and it's not clear that it is needed.
-	return errors.New("TODO: UnmarshalMessageSetJSON not yet implemented")
-}
-
-// A global registry of types that can be used in a MessageSet.
-
-var messageSetMap = make(map[int32]messageSetDesc)
-
-type messageSetDesc struct {
-	t    reflect.Type // pointer to struct
-	name string
-}
-
-// RegisterMessageSetType is called from the generated code.
-func RegisterMessageSetType(m Message, fieldNum int32, name string) {
-	messageSetMap[fieldNum] = messageSetDesc{
-		t:    reflect.TypeOf(m),
-		name: name,
-	}
-}

libnetwork/vendor/github.com/golang/protobuf/proto/pointer_reflect.go

@@ -1,357 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2012 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// +build purego appengine js
-
-// This file contains an implementation of proto field accesses using package reflect.
-// It is slower than the code in pointer_unsafe.go but it avoids package unsafe and can
-// be used on App Engine.
-
-package proto
-
-import (
-	"reflect"
-	"sync"
-)
-
-const unsafeAllowed = false
-
-// A field identifies a field in a struct, accessible from a pointer.
-// In this implementation, a field is identified by the sequence of field indices
-// passed to reflect's FieldByIndex.
-type field []int
-
-// toField returns a field equivalent to the given reflect field.
-func toField(f *reflect.StructField) field {
-	return f.Index
-}
-
-// invalidField is an invalid field identifier.
-var invalidField = field(nil)
-
-// zeroField is a noop when calling pointer.offset.
-var zeroField = field([]int{})
-
-// IsValid reports whether the field identifier is valid.
-func (f field) IsValid() bool { return f != nil }
-
-// The pointer type is for the table-driven decoder.
-// The implementation here uses a reflect.Value of pointer type to
-// create a generic pointer. In pointer_unsafe.go we use unsafe
-// instead of reflect to implement the same (but faster) interface.
-type pointer struct {
-	v reflect.Value
-}
-
-// toPointer converts an interface of pointer type to a pointer
-// that points to the same target.
-func toPointer(i *Message) pointer {
-	return pointer{v: reflect.ValueOf(*i)}
-}
-
-// toAddrPointer converts an interface to a pointer that points to
-// the interface data.
-func toAddrPointer(i *interface{}, isptr bool) pointer {
-	v := reflect.ValueOf(*i)
-	u := reflect.New(v.Type())
-	u.Elem().Set(v)
-	return pointer{v: u}
-}
-
-// valToPointer converts v to a pointer.  v must be of pointer type.
-func valToPointer(v reflect.Value) pointer {
-	return pointer{v: v}
-}
-
-// offset converts from a pointer to a structure to a pointer to
-// one of its fields.
-func (p pointer) offset(f field) pointer {
-	return pointer{v: p.v.Elem().FieldByIndex(f).Addr()}
-}
-
-func (p pointer) isNil() bool {
-	return p.v.IsNil()
-}
-
-// grow updates the slice s in place to make it one element longer.
-// s must be addressable.
-// Returns the (addressable) new element.
-func grow(s reflect.Value) reflect.Value {
-	n, m := s.Len(), s.Cap()
-	if n < m {
-		s.SetLen(n + 1)
-	} else {
-		s.Set(reflect.Append(s, reflect.Zero(s.Type().Elem())))
-	}
-	return s.Index(n)
-}
-
-func (p pointer) toInt64() *int64 {
-	return p.v.Interface().(*int64)
-}
-func (p pointer) toInt64Ptr() **int64 {
-	return p.v.Interface().(**int64)
-}
-func (p pointer) toInt64Slice() *[]int64 {
-	return p.v.Interface().(*[]int64)
-}
-
-var int32ptr = reflect.TypeOf((*int32)(nil))
-
-func (p pointer) toInt32() *int32 {
-	return p.v.Convert(int32ptr).Interface().(*int32)
-}
-
-// The toInt32Ptr/Slice methods don't work because of enums.
-// Instead, we must use set/get methods for the int32ptr/slice case.
-/*
-	func (p pointer) toInt32Ptr() **int32 {
-		return p.v.Interface().(**int32)
-}
-	func (p pointer) toInt32Slice() *[]int32 {
-		return p.v.Interface().(*[]int32)
-}
-*/
-func (p pointer) getInt32Ptr() *int32 {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		return p.v.Elem().Interface().(*int32)
-	}
-	// an enum
-	return p.v.Elem().Convert(int32PtrType).Interface().(*int32)
-}
-func (p pointer) setInt32Ptr(v int32) {
-	// Allocate value in a *int32. Possibly convert that to a *enum.
-	// Then assign it to a **int32 or **enum.
-	// Note: we can convert *int32 to *enum, but we can't convert
-	// **int32 to **enum!
-	p.v.Elem().Set(reflect.ValueOf(&v).Convert(p.v.Type().Elem()))
-}
-
-// getInt32Slice copies []int32 from p as a new slice.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) getInt32Slice() []int32 {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		return p.v.Elem().Interface().([]int32)
-	}
-	// an enum
-	// Allocate a []int32, then assign []enum's values into it.
-	// Note: we can't convert []enum to []int32.
-	slice := p.v.Elem()
-	s := make([]int32, slice.Len())
-	for i := 0; i < slice.Len(); i++ {
-		s[i] = int32(slice.Index(i).Int())
-	}
-	return s
-}
-
-// setInt32Slice copies []int32 into p as a new slice.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) setInt32Slice(v []int32) {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		p.v.Elem().Set(reflect.ValueOf(v))
-		return
-	}
-	// an enum
-	// Allocate a []enum, then assign []int32's values into it.
-	// Note: we can't convert []enum to []int32.
-	slice := reflect.MakeSlice(p.v.Type().Elem(), len(v), cap(v))
-	for i, x := range v {
-		slice.Index(i).SetInt(int64(x))
-	}
-	p.v.Elem().Set(slice)
-}
-func (p pointer) appendInt32Slice(v int32) {
-	grow(p.v.Elem()).SetInt(int64(v))
-}
-
-func (p pointer) toUint64() *uint64 {
-	return p.v.Interface().(*uint64)
-}
-func (p pointer) toUint64Ptr() **uint64 {
-	return p.v.Interface().(**uint64)
-}
-func (p pointer) toUint64Slice() *[]uint64 {
-	return p.v.Interface().(*[]uint64)
-}
-func (p pointer) toUint32() *uint32 {
-	return p.v.Interface().(*uint32)
-}
-func (p pointer) toUint32Ptr() **uint32 {
-	return p.v.Interface().(**uint32)
-}
-func (p pointer) toUint32Slice() *[]uint32 {
-	return p.v.Interface().(*[]uint32)
-}
-func (p pointer) toBool() *bool {
-	return p.v.Interface().(*bool)
-}
-func (p pointer) toBoolPtr() **bool {
-	return p.v.Interface().(**bool)
-}
-func (p pointer) toBoolSlice() *[]bool {
-	return p.v.Interface().(*[]bool)
-}
-func (p pointer) toFloat64() *float64 {
-	return p.v.Interface().(*float64)
-}
-func (p pointer) toFloat64Ptr() **float64 {
-	return p.v.Interface().(**float64)
-}
-func (p pointer) toFloat64Slice() *[]float64 {
-	return p.v.Interface().(*[]float64)
-}
-func (p pointer) toFloat32() *float32 {
-	return p.v.Interface().(*float32)
-}
-func (p pointer) toFloat32Ptr() **float32 {
-	return p.v.Interface().(**float32)
-}
-func (p pointer) toFloat32Slice() *[]float32 {
-	return p.v.Interface().(*[]float32)
-}
-func (p pointer) toString() *string {
-	return p.v.Interface().(*string)
-}
-func (p pointer) toStringPtr() **string {
-	return p.v.Interface().(**string)
-}
-func (p pointer) toStringSlice() *[]string {
-	return p.v.Interface().(*[]string)
-}
-func (p pointer) toBytes() *[]byte {
-	return p.v.Interface().(*[]byte)
-}
-func (p pointer) toBytesSlice() *[][]byte {
-	return p.v.Interface().(*[][]byte)
-}
-func (p pointer) toExtensions() *XXX_InternalExtensions {
-	return p.v.Interface().(*XXX_InternalExtensions)
-}
-func (p pointer) toOldExtensions() *map[int32]Extension {
-	return p.v.Interface().(*map[int32]Extension)
-}
-func (p pointer) getPointer() pointer {
-	return pointer{v: p.v.Elem()}
-}
-func (p pointer) setPointer(q pointer) {
-	p.v.Elem().Set(q.v)
-}
-func (p pointer) appendPointer(q pointer) {
-	grow(p.v.Elem()).Set(q.v)
-}
-
-// getPointerSlice copies []*T from p as a new []pointer.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) getPointerSlice() []pointer {
-	if p.v.IsNil() {
-		return nil
-	}
-	n := p.v.Elem().Len()
-	s := make([]pointer, n)
-	for i := 0; i < n; i++ {
-		s[i] = pointer{v: p.v.Elem().Index(i)}
-	}
-	return s
-}
-
-// setPointerSlice copies []pointer into p as a new []*T.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) setPointerSlice(v []pointer) {
-	if v == nil {
-		p.v.Elem().Set(reflect.New(p.v.Elem().Type()).Elem())
-		return
-	}
-	s := reflect.MakeSlice(p.v.Elem().Type(), 0, len(v))
-	for _, p := range v {
-		s = reflect.Append(s, p.v)
-	}
-	p.v.Elem().Set(s)
-}
-
-// getInterfacePointer returns a pointer that points to the
-// interface data of the interface pointed by p.
-func (p pointer) getInterfacePointer() pointer {
-	if p.v.Elem().IsNil() {
-		return pointer{v: p.v.Elem()}
-	}
-	return pointer{v: p.v.Elem().Elem().Elem().Field(0).Addr()} // *interface -> interface -> *struct -> struct
-}
-
-func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
-	// TODO: check that p.v.Type().Elem() == t?
-	return p.v
-}
-
-func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-
-var atomicLock sync.Mutex

libnetwork/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go

@@ -1,308 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2012 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// +build !purego,!appengine,!js
-
-// This file contains the implementation of the proto field accesses using package unsafe.
-
-package proto
-
-import (
-	"reflect"
-	"sync/atomic"
-	"unsafe"
-)
-
-const unsafeAllowed = true
-
-// A field identifies a field in a struct, accessible from a pointer.
-// In this implementation, a field is identified by its byte offset from the start of the struct.
-type field uintptr
-
-// toField returns a field equivalent to the given reflect field.
-func toField(f *reflect.StructField) field {
-	return field(f.Offset)
-}
-
-// invalidField is an invalid field identifier.
-const invalidField = ^field(0)
-
-// zeroField is a noop when calling pointer.offset.
-const zeroField = field(0)
-
-// IsValid reports whether the field identifier is valid.
-func (f field) IsValid() bool {
-	return f != invalidField
-}
-
-// The pointer type below is for the new table-driven encoder/decoder.
-// The implementation here uses unsafe.Pointer to create a generic pointer.
-// In pointer_reflect.go we use reflect instead of unsafe to implement
-// the same (but slower) interface.
-type pointer struct {
-	p unsafe.Pointer
-}
-
-// size of pointer
-var ptrSize = unsafe.Sizeof(uintptr(0))
-
-// toPointer converts an interface of pointer type to a pointer
-// that points to the same target.
-func toPointer(i *Message) pointer {
-	// Super-tricky - read pointer out of data word of interface value.
-	// Saves ~25ns over the equivalent:
-	// return valToPointer(reflect.ValueOf(*i))
-	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
-}
-
-// toAddrPointer converts an interface to a pointer that points to
-// the interface data.
-func toAddrPointer(i *interface{}, isptr bool) pointer {
-	// Super-tricky - read or get the address of data word of interface value.
-	if isptr {
-		// The interface is of pointer type, thus it is a direct interface.
-		// The data word is the pointer data itself. We take its address.
-		return pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)}
-	}
-	// The interface is not of pointer type. The data word is the pointer
-	// to the data.
-	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
-}
-
-// valToPointer converts v to a pointer. v must be of pointer type.
-func valToPointer(v reflect.Value) pointer {
-	return pointer{p: unsafe.Pointer(v.Pointer())}
-}
-
-// offset converts from a pointer to a structure to a pointer to
-// one of its fields.
-func (p pointer) offset(f field) pointer {
-	// For safety, we should panic if !f.IsValid, however calling panic causes
-	// this to no longer be inlineable, which is a serious performance cost.
-	/*
-		if !f.IsValid() {
-			panic("invalid field")
-		}
-	*/
-	return pointer{p: unsafe.Pointer(uintptr(p.p) + uintptr(f))}
-}
-
-func (p pointer) isNil() bool {
-	return p.p == nil
-}
-
-func (p pointer) toInt64() *int64 {
-	return (*int64)(p.p)
-}
-func (p pointer) toInt64Ptr() **int64 {
-	return (**int64)(p.p)
-}
-func (p pointer) toInt64Slice() *[]int64 {
-	return (*[]int64)(p.p)
-}
-func (p pointer) toInt32() *int32 {
-	return (*int32)(p.p)
-}
-
-// See pointer_reflect.go for why toInt32Ptr/Slice doesn't exist.
-/*
-	func (p pointer) toInt32Ptr() **int32 {
-		return (**int32)(p.p)
-	}
-	func (p pointer) toInt32Slice() *[]int32 {
-		return (*[]int32)(p.p)
-	}
-*/
-func (p pointer) getInt32Ptr() *int32 {
-	return *(**int32)(p.p)
-}
-func (p pointer) setInt32Ptr(v int32) {
-	*(**int32)(p.p) = &v
-}
-
-// getInt32Slice loads a []int32 from p.
-// The value returned is aliased with the original slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) getInt32Slice() []int32 {
-	return *(*[]int32)(p.p)
-}
-
-// setInt32Slice stores a []int32 to p.
-// The value set is aliased with the input slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) setInt32Slice(v []int32) {
-	*(*[]int32)(p.p) = v
-}
-
-// TODO: Can we get rid of appendInt32Slice and use setInt32Slice instead?
-func (p pointer) appendInt32Slice(v int32) {
-	s := (*[]int32)(p.p)
-	*s = append(*s, v)
-}
-
-func (p pointer) toUint64() *uint64 {
-	return (*uint64)(p.p)
-}
-func (p pointer) toUint64Ptr() **uint64 {
-	return (**uint64)(p.p)
-}
-func (p pointer) toUint64Slice() *[]uint64 {
-	return (*[]uint64)(p.p)
-}
-func (p pointer) toUint32() *uint32 {
-	return (*uint32)(p.p)
-}
-func (p pointer) toUint32Ptr() **uint32 {
-	return (**uint32)(p.p)
-}
-func (p pointer) toUint32Slice() *[]uint32 {
-	return (*[]uint32)(p.p)
-}
-func (p pointer) toBool() *bool {
-	return (*bool)(p.p)
-}
-func (p pointer) toBoolPtr() **bool {
-	return (**bool)(p.p)
-}
-func (p pointer) toBoolSlice() *[]bool {
-	return (*[]bool)(p.p)
-}
-func (p pointer) toFloat64() *float64 {
-	return (*float64)(p.p)
-}
-func (p pointer) toFloat64Ptr() **float64 {
-	return (**float64)(p.p)
-}
-func (p pointer) toFloat64Slice() *[]float64 {
-	return (*[]float64)(p.p)
-}
-func (p pointer) toFloat32() *float32 {
-	return (*float32)(p.p)
-}
-func (p pointer) toFloat32Ptr() **float32 {
-	return (**float32)(p.p)
-}
-func (p pointer) toFloat32Slice() *[]float32 {
-	return (*[]float32)(p.p)
-}
-func (p pointer) toString() *string {
-	return (*string)(p.p)
-}
-func (p pointer) toStringPtr() **string {
-	return (**string)(p.p)
-}
-func (p pointer) toStringSlice() *[]string {
-	return (*[]string)(p.p)
-}
-func (p pointer) toBytes() *[]byte {
-	return (*[]byte)(p.p)
-}
-func (p pointer) toBytesSlice() *[][]byte {
-	return (*[][]byte)(p.p)
-}
-func (p pointer) toExtensions() *XXX_InternalExtensions {
-	return (*XXX_InternalExtensions)(p.p)
-}
-func (p pointer) toOldExtensions() *map[int32]Extension {
-	return (*map[int32]Extension)(p.p)
-}
-
-// getPointerSlice loads []*T from p as a []pointer.
-// The value returned is aliased with the original slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) getPointerSlice() []pointer {
-	// Super-tricky - p should point to a []*T where T is a
-	// message type. We load it as []pointer.
-	return *(*[]pointer)(p.p)
-}
-
-// setPointerSlice stores []pointer into p as a []*T.
-// The value set is aliased with the input slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) setPointerSlice(v []pointer) {
-	// Super-tricky - p should point to a []*T where T is a
-	// message type. We store it as []pointer.
-	*(*[]pointer)(p.p) = v
-}
-
-// getPointer loads the pointer at p and returns it.
-func (p pointer) getPointer() pointer {
-	return pointer{p: *(*unsafe.Pointer)(p.p)}
-}
-
-// setPointer stores the pointer q at p.
-func (p pointer) setPointer(q pointer) {
-	*(*unsafe.Pointer)(p.p) = q.p
-}
-
-// append q to the slice pointed to by p.
-func (p pointer) appendPointer(q pointer) {
-	s := (*[]unsafe.Pointer)(p.p)
-	*s = append(*s, q.p)
-}
-
-// getInterfacePointer returns a pointer that points to the
-// interface data of the interface pointed by p.
-func (p pointer) getInterfacePointer() pointer {
-	// Super-tricky - read pointer out of data word of interface value.
-	return pointer{p: (*(*[2]unsafe.Pointer)(p.p))[1]}
-}
-
-// asPointerTo returns a reflect.Value that is a pointer to an
-// object of type t stored at p.
-func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
-	return reflect.NewAt(t, p.p)
-}
-
-func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
-	return (*unmarshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
-	return (*marshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
-	return (*mergeInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
-	return (*discardInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}

libnetwork/vendor/github.com/golang/protobuf/proto/properties.go

@@ -1,544 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Routines for encoding data into the wire format for protocol buffers.
- */
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"sync"
-)
-
-const debug bool = false
-
-// Constants that identify the encoding of a value on the wire.
-const (
-	WireVarint     = 0
-	WireFixed64    = 1
-	WireBytes      = 2
-	WireStartGroup = 3
-	WireEndGroup   = 4
-	WireFixed32    = 5
-)
-
-// tagMap is an optimization over map[int]int for typical protocol buffer
-// use-cases. Encoded protocol buffers are often in tag order with small tag
-// numbers.
-type tagMap struct {
-	fastTags []int
-	slowTags map[int]int
-}
-
-// tagMapFastLimit is the upper bound on the tag number that will be stored in
-// the tagMap slice rather than its map.
-const tagMapFastLimit = 1024
-
-func (p *tagMap) get(t int) (int, bool) {
-	if t > 0 && t < tagMapFastLimit {
-		if t >= len(p.fastTags) {
-			return 0, false
-		}
-		fi := p.fastTags[t]
-		return fi, fi >= 0
-	}
-	fi, ok := p.slowTags[t]
-	return fi, ok
-}
-
-func (p *tagMap) put(t int, fi int) {
-	if t > 0 && t < tagMapFastLimit {
-		for len(p.fastTags) < t+1 {
-			p.fastTags = append(p.fastTags, -1)
-		}
-		p.fastTags[t] = fi
-		return
-	}
-	if p.slowTags == nil {
-		p.slowTags = make(map[int]int)
-	}
-	p.slowTags[t] = fi
-}
-
-// StructProperties represents properties for all the fields of a struct.
-// decoderTags and decoderOrigNames should only be used by the decoder.
-type StructProperties struct {
-	Prop             []*Properties  // properties for each field
-	reqCount         int            // required count
-	decoderTags      tagMap         // map from proto tag to struct field number
-	decoderOrigNames map[string]int // map from original name to struct field number
-	order            []int          // list of struct field numbers in tag order
-
-	// OneofTypes contains information about the oneof fields in this message.
-	// It is keyed by the original name of a field.
-	OneofTypes map[string]*OneofProperties
-}
-
-// OneofProperties represents information about a specific field in a oneof.
-type OneofProperties struct {
-	Type  reflect.Type // pointer to generated struct type for this oneof field
-	Field int          // struct field number of the containing oneof in the message
-	Prop  *Properties
-}
-
-// Implement the sorting interface so we can sort the fields in tag order, as recommended by the spec.
-// See encode.go, (*Buffer).enc_struct.
-
-func (sp *StructProperties) Len() int { return len(sp.order) }
-func (sp *StructProperties) Less(i, j int) bool {
-	return sp.Prop[sp.order[i]].Tag < sp.Prop[sp.order[j]].Tag
-}
-func (sp *StructProperties) Swap(i, j int) { sp.order[i], sp.order[j] = sp.order[j], sp.order[i] }
-
-// Properties represents the protocol-specific behavior of a single struct field.
-type Properties struct {
-	Name     string // name of the field, for error messages
-	OrigName string // original name before protocol compiler (always set)
-	JSONName string // name to use for JSON; determined by protoc
-	Wire     string
-	WireType int
-	Tag      int
-	Required bool
-	Optional bool
-	Repeated bool
-	Packed   bool   // relevant for repeated primitives only
-	Enum     string // set for enum types only
-	proto3   bool   // whether this is known to be a proto3 field; set for []byte only
-	oneof    bool   // whether this is a oneof field
-
-	Default    string // default value
-	HasDefault bool   // whether an explicit default was provided
-
-	stype reflect.Type      // set for struct types only
-	sprop *StructProperties // set for struct types only
-
-	mtype    reflect.Type // set for map types only
-	mkeyprop *Properties  // set for map types only
-	mvalprop *Properties  // set for map types only
-}
-
-// String formats the properties in the protobuf struct field tag style.
-func (p *Properties) String() string {
-	s := p.Wire
-	s += ","
-	s += strconv.Itoa(p.Tag)
-	if p.Required {
-		s += ",req"
-	}
-	if p.Optional {
-		s += ",opt"
-	}
-	if p.Repeated {
-		s += ",rep"
-	}
-	if p.Packed {
-		s += ",packed"
-	}
-	s += ",name=" + p.OrigName
-	if p.JSONName != p.OrigName {
-		s += ",json=" + p.JSONName
-	}
-	if p.proto3 {
-		s += ",proto3"
-	}
-	if p.oneof {
-		s += ",oneof"
-	}
-	if len(p.Enum) > 0 {
-		s += ",enum=" + p.Enum
-	}
-	if p.HasDefault {
-		s += ",def=" + p.Default
-	}
-	return s
-}
-
-// Parse populates p by parsing a string in the protobuf struct field tag style.
-func (p *Properties) Parse(s string) {
-	// "bytes,49,opt,name=foo,def=hello!"
-	fields := strings.Split(s, ",") // breaks def=, but handled below.
-	if len(fields) < 2 {
-		fmt.Fprintf(os.Stderr, "proto: tag has too few fields: %q\n", s)
-		return
-	}
-
-	p.Wire = fields[0]
-	switch p.Wire {
-	case "varint":
-		p.WireType = WireVarint
-	case "fixed32":
-		p.WireType = WireFixed32
-	case "fixed64":
-		p.WireType = WireFixed64
-	case "zigzag32":
-		p.WireType = WireVarint
-	case "zigzag64":
-		p.WireType = WireVarint
-	case "bytes", "group":
-		p.WireType = WireBytes
-		// no numeric converter for non-numeric types
-	default:
-		fmt.Fprintf(os.Stderr, "proto: tag has unknown wire type: %q\n", s)
-		return
-	}
-
-	var err error
-	p.Tag, err = strconv.Atoi(fields[1])
-	if err != nil {
-		return
-	}
-
-outer:
-	for i := 2; i < len(fields); i++ {
-		f := fields[i]
-		switch {
-		case f == "req":
-			p.Required = true
-		case f == "opt":
-			p.Optional = true
-		case f == "rep":
-			p.Repeated = true
-		case f == "packed":
-			p.Packed = true
-		case strings.HasPrefix(f, "name="):
-			p.OrigName = f[5:]
-		case strings.HasPrefix(f, "json="):
-			p.JSONName = f[5:]
-		case strings.HasPrefix(f, "enum="):
-			p.Enum = f[5:]
-		case f == "proto3":
-			p.proto3 = true
-		case f == "oneof":
-			p.oneof = true
-		case strings.HasPrefix(f, "def="):
-			p.HasDefault = true
-			p.Default = f[4:] // rest of string
-			if i+1 < len(fields) {
-				// Commas aren't escaped, and def is always last.
-				p.Default += "," + strings.Join(fields[i+1:], ",")
-				break outer
-			}
-		}
-	}
-}
-
-var protoMessageType = reflect.TypeOf((*Message)(nil)).Elem()
-
-// setFieldProps initializes the field properties for submessages and maps.
-func (p *Properties) setFieldProps(typ reflect.Type, f *reflect.StructField, lockGetProp bool) {
-	switch t1 := typ; t1.Kind() {
-	case reflect.Ptr:
-		if t1.Elem().Kind() == reflect.Struct {
-			p.stype = t1.Elem()
-		}
-
-	case reflect.Slice:
-		if t2 := t1.Elem(); t2.Kind() == reflect.Ptr && t2.Elem().Kind() == reflect.Struct {
-			p.stype = t2.Elem()
-		}
-
-	case reflect.Map:
-		p.mtype = t1
-		p.mkeyprop = &Properties{}
-		p.mkeyprop.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
-		p.mvalprop = &Properties{}
-		vtype := p.mtype.Elem()
-		if vtype.Kind() != reflect.Ptr && vtype.Kind() != reflect.Slice {
-			// The value type is not a message (*T) or bytes ([]byte),
-			// so we need encoders for the pointer to this type.
-			vtype = reflect.PtrTo(vtype)
-		}
-		p.mvalprop.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
-	}
-
-	if p.stype != nil {
-		if lockGetProp {
-			p.sprop = GetProperties(p.stype)
-		} else {
-			p.sprop = getPropertiesLocked(p.stype)
-		}
-	}
-}
-
-var (
-	marshalerType = reflect.TypeOf((*Marshaler)(nil)).Elem()
-)
-
-// Init populates the properties from a protocol buffer struct tag.
-func (p *Properties) Init(typ reflect.Type, name, tag string, f *reflect.StructField) {
-	p.init(typ, name, tag, f, true)
-}
-
-func (p *Properties) init(typ reflect.Type, name, tag string, f *reflect.StructField, lockGetProp bool) {
-	// "bytes,49,opt,def=hello!"
-	p.Name = name
-	p.OrigName = name
-	if tag == "" {
-		return
-	}
-	p.Parse(tag)
-	p.setFieldProps(typ, f, lockGetProp)
-}
-
-var (
-	propertiesMu  sync.RWMutex
-	propertiesMap = make(map[reflect.Type]*StructProperties)
-)
-
-// GetProperties returns the list of properties for the type represented by t.
-// t must represent a generated struct type of a protocol message.
-func GetProperties(t reflect.Type) *StructProperties {
-	if t.Kind() != reflect.Struct {
-		panic("proto: type must have kind struct")
-	}
-
-	// Most calls to GetProperties in a long-running program will be
-	// retrieving details for types we have seen before.
-	propertiesMu.RLock()
-	sprop, ok := propertiesMap[t]
-	propertiesMu.RUnlock()
-	if ok {
-		if collectStats {
-			stats.Chit++
-		}
-		return sprop
-	}
-
-	propertiesMu.Lock()
-	sprop = getPropertiesLocked(t)
-	propertiesMu.Unlock()
-	return sprop
-}
-
-// getPropertiesLocked requires that propertiesMu is held.
-func getPropertiesLocked(t reflect.Type) *StructProperties {
-	if prop, ok := propertiesMap[t]; ok {
-		if collectStats {
-			stats.Chit++
-		}
-		return prop
-	}
-	if collectStats {
-		stats.Cmiss++
-	}
-
-	prop := new(StructProperties)
-	// in case of recursive protos, fill this in now.
-	propertiesMap[t] = prop
-
-	// build properties
-	prop.Prop = make([]*Properties, t.NumField())
-	prop.order = make([]int, t.NumField())
-
-	for i := 0; i < t.NumField(); i++ {
-		f := t.Field(i)
-		p := new(Properties)
-		name := f.Name
-		p.init(f.Type, name, f.Tag.Get("protobuf"), &f, false)
-
-		oneof := f.Tag.Get("protobuf_oneof") // special case
-		if oneof != "" {
-			// Oneof fields don't use the traditional protobuf tag.
-			p.OrigName = oneof
-		}
-		prop.Prop[i] = p
-		prop.order[i] = i
-		if debug {
-			print(i, " ", f.Name, " ", t.String(), " ")
-			if p.Tag > 0 {
-				print(p.String())
-			}
-			print("\n")
-		}
-	}
-
-	// Re-order prop.order.
-	sort.Sort(prop)
-
-	type oneofMessage interface {
-		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
-	}
-	if om, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(oneofMessage); ok {
-		var oots []interface{}
-		_, _, _, oots = om.XXX_OneofFuncs()
-
-		// Interpret oneof metadata.
-		prop.OneofTypes = make(map[string]*OneofProperties)
-		for _, oot := range oots {
-			oop := &OneofProperties{
-				Type: reflect.ValueOf(oot).Type(), // *T
-				Prop: new(Properties),
-			}
-			sft := oop.Type.Elem().Field(0)
-			oop.Prop.Name = sft.Name
-			oop.Prop.Parse(sft.Tag.Get("protobuf"))
-			// There will be exactly one interface field that
-			// this new value is assignable to.
-			for i := 0; i < t.NumField(); i++ {
-				f := t.Field(i)
-				if f.Type.Kind() != reflect.Interface {
-					continue
-				}
-				if !oop.Type.AssignableTo(f.Type) {
-					continue
-				}
-				oop.Field = i
-				break
-			}
-			prop.OneofTypes[oop.Prop.OrigName] = oop
-		}
-	}
-
-	// build required counts
-	// build tags
-	reqCount := 0
-	prop.decoderOrigNames = make(map[string]int)
-	for i, p := range prop.Prop {
-		if strings.HasPrefix(p.Name, "XXX_") {
-			// Internal fields should not appear in tags/origNames maps.
-			// They are handled specially when encoding and decoding.
-			continue
-		}
-		if p.Required {
-			reqCount++
-		}
-		prop.decoderTags.put(p.Tag, i)
-		prop.decoderOrigNames[p.OrigName] = i
-	}
-	prop.reqCount = reqCount
-
-	return prop
-}
-
-// A global registry of enum types.
-// The generated code will register the generated maps by calling RegisterEnum.
-
-var enumValueMaps = make(map[string]map[string]int32)
-
-// RegisterEnum is called from the generated code to install the enum descriptor
-// maps into the global table to aid parsing text format protocol buffers.
-func RegisterEnum(typeName string, unusedNameMap map[int32]string, valueMap map[string]int32) {
-	if _, ok := enumValueMaps[typeName]; ok {
-		panic("proto: duplicate enum registered: " + typeName)
-	}
-	enumValueMaps[typeName] = valueMap
-}
-
-// EnumValueMap returns the mapping from names to integers of the
-// enum type enumType, or a nil if not found.
-func EnumValueMap(enumType string) map[string]int32 {
-	return enumValueMaps[enumType]
-}
-
-// A registry of all linked message types.
-// The string is a fully-qualified proto name ("pkg.Message").
-var (
-	protoTypedNils = make(map[string]Message)      // a map from proto names to typed nil pointers
-	protoMapTypes  = make(map[string]reflect.Type) // a map from proto names to map types
-	revProtoTypes  = make(map[reflect.Type]string)
-)
-
-// RegisterType is called from generated code and maps from the fully qualified
-// proto name to the type (pointer to struct) of the protocol buffer.
-func RegisterType(x Message, name string) {
-	if _, ok := protoTypedNils[name]; ok {
-		// TODO: Some day, make this a panic.
-		log.Printf("proto: duplicate proto type registered: %s", name)
-		return
-	}
-	t := reflect.TypeOf(x)
-	if v := reflect.ValueOf(x); v.Kind() == reflect.Ptr && v.Pointer() == 0 {
-		// Generated code always calls RegisterType with nil x.
-		// This check is just for extra safety.
-		protoTypedNils[name] = x
-	} else {
-		protoTypedNils[name] = reflect.Zero(t).Interface().(Message)
-	}
-	revProtoTypes[t] = name
-}
-
-// RegisterMapType is called from generated code and maps from the fully qualified
-// proto name to the native map type of the proto map definition.
-func RegisterMapType(x interface{}, name string) {
-	if reflect.TypeOf(x).Kind() != reflect.Map {
-		panic(fmt.Sprintf("RegisterMapType(%T, %q); want map", x, name))
-	}
-	if _, ok := protoMapTypes[name]; ok {
-		log.Printf("proto: duplicate proto type registered: %s", name)
-		return
-	}
-	t := reflect.TypeOf(x)
-	protoMapTypes[name] = t
-	revProtoTypes[t] = name
-}
-
-// MessageName returns the fully-qualified proto name for the given message type.
-func MessageName(x Message) string {
-	type xname interface {
-		XXX_MessageName() string
-	}
-	if m, ok := x.(xname); ok {
-		return m.XXX_MessageName()
-	}
-	return revProtoTypes[reflect.TypeOf(x)]
-}
-
-// MessageType returns the message type (pointer to struct) for a named message.
-// The type is not guaranteed to implement proto.Message if the name refers to a
-// map entry.
-func MessageType(name string) reflect.Type {
-	if t, ok := protoTypedNils[name]; ok {
-		return reflect.TypeOf(t)
-	}
-	return protoMapTypes[name]
-}
-
-// A registry of all linked proto files.
-var (
-	protoFiles = make(map[string][]byte) // file name => fileDescriptor
-)
-
-// RegisterFile is called from generated code and maps from the
-// full file name of a .proto file to its compressed FileDescriptorProto.
-func RegisterFile(filename string, fileDescriptor []byte) {
-	protoFiles[filename] = fileDescriptor
-}
-
-// FileDescriptor returns the compressed FileDescriptorProto for a .proto file.
-func FileDescriptor(filename string) []byte { return protoFiles[filename] }

libnetwork/vendor/github.com/golang/protobuf/proto/text.go

@@ -1,843 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-// Functions for writing the text protocol buffer format.
-
-import (
-	"bufio"
-	"bytes"
-	"encoding"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"math"
-	"reflect"
-	"sort"
-	"strings"
-)
-
-var (
-	newline         = []byte("\n")
-	spaces          = []byte("                                        ")
-	endBraceNewline = []byte("}\n")
-	backslashN      = []byte{'\\', 'n'}
-	backslashR      = []byte{'\\', 'r'}
-	backslashT      = []byte{'\\', 't'}
-	backslashDQ     = []byte{'\\', '"'}
-	backslashBS     = []byte{'\\', '\\'}
-	posInf          = []byte("inf")
-	negInf          = []byte("-inf")
-	nan             = []byte("nan")
-)
-
-type writer interface {
-	io.Writer
-	WriteByte(byte) error
-}
-
-// textWriter is an io.Writer that tracks its indentation level.
-type textWriter struct {
-	ind      int
-	complete bool // if the current position is a complete line
-	compact  bool // whether to write out as a one-liner
-	w        writer
-}
-
-func (w *textWriter) WriteString(s string) (n int, err error) {
-	if !strings.Contains(s, "\n") {
-		if !w.compact && w.complete {
-			w.writeIndent()
-		}
-		w.complete = false
-		return io.WriteString(w.w, s)
-	}
-	// WriteString is typically called without newlines, so this
-	// codepath and its copy are rare.  We copy to avoid
-	// duplicating all of Write's logic here.
-	return w.Write([]byte(s))
-}
-
-func (w *textWriter) Write(p []byte) (n int, err error) {
-	newlines := bytes.Count(p, newline)
-	if newlines == 0 {
-		if !w.compact && w.complete {
-			w.writeIndent()
-		}
-		n, err = w.w.Write(p)
-		w.complete = false
-		return n, err
-	}
-
-	frags := bytes.SplitN(p, newline, newlines+1)
-	if w.compact {
-		for i, frag := range frags {
-			if i > 0 {
-				if err := w.w.WriteByte(' '); err != nil {
-					return n, err
-				}
-				n++
-			}
-			nn, err := w.w.Write(frag)
-			n += nn
-			if err != nil {
-				return n, err
-			}
-		}
-		return n, nil
-	}
-
-	for i, frag := range frags {
-		if w.complete {
-			w.writeIndent()
-		}
-		nn, err := w.w.Write(frag)
-		n += nn
-		if err != nil {
-			return n, err
-		}
-		if i+1 < len(frags) {
-			if err := w.w.WriteByte('\n'); err != nil {
-				return n, err
-			}
-			n++
-		}
-	}
-	w.complete = len(frags[len(frags)-1]) == 0
-	return n, nil
-}
-
-func (w *textWriter) WriteByte(c byte) error {
-	if w.compact && c == '\n' {
-		c = ' '
-	}
-	if !w.compact && w.complete {
-		w.writeIndent()
-	}
-	err := w.w.WriteByte(c)
-	w.complete = c == '\n'
-	return err
-}
-
-func (w *textWriter) indent() { w.ind++ }
-
-func (w *textWriter) unindent() {
-	if w.ind == 0 {
-		log.Print("proto: textWriter unindented too far")
-		return
-	}
-	w.ind--
-}
-
-func writeName(w *textWriter, props *Properties) error {
-	if _, err := w.WriteString(props.OrigName); err != nil {
-		return err
-	}
-	if props.Wire != "group" {
-		return w.WriteByte(':')
-	}
-	return nil
-}
-
-func requiresQuotes(u string) bool {
-	// When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted.
-	for _, ch := range u {
-		switch {
-		case ch == '.' || ch == '/' || ch == '_':
-			continue
-		case '0' <= ch && ch <= '9':
-			continue
-		case 'A' <= ch && ch <= 'Z':
-			continue
-		case 'a' <= ch && ch <= 'z':
-			continue
-		default:
-			return true
-		}
-	}
-	return false
-}
-
-// isAny reports whether sv is a google.protobuf.Any message
-func isAny(sv reflect.Value) bool {
-	type wkt interface {
-		XXX_WellKnownType() string
-	}
-	t, ok := sv.Addr().Interface().(wkt)
-	return ok && t.XXX_WellKnownType() == "Any"
-}
-
-// writeProto3Any writes an expanded google.protobuf.Any message.
-//
-// It returns (false, nil) if sv value can't be unmarshaled (e.g. because
-// required messages are not linked in).
-//
-// It returns (true, error) when sv was written in expanded format or an error
-// was encountered.
-func (tm *TextMarshaler) writeProto3Any(w *textWriter, sv reflect.Value) (bool, error) {
-	turl := sv.FieldByName("TypeUrl")
-	val := sv.FieldByName("Value")
-	if !turl.IsValid() || !val.IsValid() {
-		return true, errors.New("proto: invalid google.protobuf.Any message")
-	}
-
-	b, ok := val.Interface().([]byte)
-	if !ok {
-		return true, errors.New("proto: invalid google.protobuf.Any message")
-	}
-
-	parts := strings.Split(turl.String(), "/")
-	mt := MessageType(parts[len(parts)-1])
-	if mt == nil {
-		return false, nil
-	}
-	m := reflect.New(mt.Elem())
-	if err := Unmarshal(b, m.Interface().(Message)); err != nil {
-		return false, nil
-	}
-	w.Write([]byte("["))
-	u := turl.String()
-	if requiresQuotes(u) {
-		writeString(w, u)
-	} else {
-		w.Write([]byte(u))
-	}
-	if w.compact {
-		w.Write([]byte("]:<"))
-	} else {
-		w.Write([]byte("]: <\n"))
-		w.ind++
-	}
-	if err := tm.writeStruct(w, m.Elem()); err != nil {
-		return true, err
-	}
-	if w.compact {
-		w.Write([]byte("> "))
-	} else {
-		w.ind--
-		w.Write([]byte(">\n"))
-	}
-	return true, nil
-}
-
-func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
-	if tm.ExpandAny && isAny(sv) {
-		if canExpand, err := tm.writeProto3Any(w, sv); canExpand {
-			return err
-		}
-	}
-	st := sv.Type()
-	sprops := GetProperties(st)
-	for i := 0; i < sv.NumField(); i++ {
-		fv := sv.Field(i)
-		props := sprops.Prop[i]
-		name := st.Field(i).Name
-
-		if name == "XXX_NoUnkeyedLiteral" {
-			continue
-		}
-
-		if strings.HasPrefix(name, "XXX_") {
-			// There are two XXX_ fields:
-			//   XXX_unrecognized []byte
-			//   XXX_extensions   map[int32]proto.Extension
-			// The first is handled here;
-			// the second is handled at the bottom of this function.
-			if name == "XXX_unrecognized" && !fv.IsNil() {
-				if err := writeUnknownStruct(w, fv.Interface().([]byte)); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if fv.Kind() == reflect.Ptr && fv.IsNil() {
-			// Field not filled in. This could be an optional field or
-			// a required field that wasn't filled in. Either way, there
-			// isn't anything we can show for it.
-			continue
-		}
-		if fv.Kind() == reflect.Slice && fv.IsNil() {
-			// Repeated field that is empty, or a bytes field that is unused.
-			continue
-		}
-
-		if props.Repeated && fv.Kind() == reflect.Slice {
-			// Repeated field.
-			for j := 0; j < fv.Len(); j++ {
-				if err := writeName(w, props); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				v := fv.Index(j)
-				if v.Kind() == reflect.Ptr && v.IsNil() {
-					// A nil message in a repeated field is not valid,
-					// but we can handle that more gracefully than panicking.
-					if _, err := w.Write([]byte("<nil>\n")); err != nil {
-						return err
-					}
-					continue
-				}
-				if err := tm.writeAny(w, v, props); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if fv.Kind() == reflect.Map {
-			// Map fields are rendered as a repeated struct with key/value fields.
-			keys := fv.MapKeys()
-			sort.Sort(mapKeys(keys))
-			for _, key := range keys {
-				val := fv.MapIndex(key)
-				if err := writeName(w, props); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				// open struct
-				if err := w.WriteByte('<'); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte('\n'); err != nil {
-						return err
-					}
-				}
-				w.indent()
-				// key
-				if _, err := w.WriteString("key:"); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				if err := tm.writeAny(w, key, props.mkeyprop); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-				// nil values aren't legal, but we can avoid panicking because of them.
-				if val.Kind() != reflect.Ptr || !val.IsNil() {
-					// value
-					if _, err := w.WriteString("value:"); err != nil {
-						return err
-					}
-					if !w.compact {
-						if err := w.WriteByte(' '); err != nil {
-							return err
-						}
-					}
-					if err := tm.writeAny(w, val, props.mvalprop); err != nil {
-						return err
-					}
-					if err := w.WriteByte('\n'); err != nil {
-						return err
-					}
-				}
-				// close struct
-				w.unindent()
-				if err := w.WriteByte('>'); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if props.proto3 && fv.Kind() == reflect.Slice && fv.Len() == 0 {
-			// empty bytes field
-			continue
-		}
-		if fv.Kind() != reflect.Ptr && fv.Kind() != reflect.Slice {
-			// proto3 non-repeated scalar field; skip if zero value
-			if isProto3Zero(fv) {
-				continue
-			}
-		}
-
-		if fv.Kind() == reflect.Interface {
-			// Check if it is a oneof.
-			if st.Field(i).Tag.Get("protobuf_oneof") != "" {
-				// fv is nil, or holds a pointer to generated struct.
-				// That generated struct has exactly one field,
-				// which has a protobuf struct tag.
-				if fv.IsNil() {
-					continue
-				}
-				inner := fv.Elem().Elem() // interface -> *T -> T
-				tag := inner.Type().Field(0).Tag.Get("protobuf")
-				props = new(Properties) // Overwrite the outer props var, but not its pointee.
-				props.Parse(tag)
-				// Write the value in the oneof, not the oneof itself.
-				fv = inner.Field(0)
-
-				// Special case to cope with malformed messages gracefully:
-				// If the value in the oneof is a nil pointer, don't panic
-				// in writeAny.
-				if fv.Kind() == reflect.Ptr && fv.IsNil() {
-					// Use errors.New so writeAny won't render quotes.
-					msg := errors.New("/* nil */")
-					fv = reflect.ValueOf(&msg).Elem()
-				}
-			}
-		}
-
-		if err := writeName(w, props); err != nil {
-			return err
-		}
-		if !w.compact {
-			if err := w.WriteByte(' '); err != nil {
-				return err
-			}
-		}
-
-		// Enums have a String method, so writeAny will work fine.
-		if err := tm.writeAny(w, fv, props); err != nil {
-			return err
-		}
-
-		if err := w.WriteByte('\n'); err != nil {
-			return err
-		}
-	}
-
-	// Extensions (the XXX_extensions field).
-	pv := sv.Addr()
-	if _, err := extendable(pv.Interface()); err == nil {
-		if err := tm.writeExtensions(w, pv); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// writeAny writes an arbitrary field.
-func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Properties) error {
-	v = reflect.Indirect(v)
-
-	// Floats have special cases.
-	if v.Kind() == reflect.Float32 || v.Kind() == reflect.Float64 {
-		x := v.Float()
-		var b []byte
-		switch {
-		case math.IsInf(x, 1):
-			b = posInf
-		case math.IsInf(x, -1):
-			b = negInf
-		case math.IsNaN(x):
-			b = nan
-		}
-		if b != nil {
-			_, err := w.Write(b)
-			return err
-		}
-		// Other values are handled below.
-	}
-
-	// We don't attempt to serialise every possible value type; only those
-	// that can occur in protocol buffers.
-	switch v.Kind() {
-	case reflect.Slice:
-		// Should only be a []byte; repeated fields are handled in writeStruct.
-		if err := writeString(w, string(v.Bytes())); err != nil {
-			return err
-		}
-	case reflect.String:
-		if err := writeString(w, v.String()); err != nil {
-			return err
-		}
-	case reflect.Struct:
-		// Required/optional group/message.
-		var bra, ket byte = '<', '>'
-		if props != nil && props.Wire == "group" {
-			bra, ket = '{', '}'
-		}
-		if err := w.WriteByte(bra); err != nil {
-			return err
-		}
-		if !w.compact {
-			if err := w.WriteByte('\n'); err != nil {
-				return err
-			}
-		}
-		w.indent()
-		if v.CanAddr() {
-			// Calling v.Interface on a struct causes the reflect package to
-			// copy the entire struct. This is racy with the new Marshaler
-			// since we atomically update the XXX_sizecache.
-			//
-			// Thus, we retrieve a pointer to the struct if possible to avoid
-			// a race since v.Interface on the pointer doesn't copy the struct.
-			//
-			// If v is not addressable, then we are not worried about a race
-			// since it implies that the binary Marshaler cannot possibly be
-			// mutating this value.
-			v = v.Addr()
-		}
-		if etm, ok := v.Interface().(encoding.TextMarshaler); ok {
-			text, err := etm.MarshalText()
-			if err != nil {
-				return err
-			}
-			if _, err = w.Write(text); err != nil {
-				return err
-			}
-		} else {
-			if v.Kind() == reflect.Ptr {
-				v = v.Elem()
-			}
-			if err := tm.writeStruct(w, v); err != nil {
-				return err
-			}
-		}
-		w.unindent()
-		if err := w.WriteByte(ket); err != nil {
-			return err
-		}
-	default:
-		_, err := fmt.Fprint(w, v.Interface())
-		return err
-	}
-	return nil
-}
-
-// equivalent to C's isprint.
-func isprint(c byte) bool {
-	return c >= 0x20 && c < 0x7f
-}
-
-// writeString writes a string in the protocol buffer text format.
-// It is similar to strconv.Quote except we don't use Go escape sequences,
-// we treat the string as a byte sequence, and we use octal escapes.
-// These differences are to maintain interoperability with the other
-// languages' implementations of the text format.
-func writeString(w *textWriter, s string) error {
-	// use WriteByte here to get any needed indent
-	if err := w.WriteByte('"'); err != nil {
-		return err
-	}
-	// Loop over the bytes, not the runes.
-	for i := 0; i < len(s); i++ {
-		var err error
-		// Divergence from C++: we don't escape apostrophes.
-		// There's no need to escape them, and the C++ parser
-		// copes with a naked apostrophe.
-		switch c := s[i]; c {
-		case '\n':
-			_, err = w.w.Write(backslashN)
-		case '\r':
-			_, err = w.w.Write(backslashR)
-		case '\t':
-			_, err = w.w.Write(backslashT)
-		case '"':
-			_, err = w.w.Write(backslashDQ)
-		case '\\':
-			_, err = w.w.Write(backslashBS)
-		default:
-			if isprint(c) {
-				err = w.w.WriteByte(c)
-			} else {
-				_, err = fmt.Fprintf(w.w, "\\%03o", c)
-			}
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return w.WriteByte('"')
-}
-
-func writeUnknownStruct(w *textWriter, data []byte) (err error) {
-	if !w.compact {
-		if _, err := fmt.Fprintf(w, "/* %d unknown bytes */\n", len(data)); err != nil {
-			return err
-		}
-	}
-	b := NewBuffer(data)
-	for b.index < len(b.buf) {
-		x, err := b.DecodeVarint()
-		if err != nil {
-			_, err := fmt.Fprintf(w, "/* %v */\n", err)
-			return err
-		}
-		wire, tag := x&7, x>>3
-		if wire == WireEndGroup {
-			w.unindent()
-			if _, err := w.Write(endBraceNewline); err != nil {
-				return err
-			}
-			continue
-		}
-		if _, err := fmt.Fprint(w, tag); err != nil {
-			return err
-		}
-		if wire != WireStartGroup {
-			if err := w.WriteByte(':'); err != nil {
-				return err
-			}
-		}
-		if !w.compact || wire == WireStartGroup {
-			if err := w.WriteByte(' '); err != nil {
-				return err
-			}
-		}
-		switch wire {
-		case WireBytes:
-			buf, e := b.DecodeRawBytes(false)
-			if e == nil {
-				_, err = fmt.Fprintf(w, "%q", buf)
-			} else {
-				_, err = fmt.Fprintf(w, "/* %v */", e)
-			}
-		case WireFixed32:
-			x, err = b.DecodeFixed32()
-			err = writeUnknownInt(w, x, err)
-		case WireFixed64:
-			x, err = b.DecodeFixed64()
-			err = writeUnknownInt(w, x, err)
-		case WireStartGroup:
-			err = w.WriteByte('{')
-			w.indent()
-		case WireVarint:
-			x, err = b.DecodeVarint()
-			err = writeUnknownInt(w, x, err)
-		default:
-			_, err = fmt.Fprintf(w, "/* unknown wire type %d */", wire)
-		}
-		if err != nil {
-			return err
-		}
-		if err = w.WriteByte('\n'); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func writeUnknownInt(w *textWriter, x uint64, err error) error {
-	if err == nil {
-		_, err = fmt.Fprint(w, x)
-	} else {
-		_, err = fmt.Fprintf(w, "/* %v */", err)
-	}
-	return err
-}
-
-type int32Slice []int32
-
-func (s int32Slice) Len() int           { return len(s) }
-func (s int32Slice) Less(i, j int) bool { return s[i] < s[j] }
-func (s int32Slice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-
-// writeExtensions writes all the extensions in pv.
-// pv is assumed to be a pointer to a protocol message struct that is extendable.
-func (tm *TextMarshaler) writeExtensions(w *textWriter, pv reflect.Value) error {
-	emap := extensionMaps[pv.Type().Elem()]
-	ep, _ := extendable(pv.Interface())
-
-	// Order the extensions by ID.
-	// This isn't strictly necessary, but it will give us
-	// canonical output, which will also make testing easier.
-	m, mu := ep.extensionsRead()
-	if m == nil {
-		return nil
-	}
-	mu.Lock()
-	ids := make([]int32, 0, len(m))
-	for id := range m {
-		ids = append(ids, id)
-	}
-	sort.Sort(int32Slice(ids))
-	mu.Unlock()
-
-	for _, extNum := range ids {
-		ext := m[extNum]
-		var desc *ExtensionDesc
-		if emap != nil {
-			desc = emap[extNum]
-		}
-		if desc == nil {
-			// Unknown extension.
-			if err := writeUnknownStruct(w, ext.enc); err != nil {
-				return err
-			}
-			continue
-		}
-
-		pb, err := GetExtension(ep, desc)
-		if err != nil {
-			return fmt.Errorf("failed getting extension: %v", err)
-		}
-
-		// Repeated extensions will appear as a slice.
-		if !desc.repeated() {
-			if err := tm.writeExtension(w, desc.Name, pb); err != nil {
-				return err
-			}
-		} else {
-			v := reflect.ValueOf(pb)
-			for i := 0; i < v.Len(); i++ {
-				if err := tm.writeExtension(w, desc.Name, v.Index(i).Interface()); err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func (tm *TextMarshaler) writeExtension(w *textWriter, name string, pb interface{}) error {
-	if _, err := fmt.Fprintf(w, "[%s]:", name); err != nil {
-		return err
-	}
-	if !w.compact {
-		if err := w.WriteByte(' '); err != nil {
-			return err
-		}
-	}
-	if err := tm.writeAny(w, reflect.ValueOf(pb), nil); err != nil {
-		return err
-	}
-	if err := w.WriteByte('\n'); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (w *textWriter) writeIndent() {
-	if !w.complete {
-		return
-	}
-	remain := w.ind * 2
-	for remain > 0 {
-		n := remain
-		if n > len(spaces) {
-			n = len(spaces)
-		}
-		w.w.Write(spaces[:n])
-		remain -= n
-	}
-	w.complete = false
-}
-
-// TextMarshaler is a configurable text format marshaler.
-type TextMarshaler struct {
-	Compact   bool // use compact text format (one line).
-	ExpandAny bool // expand google.protobuf.Any messages of known types
-}
-
-// Marshal writes a given protocol buffer in text format.
-// The only errors returned are from w.
-func (tm *TextMarshaler) Marshal(w io.Writer, pb Message) error {
-	val := reflect.ValueOf(pb)
-	if pb == nil || val.IsNil() {
-		w.Write([]byte("<nil>"))
-		return nil
-	}
-	var bw *bufio.Writer
-	ww, ok := w.(writer)
-	if !ok {
-		bw = bufio.NewWriter(w)
-		ww = bw
-	}
-	aw := &textWriter{
-		w:        ww,
-		complete: true,
-		compact:  tm.Compact,
-	}
-
-	if etm, ok := pb.(encoding.TextMarshaler); ok {
-		text, err := etm.MarshalText()
-		if err != nil {
-			return err
-		}
-		if _, err = aw.Write(text); err != nil {
-			return err
-		}
-		if bw != nil {
-			return bw.Flush()
-		}
-		return nil
-	}
-	// Dereference the received pointer so we don't have outer < and >.
-	v := reflect.Indirect(val)
-	if err := tm.writeStruct(aw, v); err != nil {
-		return err
-	}
-	if bw != nil {
-		return bw.Flush()
-	}
-	return nil
-}
-
-// Text is the same as Marshal, but returns the string directly.
-func (tm *TextMarshaler) Text(pb Message) string {
-	var buf bytes.Buffer
-	tm.Marshal(&buf, pb)
-	return buf.String()
-}
-
-var (
-	defaultTextMarshaler = TextMarshaler{}
-	compactTextMarshaler = TextMarshaler{Compact: true}
-)
-
-// TODO: consider removing some of the Marshal functions below.
-
-// MarshalText writes a given protocol buffer in text format.
-// The only errors returned are from w.
-func MarshalText(w io.Writer, pb Message) error { return defaultTextMarshaler.Marshal(w, pb) }
-
-// MarshalTextString is the same as MarshalText, but returns the string directly.
-func MarshalTextString(pb Message) string { return defaultTextMarshaler.Text(pb) }
-
-// CompactText writes a given protocol buffer in compact text format (one line).
-func CompactText(w io.Writer, pb Message) error { return compactTextMarshaler.Marshal(w, pb) }
-
-// CompactTextString is the same as CompactText, but returns the string directly.
-func CompactTextString(pb Message) string { return compactTextMarshaler.Text(pb) }

libnetwork/vendor/github.com/golang/protobuf/proto/text_parser.go

@@ -1,880 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-// Functions for parsing the Text protocol buffer format.
-// TODO: message sets.
-
-import (
-	"encoding"
-	"errors"
-	"fmt"
-	"reflect"
-	"strconv"
-	"strings"
-	"unicode/utf8"
-)
-
-// Error string emitted when deserializing Any and fields are already set
-const anyRepeatedlyUnpacked = "Any message unpacked multiple times, or %q already set"
-
-type ParseError struct {
-	Message string
-	Line    int // 1-based line number
-	Offset  int // 0-based byte offset from start of input
-}
-
-func (p *ParseError) Error() string {
-	if p.Line == 1 {
-		// show offset only for first line
-		return fmt.Sprintf("line 1.%d: %v", p.Offset, p.Message)
-	}
-	return fmt.Sprintf("line %d: %v", p.Line, p.Message)
-}
-
-type token struct {
-	value    string
-	err      *ParseError
-	line     int    // line number
-	offset   int    // byte number from start of input, not start of line
-	unquoted string // the unquoted version of value, if it was a quoted string
-}
-
-func (t *token) String() string {
-	if t.err == nil {
-		return fmt.Sprintf("%q (line=%d, offset=%d)", t.value, t.line, t.offset)
-	}
-	return fmt.Sprintf("parse error: %v", t.err)
-}
-
-type textParser struct {
-	s            string // remaining input
-	done         bool   // whether the parsing is finished (success or error)
-	backed       bool   // whether back() was called
-	offset, line int
-	cur          token
-}
-
-func newTextParser(s string) *textParser {
-	p := new(textParser)
-	p.s = s
-	p.line = 1
-	p.cur.line = 1
-	return p
-}
-
-func (p *textParser) errorf(format string, a ...interface{}) *ParseError {
-	pe := &ParseError{fmt.Sprintf(format, a...), p.cur.line, p.cur.offset}
-	p.cur.err = pe
-	p.done = true
-	return pe
-}
-
-// Numbers and identifiers are matched by [-+._A-Za-z0-9]
-func isIdentOrNumberChar(c byte) bool {
-	switch {
-	case 'A' <= c && c <= 'Z', 'a' <= c && c <= 'z':
-		return true
-	case '0' <= c && c <= '9':
-		return true
-	}
-	switch c {
-	case '-', '+', '.', '_':
-		return true
-	}
-	return false
-}
-
-func isWhitespace(c byte) bool {
-	switch c {
-	case ' ', '\t', '\n', '\r':
-		return true
-	}
-	return false
-}
-
-func isQuote(c byte) bool {
-	switch c {
-	case '"', '\'':
-		return true
-	}
-	return false
-}
-
-func (p *textParser) skipWhitespace() {
-	i := 0
-	for i < len(p.s) && (isWhitespace(p.s[i]) || p.s[i] == '#') {
-		if p.s[i] == '#' {
-			// comment; skip to end of line or input
-			for i < len(p.s) && p.s[i] != '\n' {
-				i++
-			}
-			if i == len(p.s) {
-				break
-			}
-		}
-		if p.s[i] == '\n' {
-			p.line++
-		}
-		i++
-	}
-	p.offset += i
-	p.s = p.s[i:len(p.s)]
-	if len(p.s) == 0 {
-		p.done = true
-	}
-}
-
-func (p *textParser) advance() {
-	// Skip whitespace
-	p.skipWhitespace()
-	if p.done {
-		return
-	}
-
-	// Start of non-whitespace
-	p.cur.err = nil
-	p.cur.offset, p.cur.line = p.offset, p.line
-	p.cur.unquoted = ""
-	switch p.s[0] {
-	case '<', '>', '{', '}', ':', '[', ']', ';', ',', '/':
-		// Single symbol
-		p.cur.value, p.s = p.s[0:1], p.s[1:len(p.s)]
-	case '"', '\'':
-		// Quoted string
-		i := 1
-		for i < len(p.s) && p.s[i] != p.s[0] && p.s[i] != '\n' {
-			if p.s[i] == '\\' && i+1 < len(p.s) {
-				// skip escaped char
-				i++
-			}
-			i++
-		}
-		if i >= len(p.s) || p.s[i] != p.s[0] {
-			p.errorf("unmatched quote")
-			return
-		}
-		unq, err := unquoteC(p.s[1:i], rune(p.s[0]))
-		if err != nil {
-			p.errorf("invalid quoted string %s: %v", p.s[0:i+1], err)
-			return
-		}
-		p.cur.value, p.s = p.s[0:i+1], p.s[i+1:len(p.s)]
-		p.cur.unquoted = unq
-	default:
-		i := 0
-		for i < len(p.s) && isIdentOrNumberChar(p.s[i]) {
-			i++
-		}
-		if i == 0 {
-			p.errorf("unexpected byte %#x", p.s[0])
-			return
-		}
-		p.cur.value, p.s = p.s[0:i], p.s[i:len(p.s)]
-	}
-	p.offset += len(p.cur.value)
-}
-
-var (
-	errBadUTF8 = errors.New("proto: bad UTF-8")
-)
-
-func unquoteC(s string, quote rune) (string, error) {
-	// This is based on C++'s tokenizer.cc.
-	// Despite its name, this is *not* parsing C syntax.
-	// For instance, "\0" is an invalid quoted string.
-
-	// Avoid allocation in trivial cases.
-	simple := true
-	for _, r := range s {
-		if r == '\\' || r == quote {
-			simple = false
-			break
-		}
-	}
-	if simple {
-		return s, nil
-	}
-
-	buf := make([]byte, 0, 3*len(s)/2)
-	for len(s) > 0 {
-		r, n := utf8.DecodeRuneInString(s)
-		if r == utf8.RuneError && n == 1 {
-			return "", errBadUTF8
-		}
-		s = s[n:]
-		if r != '\\' {
-			if r < utf8.RuneSelf {
-				buf = append(buf, byte(r))
-			} else {
-				buf = append(buf, string(r)...)
-			}
-			continue
-		}
-
-		ch, tail, err := unescape(s)
-		if err != nil {
-			return "", err
-		}
-		buf = append(buf, ch...)
-		s = tail
-	}
-	return string(buf), nil
-}
-
-func unescape(s string) (ch string, tail string, err error) {
-	r, n := utf8.DecodeRuneInString(s)
-	if r == utf8.RuneError && n == 1 {
-		return "", "", errBadUTF8
-	}
-	s = s[n:]
-	switch r {
-	case 'a':
-		return "\a", s, nil
-	case 'b':
-		return "\b", s, nil
-	case 'f':
-		return "\f", s, nil
-	case 'n':
-		return "\n", s, nil
-	case 'r':
-		return "\r", s, nil
-	case 't':
-		return "\t", s, nil
-	case 'v':
-		return "\v", s, nil
-	case '?':
-		return "?", s, nil // trigraph workaround
-	case '\'', '"', '\\':
-		return string(r), s, nil
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		if len(s) < 2 {
-			return "", "", fmt.Errorf(`\%c requires 2 following digits`, r)
-		}
-		ss := string(r) + s[:2]
-		s = s[2:]
-		i, err := strconv.ParseUint(ss, 8, 8)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss)
-		}
-		return string([]byte{byte(i)}), s, nil
-	case 'x', 'X', 'u', 'U':
-		var n int
-		switch r {
-		case 'x', 'X':
-			n = 2
-		case 'u':
-			n = 4
-		case 'U':
-			n = 8
-		}
-		if len(s) < n {
-			return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n)
-		}
-		ss := s[:n]
-		s = s[n:]
-		i, err := strconv.ParseUint(ss, 16, 64)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss)
-		}
-		if r == 'x' || r == 'X' {
-			return string([]byte{byte(i)}), s, nil
-		}
-		if i > utf8.MaxRune {
-			return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss)
-		}
-		return string(i), s, nil
-	}
-	return "", "", fmt.Errorf(`unknown escape \%c`, r)
-}
-
-// Back off the parser by one token. Can only be done between calls to next().
-// It makes the next advance() a no-op.
-func (p *textParser) back() { p.backed = true }
-
-// Advances the parser and returns the new current token.
-func (p *textParser) next() *token {
-	if p.backed || p.done {
-		p.backed = false
-		return &p.cur
-	}
-	p.advance()
-	if p.done {
-		p.cur.value = ""
-	} else if len(p.cur.value) > 0 && isQuote(p.cur.value[0]) {
-		// Look for multiple quoted strings separated by whitespace,
-		// and concatenate them.
-		cat := p.cur
-		for {
-			p.skipWhitespace()
-			if p.done || !isQuote(p.s[0]) {
-				break
-			}
-			p.advance()
-			if p.cur.err != nil {
-				return &p.cur
-			}
-			cat.value += " " + p.cur.value
-			cat.unquoted += p.cur.unquoted
-		}
-		p.done = false // parser may have seen EOF, but we want to return cat
-		p.cur = cat
-	}
-	return &p.cur
-}
-
-func (p *textParser) consumeToken(s string) error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != s {
-		p.back()
-		return p.errorf("expected %q, found %q", s, tok.value)
-	}
-	return nil
-}
-
-// Return a RequiredNotSetError indicating which required field was not set.
-func (p *textParser) missingRequiredFieldError(sv reflect.Value) *RequiredNotSetError {
-	st := sv.Type()
-	sprops := GetProperties(st)
-	for i := 0; i < st.NumField(); i++ {
-		if !isNil(sv.Field(i)) {
-			continue
-		}
-
-		props := sprops.Prop[i]
-		if props.Required {
-			return &RequiredNotSetError{fmt.Sprintf("%v.%v", st, props.OrigName)}
-		}
-	}
-	return &RequiredNotSetError{fmt.Sprintf("%v.<unknown field name>", st)} // should not happen
-}
-
-// Returns the index in the struct for the named field, as well as the parsed tag properties.
-func structFieldByName(sprops *StructProperties, name string) (int, *Properties, bool) {
-	i, ok := sprops.decoderOrigNames[name]
-	if ok {
-		return i, sprops.Prop[i], true
-	}
-	return -1, nil, false
-}
-
-// Consume a ':' from the input stream (if the next token is a colon),
-// returning an error if a colon is needed but not present.
-func (p *textParser) checkForColon(props *Properties, typ reflect.Type) *ParseError {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ":" {
-		// Colon is optional when the field is a group or message.
-		needColon := true
-		switch props.Wire {
-		case "group":
-			needColon = false
-		case "bytes":
-			// A "bytes" field is either a message, a string, or a repeated field;
-			// those three become *T, *string and []T respectively, so we can check for
-			// this field being a pointer to a non-string.
-			if typ.Kind() == reflect.Ptr {
-				// *T or *string
-				if typ.Elem().Kind() == reflect.String {
-					break
-				}
-			} else if typ.Kind() == reflect.Slice {
-				// []T or []*T
-				if typ.Elem().Kind() != reflect.Ptr {
-					break
-				}
-			} else if typ.Kind() == reflect.String {
-				// The proto3 exception is for a string field,
-				// which requires a colon.
-				break
-			}
-			needColon = false
-		}
-		if needColon {
-			return p.errorf("expected ':', found %q", tok.value)
-		}
-		p.back()
-	}
-	return nil
-}
-
-func (p *textParser) readStruct(sv reflect.Value, terminator string) error {
-	st := sv.Type()
-	sprops := GetProperties(st)
-	reqCount := sprops.reqCount
-	var reqFieldErr error
-	fieldSet := make(map[string]bool)
-	// A struct is a sequence of "name: value", terminated by one of
-	// '>' or '}', or the end of the input.  A name may also be
-	// "[extension]" or "[type/url]".
-	//
-	// The whole struct can also be an expanded Any message, like:
-	// [type/url] < ... struct contents ... >
-	for {
-		tok := p.next()
-		if tok.err != nil {
-			return tok.err
-		}
-		if tok.value == terminator {
-			break
-		}
-		if tok.value == "[" {
-			// Looks like an extension or an Any.
-			//
-			// TODO: Check whether we need to handle
-			// namespace rooted names (e.g. ".something.Foo").
-			extName, err := p.consumeExtName()
-			if err != nil {
-				return err
-			}
-
-			if s := strings.LastIndex(extName, "/"); s >= 0 {
-				// If it contains a slash, it's an Any type URL.
-				messageName := extName[s+1:]
-				mt := MessageType(messageName)
-				if mt == nil {
-					return p.errorf("unrecognized message %q in google.protobuf.Any", messageName)
-				}
-				tok = p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				// consume an optional colon
-				if tok.value == ":" {
-					tok = p.next()
-					if tok.err != nil {
-						return tok.err
-					}
-				}
-				var terminator string
-				switch tok.value {
-				case "<":
-					terminator = ">"
-				case "{":
-					terminator = "}"
-				default:
-					return p.errorf("expected '{' or '<', found %q", tok.value)
-				}
-				v := reflect.New(mt.Elem())
-				if pe := p.readStruct(v.Elem(), terminator); pe != nil {
-					return pe
-				}
-				b, err := Marshal(v.Interface().(Message))
-				if err != nil {
-					return p.errorf("failed to marshal message of type %q: %v", messageName, err)
-				}
-				if fieldSet["type_url"] {
-					return p.errorf(anyRepeatedlyUnpacked, "type_url")
-				}
-				if fieldSet["value"] {
-					return p.errorf(anyRepeatedlyUnpacked, "value")
-				}
-				sv.FieldByName("TypeUrl").SetString(extName)
-				sv.FieldByName("Value").SetBytes(b)
-				fieldSet["type_url"] = true
-				fieldSet["value"] = true
-				continue
-			}
-
-			var desc *ExtensionDesc
-			// This could be faster, but it's functional.
-			// TODO: Do something smarter than a linear scan.
-			for _, d := range RegisteredExtensions(reflect.New(st).Interface().(Message)) {
-				if d.Name == extName {
-					desc = d
-					break
-				}
-			}
-			if desc == nil {
-				return p.errorf("unrecognized extension %q", extName)
-			}
-
-			props := &Properties{}
-			props.Parse(desc.Tag)
-
-			typ := reflect.TypeOf(desc.ExtensionType)
-			if err := p.checkForColon(props, typ); err != nil {
-				return err
-			}
-
-			rep := desc.repeated()
-
-			// Read the extension structure, and set it in
-			// the value we're constructing.
-			var ext reflect.Value
-			if !rep {
-				ext = reflect.New(typ).Elem()
-			} else {
-				ext = reflect.New(typ.Elem()).Elem()
-			}
-			if err := p.readAny(ext, props); err != nil {
-				if _, ok := err.(*RequiredNotSetError); !ok {
-					return err
-				}
-				reqFieldErr = err
-			}
-			ep := sv.Addr().Interface().(Message)
-			if !rep {
-				SetExtension(ep, desc, ext.Interface())
-			} else {
-				old, err := GetExtension(ep, desc)
-				var sl reflect.Value
-				if err == nil {
-					sl = reflect.ValueOf(old) // existing slice
-				} else {
-					sl = reflect.MakeSlice(typ, 0, 1)
-				}
-				sl = reflect.Append(sl, ext)
-				SetExtension(ep, desc, sl.Interface())
-			}
-			if err := p.consumeOptionalSeparator(); err != nil {
-				return err
-			}
-			continue
-		}
-
-		// This is a normal, non-extension field.
-		name := tok.value
-		var dst reflect.Value
-		fi, props, ok := structFieldByName(sprops, name)
-		if ok {
-			dst = sv.Field(fi)
-		} else if oop, ok := sprops.OneofTypes[name]; ok {
-			// It is a oneof.
-			props = oop.Prop
-			nv := reflect.New(oop.Type.Elem())
-			dst = nv.Elem().Field(0)
-			field := sv.Field(oop.Field)
-			if !field.IsNil() {
-				return p.errorf("field '%s' would overwrite already parsed oneof '%s'", name, sv.Type().Field(oop.Field).Name)
-			}
-			field.Set(nv)
-		}
-		if !dst.IsValid() {
-			return p.errorf("unknown field name %q in %v", name, st)
-		}
-
-		if dst.Kind() == reflect.Map {
-			// Consume any colon.
-			if err := p.checkForColon(props, dst.Type()); err != nil {
-				return err
-			}
-
-			// Construct the map if it doesn't already exist.
-			if dst.IsNil() {
-				dst.Set(reflect.MakeMap(dst.Type()))
-			}
-			key := reflect.New(dst.Type().Key()).Elem()
-			val := reflect.New(dst.Type().Elem()).Elem()
-
-			// The map entry should be this sequence of tokens:
-			//	< key : KEY value : VALUE >
-			// However, implementations may omit key or value, and technically
-			// we should support them in any order.  See b/28924776 for a time
-			// this went wrong.
-
-			tok := p.next()
-			var terminator string
-			switch tok.value {
-			case "<":
-				terminator = ">"
-			case "{":
-				terminator = "}"
-			default:
-				return p.errorf("expected '{' or '<', found %q", tok.value)
-			}
-			for {
-				tok := p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				if tok.value == terminator {
-					break
-				}
-				switch tok.value {
-				case "key":
-					if err := p.consumeToken(":"); err != nil {
-						return err
-					}
-					if err := p.readAny(key, props.mkeyprop); err != nil {
-						return err
-					}
-					if err := p.consumeOptionalSeparator(); err != nil {
-						return err
-					}
-				case "value":
-					if err := p.checkForColon(props.mvalprop, dst.Type().Elem()); err != nil {
-						return err
-					}
-					if err := p.readAny(val, props.mvalprop); err != nil {
-						return err
-					}
-					if err := p.consumeOptionalSeparator(); err != nil {
-						return err
-					}
-				default:
-					p.back()
-					return p.errorf(`expected "key", "value", or %q, found %q`, terminator, tok.value)
-				}
-			}
-
-			dst.SetMapIndex(key, val)
-			continue
-		}
-
-		// Check that it's not already set if it's not a repeated field.
-		if !props.Repeated && fieldSet[name] {
-			return p.errorf("non-repeated field %q was repeated", name)
-		}
-
-		if err := p.checkForColon(props, dst.Type()); err != nil {
-			return err
-		}
-
-		// Parse into the field.
-		fieldSet[name] = true
-		if err := p.readAny(dst, props); err != nil {
-			if _, ok := err.(*RequiredNotSetError); !ok {
-				return err
-			}
-			reqFieldErr = err
-		}
-		if props.Required {
-			reqCount--
-		}
-
-		if err := p.consumeOptionalSeparator(); err != nil {
-			return err
-		}
-
-	}
-
-	if reqCount > 0 {
-		return p.missingRequiredFieldError(sv)
-	}
-	return reqFieldErr
-}
-
-// consumeExtName consumes extension name or expanded Any type URL and the
-// following ']'. It returns the name or URL consumed.
-func (p *textParser) consumeExtName() (string, error) {
-	tok := p.next()
-	if tok.err != nil {
-		return "", tok.err
-	}
-
-	// If extension name or type url is quoted, it's a single token.
-	if len(tok.value) > 2 && isQuote(tok.value[0]) && tok.value[len(tok.value)-1] == tok.value[0] {
-		name, err := unquoteC(tok.value[1:len(tok.value)-1], rune(tok.value[0]))
-		if err != nil {
-			return "", err
-		}
-		return name, p.consumeToken("]")
-	}
-
-	// Consume everything up to "]"
-	var parts []string
-	for tok.value != "]" {
-		parts = append(parts, tok.value)
-		tok = p.next()
-		if tok.err != nil {
-			return "", p.errorf("unrecognized type_url or extension name: %s", tok.err)
-		}
-		if p.done && tok.value != "]" {
-			return "", p.errorf("unclosed type_url or extension name")
-		}
-	}
-	return strings.Join(parts, ""), nil
-}
-
-// consumeOptionalSeparator consumes an optional semicolon or comma.
-// It is used in readStruct to provide backward compatibility.
-func (p *textParser) consumeOptionalSeparator() error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ";" && tok.value != "," {
-		p.back()
-	}
-	return nil
-}
-
-func (p *textParser) readAny(v reflect.Value, props *Properties) error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value == "" {
-		return p.errorf("unexpected EOF")
-	}
-
-	switch fv := v; fv.Kind() {
-	case reflect.Slice:
-		at := v.Type()
-		if at.Elem().Kind() == reflect.Uint8 {
-			// Special case for []byte
-			if tok.value[0] != '"' && tok.value[0] != '\'' {
-				// Deliberately written out here, as the error after
-				// this switch statement would write "invalid []byte: ...",
-				// which is not as user-friendly.
-				return p.errorf("invalid string: %v", tok.value)
-			}
-			bytes := []byte(tok.unquoted)
-			fv.Set(reflect.ValueOf(bytes))
-			return nil
-		}
-		// Repeated field.
-		if tok.value == "[" {
-			// Repeated field with list notation, like [1,2,3].
-			for {
-				fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem()))
-				err := p.readAny(fv.Index(fv.Len()-1), props)
-				if err != nil {
-					return err
-				}
-				tok := p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				if tok.value == "]" {
-					break
-				}
-				if tok.value != "," {
-					return p.errorf("Expected ']' or ',' found %q", tok.value)
-				}
-			}
-			return nil
-		}
-		// One value of the repeated field.
-		p.back()
-		fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem()))
-		return p.readAny(fv.Index(fv.Len()-1), props)
-	case reflect.Bool:
-		// true/1/t/True or false/f/0/False.
-		switch tok.value {
-		case "true", "1", "t", "True":
-			fv.SetBool(true)
-			return nil
-		case "false", "0", "f", "False":
-			fv.SetBool(false)
-			return nil
-		}
-	case reflect.Float32, reflect.Float64:
-		v := tok.value
-		// Ignore 'f' for compatibility with output generated by C++, but don't
-		// remove 'f' when the value is "-inf" or "inf".
-		if strings.HasSuffix(v, "f") && tok.value != "-inf" && tok.value != "inf" {
-			v = v[:len(v)-1]
-		}
-		if f, err := strconv.ParseFloat(v, fv.Type().Bits()); err == nil {
-			fv.SetFloat(f)
-			return nil
-		}
-	case reflect.Int32:
-		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
-			fv.SetInt(x)
-			return nil
-		}
-
-		if len(props.Enum) == 0 {
-			break
-		}
-		m, ok := enumValueMaps[props.Enum]
-		if !ok {
-			break
-		}
-		x, ok := m[tok.value]
-		if !ok {
-			break
-		}
-		fv.SetInt(int64(x))
-		return nil
-	case reflect.Int64:
-		if x, err := strconv.ParseInt(tok.value, 0, 64); err == nil {
-			fv.SetInt(x)
-			return nil
-		}
-
-	case reflect.Ptr:
-		// A basic field (indirected through pointer), or a repeated message/group
-		p.back()
-		fv.Set(reflect.New(fv.Type().Elem()))
-		return p.readAny(fv.Elem(), props)
-	case reflect.String:
-		if tok.value[0] == '"' || tok.value[0] == '\'' {
-			fv.SetString(tok.unquoted)
-			return nil
-		}
-	case reflect.Struct:
-		var terminator string
-		switch tok.value {
-		case "{":
-			terminator = "}"
-		case "<":
-			terminator = ">"
-		default:
-			return p.errorf("expected '{' or '<', found %q", tok.value)
-		}
-		// TODO: Handle nested messages which implement encoding.TextUnmarshaler.
-		return p.readStruct(fv, terminator)
-	case reflect.Uint32:
-		if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
-			fv.SetUint(uint64(x))
-			return nil
-		}
-	case reflect.Uint64:
-		if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
-			fv.SetUint(x)
-			return nil
-		}
-	}
-	return p.errorf("invalid %v: %v", v.Type(), tok.value)
-}
-
-// UnmarshalText reads a protocol buffer in Text format. UnmarshalText resets pb
-// before starting to unmarshal, so any existing data in pb is always removed.
-// If a required field is not set and no other error occurs,
-// UnmarshalText returns *RequiredNotSetError.
-func UnmarshalText(s string, pb Message) error {
-	if um, ok := pb.(encoding.TextUnmarshaler); ok {
-		return um.UnmarshalText([]byte(s))
-	}
-	pb.Reset()
-	v := reflect.ValueOf(pb)
-	return newTextParser(s).readStruct(v.Elem(), "")
-}

libnetwork/vendor/github.com/mrunalp/fileutils/LICENSE

@@ -1,191 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   Copyright 2014 Docker, Inc.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

libnetwork/vendor/github.com/mrunalp/fileutils/README.md

@@ -1,5 +0,0 @@
-# fileutils
-
-Collection of utilities for file manipulation in golang
-
-The library is based on docker pkg/archive but does copies instead of handling archive formats.

libnetwork/vendor/github.com/mrunalp/fileutils/fileutils.go

@@ -1,161 +0,0 @@
-package fileutils
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"syscall"
-)
-
-// CopyFile copies the file at source to dest
-func CopyFile(source string, dest string) error {
-	si, err := os.Lstat(source)
-	if err != nil {
-		return err
-	}
-
-	st, ok := si.Sys().(*syscall.Stat_t)
-	if !ok {
-		return fmt.Errorf("could not convert to syscall.Stat_t")
-	}
-
-	uid := int(st.Uid)
-	gid := int(st.Gid)
-
-	// Handle symlinks
-	if si.Mode()&os.ModeSymlink != 0 {
-		target, err := os.Readlink(source)
-		if err != nil {
-			return err
-		}
-		if err := os.Symlink(target, dest); err != nil {
-			return err
-		}
-	}
-
-	// Handle device files
-	if st.Mode&syscall.S_IFMT == syscall.S_IFBLK || st.Mode&syscall.S_IFMT == syscall.S_IFCHR {
-		devMajor := int64(major(uint64(st.Rdev)))
-		devMinor := int64(minor(uint64(st.Rdev)))
-		mode := uint32(si.Mode() & 07777)
-		if st.Mode&syscall.S_IFMT == syscall.S_IFBLK {
-			mode |= syscall.S_IFBLK
-		}
-		if st.Mode&syscall.S_IFMT == syscall.S_IFCHR {
-			mode |= syscall.S_IFCHR
-		}
-		if err := syscall.Mknod(dest, mode, int(mkdev(devMajor, devMinor))); err != nil {
-			return err
-		}
-	}
-
-	// Handle regular files
-	if si.Mode().IsRegular() {
-		sf, err := os.Open(source)
-		if err != nil {
-			return err
-		}
-		defer sf.Close()
-
-		df, err := os.Create(dest)
-		if err != nil {
-			return err
-		}
-		defer df.Close()
-
-		_, err = io.Copy(df, sf)
-		if err != nil {
-			return err
-		}
-	}
-
-	// Chown the file
-	if err := os.Lchown(dest, uid, gid); err != nil {
-		return err
-	}
-
-	// Chmod the file
-	if !(si.Mode()&os.ModeSymlink == os.ModeSymlink) {
-		if err := os.Chmod(dest, si.Mode()); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// CopyDirectory copies the files under the source directory
-// to dest directory. The dest directory is created if it
-// does not exist.
-func CopyDirectory(source string, dest string) error {
-	fi, err := os.Stat(source)
-	if err != nil {
-		return err
-	}
-
-	// Get owner.
-	st, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return fmt.Errorf("could not convert to syscall.Stat_t")
-	}
-
-	// We have to pick an owner here anyway.
-	if err := MkdirAllNewAs(dest, fi.Mode(), int(st.Uid), int(st.Gid)); err != nil {
-		return err
-	}
-
-	return filepath.Walk(source, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		// Get the relative path
-		relPath, err := filepath.Rel(source, path)
-		if err != nil {
-			return nil
-		}
-
-		if info.IsDir() {
-			// Skip the source directory.
-			if path != source {
-				// Get the owner.
-				st, ok := info.Sys().(*syscall.Stat_t)
-				if !ok {
-					return fmt.Errorf("could not convert to syscall.Stat_t")
-				}
-
-				uid := int(st.Uid)
-				gid := int(st.Gid)
-
-				if err := os.Mkdir(filepath.Join(dest, relPath), info.Mode()); err != nil {
-					return err
-				}
-
-				if err := os.Lchown(filepath.Join(dest, relPath), uid, gid); err != nil {
-					return err
-				}
-			}
-			return nil
-		}
-
-		// Copy the file.
-		if err := CopyFile(path, filepath.Join(dest, relPath)); err != nil {
-			return err
-		}
-
-		return nil
-	})
-}
-
-func major(device uint64) uint64 {
-	return (device >> 8) & 0xfff
-}
-
-func minor(device uint64) uint64 {
-	return (device & 0xff) | ((device >> 12) & 0xfff00)
-}
-
-func mkdev(major int64, minor int64) uint32 {
-	return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff))
-}

libnetwork/vendor/github.com/mrunalp/fileutils/idtools.go

@@ -1,49 +0,0 @@
-package fileutils
-
-import (
-	"os"
-	"path/filepath"
-)
-
-// MkdirAllNewAs creates a directory (include any along the path) and then modifies
-// ownership ONLY of newly created directories to the requested uid/gid. If the
-// directories along the path exist, no change of ownership will be performed
-func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error {
-	// make an array containing the original path asked for, plus (for mkAll == true)
-	// all path components leading up to the complete path that don't exist before we MkdirAll
-	// so that we can chown all of them properly at the end.  If chownExisting is false, we won't
-	// chown the full directory path if it exists
-	var paths []string
-	if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
-		paths = []string{path}
-	} else if err == nil {
-		// nothing to do; directory path fully exists already
-		return nil
-	}
-
-	// walk back to "/" looking for directories which do not exist
-	// and add them to the paths array for chown after creation
-	dirPath := path
-	for {
-		dirPath = filepath.Dir(dirPath)
-		if dirPath == "/" {
-			break
-		}
-		if _, err := os.Stat(dirPath); err != nil && os.IsNotExist(err) {
-			paths = append(paths, dirPath)
-		}
-	}
-
-	if err := os.MkdirAll(path, mode); err != nil && !os.IsExist(err) {
-		return err
-	}
-
-	// even if it existed, we will chown the requested path + any subpaths that
-	// didn't exist when we called MkdirAll
-	for _, pathComponent := range paths {
-		if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil {
-			return err
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor.go

@@ -1,54 +0,0 @@
-// +build apparmor,linux
-
-package apparmor
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-)
-
-// IsEnabled returns true if apparmor is enabled for the host.
-func IsEnabled() bool {
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
-		if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
-			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-			return err == nil && len(buf) > 1 && buf[0] == 'Y'
-		}
-	}
-	return false
-}
-
-func setprocattr(attr, value string) error {
-	// Under AppArmor you can only change your own attr, so use /proc/self/
-	// instead of /proc/<tid>/ like libapparmor does
-	path := fmt.Sprintf("/proc/self/attr/%s", attr)
-
-	f, err := os.OpenFile(path, os.O_WRONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	_, err = fmt.Fprintf(f, "%s", value)
-	return err
-}
-
-// changeOnExec reimplements aa_change_onexec from libapparmor in Go
-func changeOnExec(name string) error {
-	value := "exec " + name
-	if err := setprocattr("exec", value); err != nil {
-		return fmt.Errorf("apparmor failed to apply profile: %s", err)
-	}
-	return nil
-}
-
-// ApplyProfile will apply the profile with the specified name to the process after
-// the next exec.
-func ApplyProfile(name string) error {
-	if name == "" {
-		return nil
-	}
-
-	return changeOnExec(name)
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_disabled.go

@@ -1,20 +0,0 @@
-// +build !apparmor !linux
-
-package apparmor
-
-import (
-	"errors"
-)
-
-var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported")
-
-func IsEnabled() bool {
-	return false
-}
-
-func ApplyProfile(name string) error {
-	if name != "" {
-		return ErrApparmorNotEnabled
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/capabilities_linux.go

@@ -1,113 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/syndtr/gocapability/capability"
-)
-
-const allCapabilityTypes = capability.CAPS | capability.BOUNDS | capability.AMBS
-
-var capabilityMap map[string]capability.Cap
-
-func init() {
-	capabilityMap = make(map[string]capability.Cap)
-	last := capability.CAP_LAST_CAP
-	// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
-	if last == capability.Cap(63) {
-		last = capability.CAP_BLOCK_SUSPEND
-	}
-	for _, cap := range capability.List() {
-		if cap > last {
-			continue
-		}
-		capKey := fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))
-		capabilityMap[capKey] = cap
-	}
-}
-
-func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilities, error) {
-	bounding := []capability.Cap{}
-	for _, c := range capConfig.Bounding {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		bounding = append(bounding, v)
-	}
-	effective := []capability.Cap{}
-	for _, c := range capConfig.Effective {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		effective = append(effective, v)
-	}
-	inheritable := []capability.Cap{}
-	for _, c := range capConfig.Inheritable {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		inheritable = append(inheritable, v)
-	}
-	permitted := []capability.Cap{}
-	for _, c := range capConfig.Permitted {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		permitted = append(permitted, v)
-	}
-	ambient := []capability.Cap{}
-	for _, c := range capConfig.Ambient {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		ambient = append(ambient, v)
-	}
-	pid, err := capability.NewPid(0)
-	if err != nil {
-		return nil, err
-	}
-	return &containerCapabilities{
-		bounding:    bounding,
-		effective:   effective,
-		inheritable: inheritable,
-		permitted:   permitted,
-		ambient:     ambient,
-		pid:         pid,
-	}, nil
-}
-
-type containerCapabilities struct {
-	pid         capability.Capabilities
-	bounding    []capability.Cap
-	effective   []capability.Cap
-	inheritable []capability.Cap
-	permitted   []capability.Cap
-	ambient     []capability.Cap
-}
-
-// ApplyBoundingSet sets the capability bounding set to those specified in the whitelist.
-func (c *containerCapabilities) ApplyBoundingSet() error {
-	c.pid.Clear(capability.BOUNDS)
-	c.pid.Set(capability.BOUNDS, c.bounding...)
-	return c.pid.Apply(capability.BOUNDS)
-}
-
-// Apply sets all the capabilities for the current process in the config.
-func (c *containerCapabilities) ApplyCaps() error {
-	c.pid.Clear(allCapabilityTypes)
-	c.pid.Set(capability.BOUNDS, c.bounding...)
-	c.pid.Set(capability.PERMITTED, c.permitted...)
-	c.pid.Set(capability.INHERITABLE, c.inheritable...)
-	c.pid.Set(capability.EFFECTIVE, c.effective...)
-	c.pid.Set(capability.AMBIENT, c.ambient...)
-	return c.pid.Apply(allCapabilityTypes)
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups.go

@@ -1,64 +0,0 @@
-// +build linux
-
-package cgroups
-
-import (
-	"fmt"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type Manager interface {
-	// Applies cgroup configuration to the process with the specified pid
-	Apply(pid int) error
-
-	// Returns the PIDs inside the cgroup set
-	GetPids() ([]int, error)
-
-	// Returns the PIDs inside the cgroup set & all sub-cgroups
-	GetAllPids() ([]int, error)
-
-	// Returns statistics for the cgroup set
-	GetStats() (*Stats, error)
-
-	// Toggles the freezer cgroup according with specified state
-	Freeze(state configs.FreezerState) error
-
-	// Destroys the cgroup set
-	Destroy() error
-
-	// The option func SystemdCgroups() and Cgroupfs() require following attributes:
-	// 	Paths   map[string]string
-	// 	Cgroups *configs.Cgroup
-	// Paths maps cgroup subsystem to path at which it is mounted.
-	// Cgroups specifies specific cgroup settings for the various subsystems
-
-	// Returns cgroup paths to save in a state file and to be able to
-	// restore the object later.
-	GetPaths() map[string]string
-
-	// Sets the cgroup as configured.
-	Set(container *configs.Config) error
-}
-
-type NotFoundError struct {
-	Subsystem string
-}
-
-func (e *NotFoundError) Error() string {
-	return fmt.Sprintf("mountpoint for %s not found", e.Subsystem)
-}
-
-func NewNotFoundError(sub string) error {
-	return &NotFoundError{
-		Subsystem: sub,
-	}
-}
-
-func IsNotFound(err error) bool {
-	if err == nil {
-		return false
-	}
-	_, ok := err.(*NotFoundError)
-	return ok
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/cgroups_unsupported.go

@@ -1,3 +0,0 @@
-// +build !linux
-
-package cgroups

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go

@@ -1,373 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
-)
-
-var (
-	subsystems = subsystemSet{
-		&CpusetGroup{},
-		&DevicesGroup{},
-		&MemoryGroup{},
-		&CpuGroup{},
-		&CpuacctGroup{},
-		&PidsGroup{},
-		&BlkioGroup{},
-		&HugetlbGroup{},
-		&NetClsGroup{},
-		&NetPrioGroup{},
-		&PerfEventGroup{},
-		&FreezerGroup{},
-		&NameGroup{GroupName: "name=systemd", Join: true},
-	}
-	HugePageSizes, _ = cgroups.GetHugePageSize()
-)
-
-var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
-
-type subsystemSet []subsystem
-
-func (s subsystemSet) Get(name string) (subsystem, error) {
-	for _, ss := range s {
-		if ss.Name() == name {
-			return ss, nil
-		}
-	}
-	return nil, errSubsystemDoesNotExist
-}
-
-type subsystem interface {
-	// Name returns the name of the subsystem.
-	Name() string
-	// Returns the stats, as 'stats', corresponding to the cgroup under 'path'.
-	GetStats(path string, stats *cgroups.Stats) error
-	// Removes the cgroup represented by 'cgroupData'.
-	Remove(*cgroupData) error
-	// Creates and joins the cgroup represented by 'cgroupData'.
-	Apply(*cgroupData) error
-	// Set the cgroup represented by cgroup.
-	Set(path string, cgroup *configs.Cgroup) error
-}
-
-type Manager struct {
-	mu      sync.Mutex
-	Cgroups *configs.Cgroup
-	Paths   map[string]string
-}
-
-// The absolute path to the root of the cgroup hierarchies.
-var cgroupRootLock sync.Mutex
-var cgroupRoot string
-
-// Gets the cgroupRoot.
-func getCgroupRoot() (string, error) {
-	cgroupRootLock.Lock()
-	defer cgroupRootLock.Unlock()
-
-	if cgroupRoot != "" {
-		return cgroupRoot, nil
-	}
-
-	root, err := cgroups.FindCgroupMountpointDir()
-	if err != nil {
-		return "", err
-	}
-
-	if _, err := os.Stat(root); err != nil {
-		return "", err
-	}
-
-	cgroupRoot = root
-	return cgroupRoot, nil
-}
-
-type cgroupData struct {
-	root      string
-	innerPath string
-	config    *configs.Cgroup
-	pid       int
-}
-
-func (m *Manager) Apply(pid int) (err error) {
-	if m.Cgroups == nil {
-		return nil
-	}
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	var c = m.Cgroups
-
-	d, err := getCgroupData(m.Cgroups, pid)
-	if err != nil {
-		return err
-	}
-
-	m.Paths = make(map[string]string)
-	if c.Paths != nil {
-		for name, path := range c.Paths {
-			_, err := d.path(name)
-			if err != nil {
-				if cgroups.IsNotFound(err) {
-					continue
-				}
-				return err
-			}
-			m.Paths[name] = path
-		}
-		return cgroups.EnterPid(m.Paths, pid)
-	}
-
-	for _, sys := range subsystems {
-		// TODO: Apply should, ideally, be reentrant or be broken up into a separate
-		// create and join phase so that the cgroup hierarchy for a container can be
-		// created then join consists of writing the process pids to cgroup.procs
-		p, err := d.path(sys.Name())
-		if err != nil {
-			// The non-presence of the devices subsystem is
-			// considered fatal for security reasons.
-			if cgroups.IsNotFound(err) && sys.Name() != "devices" {
-				continue
-			}
-			return err
-		}
-		m.Paths[sys.Name()] = p
-
-		if err := sys.Apply(d); err != nil {
-			if os.IsPermission(err) && m.Cgroups.Path == "" {
-				// If we didn't set a cgroup path, then let's defer the error here
-				// until we know whether we have set limits or not.
-				// If we hadn't set limits, then it's ok that we couldn't join this cgroup, because
-				// it will have the same limits as its parent.
-				delete(m.Paths, sys.Name())
-				continue
-			}
-			return err
-		}
-
-	}
-	return nil
-}
-
-func (m *Manager) Destroy() error {
-	if m.Cgroups == nil || m.Cgroups.Paths != nil {
-		return nil
-	}
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	if err := cgroups.RemovePaths(m.Paths); err != nil {
-		return err
-	}
-	m.Paths = make(map[string]string)
-	return nil
-}
-
-func (m *Manager) GetPaths() map[string]string {
-	m.mu.Lock()
-	paths := m.Paths
-	m.mu.Unlock()
-	return paths
-}
-
-func (m *Manager) GetStats() (*cgroups.Stats, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	stats := cgroups.NewStats()
-	for name, path := range m.Paths {
-		sys, err := subsystems.Get(name)
-		if err == errSubsystemDoesNotExist || !cgroups.PathExists(path) {
-			continue
-		}
-		if err := sys.GetStats(path, stats); err != nil {
-			return nil, err
-		}
-	}
-	return stats, nil
-}
-
-func (m *Manager) Set(container *configs.Config) error {
-	// If Paths are set, then we are just joining cgroups paths
-	// and there is no need to set any values.
-	if m.Cgroups.Paths != nil {
-		return nil
-	}
-
-	paths := m.GetPaths()
-	for _, sys := range subsystems {
-		path := paths[sys.Name()]
-		if err := sys.Set(path, container.Cgroups); err != nil {
-			if path == "" {
-				// cgroup never applied
-				return fmt.Errorf("cannot set limits on the %s cgroup, as the container has not joined it", sys.Name())
-			}
-			return err
-		}
-	}
-
-	if m.Paths["cpu"] != "" {
-		if err := CheckCpushares(m.Paths["cpu"], container.Cgroups.Resources.CpuShares); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Freeze toggles the container's freezer cgroup depending on the state
-// provided
-func (m *Manager) Freeze(state configs.FreezerState) error {
-	paths := m.GetPaths()
-	dir := paths["freezer"]
-	prevState := m.Cgroups.Resources.Freezer
-	m.Cgroups.Resources.Freezer = state
-	freezer, err := subsystems.Get("freezer")
-	if err != nil {
-		return err
-	}
-	err = freezer.Set(dir, m.Cgroups)
-	if err != nil {
-		m.Cgroups.Resources.Freezer = prevState
-		return err
-	}
-	return nil
-}
-
-func (m *Manager) GetPids() ([]int, error) {
-	paths := m.GetPaths()
-	return cgroups.GetPids(paths["devices"])
-}
-
-func (m *Manager) GetAllPids() ([]int, error) {
-	paths := m.GetPaths()
-	return cgroups.GetAllPids(paths["devices"])
-}
-
-func getCgroupData(c *configs.Cgroup, pid int) (*cgroupData, error) {
-	root, err := getCgroupRoot()
-	if err != nil {
-		return nil, err
-	}
-
-	if (c.Name != "" || c.Parent != "") && c.Path != "" {
-		return nil, fmt.Errorf("cgroup: either Path or Name and Parent should be used")
-	}
-
-	// XXX: Do not remove this code. Path safety is important! -- cyphar
-	cgPath := libcontainerUtils.CleanPath(c.Path)
-	cgParent := libcontainerUtils.CleanPath(c.Parent)
-	cgName := libcontainerUtils.CleanPath(c.Name)
-
-	innerPath := cgPath
-	if innerPath == "" {
-		innerPath = filepath.Join(cgParent, cgName)
-	}
-
-	return &cgroupData{
-		root:      root,
-		innerPath: innerPath,
-		config:    c,
-		pid:       pid,
-	}, nil
-}
-
-func (raw *cgroupData) path(subsystem string) (string, error) {
-	mnt, err := cgroups.FindCgroupMountpoint(subsystem)
-	// If we didn't mount the subsystem, there is no point we make the path.
-	if err != nil {
-		return "", err
-	}
-
-	// If the cgroup name/path is absolute do not look relative to the cgroup of the init process.
-	if filepath.IsAbs(raw.innerPath) {
-		// Sometimes subsystems can be mounted together as 'cpu,cpuacct'.
-		return filepath.Join(raw.root, filepath.Base(mnt), raw.innerPath), nil
-	}
-
-	// Use GetOwnCgroupPath instead of GetInitCgroupPath, because the creating
-	// process could in container and shared pid namespace with host, and
-	// /proc/1/cgroup could point to whole other world of cgroups.
-	parentPath, err := cgroups.GetOwnCgroupPath(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(parentPath, raw.innerPath), nil
-}
-
-func (raw *cgroupData) join(subsystem string) (string, error) {
-	path, err := raw.path(subsystem)
-	if err != nil {
-		return "", err
-	}
-	if err := os.MkdirAll(path, 0755); err != nil {
-		return "", err
-	}
-	if err := cgroups.WriteCgroupProc(path, raw.pid); err != nil {
-		return "", err
-	}
-	return path, nil
-}
-
-func writeFile(dir, file, data string) error {
-	// Normally dir should not be empty, one case is that cgroup subsystem
-	// is not mounted, we will get empty dir, and we want it fail here.
-	if dir == "" {
-		return fmt.Errorf("no such directory for %s", file)
-	}
-	if err := ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700); err != nil {
-		return fmt.Errorf("failed to write %v to %v: %v", data, file, err)
-	}
-	return nil
-}
-
-func readFile(dir, file string) (string, error) {
-	data, err := ioutil.ReadFile(filepath.Join(dir, file))
-	return string(data), err
-}
-
-func removePath(p string, err error) error {
-	if err != nil {
-		return err
-	}
-	if p != "" {
-		return os.RemoveAll(p)
-	}
-	return nil
-}
-
-func CheckCpushares(path string, c uint64) error {
-	var cpuShares uint64
-
-	if c == 0 {
-		return nil
-	}
-
-	fd, err := os.Open(filepath.Join(path, "cpu.shares"))
-	if err != nil {
-		return err
-	}
-	defer fd.Close()
-
-	_, err = fmt.Fscanf(fd, "%d", &cpuShares)
-	if err != nil && err != io.EOF {
-		return err
-	}
-
-	if c > cpuShares {
-		return fmt.Errorf("The maximum allowed cpu-shares is %d", cpuShares)
-	} else if c < cpuShares {
-		return fmt.Errorf("The minimum allowed cpu-shares is %d", cpuShares)
-	}
-
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/blkio.go

@@ -1,237 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type BlkioGroup struct {
-}
-
-func (s *BlkioGroup) Name() string {
-	return "blkio"
-}
-
-func (s *BlkioGroup) Apply(d *cgroupData) error {
-	_, err := d.join("blkio")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *BlkioGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.BlkioWeight != 0 {
-		if err := writeFile(path, "blkio.weight", strconv.FormatUint(uint64(cgroup.Resources.BlkioWeight), 10)); err != nil {
-			return err
-		}
-	}
-
-	if cgroup.Resources.BlkioLeafWeight != 0 {
-		if err := writeFile(path, "blkio.leaf_weight", strconv.FormatUint(uint64(cgroup.Resources.BlkioLeafWeight), 10)); err != nil {
-			return err
-		}
-	}
-	for _, wd := range cgroup.Resources.BlkioWeightDevice {
-		if err := writeFile(path, "blkio.weight_device", wd.WeightString()); err != nil {
-			return err
-		}
-		if err := writeFile(path, "blkio.leaf_weight_device", wd.LeafWeightString()); err != nil {
-			return err
-		}
-	}
-	for _, td := range cgroup.Resources.BlkioThrottleReadBpsDevice {
-		if err := writeFile(path, "blkio.throttle.read_bps_device", td.String()); err != nil {
-			return err
-		}
-	}
-	for _, td := range cgroup.Resources.BlkioThrottleWriteBpsDevice {
-		if err := writeFile(path, "blkio.throttle.write_bps_device", td.String()); err != nil {
-			return err
-		}
-	}
-	for _, td := range cgroup.Resources.BlkioThrottleReadIOPSDevice {
-		if err := writeFile(path, "blkio.throttle.read_iops_device", td.String()); err != nil {
-			return err
-		}
-	}
-	for _, td := range cgroup.Resources.BlkioThrottleWriteIOPSDevice {
-		if err := writeFile(path, "blkio.throttle.write_iops_device", td.String()); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *BlkioGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("blkio"))
-}
-
-/*
-examples:
-
-    blkio.sectors
-    8:0 6792
-
-    blkio.io_service_bytes
-    8:0 Read 1282048
-    8:0 Write 2195456
-    8:0 Sync 2195456
-    8:0 Async 1282048
-    8:0 Total 3477504
-    Total 3477504
-
-    blkio.io_serviced
-    8:0 Read 124
-    8:0 Write 104
-    8:0 Sync 104
-    8:0 Async 124
-    8:0 Total 228
-    Total 228
-
-    blkio.io_queued
-    8:0 Read 0
-    8:0 Write 0
-    8:0 Sync 0
-    8:0 Async 0
-    8:0 Total 0
-    Total 0
-*/
-
-func splitBlkioStatLine(r rune) bool {
-	return r == ' ' || r == ':'
-}
-
-func getBlkioStat(path string) ([]cgroups.BlkioStatEntry, error) {
-	var blkioStats []cgroups.BlkioStatEntry
-	f, err := os.Open(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return blkioStats, nil
-		}
-		return nil, err
-	}
-	defer f.Close()
-
-	sc := bufio.NewScanner(f)
-	for sc.Scan() {
-		// format: dev type amount
-		fields := strings.FieldsFunc(sc.Text(), splitBlkioStatLine)
-		if len(fields) < 3 {
-			if len(fields) == 2 && fields[0] == "Total" {
-				// skip total line
-				continue
-			} else {
-				return nil, fmt.Errorf("Invalid line found while parsing %s: %s", path, sc.Text())
-			}
-		}
-
-		v, err := strconv.ParseUint(fields[0], 10, 64)
-		if err != nil {
-			return nil, err
-		}
-		major := v
-
-		v, err = strconv.ParseUint(fields[1], 10, 64)
-		if err != nil {
-			return nil, err
-		}
-		minor := v
-
-		op := ""
-		valueField := 2
-		if len(fields) == 4 {
-			op = fields[2]
-			valueField = 3
-		}
-		v, err = strconv.ParseUint(fields[valueField], 10, 64)
-		if err != nil {
-			return nil, err
-		}
-		blkioStats = append(blkioStats, cgroups.BlkioStatEntry{Major: major, Minor: minor, Op: op, Value: v})
-	}
-
-	return blkioStats, nil
-}
-
-func (s *BlkioGroup) GetStats(path string, stats *cgroups.Stats) error {
-	// Try to read CFQ stats available on all CFQ enabled kernels first
-	if blkioStats, err := getBlkioStat(filepath.Join(path, "blkio.io_serviced_recursive")); err == nil && blkioStats != nil {
-		return getCFQStats(path, stats)
-	}
-	return getStats(path, stats) // Use generic stats as fallback
-}
-
-func getCFQStats(path string, stats *cgroups.Stats) error {
-	var blkioStats []cgroups.BlkioStatEntry
-	var err error
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.sectors_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.SectorsRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_service_bytes_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoServiceBytesRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_serviced_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoServicedRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_queued_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoQueuedRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_service_time_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoServiceTimeRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_wait_time_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoWaitTimeRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.io_merged_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoMergedRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.time_recursive")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoTimeRecursive = blkioStats
-
-	return nil
-}
-
-func getStats(path string, stats *cgroups.Stats) error {
-	var blkioStats []cgroups.BlkioStatEntry
-	var err error
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.throttle.io_service_bytes")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoServiceBytesRecursive = blkioStats
-
-	if blkioStats, err = getBlkioStat(filepath.Join(path, "blkio.throttle.io_serviced")); err != nil {
-		return err
-	}
-	stats.BlkioStats.IoServicedRecursive = blkioStats
-
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpu.go

@@ -1,125 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"bufio"
-	"os"
-	"path/filepath"
-	"strconv"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type CpuGroup struct {
-}
-
-func (s *CpuGroup) Name() string {
-	return "cpu"
-}
-
-func (s *CpuGroup) Apply(d *cgroupData) error {
-	// We always want to join the cpu group, to allow fair cpu scheduling
-	// on a container basis
-	path, err := d.path("cpu")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return s.ApplyDir(path, d.config, d.pid)
-}
-
-func (s *CpuGroup) ApplyDir(path string, cgroup *configs.Cgroup, pid int) error {
-	// This might happen if we have no cpu cgroup mounted.
-	// Just do nothing and don't fail.
-	if path == "" {
-		return nil
-	}
-	if err := os.MkdirAll(path, 0755); err != nil {
-		return err
-	}
-	// We should set the real-Time group scheduling settings before moving
-	// in the process because if the process is already in SCHED_RR mode
-	// and no RT bandwidth is set, adding it will fail.
-	if err := s.SetRtSched(path, cgroup); err != nil {
-		return err
-	}
-	// because we are not using d.join we need to place the pid into the procs file
-	// unlike the other subsystems
-	if err := cgroups.WriteCgroupProc(path, pid); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (s *CpuGroup) SetRtSched(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.CpuRtPeriod != 0 {
-		if err := writeFile(path, "cpu.rt_period_us", strconv.FormatUint(cgroup.Resources.CpuRtPeriod, 10)); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.CpuRtRuntime != 0 {
-		if err := writeFile(path, "cpu.rt_runtime_us", strconv.FormatInt(cgroup.Resources.CpuRtRuntime, 10)); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (s *CpuGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.CpuShares != 0 {
-		if err := writeFile(path, "cpu.shares", strconv.FormatUint(cgroup.Resources.CpuShares, 10)); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.CpuPeriod != 0 {
-		if err := writeFile(path, "cpu.cfs_period_us", strconv.FormatUint(cgroup.Resources.CpuPeriod, 10)); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.CpuQuota != 0 {
-		if err := writeFile(path, "cpu.cfs_quota_us", strconv.FormatInt(cgroup.Resources.CpuQuota, 10)); err != nil {
-			return err
-		}
-	}
-	if err := s.SetRtSched(path, cgroup); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (s *CpuGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("cpu"))
-}
-
-func (s *CpuGroup) GetStats(path string, stats *cgroups.Stats) error {
-	f, err := os.Open(filepath.Join(path, "cpu.stat"))
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	defer f.Close()
-
-	sc := bufio.NewScanner(f)
-	for sc.Scan() {
-		t, v, err := getCgroupParamKeyValue(sc.Text())
-		if err != nil {
-			return err
-		}
-		switch t {
-		case "nr_periods":
-			stats.CpuStats.ThrottlingData.Periods = v
-
-		case "nr_throttled":
-			stats.CpuStats.ThrottlingData.ThrottledPeriods = v
-
-		case "throttled_time":
-			stats.CpuStats.ThrottlingData.ThrottledTime = v
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuacct.go

@@ -1,121 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-const (
-	cgroupCpuacctStat   = "cpuacct.stat"
-	nanosecondsInSecond = 1000000000
-)
-
-var clockTicks = uint64(system.GetClockTicks())
-
-type CpuacctGroup struct {
-}
-
-func (s *CpuacctGroup) Name() string {
-	return "cpuacct"
-}
-
-func (s *CpuacctGroup) Apply(d *cgroupData) error {
-	// we just want to join this group even though we don't set anything
-	if _, err := d.join("cpuacct"); err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-
-	return nil
-}
-
-func (s *CpuacctGroup) Set(path string, cgroup *configs.Cgroup) error {
-	return nil
-}
-
-func (s *CpuacctGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("cpuacct"))
-}
-
-func (s *CpuacctGroup) GetStats(path string, stats *cgroups.Stats) error {
-	userModeUsage, kernelModeUsage, err := getCpuUsageBreakdown(path)
-	if err != nil {
-		return err
-	}
-
-	totalUsage, err := getCgroupParamUint(path, "cpuacct.usage")
-	if err != nil {
-		return err
-	}
-
-	percpuUsage, err := getPercpuUsage(path)
-	if err != nil {
-		return err
-	}
-
-	stats.CpuStats.CpuUsage.TotalUsage = totalUsage
-	stats.CpuStats.CpuUsage.PercpuUsage = percpuUsage
-	stats.CpuStats.CpuUsage.UsageInUsermode = userModeUsage
-	stats.CpuStats.CpuUsage.UsageInKernelmode = kernelModeUsage
-	return nil
-}
-
-// Returns user and kernel usage breakdown in nanoseconds.
-func getCpuUsageBreakdown(path string) (uint64, uint64, error) {
-	userModeUsage := uint64(0)
-	kernelModeUsage := uint64(0)
-	const (
-		userField   = "user"
-		systemField = "system"
-	)
-
-	// Expected format:
-	// user <usage in ticks>
-	// system <usage in ticks>
-	data, err := ioutil.ReadFile(filepath.Join(path, cgroupCpuacctStat))
-	if err != nil {
-		return 0, 0, err
-	}
-	fields := strings.Fields(string(data))
-	if len(fields) != 4 {
-		return 0, 0, fmt.Errorf("failure - %s is expected to have 4 fields", filepath.Join(path, cgroupCpuacctStat))
-	}
-	if fields[0] != userField {
-		return 0, 0, fmt.Errorf("unexpected field %q in %q, expected %q", fields[0], cgroupCpuacctStat, userField)
-	}
-	if fields[2] != systemField {
-		return 0, 0, fmt.Errorf("unexpected field %q in %q, expected %q", fields[2], cgroupCpuacctStat, systemField)
-	}
-	if userModeUsage, err = strconv.ParseUint(fields[1], 10, 64); err != nil {
-		return 0, 0, err
-	}
-	if kernelModeUsage, err = strconv.ParseUint(fields[3], 10, 64); err != nil {
-		return 0, 0, err
-	}
-
-	return (userModeUsage * nanosecondsInSecond) / clockTicks, (kernelModeUsage * nanosecondsInSecond) / clockTicks, nil
-}
-
-func getPercpuUsage(path string) ([]uint64, error) {
-	percpuUsage := []uint64{}
-	data, err := ioutil.ReadFile(filepath.Join(path, "cpuacct.usage_percpu"))
-	if err != nil {
-		return percpuUsage, err
-	}
-	for _, value := range strings.Fields(string(data)) {
-		value, err := strconv.ParseUint(value, 10, 64)
-		if err != nil {
-			return percpuUsage, fmt.Errorf("Unable to convert param value to uint64: %s", err)
-		}
-		percpuUsage = append(percpuUsage, value)
-	}
-	return percpuUsage, nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go

@@ -1,163 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
-)
-
-type CpusetGroup struct {
-}
-
-func (s *CpusetGroup) Name() string {
-	return "cpuset"
-}
-
-func (s *CpusetGroup) Apply(d *cgroupData) error {
-	dir, err := d.path("cpuset")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return s.ApplyDir(dir, d.config, d.pid)
-}
-
-func (s *CpusetGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.CpusetCpus != "" {
-		if err := writeFile(path, "cpuset.cpus", cgroup.Resources.CpusetCpus); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.CpusetMems != "" {
-		if err := writeFile(path, "cpuset.mems", cgroup.Resources.CpusetMems); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (s *CpusetGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("cpuset"))
-}
-
-func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}
-
-func (s *CpusetGroup) ApplyDir(dir string, cgroup *configs.Cgroup, pid int) error {
-	// This might happen if we have no cpuset cgroup mounted.
-	// Just do nothing and don't fail.
-	if dir == "" {
-		return nil
-	}
-	mountInfo, err := ioutil.ReadFile("/proc/self/mountinfo")
-	if err != nil {
-		return err
-	}
-	root := filepath.Dir(cgroups.GetClosestMountpointAncestor(dir, string(mountInfo)))
-	// 'ensureParent' start with parent because we don't want to
-	// explicitly inherit from parent, it could conflict with
-	// 'cpuset.cpu_exclusive'.
-	if err := s.ensureParent(filepath.Dir(dir), root); err != nil {
-		return err
-	}
-	if err := os.MkdirAll(dir, 0755); err != nil {
-		return err
-	}
-	// We didn't inherit cpuset configs from parent, but we have
-	// to ensure cpuset configs are set before moving task into the
-	// cgroup.
-	// The logic is, if user specified cpuset configs, use these
-	// specified configs, otherwise, inherit from parent. This makes
-	// cpuset configs work correctly with 'cpuset.cpu_exclusive', and
-	// keep backward compatbility.
-	if err := s.ensureCpusAndMems(dir, cgroup); err != nil {
-		return err
-	}
-
-	// because we are not using d.join we need to place the pid into the procs file
-	// unlike the other subsystems
-	if err := cgroups.WriteCgroupProc(dir, pid); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (s *CpusetGroup) getSubsystemSettings(parent string) (cpus []byte, mems []byte, err error) {
-	if cpus, err = ioutil.ReadFile(filepath.Join(parent, "cpuset.cpus")); err != nil {
-		return
-	}
-	if mems, err = ioutil.ReadFile(filepath.Join(parent, "cpuset.mems")); err != nil {
-		return
-	}
-	return cpus, mems, nil
-}
-
-// ensureParent makes sure that the parent directory of current is created
-// and populated with the proper cpus and mems files copied from
-// it's parent.
-func (s *CpusetGroup) ensureParent(current, root string) error {
-	parent := filepath.Dir(current)
-	if libcontainerUtils.CleanPath(parent) == root {
-		return nil
-	}
-	// Avoid infinite recursion.
-	if parent == current {
-		return fmt.Errorf("cpuset: cgroup parent path outside cgroup root")
-	}
-	if err := s.ensureParent(parent, root); err != nil {
-		return err
-	}
-	if err := os.MkdirAll(current, 0755); err != nil {
-		return err
-	}
-	return s.copyIfNeeded(current, parent)
-}
-
-// copyIfNeeded copies the cpuset.cpus and cpuset.mems from the parent
-// directory to the current directory if the file's contents are 0
-func (s *CpusetGroup) copyIfNeeded(current, parent string) error {
-	var (
-		err                      error
-		currentCpus, currentMems []byte
-		parentCpus, parentMems   []byte
-	)
-
-	if currentCpus, currentMems, err = s.getSubsystemSettings(current); err != nil {
-		return err
-	}
-	if parentCpus, parentMems, err = s.getSubsystemSettings(parent); err != nil {
-		return err
-	}
-
-	if s.isEmpty(currentCpus) {
-		if err := writeFile(current, "cpuset.cpus", string(parentCpus)); err != nil {
-			return err
-		}
-	}
-	if s.isEmpty(currentMems) {
-		if err := writeFile(current, "cpuset.mems", string(parentMems)); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (s *CpusetGroup) isEmpty(b []byte) bool {
-	return len(bytes.Trim(b, "\n")) == 0
-}
-
-func (s *CpusetGroup) ensureCpusAndMems(path string, cgroup *configs.Cgroup) error {
-	if err := s.Set(path, cgroup); err != nil {
-		return err
-	}
-	return s.copyIfNeeded(path, filepath.Dir(path))
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go

@@ -1,80 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-type DevicesGroup struct {
-}
-
-func (s *DevicesGroup) Name() string {
-	return "devices"
-}
-
-func (s *DevicesGroup) Apply(d *cgroupData) error {
-	_, err := d.join("devices")
-	if err != nil {
-		// We will return error even it's `not found` error, devices
-		// cgroup is hard requirement for container's security.
-		return err
-	}
-	return nil
-}
-
-func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if system.RunningInUserNS() {
-		return nil
-	}
-
-	devices := cgroup.Resources.Devices
-	if len(devices) > 0 {
-		for _, dev := range devices {
-			file := "devices.deny"
-			if dev.Allow {
-				file = "devices.allow"
-			}
-			if err := writeFile(path, file, dev.CgroupString()); err != nil {
-				return err
-			}
-		}
-		return nil
-	}
-	if cgroup.Resources.AllowAllDevices != nil {
-		if *cgroup.Resources.AllowAllDevices == false {
-			if err := writeFile(path, "devices.deny", "a"); err != nil {
-				return err
-			}
-
-			for _, dev := range cgroup.Resources.AllowedDevices {
-				if err := writeFile(path, "devices.allow", dev.CgroupString()); err != nil {
-					return err
-				}
-			}
-			return nil
-		}
-
-		if err := writeFile(path, "devices.allow", "a"); err != nil {
-			return err
-		}
-	}
-
-	for _, dev := range cgroup.Resources.DeniedDevices {
-		if err := writeFile(path, "devices.deny", dev.CgroupString()); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *DevicesGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("devices"))
-}
-
-func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/freezer.go

@@ -1,66 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type FreezerGroup struct {
-}
-
-func (s *FreezerGroup) Name() string {
-	return "freezer"
-}
-
-func (s *FreezerGroup) Apply(d *cgroupData) error {
-	_, err := d.join("freezer")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *FreezerGroup) Set(path string, cgroup *configs.Cgroup) error {
-	switch cgroup.Resources.Freezer {
-	case configs.Frozen, configs.Thawed:
-		for {
-			// In case this loop does not exit because it doesn't get the expected
-			// state, let's write again this state, hoping it's going to be properly
-			// set this time. Otherwise, this loop could run infinitely, waiting for
-			// a state change that would never happen.
-			if err := writeFile(path, "freezer.state", string(cgroup.Resources.Freezer)); err != nil {
-				return err
-			}
-
-			state, err := readFile(path, "freezer.state")
-			if err != nil {
-				return err
-			}
-			if strings.TrimSpace(state) == string(cgroup.Resources.Freezer) {
-				break
-			}
-
-			time.Sleep(1 * time.Millisecond)
-		}
-	case configs.Undefined:
-		return nil
-	default:
-		return fmt.Errorf("Invalid argument '%s' to freezer.state", string(cgroup.Resources.Freezer))
-	}
-
-	return nil
-}
-
-func (s *FreezerGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("freezer"))
-}
-
-func (s *FreezerGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs_unsupported.go

@@ -1,3 +0,0 @@
-// +build !linux
-
-package fs

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/hugetlb.go

@@ -1,71 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type HugetlbGroup struct {
-}
-
-func (s *HugetlbGroup) Name() string {
-	return "hugetlb"
-}
-
-func (s *HugetlbGroup) Apply(d *cgroupData) error {
-	_, err := d.join("hugetlb")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *HugetlbGroup) Set(path string, cgroup *configs.Cgroup) error {
-	for _, hugetlb := range cgroup.Resources.HugetlbLimit {
-		if err := writeFile(path, strings.Join([]string{"hugetlb", hugetlb.Pagesize, "limit_in_bytes"}, "."), strconv.FormatUint(hugetlb.Limit, 10)); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *HugetlbGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("hugetlb"))
-}
-
-func (s *HugetlbGroup) GetStats(path string, stats *cgroups.Stats) error {
-	hugetlbStats := cgroups.HugetlbStats{}
-	for _, pageSize := range HugePageSizes {
-		usage := strings.Join([]string{"hugetlb", pageSize, "usage_in_bytes"}, ".")
-		value, err := getCgroupParamUint(path, usage)
-		if err != nil {
-			return fmt.Errorf("failed to parse %s - %v", usage, err)
-		}
-		hugetlbStats.Usage = value
-
-		maxUsage := strings.Join([]string{"hugetlb", pageSize, "max_usage_in_bytes"}, ".")
-		value, err = getCgroupParamUint(path, maxUsage)
-		if err != nil {
-			return fmt.Errorf("failed to parse %s - %v", maxUsage, err)
-		}
-		hugetlbStats.MaxUsage = value
-
-		failcnt := strings.Join([]string{"hugetlb", pageSize, "failcnt"}, ".")
-		value, err = getCgroupParamUint(path, failcnt)
-		if err != nil {
-			return fmt.Errorf("failed to parse %s - %v", failcnt, err)
-		}
-		hugetlbStats.Failcnt = value
-
-		stats.HugetlbStats[pageSize] = hugetlbStats
-	}
-
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/memory.go

@@ -1,313 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"bufio"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"syscall" // only for Errno
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	cgroupKernelMemoryLimit = "memory.kmem.limit_in_bytes"
-	cgroupMemorySwapLimit   = "memory.memsw.limit_in_bytes"
-	cgroupMemoryLimit       = "memory.limit_in_bytes"
-)
-
-type MemoryGroup struct {
-}
-
-func (s *MemoryGroup) Name() string {
-	return "memory"
-}
-
-func (s *MemoryGroup) Apply(d *cgroupData) (err error) {
-	path, err := d.path("memory")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	} else if path == "" {
-		return nil
-	}
-	if memoryAssigned(d.config) {
-		if _, err := os.Stat(path); os.IsNotExist(err) {
-			if err := os.MkdirAll(path, 0755); err != nil {
-				return err
-			}
-			// Only enable kernel memory accouting when this cgroup
-			// is created by libcontainer, otherwise we might get
-			// error when people use `cgroupsPath` to join an existed
-			// cgroup whose kernel memory is not initialized.
-			if err := EnableKernelMemoryAccounting(path); err != nil {
-				return err
-			}
-		}
-	}
-	defer func() {
-		if err != nil {
-			os.RemoveAll(path)
-		}
-	}()
-
-	// We need to join memory cgroup after set memory limits, because
-	// kmem.limit_in_bytes can only be set when the cgroup is empty.
-	_, err = d.join("memory")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func EnableKernelMemoryAccounting(path string) error {
-	// Check if kernel memory is enabled
-	// We have to limit the kernel memory here as it won't be accounted at all
-	// until a limit is set on the cgroup and limit cannot be set once the
-	// cgroup has children, or if there are already tasks in the cgroup.
-	for _, i := range []int64{1, -1} {
-		if err := setKernelMemory(path, i); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func setKernelMemory(path string, kernelMemoryLimit int64) error {
-	if path == "" {
-		return fmt.Errorf("no such directory for %s", cgroupKernelMemoryLimit)
-	}
-	if !cgroups.PathExists(filepath.Join(path, cgroupKernelMemoryLimit)) {
-		// kernel memory is not enabled on the system so we should do nothing
-		return nil
-	}
-	if err := ioutil.WriteFile(filepath.Join(path, cgroupKernelMemoryLimit), []byte(strconv.FormatInt(kernelMemoryLimit, 10)), 0700); err != nil {
-		// Check if the error number returned by the syscall is "EBUSY"
-		// The EBUSY signal is returned on attempts to write to the
-		// memory.kmem.limit_in_bytes file if the cgroup has children or
-		// once tasks have been attached to the cgroup
-		if pathErr, ok := err.(*os.PathError); ok {
-			if errNo, ok := pathErr.Err.(syscall.Errno); ok {
-				if errNo == unix.EBUSY {
-					return fmt.Errorf("failed to set %s, because either tasks have already joined this cgroup or it has children", cgroupKernelMemoryLimit)
-				}
-			}
-		}
-		return fmt.Errorf("failed to write %v to %v: %v", kernelMemoryLimit, cgroupKernelMemoryLimit, err)
-	}
-	return nil
-}
-
-func setMemoryAndSwap(path string, cgroup *configs.Cgroup) error {
-	// If the memory update is set to -1 we should also
-	// set swap to -1, it means unlimited memory.
-	if cgroup.Resources.Memory == -1 {
-		// Only set swap if it's enabled in kernel
-		if cgroups.PathExists(filepath.Join(path, cgroupMemorySwapLimit)) {
-			cgroup.Resources.MemorySwap = -1
-		}
-	}
-
-	// When memory and swap memory are both set, we need to handle the cases
-	// for updating container.
-	if cgroup.Resources.Memory != 0 && cgroup.Resources.MemorySwap != 0 {
-		memoryUsage, err := getMemoryData(path, "")
-		if err != nil {
-			return err
-		}
-
-		// When update memory limit, we should adapt the write sequence
-		// for memory and swap memory, so it won't fail because the new
-		// value and the old value don't fit kernel's validation.
-		if cgroup.Resources.MemorySwap == -1 || memoryUsage.Limit < uint64(cgroup.Resources.MemorySwap) {
-			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
-				return err
-			}
-			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
-				return err
-			}
-		} else {
-			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
-				return err
-			}
-			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
-				return err
-			}
-		}
-	} else {
-		if cgroup.Resources.Memory != 0 {
-			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
-				return err
-			}
-		}
-		if cgroup.Resources.MemorySwap != 0 {
-			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func (s *MemoryGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if err := setMemoryAndSwap(path, cgroup); err != nil {
-		return err
-	}
-
-	if cgroup.Resources.KernelMemory != 0 {
-		if err := setKernelMemory(path, cgroup.Resources.KernelMemory); err != nil {
-			return err
-		}
-	}
-
-	if cgroup.Resources.MemoryReservation != 0 {
-		if err := writeFile(path, "memory.soft_limit_in_bytes", strconv.FormatInt(cgroup.Resources.MemoryReservation, 10)); err != nil {
-			return err
-		}
-	}
-
-	if cgroup.Resources.KernelMemoryTCP != 0 {
-		if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatInt(cgroup.Resources.KernelMemoryTCP, 10)); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.OomKillDisable {
-		if err := writeFile(path, "memory.oom_control", "1"); err != nil {
-			return err
-		}
-	}
-	if cgroup.Resources.MemorySwappiness == nil || int64(*cgroup.Resources.MemorySwappiness) == -1 {
-		return nil
-	} else if *cgroup.Resources.MemorySwappiness <= 100 {
-		if err := writeFile(path, "memory.swappiness", strconv.FormatUint(*cgroup.Resources.MemorySwappiness, 10)); err != nil {
-			return err
-		}
-	} else {
-		return fmt.Errorf("invalid value:%d. valid memory swappiness range is 0-100", *cgroup.Resources.MemorySwappiness)
-	}
-
-	return nil
-}
-
-func (s *MemoryGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("memory"))
-}
-
-func (s *MemoryGroup) GetStats(path string, stats *cgroups.Stats) error {
-	// Set stats from memory.stat.
-	statsFile, err := os.Open(filepath.Join(path, "memory.stat"))
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	defer statsFile.Close()
-
-	sc := bufio.NewScanner(statsFile)
-	for sc.Scan() {
-		t, v, err := getCgroupParamKeyValue(sc.Text())
-		if err != nil {
-			return fmt.Errorf("failed to parse memory.stat (%q) - %v", sc.Text(), err)
-		}
-		stats.MemoryStats.Stats[t] = v
-	}
-	stats.MemoryStats.Cache = stats.MemoryStats.Stats["cache"]
-
-	memoryUsage, err := getMemoryData(path, "")
-	if err != nil {
-		return err
-	}
-	stats.MemoryStats.Usage = memoryUsage
-	swapUsage, err := getMemoryData(path, "memsw")
-	if err != nil {
-		return err
-	}
-	stats.MemoryStats.SwapUsage = swapUsage
-	kernelUsage, err := getMemoryData(path, "kmem")
-	if err != nil {
-		return err
-	}
-	stats.MemoryStats.KernelUsage = kernelUsage
-	kernelTCPUsage, err := getMemoryData(path, "kmem.tcp")
-	if err != nil {
-		return err
-	}
-	stats.MemoryStats.KernelTCPUsage = kernelTCPUsage
-
-	useHierarchy := strings.Join([]string{"memory", "use_hierarchy"}, ".")
-	value, err := getCgroupParamUint(path, useHierarchy)
-	if err != nil {
-		return err
-	}
-	if value == 1 {
-		stats.MemoryStats.UseHierarchy = true
-	}
-	return nil
-}
-
-func memoryAssigned(cgroup *configs.Cgroup) bool {
-	return cgroup.Resources.Memory != 0 ||
-		cgroup.Resources.MemoryReservation != 0 ||
-		cgroup.Resources.MemorySwap > 0 ||
-		cgroup.Resources.KernelMemory > 0 ||
-		cgroup.Resources.KernelMemoryTCP > 0 ||
-		cgroup.Resources.OomKillDisable ||
-		(cgroup.Resources.MemorySwappiness != nil && int64(*cgroup.Resources.MemorySwappiness) != -1)
-}
-
-func getMemoryData(path, name string) (cgroups.MemoryData, error) {
-	memoryData := cgroups.MemoryData{}
-
-	moduleName := "memory"
-	if name != "" {
-		moduleName = strings.Join([]string{"memory", name}, ".")
-	}
-	usage := strings.Join([]string{moduleName, "usage_in_bytes"}, ".")
-	maxUsage := strings.Join([]string{moduleName, "max_usage_in_bytes"}, ".")
-	failcnt := strings.Join([]string{moduleName, "failcnt"}, ".")
-	limit := strings.Join([]string{moduleName, "limit_in_bytes"}, ".")
-
-	value, err := getCgroupParamUint(path, usage)
-	if err != nil {
-		if moduleName != "memory" && os.IsNotExist(err) {
-			return cgroups.MemoryData{}, nil
-		}
-		return cgroups.MemoryData{}, fmt.Errorf("failed to parse %s - %v", usage, err)
-	}
-	memoryData.Usage = value
-	value, err = getCgroupParamUint(path, maxUsage)
-	if err != nil {
-		if moduleName != "memory" && os.IsNotExist(err) {
-			return cgroups.MemoryData{}, nil
-		}
-		return cgroups.MemoryData{}, fmt.Errorf("failed to parse %s - %v", maxUsage, err)
-	}
-	memoryData.MaxUsage = value
-	value, err = getCgroupParamUint(path, failcnt)
-	if err != nil {
-		if moduleName != "memory" && os.IsNotExist(err) {
-			return cgroups.MemoryData{}, nil
-		}
-		return cgroups.MemoryData{}, fmt.Errorf("failed to parse %s - %v", failcnt, err)
-	}
-	memoryData.Failcnt = value
-	value, err = getCgroupParamUint(path, limit)
-	if err != nil {
-		if moduleName != "memory" && os.IsNotExist(err) {
-			return cgroups.MemoryData{}, nil
-		}
-		return cgroups.MemoryData{}, fmt.Errorf("failed to parse %s - %v", limit, err)
-	}
-	memoryData.Limit = value
-
-	return memoryData, nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/name.go

@@ -1,40 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type NameGroup struct {
-	GroupName string
-	Join      bool
-}
-
-func (s *NameGroup) Name() string {
-	return s.GroupName
-}
-
-func (s *NameGroup) Apply(d *cgroupData) error {
-	if s.Join {
-		// ignore errors if the named cgroup does not exist
-		d.join(s.GroupName)
-	}
-	return nil
-}
-
-func (s *NameGroup) Set(path string, cgroup *configs.Cgroup) error {
-	return nil
-}
-
-func (s *NameGroup) Remove(d *cgroupData) error {
-	if s.Join {
-		removePath(d.path(s.GroupName))
-	}
-	return nil
-}
-
-func (s *NameGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_cls.go

@@ -1,43 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"strconv"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type NetClsGroup struct {
-}
-
-func (s *NetClsGroup) Name() string {
-	return "net_cls"
-}
-
-func (s *NetClsGroup) Apply(d *cgroupData) error {
-	_, err := d.join("net_cls")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *NetClsGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.NetClsClassid != 0 {
-		if err := writeFile(path, "net_cls.classid", strconv.FormatUint(uint64(cgroup.Resources.NetClsClassid), 10)); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *NetClsGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("net_cls"))
-}
-
-func (s *NetClsGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/net_prio.go

@@ -1,41 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type NetPrioGroup struct {
-}
-
-func (s *NetPrioGroup) Name() string {
-	return "net_prio"
-}
-
-func (s *NetPrioGroup) Apply(d *cgroupData) error {
-	_, err := d.join("net_prio")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *NetPrioGroup) Set(path string, cgroup *configs.Cgroup) error {
-	for _, prioMap := range cgroup.Resources.NetPrioIfpriomap {
-		if err := writeFile(path, "net_prio.ifpriomap", prioMap.CgroupString()); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *NetPrioGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("net_prio"))
-}
-
-func (s *NetPrioGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/perf_event.go

@@ -1,35 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type PerfEventGroup struct {
-}
-
-func (s *PerfEventGroup) Name() string {
-	return "perf_event"
-}
-
-func (s *PerfEventGroup) Apply(d *cgroupData) error {
-	// we just want to join this group even though we don't set anything
-	if _, err := d.join("perf_event"); err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *PerfEventGroup) Set(path string, cgroup *configs.Cgroup) error {
-	return nil
-}
-
-func (s *PerfEventGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("perf_event"))
-}
-
-func (s *PerfEventGroup) GetStats(path string, stats *cgroups.Stats) error {
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/pids.go

@@ -1,73 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"fmt"
-	"path/filepath"
-	"strconv"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type PidsGroup struct {
-}
-
-func (s *PidsGroup) Name() string {
-	return "pids"
-}
-
-func (s *PidsGroup) Apply(d *cgroupData) error {
-	_, err := d.join("pids")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-	return nil
-}
-
-func (s *PidsGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if cgroup.Resources.PidsLimit != 0 {
-		// "max" is the fallback value.
-		limit := "max"
-
-		if cgroup.Resources.PidsLimit > 0 {
-			limit = strconv.FormatInt(cgroup.Resources.PidsLimit, 10)
-		}
-
-		if err := writeFile(path, "pids.max", limit); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (s *PidsGroup) Remove(d *cgroupData) error {
-	return removePath(d.path("pids"))
-}
-
-func (s *PidsGroup) GetStats(path string, stats *cgroups.Stats) error {
-	current, err := getCgroupParamUint(path, "pids.current")
-	if err != nil {
-		return fmt.Errorf("failed to parse pids.current - %s", err)
-	}
-
-	maxString, err := getCgroupParamString(path, "pids.max")
-	if err != nil {
-		return fmt.Errorf("failed to parse pids.max - %s", err)
-	}
-
-	// Default if pids.max == "max" is 0 -- which represents "no limit".
-	var max uint64
-	if maxString != "max" {
-		max, err = parseUint(maxString, 10, 64)
-		if err != nil {
-			return fmt.Errorf("failed to parse pids.max - unable to parse %q as a uint from Cgroup file %q", maxString, filepath.Join(path, "pids.max"))
-		}
-	}
-
-	stats.PidsStats.Current = current
-	stats.PidsStats.Limit = max
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/utils.go

@@ -1,78 +0,0 @@
-// +build linux
-
-package fs
-
-import (
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-var (
-	ErrNotValidFormat = errors.New("line is not a valid key value format")
-)
-
-// Saturates negative values at zero and returns a uint64.
-// Due to kernel bugs, some of the memory cgroup stats can be negative.
-func parseUint(s string, base, bitSize int) (uint64, error) {
-	value, err := strconv.ParseUint(s, base, bitSize)
-	if err != nil {
-		intValue, intErr := strconv.ParseInt(s, base, bitSize)
-		// 1. Handle negative values greater than MinInt64 (and)
-		// 2. Handle negative values lesser than MinInt64
-		if intErr == nil && intValue < 0 {
-			return 0, nil
-		} else if intErr != nil && intErr.(*strconv.NumError).Err == strconv.ErrRange && intValue < 0 {
-			return 0, nil
-		}
-
-		return value, err
-	}
-
-	return value, nil
-}
-
-// Parses a cgroup param and returns as name, value
-//  i.e. "io_service_bytes 1234" will return as io_service_bytes, 1234
-func getCgroupParamKeyValue(t string) (string, uint64, error) {
-	parts := strings.Fields(t)
-	switch len(parts) {
-	case 2:
-		value, err := parseUint(parts[1], 10, 64)
-		if err != nil {
-			return "", 0, fmt.Errorf("unable to convert param value (%q) to uint64: %v", parts[1], err)
-		}
-
-		return parts[0], value, nil
-	default:
-		return "", 0, ErrNotValidFormat
-	}
-}
-
-// Gets a single uint64 value from the specified cgroup file.
-func getCgroupParamUint(cgroupPath, cgroupFile string) (uint64, error) {
-	fileName := filepath.Join(cgroupPath, cgroupFile)
-	contents, err := ioutil.ReadFile(fileName)
-	if err != nil {
-		return 0, err
-	}
-
-	res, err := parseUint(strings.TrimSpace(string(contents)), 10, 64)
-	if err != nil {
-		return res, fmt.Errorf("unable to parse %q as a uint from Cgroup file %q", string(contents), fileName)
-	}
-	return res, nil
-}
-
-// Gets a string value from the specified cgroup file
-func getCgroupParamString(cgroupPath, cgroupFile string) (string, error) {
-	contents, err := ioutil.ReadFile(filepath.Join(cgroupPath, cgroupFile))
-	if err != nil {
-		return "", err
-	}
-
-	return strings.TrimSpace(string(contents)), nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/stats.go

@@ -1,108 +0,0 @@
-// +build linux
-
-package cgroups
-
-type ThrottlingData struct {
-	// Number of periods with throttling active
-	Periods uint64 `json:"periods,omitempty"`
-	// Number of periods when the container hit its throttling limit.
-	ThrottledPeriods uint64 `json:"throttled_periods,omitempty"`
-	// Aggregate time the container was throttled for in nanoseconds.
-	ThrottledTime uint64 `json:"throttled_time,omitempty"`
-}
-
-// CpuUsage denotes the usage of a CPU.
-// All CPU stats are aggregate since container inception.
-type CpuUsage struct {
-	// Total CPU time consumed.
-	// Units: nanoseconds.
-	TotalUsage uint64 `json:"total_usage,omitempty"`
-	// Total CPU time consumed per core.
-	// Units: nanoseconds.
-	PercpuUsage []uint64 `json:"percpu_usage,omitempty"`
-	// Time spent by tasks of the cgroup in kernel mode.
-	// Units: nanoseconds.
-	UsageInKernelmode uint64 `json:"usage_in_kernelmode"`
-	// Time spent by tasks of the cgroup in user mode.
-	// Units: nanoseconds.
-	UsageInUsermode uint64 `json:"usage_in_usermode"`
-}
-
-type CpuStats struct {
-	CpuUsage       CpuUsage       `json:"cpu_usage,omitempty"`
-	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
-}
-
-type MemoryData struct {
-	Usage    uint64 `json:"usage,omitempty"`
-	MaxUsage uint64 `json:"max_usage,omitempty"`
-	Failcnt  uint64 `json:"failcnt"`
-	Limit    uint64 `json:"limit"`
-}
-
-type MemoryStats struct {
-	// memory used for cache
-	Cache uint64 `json:"cache,omitempty"`
-	// usage of memory
-	Usage MemoryData `json:"usage,omitempty"`
-	// usage of memory + swap
-	SwapUsage MemoryData `json:"swap_usage,omitempty"`
-	// usage of kernel memory
-	KernelUsage MemoryData `json:"kernel_usage,omitempty"`
-	// usage of kernel TCP memory
-	KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitempty"`
-	// if true, memory usage is accounted for throughout a hierarchy of cgroups.
-	UseHierarchy bool `json:"use_hierarchy"`
-
-	Stats map[string]uint64 `json:"stats,omitempty"`
-}
-
-type PidsStats struct {
-	// number of pids in the cgroup
-	Current uint64 `json:"current,omitempty"`
-	// active pids hard limit
-	Limit uint64 `json:"limit,omitempty"`
-}
-
-type BlkioStatEntry struct {
-	Major uint64 `json:"major,omitempty"`
-	Minor uint64 `json:"minor,omitempty"`
-	Op    string `json:"op,omitempty"`
-	Value uint64 `json:"value,omitempty"`
-}
-
-type BlkioStats struct {
-	// number of bytes tranferred to and from the block device
-	IoServiceBytesRecursive []BlkioStatEntry `json:"io_service_bytes_recursive,omitempty"`
-	IoServicedRecursive     []BlkioStatEntry `json:"io_serviced_recursive,omitempty"`
-	IoQueuedRecursive       []BlkioStatEntry `json:"io_queue_recursive,omitempty"`
-	IoServiceTimeRecursive  []BlkioStatEntry `json:"io_service_time_recursive,omitempty"`
-	IoWaitTimeRecursive     []BlkioStatEntry `json:"io_wait_time_recursive,omitempty"`
-	IoMergedRecursive       []BlkioStatEntry `json:"io_merged_recursive,omitempty"`
-	IoTimeRecursive         []BlkioStatEntry `json:"io_time_recursive,omitempty"`
-	SectorsRecursive        []BlkioStatEntry `json:"sectors_recursive,omitempty"`
-}
-
-type HugetlbStats struct {
-	// current res_counter usage for hugetlb
-	Usage uint64 `json:"usage,omitempty"`
-	// maximum usage ever recorded.
-	MaxUsage uint64 `json:"max_usage,omitempty"`
-	// number of times hugetlb usage allocation failure.
-	Failcnt uint64 `json:"failcnt"`
-}
-
-type Stats struct {
-	CpuStats    CpuStats    `json:"cpu_stats,omitempty"`
-	MemoryStats MemoryStats `json:"memory_stats,omitempty"`
-	PidsStats   PidsStats   `json:"pids_stats,omitempty"`
-	BlkioStats  BlkioStats  `json:"blkio_stats,omitempty"`
-	// the map is in the format "size of hugepage: stats of the hugepage"
-	HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitempty"`
-}
-
-func NewStats() *Stats {
-	memoryStats := MemoryStats{Stats: make(map[string]uint64)}
-	hugetlbStats := make(map[string]HugetlbStats)
-	return &Stats{MemoryStats: memoryStats, HugetlbStats: hugetlbStats}
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_nosystemd.go

@@ -1,55 +0,0 @@
-// +build !linux static_build
-
-package systemd
-
-import (
-	"fmt"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type Manager struct {
-	Cgroups *configs.Cgroup
-	Paths   map[string]string
-}
-
-func UseSystemd() bool {
-	return false
-}
-
-func (m *Manager) Apply(pid int) error {
-	return fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) GetPids() ([]int, error) {
-	return nil, fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) GetAllPids() ([]int, error) {
-	return nil, fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) Destroy() error {
-	return fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) GetPaths() map[string]string {
-	return nil
-}
-
-func (m *Manager) GetStats() (*cgroups.Stats, error) {
-	return nil, fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) Set(container *configs.Config) error {
-	return fmt.Errorf("Systemd not supported")
-}
-
-func (m *Manager) Freeze(state configs.FreezerState) error {
-	return fmt.Errorf("Systemd not supported")
-}
-
-func Freeze(c *configs.Cgroup, state configs.FreezerState) error {
-	return fmt.Errorf("Systemd not supported")
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go

@@ -1,567 +0,0 @@
-// +build linux,!static_build
-
-package systemd
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"time"
-
-	systemdDbus "github.com/coreos/go-systemd/dbus"
-	systemdUtil "github.com/coreos/go-systemd/util"
-	"github.com/godbus/dbus"
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/cgroups/fs"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/sirupsen/logrus"
-)
-
-type Manager struct {
-	mu      sync.Mutex
-	Cgroups *configs.Cgroup
-	Paths   map[string]string
-}
-
-type subsystem interface {
-	// Name returns the name of the subsystem.
-	Name() string
-	// Returns the stats, as 'stats', corresponding to the cgroup under 'path'.
-	GetStats(path string, stats *cgroups.Stats) error
-	// Set the cgroup represented by cgroup.
-	Set(path string, cgroup *configs.Cgroup) error
-}
-
-var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
-
-type subsystemSet []subsystem
-
-func (s subsystemSet) Get(name string) (subsystem, error) {
-	for _, ss := range s {
-		if ss.Name() == name {
-			return ss, nil
-		}
-	}
-	return nil, errSubsystemDoesNotExist
-}
-
-var subsystems = subsystemSet{
-	&fs.CpusetGroup{},
-	&fs.DevicesGroup{},
-	&fs.MemoryGroup{},
-	&fs.CpuGroup{},
-	&fs.CpuacctGroup{},
-	&fs.PidsGroup{},
-	&fs.BlkioGroup{},
-	&fs.HugetlbGroup{},
-	&fs.PerfEventGroup{},
-	&fs.FreezerGroup{},
-	&fs.NetPrioGroup{},
-	&fs.NetClsGroup{},
-	&fs.NameGroup{GroupName: "name=systemd"},
-}
-
-const (
-	testScopeWait = 4
-	testSliceWait = 4
-)
-
-var (
-	connLock                        sync.Mutex
-	theConn                         *systemdDbus.Conn
-	hasStartTransientUnit           bool
-	hasStartTransientSliceUnit      bool
-	hasTransientDefaultDependencies bool
-	hasDelegate                     bool
-)
-
-func newProp(name string, units interface{}) systemdDbus.Property {
-	return systemdDbus.Property{
-		Name:  name,
-		Value: dbus.MakeVariant(units),
-	}
-}
-
-func UseSystemd() bool {
-	if !systemdUtil.IsRunningSystemd() {
-		return false
-	}
-
-	connLock.Lock()
-	defer connLock.Unlock()
-
-	if theConn == nil {
-		var err error
-		theConn, err = systemdDbus.New()
-		if err != nil {
-			return false
-		}
-
-		// Assume we have StartTransientUnit
-		hasStartTransientUnit = true
-
-		// But if we get UnknownMethod error we don't
-		if _, err := theConn.StartTransientUnit("test.scope", "invalid", nil, nil); err != nil {
-			if dbusError, ok := err.(dbus.Error); ok {
-				if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" {
-					hasStartTransientUnit = false
-					return hasStartTransientUnit
-				}
-			}
-		}
-
-		// Ensure the scope name we use doesn't exist. Use the Pid to
-		// avoid collisions between multiple libcontainer users on a
-		// single host.
-		scope := fmt.Sprintf("libcontainer-%d-systemd-test-default-dependencies.scope", os.Getpid())
-		testScopeExists := true
-		for i := 0; i <= testScopeWait; i++ {
-			if _, err := theConn.StopUnit(scope, "replace", nil); err != nil {
-				if dbusError, ok := err.(dbus.Error); ok {
-					if strings.Contains(dbusError.Name, "org.freedesktop.systemd1.NoSuchUnit") {
-						testScopeExists = false
-						break
-					}
-				}
-			}
-			time.Sleep(time.Millisecond)
-		}
-
-		// Bail out if we can't kill this scope without testing for DefaultDependencies
-		if testScopeExists {
-			return hasStartTransientUnit
-		}
-
-		// Assume StartTransientUnit on a scope allows DefaultDependencies
-		hasTransientDefaultDependencies = true
-		ddf := newProp("DefaultDependencies", false)
-		if _, err := theConn.StartTransientUnit(scope, "replace", []systemdDbus.Property{ddf}, nil); err != nil {
-			if dbusError, ok := err.(dbus.Error); ok {
-				if strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.PropertyReadOnly") {
-					hasTransientDefaultDependencies = false
-				}
-			}
-		}
-
-		// Not critical because of the stop unit logic above.
-		theConn.StopUnit(scope, "replace", nil)
-
-		// Assume StartTransientUnit on a scope allows Delegate
-		hasDelegate = true
-		dl := newProp("Delegate", true)
-		if _, err := theConn.StartTransientUnit(scope, "replace", []systemdDbus.Property{dl}, nil); err != nil {
-			if dbusError, ok := err.(dbus.Error); ok {
-				if strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.PropertyReadOnly") {
-					hasDelegate = false
-				}
-			}
-		}
-
-		// Assume we have the ability to start a transient unit as a slice
-		// This was broken until systemd v229, but has been back-ported on RHEL environments >= 219
-		// For details, see: https://bugzilla.redhat.com/show_bug.cgi?id=1370299
-		hasStartTransientSliceUnit = true
-
-		// To ensure simple clean-up, we create a slice off the root with no hierarchy
-		slice := fmt.Sprintf("libcontainer_%d_systemd_test_default.slice", os.Getpid())
-		if _, err := theConn.StartTransientUnit(slice, "replace", nil, nil); err != nil {
-			if _, ok := err.(dbus.Error); ok {
-				hasStartTransientSliceUnit = false
-			}
-		}
-
-		for i := 0; i <= testSliceWait; i++ {
-			if _, err := theConn.StopUnit(slice, "replace", nil); err != nil {
-				if dbusError, ok := err.(dbus.Error); ok {
-					if strings.Contains(dbusError.Name, "org.freedesktop.systemd1.NoSuchUnit") {
-						hasStartTransientSliceUnit = false
-						break
-					}
-				}
-			} else {
-				break
-			}
-			time.Sleep(time.Millisecond)
-		}
-
-		// Not critical because of the stop unit logic above.
-		theConn.StopUnit(scope, "replace", nil)
-		theConn.StopUnit(slice, "replace", nil)
-	}
-	return hasStartTransientUnit
-}
-
-func (m *Manager) Apply(pid int) error {
-	var (
-		c          = m.Cgroups
-		unitName   = getUnitName(c)
-		slice      = "system.slice"
-		properties []systemdDbus.Property
-	)
-
-	if c.Paths != nil {
-		paths := make(map[string]string)
-		for name, path := range c.Paths {
-			_, err := getSubsystemPath(m.Cgroups, name)
-			if err != nil {
-				// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
-				if cgroups.IsNotFound(err) {
-					continue
-				}
-				return err
-			}
-			paths[name] = path
-		}
-		m.Paths = paths
-		return cgroups.EnterPid(m.Paths, pid)
-	}
-
-	if c.Parent != "" {
-		slice = c.Parent
-	}
-
-	properties = append(properties, systemdDbus.PropDescription("libcontainer container "+c.Name))
-
-	// if we create a slice, the parent is defined via a Wants=
-	if strings.HasSuffix(unitName, ".slice") {
-		// This was broken until systemd v229, but has been back-ported on RHEL environments >= 219
-		if !hasStartTransientSliceUnit {
-			return fmt.Errorf("systemd version does not support ability to start a slice as transient unit")
-		}
-		properties = append(properties, systemdDbus.PropWants(slice))
-	} else {
-		// otherwise, we use Slice=
-		properties = append(properties, systemdDbus.PropSlice(slice))
-	}
-
-	// only add pid if its valid, -1 is used w/ general slice creation.
-	if pid != -1 {
-		properties = append(properties, newProp("PIDs", []uint32{uint32(pid)}))
-	}
-
-	if hasDelegate {
-		// This is only supported on systemd versions 218 and above.
-		properties = append(properties, newProp("Delegate", true))
-	}
-
-	// Always enable accounting, this gets us the same behaviour as the fs implementation,
-	// plus the kernel has some problems with joining the memory cgroup at a later time.
-	properties = append(properties,
-		newProp("MemoryAccounting", true),
-		newProp("CPUAccounting", true),
-		newProp("BlockIOAccounting", true))
-
-	if hasTransientDefaultDependencies {
-		properties = append(properties,
-			newProp("DefaultDependencies", false))
-	}
-
-	if c.Resources.Memory != 0 {
-		properties = append(properties,
-			newProp("MemoryLimit", uint64(c.Resources.Memory)))
-	}
-
-	if c.Resources.CpuShares != 0 {
-		properties = append(properties,
-			newProp("CPUShares", c.Resources.CpuShares))
-	}
-
-	// cpu.cfs_quota_us and cpu.cfs_period_us are controlled by systemd.
-	if c.Resources.CpuQuota != 0 && c.Resources.CpuPeriod != 0 {
-		cpuQuotaPerSecUSec := uint64(c.Resources.CpuQuota*1000000) / c.Resources.CpuPeriod
-		// systemd converts CPUQuotaPerSecUSec (microseconds per CPU second) to CPUQuota
-		// (integer percentage of CPU) internally.  This means that if a fractional percent of
-		// CPU is indicated by Resources.CpuQuota, we need to round up to the nearest
-		// 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect.
-		if cpuQuotaPerSecUSec%10000 != 0 {
-			cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000
-		}
-		properties = append(properties,
-			newProp("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec))
-	}
-
-	if c.Resources.BlkioWeight != 0 {
-		properties = append(properties,
-			newProp("BlockIOWeight", uint64(c.Resources.BlkioWeight)))
-	}
-
-	// We have to set kernel memory here, as we can't change it once
-	// processes have been attached to the cgroup.
-	if c.Resources.KernelMemory != 0 {
-		if err := setKernelMemory(c); err != nil {
-			return err
-		}
-	}
-
-	statusChan := make(chan string)
-	if _, err := theConn.StartTransientUnit(unitName, "replace", properties, statusChan); err != nil && !isUnitExists(err) {
-		return err
-	}
-
-	select {
-	case <-statusChan:
-	case <-time.After(time.Second):
-		logrus.Warnf("Timed out while waiting for StartTransientUnit completion signal from dbus. Continuing...")
-	}
-
-	if err := joinCgroups(c, pid); err != nil {
-		return err
-	}
-
-	paths := make(map[string]string)
-	for _, s := range subsystems {
-		subsystemPath, err := getSubsystemPath(m.Cgroups, s.Name())
-		if err != nil {
-			// Don't fail if a cgroup hierarchy was not found, just skip this subsystem
-			if cgroups.IsNotFound(err) {
-				continue
-			}
-			return err
-		}
-		paths[s.Name()] = subsystemPath
-	}
-	m.Paths = paths
-	return nil
-}
-
-func (m *Manager) Destroy() error {
-	if m.Cgroups.Paths != nil {
-		return nil
-	}
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	theConn.StopUnit(getUnitName(m.Cgroups), "replace", nil)
-	if err := cgroups.RemovePaths(m.Paths); err != nil {
-		return err
-	}
-	m.Paths = make(map[string]string)
-	return nil
-}
-
-func (m *Manager) GetPaths() map[string]string {
-	m.mu.Lock()
-	paths := m.Paths
-	m.mu.Unlock()
-	return paths
-}
-
-func join(c *configs.Cgroup, subsystem string, pid int) (string, error) {
-	path, err := getSubsystemPath(c, subsystem)
-	if err != nil {
-		return "", err
-	}
-	if err := os.MkdirAll(path, 0755); err != nil {
-		return "", err
-	}
-	if err := cgroups.WriteCgroupProc(path, pid); err != nil {
-		return "", err
-	}
-	return path, nil
-}
-
-func joinCgroups(c *configs.Cgroup, pid int) error {
-	for _, sys := range subsystems {
-		name := sys.Name()
-		switch name {
-		case "name=systemd":
-			// let systemd handle this
-		case "cpuset":
-			path, err := getSubsystemPath(c, name)
-			if err != nil && !cgroups.IsNotFound(err) {
-				return err
-			}
-			s := &fs.CpusetGroup{}
-			if err := s.ApplyDir(path, c, pid); err != nil {
-				return err
-			}
-		default:
-			_, err := join(c, name, pid)
-			if err != nil {
-				// Even if it's `not found` error, we'll return err
-				// because devices cgroup is hard requirement for
-				// container security.
-				if name == "devices" {
-					return err
-				}
-				// For other subsystems, omit the `not found` error
-				// because they are optional.
-				if !cgroups.IsNotFound(err) {
-					return err
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-// systemd represents slice hierarchy using `-`, so we need to follow suit when
-// generating the path of slice. Essentially, test-a-b.slice becomes
-// /test.slice/test-a.slice/test-a-b.slice.
-func ExpandSlice(slice string) (string, error) {
-	suffix := ".slice"
-	// Name has to end with ".slice", but can't be just ".slice".
-	if len(slice) < len(suffix) || !strings.HasSuffix(slice, suffix) {
-		return "", fmt.Errorf("invalid slice name: %s", slice)
-	}
-
-	// Path-separators are not allowed.
-	if strings.Contains(slice, "/") {
-		return "", fmt.Errorf("invalid slice name: %s", slice)
-	}
-
-	var path, prefix string
-	sliceName := strings.TrimSuffix(slice, suffix)
-	// if input was -.slice, we should just return root now
-	if sliceName == "-" {
-		return "/", nil
-	}
-	for _, component := range strings.Split(sliceName, "-") {
-		// test--a.slice isn't permitted, nor is -test.slice.
-		if component == "" {
-			return "", fmt.Errorf("invalid slice name: %s", slice)
-		}
-
-		// Append the component to the path and to the prefix.
-		path += "/" + prefix + component + suffix
-		prefix += component + "-"
-	}
-	return path, nil
-}
-
-func getSubsystemPath(c *configs.Cgroup, subsystem string) (string, error) {
-	mountpoint, err := cgroups.FindCgroupMountpoint(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	initPath, err := cgroups.GetInitCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-	// if pid 1 is systemd 226 or later, it will be in init.scope, not the root
-	initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope")
-
-	slice := "system.slice"
-	if c.Parent != "" {
-		slice = c.Parent
-	}
-
-	slice, err = ExpandSlice(slice)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(mountpoint, initPath, slice, getUnitName(c)), nil
-}
-
-func (m *Manager) Freeze(state configs.FreezerState) error {
-	path, err := getSubsystemPath(m.Cgroups, "freezer")
-	if err != nil {
-		return err
-	}
-	prevState := m.Cgroups.Resources.Freezer
-	m.Cgroups.Resources.Freezer = state
-	freezer, err := subsystems.Get("freezer")
-	if err != nil {
-		return err
-	}
-	err = freezer.Set(path, m.Cgroups)
-	if err != nil {
-		m.Cgroups.Resources.Freezer = prevState
-		return err
-	}
-	return nil
-}
-
-func (m *Manager) GetPids() ([]int, error) {
-	path, err := getSubsystemPath(m.Cgroups, "devices")
-	if err != nil {
-		return nil, err
-	}
-	return cgroups.GetPids(path)
-}
-
-func (m *Manager) GetAllPids() ([]int, error) {
-	path, err := getSubsystemPath(m.Cgroups, "devices")
-	if err != nil {
-		return nil, err
-	}
-	return cgroups.GetAllPids(path)
-}
-
-func (m *Manager) GetStats() (*cgroups.Stats, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	stats := cgroups.NewStats()
-	for name, path := range m.Paths {
-		sys, err := subsystems.Get(name)
-		if err == errSubsystemDoesNotExist || !cgroups.PathExists(path) {
-			continue
-		}
-		if err := sys.GetStats(path, stats); err != nil {
-			return nil, err
-		}
-	}
-
-	return stats, nil
-}
-
-func (m *Manager) Set(container *configs.Config) error {
-	// If Paths are set, then we are just joining cgroups paths
-	// and there is no need to set any values.
-	if m.Cgroups.Paths != nil {
-		return nil
-	}
-	for _, sys := range subsystems {
-		// Get the subsystem path, but don't error out for not found cgroups.
-		path, err := getSubsystemPath(container.Cgroups, sys.Name())
-		if err != nil && !cgroups.IsNotFound(err) {
-			return err
-		}
-
-		if err := sys.Set(path, container.Cgroups); err != nil {
-			return err
-		}
-	}
-
-	if m.Paths["cpu"] != "" {
-		if err := fs.CheckCpushares(m.Paths["cpu"], container.Cgroups.Resources.CpuShares); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func getUnitName(c *configs.Cgroup) string {
-	// by default, we create a scope unless the user explicitly asks for a slice.
-	if !strings.HasSuffix(c.Name, ".slice") {
-		return fmt.Sprintf("%s-%s.scope", c.ScopePrefix, c.Name)
-	}
-	return c.Name
-}
-
-func setKernelMemory(c *configs.Cgroup) error {
-	path, err := getSubsystemPath(c, "memory")
-	if err != nil && !cgroups.IsNotFound(err) {
-		return err
-	}
-
-	if err := os.MkdirAll(path, 0755); err != nil {
-		return err
-	}
-	return fs.EnableKernelMemoryAccounting(path)
-}
-
-// isUnitExists returns true if the error is that a systemd unit already exists.
-func isUnitExists(err error) bool {
-	if err != nil {
-		if dbusError, ok := err.(dbus.Error); ok {
-			return strings.Contains(dbusError.Name, "org.freedesktop.systemd1.UnitExists")
-		}
-	}
-	return false
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go

@@ -1,462 +0,0 @@
-// +build linux
-
-package cgroups
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/docker/go-units"
-)
-
-const (
-	cgroupNamePrefix = "name="
-	CgroupProcesses  = "cgroup.procs"
-)
-
-// https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
-func FindCgroupMountpoint(subsystem string) (string, error) {
-	mnt, _, err := FindCgroupMountpointAndRoot(subsystem)
-	return mnt, err
-}
-
-func FindCgroupMountpointAndRoot(subsystem string) (string, string, error) {
-	// We are not using mount.GetMounts() because it's super-inefficient,
-	// parsing it directly sped up x10 times because of not using Sscanf.
-	// It was one of two major performance drawbacks in container start.
-	if !isSubsystemAvailable(subsystem) {
-		return "", "", NewNotFoundError(subsystem)
-	}
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return "", "", err
-	}
-	defer f.Close()
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		txt := scanner.Text()
-		fields := strings.Split(txt, " ")
-		for _, opt := range strings.Split(fields[len(fields)-1], ",") {
-			if opt == subsystem {
-				return fields[4], fields[3], nil
-			}
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return "", "", err
-	}
-
-	return "", "", NewNotFoundError(subsystem)
-}
-
-func isSubsystemAvailable(subsystem string) bool {
-	cgroups, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return false
-	}
-	_, avail := cgroups[subsystem]
-	return avail
-}
-
-func GetClosestMountpointAncestor(dir, mountinfo string) string {
-	deepestMountPoint := ""
-	for _, mountInfoEntry := range strings.Split(mountinfo, "\n") {
-		mountInfoParts := strings.Fields(mountInfoEntry)
-		if len(mountInfoParts) < 5 {
-			continue
-		}
-		mountPoint := mountInfoParts[4]
-		if strings.HasPrefix(mountPoint, deepestMountPoint) && strings.HasPrefix(dir, mountPoint) {
-			deepestMountPoint = mountPoint
-		}
-	}
-	return deepestMountPoint
-}
-
-func FindCgroupMountpointDir() (string, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		text := scanner.Text()
-		fields := strings.Split(text, " ")
-		// Safe as mountinfo encodes mountpoints with spaces as \040.
-		index := strings.Index(text, " - ")
-		postSeparatorFields := strings.Fields(text[index+3:])
-		numPostFields := len(postSeparatorFields)
-
-		// This is an error as we can't detect if the mount is for "cgroup"
-		if numPostFields == 0 {
-			return "", fmt.Errorf("Found no fields post '-' in %q", text)
-		}
-
-		if postSeparatorFields[0] == "cgroup" {
-			// Check that the mount is properly formated.
-			if numPostFields < 3 {
-				return "", fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
-			}
-
-			return filepath.Dir(fields[4]), nil
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return "", err
-	}
-
-	return "", NewNotFoundError("cgroup")
-}
-
-type Mount struct {
-	Mountpoint string
-	Root       string
-	Subsystems []string
-}
-
-func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error) {
-	if len(m.Subsystems) == 0 {
-		return "", fmt.Errorf("no subsystem for mount")
-	}
-
-	return getControllerPath(m.Subsystems[0], cgroups)
-}
-
-func getCgroupMountsHelper(ss map[string]bool, mi io.Reader, all bool) ([]Mount, error) {
-	res := make([]Mount, 0, len(ss))
-	scanner := bufio.NewScanner(mi)
-	numFound := 0
-	for scanner.Scan() && numFound < len(ss) {
-		txt := scanner.Text()
-		sepIdx := strings.Index(txt, " - ")
-		if sepIdx == -1 {
-			return nil, fmt.Errorf("invalid mountinfo format")
-		}
-		if txt[sepIdx+3:sepIdx+10] == "cgroup2" || txt[sepIdx+3:sepIdx+9] != "cgroup" {
-			continue
-		}
-		fields := strings.Split(txt, " ")
-		m := Mount{
-			Mountpoint: fields[4],
-			Root:       fields[3],
-		}
-		for _, opt := range strings.Split(fields[len(fields)-1], ",") {
-			if !ss[opt] {
-				continue
-			}
-			if strings.HasPrefix(opt, cgroupNamePrefix) {
-				m.Subsystems = append(m.Subsystems, opt[len(cgroupNamePrefix):])
-			} else {
-				m.Subsystems = append(m.Subsystems, opt)
-			}
-			if !all {
-				numFound++
-			}
-		}
-		res = append(res, m)
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-// GetCgroupMounts returns the mounts for the cgroup subsystems.
-// all indicates whether to return just the first instance or all the mounts.
-func GetCgroupMounts(all bool) ([]Mount, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	allSubsystems, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return nil, err
-	}
-
-	allMap := make(map[string]bool)
-	for s := range allSubsystems {
-		allMap[s] = true
-	}
-	return getCgroupMountsHelper(allMap, f, all)
-}
-
-// GetAllSubsystems returns all the cgroup subsystems supported by the kernel
-func GetAllSubsystems() ([]string, error) {
-	f, err := os.Open("/proc/cgroups")
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	subsystems := []string{}
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		text := s.Text()
-		if text[0] != '#' {
-			parts := strings.Fields(text)
-			if len(parts) >= 4 && parts[3] != "0" {
-				subsystems = append(subsystems, parts[0])
-			}
-		}
-	}
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-	return subsystems, nil
-}
-
-// GetOwnCgroup returns the relative path to the cgroup docker is running in.
-func GetOwnCgroup(subsystem string) (string, error) {
-	cgroups, err := ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return "", err
-	}
-
-	return getControllerPath(subsystem, cgroups)
-}
-
-func GetOwnCgroupPath(subsystem string) (string, error) {
-	cgroup, err := GetOwnCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	return getCgroupPathHelper(subsystem, cgroup)
-}
-
-func GetInitCgroup(subsystem string) (string, error) {
-	cgroups, err := ParseCgroupFile("/proc/1/cgroup")
-	if err != nil {
-		return "", err
-	}
-
-	return getControllerPath(subsystem, cgroups)
-}
-
-func GetInitCgroupPath(subsystem string) (string, error) {
-	cgroup, err := GetInitCgroup(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	return getCgroupPathHelper(subsystem, cgroup)
-}
-
-func getCgroupPathHelper(subsystem, cgroup string) (string, error) {
-	mnt, root, err := FindCgroupMountpointAndRoot(subsystem)
-	if err != nil {
-		return "", err
-	}
-
-	// This is needed for nested containers, because in /proc/self/cgroup we
-	// see pathes from host, which don't exist in container.
-	relCgroup, err := filepath.Rel(root, cgroup)
-	if err != nil {
-		return "", err
-	}
-
-	return filepath.Join(mnt, relCgroup), nil
-}
-
-func readProcsFile(dir string) ([]int, error) {
-	f, err := os.Open(filepath.Join(dir, CgroupProcesses))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	var (
-		s   = bufio.NewScanner(f)
-		out = []int{}
-	)
-
-	for s.Scan() {
-		if t := s.Text(); t != "" {
-			pid, err := strconv.Atoi(t)
-			if err != nil {
-				return nil, err
-			}
-			out = append(out, pid)
-		}
-	}
-	return out, nil
-}
-
-// ParseCgroupFile parses the given cgroup file, typically from
-// /proc/<pid>/cgroup, into a map of subgroups to cgroup names.
-func ParseCgroupFile(path string) (map[string]string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	return parseCgroupFromReader(f)
-}
-
-// helper function for ParseCgroupFile to make testing easier
-func parseCgroupFromReader(r io.Reader) (map[string]string, error) {
-	s := bufio.NewScanner(r)
-	cgroups := make(map[string]string)
-
-	for s.Scan() {
-		text := s.Text()
-		// from cgroups(7):
-		// /proc/[pid]/cgroup
-		// ...
-		// For each cgroup hierarchy ... there is one entry
-		// containing three colon-separated fields of the form:
-		//     hierarchy-ID:subsystem-list:cgroup-path
-		parts := strings.SplitN(text, ":", 3)
-		if len(parts) < 3 {
-			return nil, fmt.Errorf("invalid cgroup entry: must contain at least two colons: %v", text)
-		}
-
-		for _, subs := range strings.Split(parts[1], ",") {
-			cgroups[subs] = parts[2]
-		}
-	}
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-
-	return cgroups, nil
-}
-
-func getControllerPath(subsystem string, cgroups map[string]string) (string, error) {
-
-	if p, ok := cgroups[subsystem]; ok {
-		return p, nil
-	}
-
-	if p, ok := cgroups[cgroupNamePrefix+subsystem]; ok {
-		return p, nil
-	}
-
-	return "", NewNotFoundError(subsystem)
-}
-
-func PathExists(path string) bool {
-	if _, err := os.Stat(path); err != nil {
-		return false
-	}
-	return true
-}
-
-func EnterPid(cgroupPaths map[string]string, pid int) error {
-	for _, path := range cgroupPaths {
-		if PathExists(path) {
-			if err := WriteCgroupProc(path, pid); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// RemovePaths iterates over the provided paths removing them.
-// We trying to remove all paths five times with increasing delay between tries.
-// If after all there are not removed cgroups - appropriate error will be
-// returned.
-func RemovePaths(paths map[string]string) (err error) {
-	delay := 10 * time.Millisecond
-	for i := 0; i < 5; i++ {
-		if i != 0 {
-			time.Sleep(delay)
-			delay *= 2
-		}
-		for s, p := range paths {
-			os.RemoveAll(p)
-			// TODO: here probably should be logging
-			_, err := os.Stat(p)
-			// We need this strange way of checking cgroups existence because
-			// RemoveAll almost always returns error, even on already removed
-			// cgroups
-			if os.IsNotExist(err) {
-				delete(paths, s)
-			}
-		}
-		if len(paths) == 0 {
-			return nil
-		}
-	}
-	return fmt.Errorf("Failed to remove paths: %v", paths)
-}
-
-func GetHugePageSize() ([]string, error) {
-	var pageSizes []string
-	sizeList := []string{"B", "kB", "MB", "GB", "TB", "PB"}
-	files, err := ioutil.ReadDir("/sys/kernel/mm/hugepages")
-	if err != nil {
-		return pageSizes, err
-	}
-	for _, st := range files {
-		nameArray := strings.Split(st.Name(), "-")
-		pageSize, err := units.RAMInBytes(nameArray[1])
-		if err != nil {
-			return []string{}, err
-		}
-		sizeString := units.CustomSize("%g%s", float64(pageSize), 1024.0, sizeList)
-		pageSizes = append(pageSizes, sizeString)
-	}
-
-	return pageSizes, nil
-}
-
-// GetPids returns all pids, that were added to cgroup at path.
-func GetPids(path string) ([]int, error) {
-	return readProcsFile(path)
-}
-
-// GetAllPids returns all pids, that were added to cgroup at path and to all its
-// subcgroups.
-func GetAllPids(path string) ([]int, error) {
-	var pids []int
-	// collect pids from all sub-cgroups
-	err := filepath.Walk(path, func(p string, info os.FileInfo, iErr error) error {
-		dir, file := filepath.Split(p)
-		if file != CgroupProcesses {
-			return nil
-		}
-		if iErr != nil {
-			return iErr
-		}
-		cPids, err := readProcsFile(dir)
-		if err != nil {
-			return err
-		}
-		pids = append(pids, cPids...)
-		return nil
-	})
-	return pids, err
-}
-
-// WriteCgroupProc writes the specified pid into the cgroup's cgroup.procs file
-func WriteCgroupProc(dir string, pid int) error {
-	// Normally dir should not be empty, one case is that cgroup subsystem
-	// is not mounted, we will get empty dir, and we want it fail here.
-	if dir == "" {
-		return fmt.Errorf("no such directory for %s", CgroupProcesses)
-	}
-
-	// Dont attach any pid to the cgroup if -1 is specified as a pid
-	if pid != -1 {
-		if err := ioutil.WriteFile(filepath.Join(dir, CgroupProcesses), []byte(strconv.Itoa(pid)), 0700); err != nil {
-			return fmt.Errorf("failed to write %v to %v: %v", pid, CgroupProcesses, err)
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/rootless.go

@@ -1,117 +0,0 @@
-package validate
-
-import (
-	"fmt"
-	"os"
-	"reflect"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-var (
-	geteuid = os.Geteuid
-	getegid = os.Getegid
-)
-
-func (v *ConfigValidator) rootless(config *configs.Config) error {
-	if err := rootlessMappings(config); err != nil {
-		return err
-	}
-	if err := rootlessMount(config); err != nil {
-		return err
-	}
-
-	// XXX: We currently can't verify the user config at all, because
-	//      configs.Config doesn't store the user-related configs. So this
-	//      has to be verified by setupUser() in init_linux.go.
-
-	return nil
-}
-
-func hasIDMapping(id int, mappings []configs.IDMap) bool {
-	for _, m := range mappings {
-		if id >= m.ContainerID && id < m.ContainerID+m.Size {
-			return true
-		}
-	}
-	return false
-}
-
-func rootlessMappings(config *configs.Config) error {
-	if euid := geteuid(); euid != 0 {
-		if !config.Namespaces.Contains(configs.NEWUSER) {
-			return fmt.Errorf("rootless containers require user namespaces")
-		}
-	}
-
-	if len(config.UidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one UID mapping")
-	}
-	if len(config.GidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one UID mapping")
-	}
-
-	return nil
-}
-
-// cgroup verifies that the user isn't trying to set any cgroup limits or paths.
-func rootlessCgroup(config *configs.Config) error {
-	// Nothing set at all.
-	if config.Cgroups == nil || config.Cgroups.Resources == nil {
-		return nil
-	}
-
-	// Used for comparing to the zero value.
-	left := reflect.ValueOf(*config.Cgroups.Resources)
-	right := reflect.Zero(left.Type())
-
-	// This is all we need to do, since specconv won't add cgroup options in
-	// rootless mode.
-	if !reflect.DeepEqual(left.Interface(), right.Interface()) {
-		return fmt.Errorf("cannot specify resource limits in rootless container")
-	}
-
-	return nil
-}
-
-// mount verifies that the user isn't trying to set up any mounts they don't have
-// the rights to do. In addition, it makes sure that no mount has a `uid=` or
-// `gid=` option that doesn't resolve to root.
-func rootlessMount(config *configs.Config) error {
-	// XXX: We could whitelist allowed devices at this point, but I'm not
-	//      convinced that's a good idea. The kernel is the best arbiter of
-	//      access control.
-
-	for _, mount := range config.Mounts {
-		// Check that the options list doesn't contain any uid= or gid= entries
-		// that don't resolve to root.
-		for _, opt := range strings.Split(mount.Data, ",") {
-			if strings.HasPrefix(opt, "uid=") {
-				var uid int
-				n, err := fmt.Sscanf(opt, "uid=%d", &uid)
-				if n != 1 || err != nil {
-					// Ignore unknown mount options.
-					continue
-				}
-				if !hasIDMapping(uid, config.UidMappings) {
-					return fmt.Errorf("cannot specify uid= mount options for unmapped uid in rootless containers")
-				}
-			}
-
-			if strings.HasPrefix(opt, "gid=") {
-				var gid int
-				n, err := fmt.Sscanf(opt, "gid=%d", &gid)
-				if n != 1 || err != nil {
-					// Ignore unknown mount options.
-					continue
-				}
-				if !hasIDMapping(gid, config.GidMappings) {
-					return fmt.Errorf("cannot specify gid= mount options for unmapped gid in rootless containers")
-				}
-			}
-		}
-	}
-
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go

@@ -1,212 +0,0 @@
-package validate
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/intelrdt"
-	selinux "github.com/opencontainers/selinux/go-selinux"
-)
-
-type Validator interface {
-	Validate(*configs.Config) error
-}
-
-func New() Validator {
-	return &ConfigValidator{}
-}
-
-type ConfigValidator struct {
-}
-
-func (v *ConfigValidator) Validate(config *configs.Config) error {
-	if err := v.rootfs(config); err != nil {
-		return err
-	}
-	if err := v.network(config); err != nil {
-		return err
-	}
-	if err := v.hostname(config); err != nil {
-		return err
-	}
-	if err := v.security(config); err != nil {
-		return err
-	}
-	if err := v.usernamespace(config); err != nil {
-		return err
-	}
-	if err := v.sysctl(config); err != nil {
-		return err
-	}
-	if err := v.intelrdt(config); err != nil {
-		return err
-	}
-	if config.Rootless {
-		if err := v.rootless(config); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// rootfs validates if the rootfs is an absolute path and is not a symlink
-// to the container's root filesystem.
-func (v *ConfigValidator) rootfs(config *configs.Config) error {
-	if _, err := os.Stat(config.Rootfs); err != nil {
-		if os.IsNotExist(err) {
-			return fmt.Errorf("rootfs (%s) does not exist", config.Rootfs)
-		}
-		return err
-	}
-	cleaned, err := filepath.Abs(config.Rootfs)
-	if err != nil {
-		return err
-	}
-	if cleaned, err = filepath.EvalSymlinks(cleaned); err != nil {
-		return err
-	}
-	if filepath.Clean(config.Rootfs) != cleaned {
-		return fmt.Errorf("%s is not an absolute path or is a symlink", config.Rootfs)
-	}
-	return nil
-}
-
-func (v *ConfigValidator) network(config *configs.Config) error {
-	if !config.Namespaces.Contains(configs.NEWNET) {
-		if len(config.Networks) > 0 || len(config.Routes) > 0 {
-			return fmt.Errorf("unable to apply network settings without a private NET namespace")
-		}
-	}
-	return nil
-}
-
-func (v *ConfigValidator) hostname(config *configs.Config) error {
-	if config.Hostname != "" && !config.Namespaces.Contains(configs.NEWUTS) {
-		return fmt.Errorf("unable to set hostname without a private UTS namespace")
-	}
-	return nil
-}
-
-func (v *ConfigValidator) security(config *configs.Config) error {
-	// restrict sys without mount namespace
-	if (len(config.MaskPaths) > 0 || len(config.ReadonlyPaths) > 0) &&
-		!config.Namespaces.Contains(configs.NEWNS) {
-		return fmt.Errorf("unable to restrict sys entries without a private MNT namespace")
-	}
-	if config.ProcessLabel != "" && !selinux.GetEnabled() {
-		return fmt.Errorf("selinux label is specified in config, but selinux is disabled or not supported")
-	}
-
-	return nil
-}
-
-func (v *ConfigValidator) usernamespace(config *configs.Config) error {
-	if config.Namespaces.Contains(configs.NEWUSER) {
-		if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) {
-			return fmt.Errorf("USER namespaces aren't enabled in the kernel")
-		}
-	} else {
-		if config.UidMappings != nil || config.GidMappings != nil {
-			return fmt.Errorf("User namespace mappings specified, but USER namespace isn't enabled in the config")
-		}
-	}
-	return nil
-}
-
-// sysctl validates that the specified sysctl keys are valid or not.
-// /proc/sys isn't completely namespaced and depending on which namespaces
-// are specified, a subset of sysctls are permitted.
-func (v *ConfigValidator) sysctl(config *configs.Config) error {
-	validSysctlMap := map[string]bool{
-		"kernel.msgmax":          true,
-		"kernel.msgmnb":          true,
-		"kernel.msgmni":          true,
-		"kernel.sem":             true,
-		"kernel.shmall":          true,
-		"kernel.shmmax":          true,
-		"kernel.shmmni":          true,
-		"kernel.shm_rmid_forced": true,
-	}
-
-	for s := range config.Sysctl {
-		if validSysctlMap[s] || strings.HasPrefix(s, "fs.mqueue.") {
-			if config.Namespaces.Contains(configs.NEWIPC) {
-				continue
-			} else {
-				return fmt.Errorf("sysctl %q is not allowed in the hosts ipc namespace", s)
-			}
-		}
-		if strings.HasPrefix(s, "net.") {
-			if config.Namespaces.Contains(configs.NEWNET) {
-				if path := config.Namespaces.PathOf(configs.NEWNET); path != "" {
-					if err := checkHostNs(s, path); err != nil {
-						return err
-					}
-				}
-				continue
-			} else {
-				return fmt.Errorf("sysctl %q is not allowed in the hosts network namespace", s)
-			}
-		}
-		return fmt.Errorf("sysctl %q is not in a separate kernel namespace", s)
-	}
-
-	return nil
-}
-
-func (v *ConfigValidator) intelrdt(config *configs.Config) error {
-	if config.IntelRdt != nil {
-		if !intelrdt.IsEnabled() {
-			return fmt.Errorf("intelRdt is specified in config, but Intel RDT feature is not supported or enabled")
-		}
-		if config.IntelRdt.L3CacheSchema == "" {
-			return fmt.Errorf("intelRdt is specified in config, but intelRdt.l3CacheSchema is empty")
-		}
-	}
-
-	return nil
-}
-
-func isSymbolicLink(path string) (bool, error) {
-	fi, err := os.Lstat(path)
-	if err != nil {
-		return false, err
-	}
-
-	return fi.Mode()&os.ModeSymlink == os.ModeSymlink, nil
-}
-
-// checkHostNs checks whether network sysctl is used in host namespace.
-func checkHostNs(sysctlConfig string, path string) error {
-	var currentProcessNetns = "/proc/self/ns/net"
-	// readlink on the current processes network namespace
-	destOfCurrentProcess, err := os.Readlink(currentProcessNetns)
-	if err != nil {
-		return fmt.Errorf("read soft link %q error", currentProcessNetns)
-	}
-
-	// First check if the provided path is a symbolic link
-	symLink, err := isSymbolicLink(path)
-	if err != nil {
-		return fmt.Errorf("could not check that %q is a symlink: %v", path, err)
-	}
-
-	if symLink == false {
-		// The provided namespace is not a symbolic link,
-		// it is not the host namespace.
-		return nil
-	}
-
-	// readlink on the path provided in the struct
-	destOfContainer, err := os.Readlink(path)
-	if err != nil {
-		return fmt.Errorf("read soft link %q error", path)
-	}
-	if destOfContainer == destOfCurrentProcess {
-		return fmt.Errorf("sysctl %q is not allowed in the hosts network namespace", sysctlConfig)
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/console_linux.go

@@ -1,41 +0,0 @@
-package libcontainer
-
-import (
-	"os"
-
-	"golang.org/x/sys/unix"
-)
-
-// mount initializes the console inside the rootfs mounting with the specified mount label
-// and applying the correct ownership of the console.
-func mountConsole(slavePath string) error {
-	oldMask := unix.Umask(0000)
-	defer unix.Umask(oldMask)
-	f, err := os.Create("/dev/console")
-	if err != nil && !os.IsExist(err) {
-		return err
-	}
-	if f != nil {
-		f.Close()
-	}
-	return unix.Mount(slavePath, "/dev/console", "bind", unix.MS_BIND, "")
-}
-
-// dupStdio opens the slavePath for the console and dups the fds to the current
-// processes stdio, fd 0,1,2.
-func dupStdio(slavePath string) error {
-	fd, err := unix.Open(slavePath, unix.O_RDWR, 0)
-	if err != nil {
-		return &os.PathError{
-			Op:   "open",
-			Path: slavePath,
-			Err:  err,
-		}
-	}
-	for _, i := range []int{0, 1, 2} {
-		if err := unix.Dup3(fd, i, 0); err != nil {
-			return err
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/container.go

@@ -1,166 +0,0 @@
-// Package libcontainer provides a native Go implementation for creating containers
-// with namespaces, cgroups, capabilities, and filesystem access controls.
-// It allows you to manage the lifecycle of the container performing additional operations
-// after the container is created.
-package libcontainer
-
-import (
-	"os"
-	"time"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-// Status is the status of a container.
-type Status int
-
-const (
-	// Created is the status that denotes the container exists but has not been run yet.
-	Created Status = iota
-	// Running is the status that denotes the container exists and is running.
-	Running
-	// Pausing is the status that denotes the container exists, it is in the process of being paused.
-	Pausing
-	// Paused is the status that denotes the container exists, but all its processes are paused.
-	Paused
-	// Stopped is the status that denotes the container does not have a created or running process.
-	Stopped
-)
-
-func (s Status) String() string {
-	switch s {
-	case Created:
-		return "created"
-	case Running:
-		return "running"
-	case Pausing:
-		return "pausing"
-	case Paused:
-		return "paused"
-	case Stopped:
-		return "stopped"
-	default:
-		return "unknown"
-	}
-}
-
-// BaseState represents the platform agnostic pieces relating to a
-// running container's state
-type BaseState struct {
-	// ID is the container ID.
-	ID string `json:"id"`
-
-	// InitProcessPid is the init process id in the parent namespace.
-	InitProcessPid int `json:"init_process_pid"`
-
-	// InitProcessStartTime is the init process start time in clock cycles since boot time.
-	InitProcessStartTime uint64 `json:"init_process_start"`
-
-	// Created is the unix timestamp for the creation time of the container in UTC
-	Created time.Time `json:"created"`
-
-	// Config is the container's configuration.
-	Config configs.Config `json:"config"`
-}
-
-// BaseContainer is a libcontainer container object.
-//
-// Each container is thread-safe within the same process. Since a container can
-// be destroyed by a separate process, any function may return that the container
-// was not found. BaseContainer includes methods that are platform agnostic.
-type BaseContainer interface {
-	// Returns the ID of the container
-	ID() string
-
-	// Returns the current status of the container.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// Systemerror - System error.
-	Status() (Status, error)
-
-	// State returns the current container's state information.
-	//
-	// errors:
-	// SystemError - System error.
-	State() (*State, error)
-
-	// Returns the current config of the container.
-	Config() configs.Config
-
-	// Returns the PIDs inside this container. The PIDs are in the namespace of the calling process.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// Systemerror - System error.
-	//
-	// Some of the returned PIDs may no longer refer to processes in the Container, unless
-	// the Container state is PAUSED in which case every PID in the slice is valid.
-	Processes() ([]int, error)
-
-	// Returns statistics for the container.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// Systemerror - System error.
-	Stats() (*Stats, error)
-
-	// Set resources of container as configured
-	//
-	// We can use this to change resources when containers are running.
-	//
-	// errors:
-	// SystemError - System error.
-	Set(config configs.Config) error
-
-	// Start a process inside the container. Returns error if process fails to
-	// start. You can track process lifecycle with passed Process structure.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// ConfigInvalid - config is invalid,
-	// ContainerPaused - Container is paused,
-	// SystemError - System error.
-	Start(process *Process) (err error)
-
-	// Run immediately starts the process inside the container.  Returns error if process
-	// fails to start.  It does not block waiting for the exec fifo  after start returns but
-	// opens the fifo after start returns.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// ConfigInvalid - config is invalid,
-	// ContainerPaused - Container is paused,
-	// SystemError - System error.
-	Run(process *Process) (err error)
-
-	// Destroys the container, if its in a valid state, after killing any
-	// remaining running processes.
-	//
-	// Any event registrations are removed before the container is destroyed.
-	// No error is returned if the container is already destroyed.
-	//
-	// Running containers must first be stopped using Signal(..).
-	// Paused containers must first be resumed using Resume(..).
-	//
-	// errors:
-	// ContainerNotStopped - Container is still running,
-	// ContainerPaused - Container is paused,
-	// SystemError - System error.
-	Destroy() error
-
-	// Signal sends the provided signal code to the container's initial process.
-	//
-	// If all is specified the signal is sent to all processes in the container
-	// including the initial process.
-	//
-	// errors:
-	// SystemError - System error.
-	Signal(s os.Signal, all bool) error
-
-	// Exec signals the container to exec the users process at the end of the init.
-	//
-	// errors:
-	// SystemError - System error.
-	Exec() error
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go

@@ -1,1849 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"reflect"
-	"strings"
-	"sync"
-	"syscall" // only for SysProcAttr and Signal
-	"time"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/criurpc"
-	"github.com/opencontainers/runc/libcontainer/intelrdt"
-	"github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/runc/libcontainer/utils"
-
-	"github.com/golang/protobuf/proto"
-	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
-	"github.com/vishvananda/netlink/nl"
-	"golang.org/x/sys/unix"
-)
-
-const stdioFdCount = 3
-
-type linuxContainer struct {
-	id                   string
-	root                 string
-	config               *configs.Config
-	cgroupManager        cgroups.Manager
-	intelRdtManager      intelrdt.Manager
-	initPath             string
-	initArgs             []string
-	initProcess          parentProcess
-	initProcessStartTime uint64
-	criuPath             string
-	newuidmapPath        string
-	newgidmapPath        string
-	m                    sync.Mutex
-	criuVersion          int
-	state                containerState
-	created              time.Time
-}
-
-// State represents a running container's state
-type State struct {
-	BaseState
-
-	// Platform specific fields below here
-
-	// Specifies if the container was started under the rootless mode.
-	Rootless bool `json:"rootless"`
-
-	// Path to all the cgroups setup for a container. Key is cgroup subsystem name
-	// with the value as the path.
-	CgroupPaths map[string]string `json:"cgroup_paths"`
-
-	// NamespacePaths are filepaths to the container's namespaces. Key is the namespace type
-	// with the value as the path.
-	NamespacePaths map[configs.NamespaceType]string `json:"namespace_paths"`
-
-	// Container's standard descriptors (std{in,out,err}), needed for checkpoint and restore
-	ExternalDescriptors []string `json:"external_descriptors,omitempty"`
-
-	// Intel RDT "resource control" filesystem path
-	IntelRdtPath string `json:"intel_rdt_path"`
-}
-
-// Container is a libcontainer container object.
-//
-// Each container is thread-safe within the same process. Since a container can
-// be destroyed by a separate process, any function may return that the container
-// was not found.
-type Container interface {
-	BaseContainer
-
-	// Methods below here are platform specific
-
-	// Checkpoint checkpoints the running container's state to disk using the criu(8) utility.
-	//
-	// errors:
-	// Systemerror - System error.
-	Checkpoint(criuOpts *CriuOpts) error
-
-	// Restore restores the checkpointed container to a running state using the criu(8) utility.
-	//
-	// errors:
-	// Systemerror - System error.
-	Restore(process *Process, criuOpts *CriuOpts) error
-
-	// If the Container state is RUNNING or CREATED, sets the Container state to PAUSING and pauses
-	// the execution of any user processes. Asynchronously, when the container finished being paused the
-	// state is changed to PAUSED.
-	// If the Container state is PAUSED, do nothing.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// ContainerNotRunning - Container not running or created,
-	// Systemerror - System error.
-	Pause() error
-
-	// If the Container state is PAUSED, resumes the execution of any user processes in the
-	// Container before setting the Container state to RUNNING.
-	// If the Container state is RUNNING, do nothing.
-	//
-	// errors:
-	// ContainerNotExists - Container no longer exists,
-	// ContainerNotPaused - Container is not paused,
-	// Systemerror - System error.
-	Resume() error
-
-	// NotifyOOM returns a read-only channel signaling when the container receives an OOM notification.
-	//
-	// errors:
-	// Systemerror - System error.
-	NotifyOOM() (<-chan struct{}, error)
-
-	// NotifyMemoryPressure returns a read-only channel signaling when the container reaches a given pressure level
-	//
-	// errors:
-	// Systemerror - System error.
-	NotifyMemoryPressure(level PressureLevel) (<-chan struct{}, error)
-}
-
-// ID returns the container's unique ID
-func (c *linuxContainer) ID() string {
-	return c.id
-}
-
-// Config returns the container's configuration
-func (c *linuxContainer) Config() configs.Config {
-	return *c.config
-}
-
-func (c *linuxContainer) Status() (Status, error) {
-	c.m.Lock()
-	defer c.m.Unlock()
-	return c.currentStatus()
-}
-
-func (c *linuxContainer) State() (*State, error) {
-	c.m.Lock()
-	defer c.m.Unlock()
-	return c.currentState()
-}
-
-func (c *linuxContainer) Processes() ([]int, error) {
-	pids, err := c.cgroupManager.GetAllPids()
-	if err != nil {
-		return nil, newSystemErrorWithCause(err, "getting all container pids from cgroups")
-	}
-	return pids, nil
-}
-
-func (c *linuxContainer) Stats() (*Stats, error) {
-	var (
-		err   error
-		stats = &Stats{}
-	)
-	if stats.CgroupStats, err = c.cgroupManager.GetStats(); err != nil {
-		return stats, newSystemErrorWithCause(err, "getting container stats from cgroups")
-	}
-	if c.intelRdtManager != nil {
-		if stats.IntelRdtStats, err = c.intelRdtManager.GetStats(); err != nil {
-			return stats, newSystemErrorWithCause(err, "getting container's Intel RDT stats")
-		}
-	}
-	for _, iface := range c.config.Networks {
-		switch iface.Type {
-		case "veth":
-			istats, err := getNetworkInterfaceStats(iface.HostInterfaceName)
-			if err != nil {
-				return stats, newSystemErrorWithCausef(err, "getting network stats for interface %q", iface.HostInterfaceName)
-			}
-			stats.Interfaces = append(stats.Interfaces, istats)
-		}
-	}
-	return stats, nil
-}
-
-func (c *linuxContainer) Set(config configs.Config) error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	status, err := c.currentStatus()
-	if err != nil {
-		return err
-	}
-	if status == Stopped {
-		return newGenericError(fmt.Errorf("container not running"), ContainerNotRunning)
-	}
-	if err := c.cgroupManager.Set(&config); err != nil {
-		// Set configs back
-		if err2 := c.cgroupManager.Set(c.config); err2 != nil {
-			logrus.Warnf("Setting back cgroup configs failed due to error: %v, your state.json and actual configs might be inconsistent.", err2)
-		}
-		return err
-	}
-	if c.intelRdtManager != nil {
-		if err := c.intelRdtManager.Set(&config); err != nil {
-			// Set configs back
-			if err2 := c.intelRdtManager.Set(c.config); err2 != nil {
-				logrus.Warnf("Setting back intelrdt configs failed due to error: %v, your state.json and actual configs might be inconsistent.", err2)
-			}
-			return err
-		}
-	}
-	// After config setting succeed, update config and states
-	c.config = &config
-	_, err = c.updateState(nil)
-	return err
-}
-
-func (c *linuxContainer) Start(process *Process) error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	status, err := c.currentStatus()
-	if err != nil {
-		return err
-	}
-	if status == Stopped {
-		if err := c.createExecFifo(); err != nil {
-			return err
-		}
-	}
-	if err := c.start(process, status == Stopped); err != nil {
-		if status == Stopped {
-			c.deleteExecFifo()
-		}
-		return err
-	}
-	return nil
-}
-
-func (c *linuxContainer) Run(process *Process) error {
-	c.m.Lock()
-	status, err := c.currentStatus()
-	if err != nil {
-		c.m.Unlock()
-		return err
-	}
-	c.m.Unlock()
-	if err := c.Start(process); err != nil {
-		return err
-	}
-	if status == Stopped {
-		return c.exec()
-	}
-	return nil
-}
-
-func (c *linuxContainer) Exec() error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	return c.exec()
-}
-
-func (c *linuxContainer) exec() error {
-	path := filepath.Join(c.root, execFifoFilename)
-
-	fifoOpen := make(chan struct{})
-	select {
-	case <-awaitProcessExit(c.initProcess.pid(), fifoOpen):
-		return errors.New("container process is already dead")
-	case result := <-awaitFifoOpen(path):
-		close(fifoOpen)
-		if result.err != nil {
-			return result.err
-		}
-		f := result.file
-		defer f.Close()
-		if err := readFromExecFifo(f); err != nil {
-			return err
-		}
-		return os.Remove(path)
-	}
-}
-
-func readFromExecFifo(execFifo io.Reader) error {
-	data, err := ioutil.ReadAll(execFifo)
-	if err != nil {
-		return err
-	}
-	if len(data) <= 0 {
-		return fmt.Errorf("cannot start an already running container")
-	}
-	return nil
-}
-
-func awaitProcessExit(pid int, exit <-chan struct{}) <-chan struct{} {
-	isDead := make(chan struct{})
-	go func() {
-		for {
-			select {
-			case <-exit:
-				return
-			case <-time.After(time.Millisecond * 100):
-				stat, err := system.Stat(pid)
-				if err != nil || stat.State == system.Zombie {
-					close(isDead)
-					return
-				}
-			}
-		}
-	}()
-	return isDead
-}
-
-func awaitFifoOpen(path string) <-chan openResult {
-	fifoOpened := make(chan openResult)
-	go func() {
-		f, err := os.OpenFile(path, os.O_RDONLY, 0)
-		if err != nil {
-			fifoOpened <- openResult{err: newSystemErrorWithCause(err, "open exec fifo for reading")}
-			return
-		}
-		fifoOpened <- openResult{file: f}
-	}()
-	return fifoOpened
-}
-
-type openResult struct {
-	file *os.File
-	err  error
-}
-
-func (c *linuxContainer) start(process *Process, isInit bool) error {
-	parent, err := c.newParentProcess(process, isInit)
-	if err != nil {
-		return newSystemErrorWithCause(err, "creating new parent process")
-	}
-	if err := parent.start(); err != nil {
-		// terminate the process to ensure that it properly is reaped.
-		if err := ignoreTerminateErrors(parent.terminate()); err != nil {
-			logrus.Warn(err)
-		}
-		return newSystemErrorWithCause(err, "starting container process")
-	}
-	// generate a timestamp indicating when the container was started
-	c.created = time.Now().UTC()
-	if isInit {
-		c.state = &createdState{
-			c: c,
-		}
-		state, err := c.updateState(parent)
-		if err != nil {
-			return err
-		}
-		c.initProcessStartTime = state.InitProcessStartTime
-
-		if c.config.Hooks != nil {
-			bundle, annotations := utils.Annotations(c.config.Labels)
-			s := configs.HookState{
-				Version:     c.config.Version,
-				ID:          c.id,
-				Pid:         parent.pid(),
-				Bundle:      bundle,
-				Annotations: annotations,
-			}
-			for i, hook := range c.config.Hooks.Poststart {
-				if err := hook.Run(s); err != nil {
-					if err := ignoreTerminateErrors(parent.terminate()); err != nil {
-						logrus.Warn(err)
-					}
-					return newSystemErrorWithCausef(err, "running poststart hook %d", i)
-				}
-			}
-		}
-	} else {
-		c.state = &runningState{
-			c: c,
-		}
-	}
-	return nil
-}
-
-func (c *linuxContainer) Signal(s os.Signal, all bool) error {
-	if all {
-		return signalAllProcesses(c.cgroupManager, s)
-	}
-	if err := c.initProcess.signal(s); err != nil {
-		return newSystemErrorWithCause(err, "signaling init process")
-	}
-	return nil
-}
-
-func (c *linuxContainer) createExecFifo() error {
-	rootuid, err := c.Config().HostRootUID()
-	if err != nil {
-		return err
-	}
-	rootgid, err := c.Config().HostRootGID()
-	if err != nil {
-		return err
-	}
-
-	fifoName := filepath.Join(c.root, execFifoFilename)
-	if _, err := os.Stat(fifoName); err == nil {
-		return fmt.Errorf("exec fifo %s already exists", fifoName)
-	}
-	oldMask := unix.Umask(0000)
-	if err := unix.Mkfifo(fifoName, 0622); err != nil {
-		unix.Umask(oldMask)
-		return err
-	}
-	unix.Umask(oldMask)
-	if err := os.Chown(fifoName, rootuid, rootgid); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *linuxContainer) deleteExecFifo() {
-	fifoName := filepath.Join(c.root, execFifoFilename)
-	os.Remove(fifoName)
-}
-
-// includeExecFifo opens the container's execfifo as a pathfd, so that the
-// container cannot access the statedir (and the FIFO itself remains
-// un-opened). It then adds the FifoFd to the given exec.Cmd as an inherited
-// fd, with _LIBCONTAINER_FIFOFD set to its fd number.
-func (c *linuxContainer) includeExecFifo(cmd *exec.Cmd) error {
-	fifoName := filepath.Join(c.root, execFifoFilename)
-	fifoFd, err := unix.Open(fifoName, unix.O_PATH|unix.O_CLOEXEC, 0)
-	if err != nil {
-		return err
-	}
-
-	cmd.ExtraFiles = append(cmd.ExtraFiles, os.NewFile(uintptr(fifoFd), fifoName))
-	cmd.Env = append(cmd.Env,
-		fmt.Sprintf("_LIBCONTAINER_FIFOFD=%d", stdioFdCount+len(cmd.ExtraFiles)-1))
-	return nil
-}
-
-func (c *linuxContainer) newParentProcess(p *Process, doInit bool) (parentProcess, error) {
-	parentPipe, childPipe, err := utils.NewSockPair("init")
-	if err != nil {
-		return nil, newSystemErrorWithCause(err, "creating new init pipe")
-	}
-	cmd, err := c.commandTemplate(p, childPipe)
-	if err != nil {
-		return nil, newSystemErrorWithCause(err, "creating new command template")
-	}
-	if !doInit {
-		return c.newSetnsProcess(p, cmd, parentPipe, childPipe)
-	}
-
-	// We only set up fifoFd if we're not doing a `runc exec`. The historic
-	// reason for this is that previously we would pass a dirfd that allowed
-	// for container rootfs escape (and not doing it in `runc exec` avoided
-	// that problem), but we no longer do that. However, there's no need to do
-	// this for `runc exec` so we just keep it this way to be safe.
-	if err := c.includeExecFifo(cmd); err != nil {
-		return nil, newSystemErrorWithCause(err, "including execfifo in cmd.Exec setup")
-	}
-	return c.newInitProcess(p, cmd, parentPipe, childPipe)
-}
-
-func (c *linuxContainer) commandTemplate(p *Process, childPipe *os.File) (*exec.Cmd, error) {
-	cmd := exec.Command(c.initPath, c.initArgs[1:]...)
-	cmd.Args[0] = c.initArgs[0]
-	cmd.Stdin = p.Stdin
-	cmd.Stdout = p.Stdout
-	cmd.Stderr = p.Stderr
-	cmd.Dir = c.config.Rootfs
-	if cmd.SysProcAttr == nil {
-		cmd.SysProcAttr = &syscall.SysProcAttr{}
-	}
-	cmd.ExtraFiles = append(cmd.ExtraFiles, p.ExtraFiles...)
-	if p.ConsoleSocket != nil {
-		cmd.ExtraFiles = append(cmd.ExtraFiles, p.ConsoleSocket)
-		cmd.Env = append(cmd.Env,
-			fmt.Sprintf("_LIBCONTAINER_CONSOLE=%d", stdioFdCount+len(cmd.ExtraFiles)-1),
-		)
-	}
-	cmd.ExtraFiles = append(cmd.ExtraFiles, childPipe)
-	cmd.Env = append(cmd.Env,
-		fmt.Sprintf("_LIBCONTAINER_INITPIPE=%d", stdioFdCount+len(cmd.ExtraFiles)-1),
-	)
-	// NOTE: when running a container with no PID namespace and the parent process spawning the container is
-	// PID1 the pdeathsig is being delivered to the container's init process by the kernel for some reason
-	// even with the parent still running.
-	if c.config.ParentDeathSignal > 0 {
-		cmd.SysProcAttr.Pdeathsig = syscall.Signal(c.config.ParentDeathSignal)
-	}
-	return cmd, nil
-}
-
-func (c *linuxContainer) newInitProcess(p *Process, cmd *exec.Cmd, parentPipe, childPipe *os.File) (*initProcess, error) {
-	cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initStandard))
-	nsMaps := make(map[configs.NamespaceType]string)
-	for _, ns := range c.config.Namespaces {
-		if ns.Path != "" {
-			nsMaps[ns.Type] = ns.Path
-		}
-	}
-	_, sharePidns := nsMaps[configs.NEWPID]
-	data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps)
-	if err != nil {
-		return nil, err
-	}
-	return &initProcess{
-		cmd:             cmd,
-		childPipe:       childPipe,
-		parentPipe:      parentPipe,
-		manager:         c.cgroupManager,
-		intelRdtManager: c.intelRdtManager,
-		config:          c.newInitConfig(p),
-		container:       c,
-		process:         p,
-		bootstrapData:   data,
-		sharePidns:      sharePidns,
-	}, nil
-}
-
-func (c *linuxContainer) newSetnsProcess(p *Process, cmd *exec.Cmd, parentPipe, childPipe *os.File) (*setnsProcess, error) {
-	cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initSetns))
-	state, err := c.currentState()
-	if err != nil {
-		return nil, newSystemErrorWithCause(err, "getting container's current state")
-	}
-	// for setns process, we don't have to set cloneflags as the process namespaces
-	// will only be set via setns syscall
-	data, err := c.bootstrapData(0, state.NamespacePaths)
-	if err != nil {
-		return nil, err
-	}
-	return &setnsProcess{
-		cmd:           cmd,
-		cgroupPaths:   c.cgroupManager.GetPaths(),
-		intelRdtPath:  state.IntelRdtPath,
-		childPipe:     childPipe,
-		parentPipe:    parentPipe,
-		config:        c.newInitConfig(p),
-		process:       p,
-		bootstrapData: data,
-	}, nil
-}
-
-func (c *linuxContainer) newInitConfig(process *Process) *initConfig {
-	cfg := &initConfig{
-		Config:           c.config,
-		Args:             process.Args,
-		Env:              process.Env,
-		User:             process.User,
-		AdditionalGroups: process.AdditionalGroups,
-		Cwd:              process.Cwd,
-		Capabilities:     process.Capabilities,
-		PassedFilesCount: len(process.ExtraFiles),
-		ContainerId:      c.ID(),
-		NoNewPrivileges:  c.config.NoNewPrivileges,
-		Rootless:         c.config.Rootless,
-		AppArmorProfile:  c.config.AppArmorProfile,
-		ProcessLabel:     c.config.ProcessLabel,
-		Rlimits:          c.config.Rlimits,
-	}
-	if process.NoNewPrivileges != nil {
-		cfg.NoNewPrivileges = *process.NoNewPrivileges
-	}
-	if process.AppArmorProfile != "" {
-		cfg.AppArmorProfile = process.AppArmorProfile
-	}
-	if process.Label != "" {
-		cfg.ProcessLabel = process.Label
-	}
-	if len(process.Rlimits) > 0 {
-		cfg.Rlimits = process.Rlimits
-	}
-	cfg.CreateConsole = process.ConsoleSocket != nil
-	cfg.ConsoleWidth = process.ConsoleWidth
-	cfg.ConsoleHeight = process.ConsoleHeight
-	return cfg
-}
-
-func (c *linuxContainer) Destroy() error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	return c.state.destroy()
-}
-
-func (c *linuxContainer) Pause() error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	status, err := c.currentStatus()
-	if err != nil {
-		return err
-	}
-	switch status {
-	case Running, Created:
-		if err := c.cgroupManager.Freeze(configs.Frozen); err != nil {
-			return err
-		}
-		return c.state.transition(&pausedState{
-			c: c,
-		})
-	}
-	return newGenericError(fmt.Errorf("container not running or created: %s", status), ContainerNotRunning)
-}
-
-func (c *linuxContainer) Resume() error {
-	c.m.Lock()
-	defer c.m.Unlock()
-	status, err := c.currentStatus()
-	if err != nil {
-		return err
-	}
-	if status != Paused {
-		return newGenericError(fmt.Errorf("container not paused"), ContainerNotPaused)
-	}
-	if err := c.cgroupManager.Freeze(configs.Thawed); err != nil {
-		return err
-	}
-	return c.state.transition(&runningState{
-		c: c,
-	})
-}
-
-func (c *linuxContainer) NotifyOOM() (<-chan struct{}, error) {
-	// XXX(cyphar): This requires cgroups.
-	if c.config.Rootless {
-		return nil, fmt.Errorf("cannot get OOM notifications from rootless container")
-	}
-	return notifyOnOOM(c.cgroupManager.GetPaths())
-}
-
-func (c *linuxContainer) NotifyMemoryPressure(level PressureLevel) (<-chan struct{}, error) {
-	// XXX(cyphar): This requires cgroups.
-	if c.config.Rootless {
-		return nil, fmt.Errorf("cannot get memory pressure notifications from rootless container")
-	}
-	return notifyMemoryPressure(c.cgroupManager.GetPaths(), level)
-}
-
-var criuFeatures *criurpc.CriuFeatures
-
-func (c *linuxContainer) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuOpts, criuFeat *criurpc.CriuFeatures) error {
-
-	var t criurpc.CriuReqType
-	t = criurpc.CriuReqType_FEATURE_CHECK
-
-	// criu 1.8 => 10800
-	if err := c.checkCriuVersion(10800); err != nil {
-		// Feature checking was introduced with CRIU 1.8.
-		// Ignore the feature check if an older CRIU version is used
-		// and just act as before.
-		// As all automated PR testing is done using CRIU 1.7 this
-		// code will not be tested by automated PR testing.
-		return nil
-	}
-
-	// make sure the features we are looking for are really not from
-	// some previous check
-	criuFeatures = nil
-
-	req := &criurpc.CriuReq{
-		Type: &t,
-		// Theoretically this should not be necessary but CRIU
-		// segfaults if Opts is empty.
-		// Fixed in CRIU  2.12
-		Opts:     rpcOpts,
-		Features: criuFeat,
-	}
-
-	err := c.criuSwrk(nil, req, criuOpts, false)
-	if err != nil {
-		logrus.Debugf("%s", err)
-		return fmt.Errorf("CRIU feature check failed")
-	}
-
-	logrus.Debugf("Feature check says: %s", criuFeatures)
-	missingFeatures := false
-
-	// The outer if checks if the fields actually exist
-	if (criuFeat.MemTrack != nil) &&
-		(criuFeatures.MemTrack != nil) {
-		// The inner if checks if they are set to true
-		if *criuFeat.MemTrack && !*criuFeatures.MemTrack {
-			missingFeatures = true
-			logrus.Debugf("CRIU does not support MemTrack")
-		}
-	}
-
-	// This needs to be repeated for every new feature check.
-	// Is there a way to put this in a function. Reflection?
-	if (criuFeat.LazyPages != nil) &&
-		(criuFeatures.LazyPages != nil) {
-		if *criuFeat.LazyPages && !*criuFeatures.LazyPages {
-			missingFeatures = true
-			logrus.Debugf("CRIU does not support LazyPages")
-		}
-	}
-
-	if missingFeatures {
-		return fmt.Errorf("CRIU is missing features")
-	}
-
-	return nil
-}
-
-func parseCriuVersion(path string) (int, error) {
-	var x, y, z int
-
-	out, err := exec.Command(path, "-V").Output()
-	if err != nil {
-		return 0, fmt.Errorf("Unable to execute CRIU command: %s", path)
-	}
-
-	x = 0
-	y = 0
-	z = 0
-	if ep := strings.Index(string(out), "-"); ep >= 0 {
-		// criu Git version format
-		var version string
-		if sp := strings.Index(string(out), "GitID"); sp > 0 {
-			version = string(out)[sp:ep]
-		} else {
-			return 0, fmt.Errorf("Unable to parse the CRIU version: %s", path)
-		}
-
-		n, err := fmt.Sscanf(version, "GitID: v%d.%d.%d", &x, &y, &z) // 1.5.2
-		if err != nil {
-			n, err = fmt.Sscanf(version, "GitID: v%d.%d", &x, &y) // 1.6
-			y++
-		} else {
-			z++
-		}
-		if n < 2 || err != nil {
-			return 0, fmt.Errorf("Unable to parse the CRIU version: %s %d %s", version, n, err)
-		}
-	} else {
-		// criu release version format
-		n, err := fmt.Sscanf(string(out), "Version: %d.%d.%d\n", &x, &y, &z) // 1.5.2
-		if err != nil {
-			n, err = fmt.Sscanf(string(out), "Version: %d.%d\n", &x, &y) // 1.6
-		}
-		if n < 2 || err != nil {
-			return 0, fmt.Errorf("Unable to parse the CRIU version: %s %d %s", out, n, err)
-		}
-	}
-
-	return x*10000 + y*100 + z, nil
-}
-
-func compareCriuVersion(criuVersion int, minVersion int) error {
-	// simple function to perform the actual version compare
-	if criuVersion < minVersion {
-		return fmt.Errorf("CRIU version %d must be %d or higher", criuVersion, minVersion)
-	}
-
-	return nil
-}
-
-// This is used to store the result of criu version RPC
-var criuVersionRPC *criurpc.CriuVersion
-
-// checkCriuVersion checks Criu version greater than or equal to minVersion
-func (c *linuxContainer) checkCriuVersion(minVersion int) error {
-
-	// If the version of criu has already been determined there is no need
-	// to ask criu for the version again. Use the value from c.criuVersion.
-	if c.criuVersion != 0 {
-		return compareCriuVersion(c.criuVersion, minVersion)
-	}
-
-	// First try if this version of CRIU support the version RPC.
-	// The CRIU version RPC was introduced with CRIU 3.0.
-
-	// First, reset the variable for the RPC answer to nil
-	criuVersionRPC = nil
-
-	var t criurpc.CriuReqType
-	t = criurpc.CriuReqType_VERSION
-	req := &criurpc.CriuReq{
-		Type: &t,
-	}
-
-	err := c.criuSwrk(nil, req, nil, false)
-	if err != nil {
-		return fmt.Errorf("CRIU version check failed: %s", err)
-	}
-
-	if criuVersionRPC != nil {
-		logrus.Debugf("CRIU version: %s", criuVersionRPC)
-		// major and minor are always set
-		c.criuVersion = int(*criuVersionRPC.Major) * 10000
-		c.criuVersion += int(*criuVersionRPC.Minor) * 100
-		if criuVersionRPC.Sublevel != nil {
-			c.criuVersion += int(*criuVersionRPC.Sublevel)
-		}
-		if criuVersionRPC.Gitid != nil {
-			// runc's convention is that a CRIU git release is
-			// always the same as increasing the minor by 1
-			c.criuVersion -= (c.criuVersion % 100)
-			c.criuVersion += 100
-		}
-		return compareCriuVersion(c.criuVersion, minVersion)
-	}
-
-	// This is CRIU without the version RPC and therefore
-	// older than 3.0. Parsing the output is required.
-
-	// This can be remove once runc does not work with criu older than 3.0
-
-	c.criuVersion, err = parseCriuVersion(c.criuPath)
-	if err != nil {
-		return err
-	}
-
-	return compareCriuVersion(c.criuVersion, minVersion)
-}
-
-const descriptorsFilename = "descriptors.json"
-
-func (c *linuxContainer) addCriuDumpMount(req *criurpc.CriuReq, m *configs.Mount) {
-	mountDest := m.Destination
-	if strings.HasPrefix(mountDest, c.config.Rootfs) {
-		mountDest = mountDest[len(c.config.Rootfs):]
-	}
-
-	extMnt := &criurpc.ExtMountMap{
-		Key: proto.String(mountDest),
-		Val: proto.String(mountDest),
-	}
-	req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt)
-}
-
-func (c *linuxContainer) addMaskPaths(req *criurpc.CriuReq) error {
-	for _, path := range c.config.MaskPaths {
-		fi, err := os.Stat(fmt.Sprintf("/proc/%d/root/%s", c.initProcess.pid(), path))
-		if err != nil {
-			if os.IsNotExist(err) {
-				continue
-			}
-			return err
-		}
-		if fi.IsDir() {
-			continue
-		}
-
-		extMnt := &criurpc.ExtMountMap{
-			Key: proto.String(path),
-			Val: proto.String("/dev/null"),
-		}
-		req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt)
-	}
-	return nil
-}
-
-func waitForCriuLazyServer(r *os.File, status string) error {
-
-	data := make([]byte, 1)
-	_, err := r.Read(data)
-	if err != nil {
-		return err
-	}
-	fd, err := os.OpenFile(status, os.O_TRUNC|os.O_WRONLY, os.ModeAppend)
-	if err != nil {
-		return err
-	}
-	_, err = fd.Write(data)
-	if err != nil {
-		return err
-	}
-	fd.Close()
-
-	return nil
-}
-
-func (c *linuxContainer) Checkpoint(criuOpts *CriuOpts) error {
-	c.m.Lock()
-	defer c.m.Unlock()
-
-	// TODO(avagin): Figure out how to make this work nicely. CRIU 2.0 has
-	//               support for doing unprivileged dumps, but the setup of
-	//               rootless containers might make this complicated.
-	if c.config.Rootless {
-		return fmt.Errorf("cannot checkpoint a rootless container")
-	}
-
-	// criu 1.5.2 => 10502
-	if err := c.checkCriuVersion(10502); err != nil {
-		return err
-	}
-
-	if criuOpts.ImagesDirectory == "" {
-		return fmt.Errorf("invalid directory to save checkpoint")
-	}
-
-	// Since a container can be C/R'ed multiple times,
-	// the checkpoint directory may already exist.
-	if err := os.Mkdir(criuOpts.ImagesDirectory, 0755); err != nil && !os.IsExist(err) {
-		return err
-	}
-
-	if criuOpts.WorkDirectory == "" {
-		criuOpts.WorkDirectory = filepath.Join(c.root, "criu.work")
-	}
-
-	if err := os.Mkdir(criuOpts.WorkDirectory, 0755); err != nil && !os.IsExist(err) {
-		return err
-	}
-
-	workDir, err := os.Open(criuOpts.WorkDirectory)
-	if err != nil {
-		return err
-	}
-	defer workDir.Close()
-
-	imageDir, err := os.Open(criuOpts.ImagesDirectory)
-	if err != nil {
-		return err
-	}
-	defer imageDir.Close()
-
-	rpcOpts := criurpc.CriuOpts{
-		ImagesDirFd:     proto.Int32(int32(imageDir.Fd())),
-		WorkDirFd:       proto.Int32(int32(workDir.Fd())),
-		LogLevel:        proto.Int32(4),
-		LogFile:         proto.String("dump.log"),
-		Root:            proto.String(c.config.Rootfs),
-		ManageCgroups:   proto.Bool(true),
-		NotifyScripts:   proto.Bool(true),
-		Pid:             proto.Int32(int32(c.initProcess.pid())),
-		ShellJob:        proto.Bool(criuOpts.ShellJob),
-		LeaveRunning:    proto.Bool(criuOpts.LeaveRunning),
-		TcpEstablished:  proto.Bool(criuOpts.TcpEstablished),
-		ExtUnixSk:       proto.Bool(criuOpts.ExternalUnixConnections),
-		FileLocks:       proto.Bool(criuOpts.FileLocks),
-		EmptyNs:         proto.Uint32(criuOpts.EmptyNs),
-		OrphanPtsMaster: proto.Bool(true),
-		AutoDedup:       proto.Bool(criuOpts.AutoDedup),
-		LazyPages:       proto.Bool(criuOpts.LazyPages),
-	}
-
-	fcg := c.cgroupManager.GetPaths()["freezer"]
-	if fcg != "" {
-		rpcOpts.FreezeCgroup = proto.String(fcg)
-	}
-
-	// append optional criu opts, e.g., page-server and port
-	if criuOpts.PageServer.Address != "" && criuOpts.PageServer.Port != 0 {
-		rpcOpts.Ps = &criurpc.CriuPageServerInfo{
-			Address: proto.String(criuOpts.PageServer.Address),
-			Port:    proto.Int32(criuOpts.PageServer.Port),
-		}
-	}
-
-	//pre-dump may need parentImage param to complete iterative migration
-	if criuOpts.ParentImage != "" {
-		rpcOpts.ParentImg = proto.String(criuOpts.ParentImage)
-		rpcOpts.TrackMem = proto.Bool(true)
-	}
-
-	// append optional manage cgroups mode
-	if criuOpts.ManageCgroupsMode != 0 {
-		// criu 1.7 => 10700
-		if err := c.checkCriuVersion(10700); err != nil {
-			return err
-		}
-		mode := criurpc.CriuCgMode(criuOpts.ManageCgroupsMode)
-		rpcOpts.ManageCgroupsMode = &mode
-	}
-
-	var t criurpc.CriuReqType
-	if criuOpts.PreDump {
-		feat := criurpc.CriuFeatures{
-			MemTrack: proto.Bool(true),
-		}
-
-		if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil {
-			return err
-		}
-
-		t = criurpc.CriuReqType_PRE_DUMP
-	} else {
-		t = criurpc.CriuReqType_DUMP
-	}
-	req := &criurpc.CriuReq{
-		Type: &t,
-		Opts: &rpcOpts,
-	}
-
-	if criuOpts.LazyPages {
-		// lazy migration requested; check if criu supports it
-		feat := criurpc.CriuFeatures{
-			LazyPages: proto.Bool(true),
-		}
-
-		if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil {
-			return err
-		}
-
-		statusRead, statusWrite, err := os.Pipe()
-		if err != nil {
-			return err
-		}
-		rpcOpts.StatusFd = proto.Int32(int32(statusWrite.Fd()))
-		go waitForCriuLazyServer(statusRead, criuOpts.StatusFd)
-	}
-
-	//no need to dump these information in pre-dump
-	if !criuOpts.PreDump {
-		for _, m := range c.config.Mounts {
-			switch m.Device {
-			case "bind":
-				c.addCriuDumpMount(req, m)
-			case "cgroup":
-				binds, err := getCgroupMounts(m)
-				if err != nil {
-					return err
-				}
-				for _, b := range binds {
-					c.addCriuDumpMount(req, b)
-				}
-			}
-		}
-
-		if err := c.addMaskPaths(req); err != nil {
-			return err
-		}
-
-		for _, node := range c.config.Devices {
-			m := &configs.Mount{Destination: node.Path, Source: node.Path}
-			c.addCriuDumpMount(req, m)
-		}
-
-		// Write the FD info to a file in the image directory
-		fdsJSON, err := json.Marshal(c.initProcess.externalDescriptors())
-		if err != nil {
-			return err
-		}
-
-		err = ioutil.WriteFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename), fdsJSON, 0655)
-		if err != nil {
-			return err
-		}
-	}
-
-	err = c.criuSwrk(nil, req, criuOpts, false)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *linuxContainer) addCriuRestoreMount(req *criurpc.CriuReq, m *configs.Mount) {
-	mountDest := m.Destination
-	if strings.HasPrefix(mountDest, c.config.Rootfs) {
-		mountDest = mountDest[len(c.config.Rootfs):]
-	}
-
-	extMnt := &criurpc.ExtMountMap{
-		Key: proto.String(mountDest),
-		Val: proto.String(m.Source),
-	}
-	req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt)
-}
-
-func (c *linuxContainer) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) {
-	for _, iface := range c.config.Networks {
-		switch iface.Type {
-		case "veth":
-			veth := new(criurpc.CriuVethPair)
-			veth.IfOut = proto.String(iface.HostInterfaceName)
-			veth.IfIn = proto.String(iface.Name)
-			req.Opts.Veths = append(req.Opts.Veths, veth)
-		case "loopback":
-			// Do nothing
-		}
-	}
-	for _, i := range criuOpts.VethPairs {
-		veth := new(criurpc.CriuVethPair)
-		veth.IfOut = proto.String(i.HostInterfaceName)
-		veth.IfIn = proto.String(i.ContainerInterfaceName)
-		req.Opts.Veths = append(req.Opts.Veths, veth)
-	}
-}
-
-func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error {
-	c.m.Lock()
-	defer c.m.Unlock()
-
-	// TODO(avagin): Figure out how to make this work nicely. CRIU doesn't have
-	//               support for unprivileged restore at the moment.
-	if c.config.Rootless {
-		return fmt.Errorf("cannot restore a rootless container")
-	}
-
-	// criu 1.5.2 => 10502
-	if err := c.checkCriuVersion(10502); err != nil {
-		return err
-	}
-	if criuOpts.WorkDirectory == "" {
-		criuOpts.WorkDirectory = filepath.Join(c.root, "criu.work")
-	}
-	// Since a container can be C/R'ed multiple times,
-	// the work directory may already exist.
-	if err := os.Mkdir(criuOpts.WorkDirectory, 0655); err != nil && !os.IsExist(err) {
-		return err
-	}
-	workDir, err := os.Open(criuOpts.WorkDirectory)
-	if err != nil {
-		return err
-	}
-	defer workDir.Close()
-	if criuOpts.ImagesDirectory == "" {
-		return fmt.Errorf("invalid directory to restore checkpoint")
-	}
-	imageDir, err := os.Open(criuOpts.ImagesDirectory)
-	if err != nil {
-		return err
-	}
-	defer imageDir.Close()
-	// CRIU has a few requirements for a root directory:
-	// * it must be a mount point
-	// * its parent must not be overmounted
-	// c.config.Rootfs is bind-mounted to a temporary directory
-	// to satisfy these requirements.
-	root := filepath.Join(c.root, "criu-root")
-	if err := os.Mkdir(root, 0755); err != nil {
-		return err
-	}
-	defer os.Remove(root)
-	root, err = filepath.EvalSymlinks(root)
-	if err != nil {
-		return err
-	}
-	err = unix.Mount(c.config.Rootfs, root, "", unix.MS_BIND|unix.MS_REC, "")
-	if err != nil {
-		return err
-	}
-	defer unix.Unmount(root, unix.MNT_DETACH)
-	t := criurpc.CriuReqType_RESTORE
-	req := &criurpc.CriuReq{
-		Type: &t,
-		Opts: &criurpc.CriuOpts{
-			ImagesDirFd:     proto.Int32(int32(imageDir.Fd())),
-			WorkDirFd:       proto.Int32(int32(workDir.Fd())),
-			EvasiveDevices:  proto.Bool(true),
-			LogLevel:        proto.Int32(4),
-			LogFile:         proto.String("restore.log"),
-			RstSibling:      proto.Bool(true),
-			Root:            proto.String(root),
-			ManageCgroups:   proto.Bool(true),
-			NotifyScripts:   proto.Bool(true),
-			ShellJob:        proto.Bool(criuOpts.ShellJob),
-			ExtUnixSk:       proto.Bool(criuOpts.ExternalUnixConnections),
-			TcpEstablished:  proto.Bool(criuOpts.TcpEstablished),
-			FileLocks:       proto.Bool(criuOpts.FileLocks),
-			EmptyNs:         proto.Uint32(criuOpts.EmptyNs),
-			OrphanPtsMaster: proto.Bool(true),
-			AutoDedup:       proto.Bool(criuOpts.AutoDedup),
-			LazyPages:       proto.Bool(criuOpts.LazyPages),
-		},
-	}
-
-	for _, m := range c.config.Mounts {
-		switch m.Device {
-		case "bind":
-			c.addCriuRestoreMount(req, m)
-		case "cgroup":
-			binds, err := getCgroupMounts(m)
-			if err != nil {
-				return err
-			}
-			for _, b := range binds {
-				c.addCriuRestoreMount(req, b)
-			}
-		}
-	}
-
-	if len(c.config.MaskPaths) > 0 {
-		m := &configs.Mount{Destination: "/dev/null", Source: "/dev/null"}
-		c.addCriuRestoreMount(req, m)
-	}
-
-	for _, node := range c.config.Devices {
-		m := &configs.Mount{Destination: node.Path, Source: node.Path}
-		c.addCriuRestoreMount(req, m)
-	}
-
-	if criuOpts.EmptyNs&unix.CLONE_NEWNET == 0 {
-		c.restoreNetwork(req, criuOpts)
-	}
-
-	// append optional manage cgroups mode
-	if criuOpts.ManageCgroupsMode != 0 {
-		// criu 1.7 => 10700
-		if err := c.checkCriuVersion(10700); err != nil {
-			return err
-		}
-		mode := criurpc.CriuCgMode(criuOpts.ManageCgroupsMode)
-		req.Opts.ManageCgroupsMode = &mode
-	}
-
-	var (
-		fds    []string
-		fdJSON []byte
-	)
-	if fdJSON, err = ioutil.ReadFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename)); err != nil {
-		return err
-	}
-
-	if err := json.Unmarshal(fdJSON, &fds); err != nil {
-		return err
-	}
-	for i := range fds {
-		if s := fds[i]; strings.Contains(s, "pipe:") {
-			inheritFd := new(criurpc.InheritFd)
-			inheritFd.Key = proto.String(s)
-			inheritFd.Fd = proto.Int32(int32(i))
-			req.Opts.InheritFd = append(req.Opts.InheritFd, inheritFd)
-		}
-	}
-	return c.criuSwrk(process, req, criuOpts, true)
-}
-
-func (c *linuxContainer) criuApplyCgroups(pid int, req *criurpc.CriuReq) error {
-	// XXX: Do we need to deal with this case? AFAIK criu still requires root.
-	if err := c.cgroupManager.Apply(pid); err != nil {
-		return err
-	}
-
-	if err := c.cgroupManager.Set(c.config); err != nil {
-		return newSystemError(err)
-	}
-
-	path := fmt.Sprintf("/proc/%d/cgroup", pid)
-	cgroupsPaths, err := cgroups.ParseCgroupFile(path)
-	if err != nil {
-		return err
-	}
-
-	for c, p := range cgroupsPaths {
-		cgroupRoot := &criurpc.CgroupRoot{
-			Ctrl: proto.String(c),
-			Path: proto.String(p),
-		}
-		req.Opts.CgRoot = append(req.Opts.CgRoot, cgroupRoot)
-	}
-
-	return nil
-}
-
-func (c *linuxContainer) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuOpts, applyCgroups bool) error {
-	fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0)
-	if err != nil {
-		return err
-	}
-
-	var logPath string
-	if opts != nil {
-		logPath = filepath.Join(opts.WorkDirectory, req.GetOpts().GetLogFile())
-	} else {
-		// For the VERSION RPC 'opts' is set to 'nil' and therefore
-		// opts.WorkDirectory does not exist. Set logPath to "".
-		logPath = ""
-	}
-	criuClient := os.NewFile(uintptr(fds[0]), "criu-transport-client")
-	criuClientFileCon, err := net.FileConn(criuClient)
-	criuClient.Close()
-	if err != nil {
-		return err
-	}
-
-	criuClientCon := criuClientFileCon.(*net.UnixConn)
-	defer criuClientCon.Close()
-
-	criuServer := os.NewFile(uintptr(fds[1]), "criu-transport-server")
-	defer criuServer.Close()
-
-	args := []string{"swrk", "3"}
-	if c.criuVersion != 0 {
-		// If the CRIU Version is still '0' then this is probably
-		// the initial CRIU run to detect the version. Skip it.
-		logrus.Debugf("Using CRIU %d at: %s", c.criuVersion, c.criuPath)
-	}
-	logrus.Debugf("Using CRIU with following args: %s", args)
-	cmd := exec.Command(c.criuPath, args...)
-	if process != nil {
-		cmd.Stdin = process.Stdin
-		cmd.Stdout = process.Stdout
-		cmd.Stderr = process.Stderr
-	}
-	cmd.ExtraFiles = append(cmd.ExtraFiles, criuServer)
-
-	if err := cmd.Start(); err != nil {
-		return err
-	}
-	criuServer.Close()
-
-	defer func() {
-		criuClientCon.Close()
-		_, err := cmd.Process.Wait()
-		if err != nil {
-			return
-		}
-	}()
-
-	if applyCgroups {
-		err := c.criuApplyCgroups(cmd.Process.Pid, req)
-		if err != nil {
-			return err
-		}
-	}
-
-	var extFds []string
-	if process != nil {
-		extFds, err = getPipeFds(cmd.Process.Pid)
-		if err != nil {
-			return err
-		}
-	}
-
-	logrus.Debugf("Using CRIU in %s mode", req.GetType().String())
-	// In the case of criurpc.CriuReqType_FEATURE_CHECK req.GetOpts()
-	// should be empty. For older CRIU versions it still will be
-	// available but empty. criurpc.CriuReqType_VERSION actually
-	// has no req.GetOpts().
-	if !(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK ||
-		req.GetType() == criurpc.CriuReqType_VERSION) {
-
-		val := reflect.ValueOf(req.GetOpts())
-		v := reflect.Indirect(val)
-		for i := 0; i < v.NumField(); i++ {
-			st := v.Type()
-			name := st.Field(i).Name
-			if strings.HasPrefix(name, "XXX_") {
-				continue
-			}
-			value := val.MethodByName("Get" + name).Call([]reflect.Value{})
-			logrus.Debugf("CRIU option %s with value %v", name, value[0])
-		}
-	}
-	data, err := proto.Marshal(req)
-	if err != nil {
-		return err
-	}
-	_, err = criuClientCon.Write(data)
-	if err != nil {
-		return err
-	}
-
-	buf := make([]byte, 10*4096)
-	oob := make([]byte, 4096)
-	for true {
-		n, oobn, _, _, err := criuClientCon.ReadMsgUnix(buf, oob)
-		if err != nil {
-			return err
-		}
-		if n == 0 {
-			return fmt.Errorf("unexpected EOF")
-		}
-		if n == len(buf) {
-			return fmt.Errorf("buffer is too small")
-		}
-
-		resp := new(criurpc.CriuResp)
-		err = proto.Unmarshal(buf[:n], resp)
-		if err != nil {
-			return err
-		}
-		if !resp.GetSuccess() {
-			typeString := req.GetType().String()
-			if typeString == "VERSION" {
-				// If the VERSION RPC fails this probably means that the CRIU
-				// version is too old for this RPC. Just return 'nil'.
-				return nil
-			}
-			return fmt.Errorf("criu failed: type %s errno %d\nlog file: %s", typeString, resp.GetCrErrno(), logPath)
-		}
-
-		t := resp.GetType()
-		switch {
-		case t == criurpc.CriuReqType_VERSION:
-			logrus.Debugf("CRIU version: %s", resp)
-			criuVersionRPC = resp.GetVersion()
-			break
-		case t == criurpc.CriuReqType_FEATURE_CHECK:
-			logrus.Debugf("Feature check says: %s", resp)
-			criuFeatures = resp.GetFeatures()
-		case t == criurpc.CriuReqType_NOTIFY:
-			if err := c.criuNotifications(resp, process, opts, extFds, oob[:oobn]); err != nil {
-				return err
-			}
-			t = criurpc.CriuReqType_NOTIFY
-			req = &criurpc.CriuReq{
-				Type:          &t,
-				NotifySuccess: proto.Bool(true),
-			}
-			data, err = proto.Marshal(req)
-			if err != nil {
-				return err
-			}
-			_, err = criuClientCon.Write(data)
-			if err != nil {
-				return err
-			}
-			continue
-		case t == criurpc.CriuReqType_RESTORE:
-		case t == criurpc.CriuReqType_DUMP:
-		case t == criurpc.CriuReqType_PRE_DUMP:
-		default:
-			return fmt.Errorf("unable to parse the response %s", resp.String())
-		}
-
-		break
-	}
-
-	criuClientCon.CloseWrite()
-	// cmd.Wait() waits cmd.goroutines which are used for proxying file descriptors.
-	// Here we want to wait only the CRIU process.
-	st, err := cmd.Process.Wait()
-	if err != nil {
-		return err
-	}
-
-	// In pre-dump mode CRIU is in a loop and waits for
-	// the final DUMP command.
-	// The current runc pre-dump approach, however, is
-	// start criu in PRE_DUMP once for a single pre-dump
-	// and not the whole series of pre-dump, pre-dump, ...m, dump
-	// If we got the message CriuReqType_PRE_DUMP it means
-	// CRIU was successful and we need to forcefully stop CRIU
-	if !st.Success() && *req.Type != criurpc.CriuReqType_PRE_DUMP {
-		return fmt.Errorf("criu failed: %s\nlog file: %s", st.String(), logPath)
-	}
-	return nil
-}
-
-// block any external network activity
-func lockNetwork(config *configs.Config) error {
-	for _, config := range config.Networks {
-		strategy, err := getStrategy(config.Type)
-		if err != nil {
-			return err
-		}
-
-		if err := strategy.detach(config); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func unlockNetwork(config *configs.Config) error {
-	for _, config := range config.Networks {
-		strategy, err := getStrategy(config.Type)
-		if err != nil {
-			return err
-		}
-		if err = strategy.attach(config); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (c *linuxContainer) criuNotifications(resp *criurpc.CriuResp, process *Process, opts *CriuOpts, fds []string, oob []byte) error {
-	notify := resp.GetNotify()
-	if notify == nil {
-		return fmt.Errorf("invalid response: %s", resp.String())
-	}
-	logrus.Debugf("notify: %s\n", notify.GetScript())
-	switch {
-	case notify.GetScript() == "post-dump":
-		f, err := os.Create(filepath.Join(c.root, "checkpoint"))
-		if err != nil {
-			return err
-		}
-		f.Close()
-	case notify.GetScript() == "network-unlock":
-		if err := unlockNetwork(c.config); err != nil {
-			return err
-		}
-	case notify.GetScript() == "network-lock":
-		if err := lockNetwork(c.config); err != nil {
-			return err
-		}
-	case notify.GetScript() == "setup-namespaces":
-		if c.config.Hooks != nil {
-			bundle, annotations := utils.Annotations(c.config.Labels)
-			s := configs.HookState{
-				Version:     c.config.Version,
-				ID:          c.id,
-				Pid:         int(notify.GetPid()),
-				Bundle:      bundle,
-				Annotations: annotations,
-			}
-			for i, hook := range c.config.Hooks.Prestart {
-				if err := hook.Run(s); err != nil {
-					return newSystemErrorWithCausef(err, "running prestart hook %d", i)
-				}
-			}
-		}
-	case notify.GetScript() == "post-restore":
-		pid := notify.GetPid()
-		r, err := newRestoredProcess(int(pid), fds)
-		if err != nil {
-			return err
-		}
-		process.ops = r
-		if err := c.state.transition(&restoredState{
-			imageDir: opts.ImagesDirectory,
-			c:        c,
-		}); err != nil {
-			return err
-		}
-		// create a timestamp indicating when the restored checkpoint was started
-		c.created = time.Now().UTC()
-		if _, err := c.updateState(r); err != nil {
-			return err
-		}
-		if err := os.Remove(filepath.Join(c.root, "checkpoint")); err != nil {
-			if !os.IsNotExist(err) {
-				logrus.Error(err)
-			}
-		}
-	case notify.GetScript() == "orphan-pts-master":
-		scm, err := unix.ParseSocketControlMessage(oob)
-		if err != nil {
-			return err
-		}
-		fds, err := unix.ParseUnixRights(&scm[0])
-		if err != nil {
-			return err
-		}
-
-		master := os.NewFile(uintptr(fds[0]), "orphan-pts-master")
-		defer master.Close()
-
-		// While we can access console.master, using the API is a good idea.
-		if err := utils.SendFd(process.ConsoleSocket, master.Name(), master.Fd()); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (c *linuxContainer) updateState(process parentProcess) (*State, error) {
-	if process != nil {
-		c.initProcess = process
-	}
-	state, err := c.currentState()
-	if err != nil {
-		return nil, err
-	}
-	err = c.saveState(state)
-	if err != nil {
-		return nil, err
-	}
-	return state, nil
-}
-
-func (c *linuxContainer) saveState(s *State) error {
-	f, err := os.Create(filepath.Join(c.root, stateFilename))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	return utils.WriteJSON(f, s)
-}
-
-func (c *linuxContainer) deleteState() error {
-	return os.Remove(filepath.Join(c.root, stateFilename))
-}
-
-func (c *linuxContainer) currentStatus() (Status, error) {
-	if err := c.refreshState(); err != nil {
-		return -1, err
-	}
-	return c.state.status(), nil
-}
-
-// refreshState needs to be called to verify that the current state on the
-// container is what is true.  Because consumers of libcontainer can use it
-// out of process we need to verify the container's status based on runtime
-// information and not rely on our in process info.
-func (c *linuxContainer) refreshState() error {
-	paused, err := c.isPaused()
-	if err != nil {
-		return err
-	}
-	if paused {
-		return c.state.transition(&pausedState{c: c})
-	}
-	t, err := c.runType()
-	if err != nil {
-		return err
-	}
-	switch t {
-	case Created:
-		return c.state.transition(&createdState{c: c})
-	case Running:
-		return c.state.transition(&runningState{c: c})
-	}
-	return c.state.transition(&stoppedState{c: c})
-}
-
-func (c *linuxContainer) runType() (Status, error) {
-	if c.initProcess == nil {
-		return Stopped, nil
-	}
-	pid := c.initProcess.pid()
-	stat, err := system.Stat(pid)
-	if err != nil {
-		return Stopped, nil
-	}
-	if stat.StartTime != c.initProcessStartTime || stat.State == system.Zombie || stat.State == system.Dead {
-		return Stopped, nil
-	}
-	// We'll create exec fifo and blocking on it after container is created,
-	// and delete it after start container.
-	if _, err := os.Stat(filepath.Join(c.root, execFifoFilename)); err == nil {
-		return Created, nil
-	}
-	return Running, nil
-}
-
-func (c *linuxContainer) isPaused() (bool, error) {
-	fcg := c.cgroupManager.GetPaths()["freezer"]
-	if fcg == "" {
-		// A container doesn't have a freezer cgroup
-		return false, nil
-	}
-	data, err := ioutil.ReadFile(filepath.Join(fcg, "freezer.state"))
-	if err != nil {
-		// If freezer cgroup is not mounted, the container would just be not paused.
-		if os.IsNotExist(err) {
-			return false, nil
-		}
-		return false, newSystemErrorWithCause(err, "checking if container is paused")
-	}
-	return bytes.Equal(bytes.TrimSpace(data), []byte("FROZEN")), nil
-}
-
-func (c *linuxContainer) currentState() (*State, error) {
-	var (
-		startTime           uint64
-		externalDescriptors []string
-		pid                 = -1
-	)
-	if c.initProcess != nil {
-		pid = c.initProcess.pid()
-		startTime, _ = c.initProcess.startTime()
-		externalDescriptors = c.initProcess.externalDescriptors()
-	}
-	intelRdtPath, err := intelrdt.GetIntelRdtPath(c.ID())
-	if err != nil {
-		intelRdtPath = ""
-	}
-	state := &State{
-		BaseState: BaseState{
-			ID:                   c.ID(),
-			Config:               *c.config,
-			InitProcessPid:       pid,
-			InitProcessStartTime: startTime,
-			Created:              c.created,
-		},
-		Rootless:            c.config.Rootless,
-		CgroupPaths:         c.cgroupManager.GetPaths(),
-		IntelRdtPath:        intelRdtPath,
-		NamespacePaths:      make(map[configs.NamespaceType]string),
-		ExternalDescriptors: externalDescriptors,
-	}
-	if pid > 0 {
-		for _, ns := range c.config.Namespaces {
-			state.NamespacePaths[ns.Type] = ns.GetPath(pid)
-		}
-		for _, nsType := range configs.NamespaceTypes() {
-			if !configs.IsNamespaceSupported(nsType) {
-				continue
-			}
-			if _, ok := state.NamespacePaths[nsType]; !ok {
-				ns := configs.Namespace{Type: nsType}
-				state.NamespacePaths[ns.Type] = ns.GetPath(pid)
-			}
-		}
-	}
-	return state, nil
-}
-
-// orderNamespacePaths sorts namespace paths into a list of paths that we
-// can setns in order.
-func (c *linuxContainer) orderNamespacePaths(namespaces map[configs.NamespaceType]string) ([]string, error) {
-	paths := []string{}
-
-	for _, ns := range configs.NamespaceTypes() {
-
-		// Remove namespaces that we don't need to join.
-		if !c.config.Namespaces.Contains(ns) {
-			continue
-		}
-
-		if p, ok := namespaces[ns]; ok && p != "" {
-			// check if the requested namespace is supported
-			if !configs.IsNamespaceSupported(ns) {
-				return nil, newSystemError(fmt.Errorf("namespace %s is not supported", ns))
-			}
-			// only set to join this namespace if it exists
-			if _, err := os.Lstat(p); err != nil {
-				return nil, newSystemErrorWithCausef(err, "running lstat on namespace path %q", p)
-			}
-			// do not allow namespace path with comma as we use it to separate
-			// the namespace paths
-			if strings.ContainsRune(p, ',') {
-				return nil, newSystemError(fmt.Errorf("invalid path %s", p))
-			}
-			paths = append(paths, fmt.Sprintf("%s:%s", configs.NsName(ns), p))
-		}
-
-	}
-
-	return paths, nil
-}
-
-func encodeIDMapping(idMap []configs.IDMap) ([]byte, error) {
-	data := bytes.NewBuffer(nil)
-	for _, im := range idMap {
-		line := fmt.Sprintf("%d %d %d\n", im.ContainerID, im.HostID, im.Size)
-		if _, err := data.WriteString(line); err != nil {
-			return nil, err
-		}
-	}
-	return data.Bytes(), nil
-}
-
-// bootstrapData encodes the necessary data in netlink binary format
-// as a io.Reader.
-// Consumer can write the data to a bootstrap program
-// such as one that uses nsenter package to bootstrap the container's
-// init process correctly, i.e. with correct namespaces, uid/gid
-// mapping etc.
-func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (io.Reader, error) {
-	// create the netlink message
-	r := nl.NewNetlinkRequest(int(InitMsg), 0)
-
-	// write cloneFlags
-	r.AddData(&Int32msg{
-		Type:  CloneFlagsAttr,
-		Value: uint32(cloneFlags),
-	})
-
-	// write custom namespace paths
-	if len(nsMaps) > 0 {
-		nsPaths, err := c.orderNamespacePaths(nsMaps)
-		if err != nil {
-			return nil, err
-		}
-		r.AddData(&Bytemsg{
-			Type:  NsPathsAttr,
-			Value: []byte(strings.Join(nsPaths, ",")),
-		})
-	}
-
-	// write namespace paths only when we are not joining an existing user ns
-	_, joinExistingUser := nsMaps[configs.NEWUSER]
-	if !joinExistingUser {
-		// write uid mappings
-		if len(c.config.UidMappings) > 0 {
-			if c.config.Rootless && c.newuidmapPath != "" {
-				r.AddData(&Bytemsg{
-					Type:  UidmapPathAttr,
-					Value: []byte(c.newuidmapPath),
-				})
-			}
-			b, err := encodeIDMapping(c.config.UidMappings)
-			if err != nil {
-				return nil, err
-			}
-			r.AddData(&Bytemsg{
-				Type:  UidmapAttr,
-				Value: b,
-			})
-		}
-
-		// write gid mappings
-		if len(c.config.GidMappings) > 0 {
-			b, err := encodeIDMapping(c.config.GidMappings)
-			if err != nil {
-				return nil, err
-			}
-			r.AddData(&Bytemsg{
-				Type:  GidmapAttr,
-				Value: b,
-			})
-			if c.config.Rootless && c.newgidmapPath != "" {
-				r.AddData(&Bytemsg{
-					Type:  GidmapPathAttr,
-					Value: []byte(c.newgidmapPath),
-				})
-			}
-			// The following only applies if we are root.
-			if !c.config.Rootless {
-				// check if we have CAP_SETGID to setgroup properly
-				pid, err := capability.NewPid(0)
-				if err != nil {
-					return nil, err
-				}
-				if !pid.Get(capability.EFFECTIVE, capability.CAP_SETGID) {
-					r.AddData(&Boolmsg{
-						Type:  SetgroupAttr,
-						Value: true,
-					})
-				}
-			}
-		}
-	}
-
-	// write oom_score_adj
-	r.AddData(&Bytemsg{
-		Type:  OomScoreAdjAttr,
-		Value: []byte(fmt.Sprintf("%d", c.config.OomScoreAdj)),
-	})
-
-	// write rootless
-	r.AddData(&Boolmsg{
-		Type:  RootlessAttr,
-		Value: c.config.Rootless,
-	})
-
-	return bytes.NewReader(r.Serialize()), nil
-}
-
-// ignoreTerminateErrors returns nil if the given err matches an error known
-// to indicate that the terminate occurred successfully or err was nil, otherwise
-// err is returned unaltered.
-func ignoreTerminateErrors(err error) error {
-	if err == nil {
-		return nil
-	}
-	s := err.Error()
-	switch {
-	case strings.Contains(s, "process already finished"), strings.Contains(s, "Wait was already called"):
-		return nil
-	}
-	return err
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/criu_opts_linux.go

@@ -1,40 +0,0 @@
-package libcontainer
-
-// cgroup restoring strategy provided by criu
-type cgMode uint32
-
-const (
-	CRIU_CG_MODE_SOFT    cgMode = 3 + iota // restore cgroup properties if only dir created by criu
-	CRIU_CG_MODE_FULL                      // always restore all cgroups and their properties
-	CRIU_CG_MODE_STRICT                    // restore all, requiring them to not present in the system
-	CRIU_CG_MODE_DEFAULT                   // the same as CRIU_CG_MODE_SOFT
-)
-
-type CriuPageServerInfo struct {
-	Address string // IP address of CRIU page server
-	Port    int32  // port number of CRIU page server
-}
-
-type VethPairName struct {
-	ContainerInterfaceName string
-	HostInterfaceName      string
-}
-
-type CriuOpts struct {
-	ImagesDirectory         string             // directory for storing image files
-	WorkDirectory           string             // directory to cd and write logs/pidfiles/stats to
-	ParentImage             string             // directory for storing parent image files in pre-dump and dump
-	LeaveRunning            bool               // leave container in running state after checkpoint
-	TcpEstablished          bool               // checkpoint/restore established TCP connections
-	ExternalUnixConnections bool               // allow external unix connections
-	ShellJob                bool               // allow to dump and restore shell jobs
-	FileLocks               bool               // handle file locks, for safety
-	PreDump                 bool               // call criu predump to perform iterative checkpoint
-	PageServer              CriuPageServerInfo // allow to dump to criu page server
-	VethPairs               []VethPairName     // pass the veth to criu when restore
-	ManageCgroupsMode       cgMode             // dump or restore cgroup mode
-	EmptyNs                 uint32             // don't c/r properties for namespace from this mask
-	AutoDedup               bool               // auto deduplication for incremental dumps
-	LazyPages               bool               // restore memory pages lazily using userfaultfd
-	StatusFd                string             // fd for feedback when lazy server is ready
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.pb.go

@@ -1,1178 +0,0 @@
-// Code generated by protoc-gen-go.
-// source: criurpc.proto
-// DO NOT EDIT!
-
-/*
-Package criurpc is a generated protocol buffer package.
-
-It is generated from these files:
-	criurpc.proto
-
-It has these top-level messages:
-	CriuPageServerInfo
-	CriuVethPair
-	ExtMountMap
-	JoinNamespace
-	InheritFd
-	CgroupRoot
-	UnixSk
-	CriuOpts
-	CriuDumpResp
-	CriuRestoreResp
-	CriuNotify
-	CriuFeatures
-	CriuReq
-	CriuResp
-	CriuVersion
-*/
-package criurpc
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type CriuCgMode int32
-
-const (
-	CriuCgMode_IGNORE  CriuCgMode = 0
-	CriuCgMode_CG_NONE CriuCgMode = 1
-	CriuCgMode_PROPS   CriuCgMode = 2
-	CriuCgMode_SOFT    CriuCgMode = 3
-	CriuCgMode_FULL    CriuCgMode = 4
-	CriuCgMode_STRICT  CriuCgMode = 5
-	CriuCgMode_DEFAULT CriuCgMode = 6
-)
-
-var CriuCgMode_name = map[int32]string{
-	0: "IGNORE",
-	1: "CG_NONE",
-	2: "PROPS",
-	3: "SOFT",
-	4: "FULL",
-	5: "STRICT",
-	6: "DEFAULT",
-}
-var CriuCgMode_value = map[string]int32{
-	"IGNORE":  0,
-	"CG_NONE": 1,
-	"PROPS":   2,
-	"SOFT":    3,
-	"FULL":    4,
-	"STRICT":  5,
-	"DEFAULT": 6,
-}
-
-func (x CriuCgMode) Enum() *CriuCgMode {
-	p := new(CriuCgMode)
-	*p = x
-	return p
-}
-func (x CriuCgMode) String() string {
-	return proto.EnumName(CriuCgMode_name, int32(x))
-}
-func (x *CriuCgMode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CriuCgMode_value, data, "CriuCgMode")
-	if err != nil {
-		return err
-	}
-	*x = CriuCgMode(value)
-	return nil
-}
-func (CriuCgMode) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
-
-type CriuReqType int32
-
-const (
-	CriuReqType_EMPTY         CriuReqType = 0
-	CriuReqType_DUMP          CriuReqType = 1
-	CriuReqType_RESTORE       CriuReqType = 2
-	CriuReqType_CHECK         CriuReqType = 3
-	CriuReqType_PRE_DUMP      CriuReqType = 4
-	CriuReqType_PAGE_SERVER   CriuReqType = 5
-	CriuReqType_NOTIFY        CriuReqType = 6
-	CriuReqType_CPUINFO_DUMP  CriuReqType = 7
-	CriuReqType_CPUINFO_CHECK CriuReqType = 8
-	CriuReqType_FEATURE_CHECK CriuReqType = 9
-	CriuReqType_VERSION       CriuReqType = 10
-)
-
-var CriuReqType_name = map[int32]string{
-	0:  "EMPTY",
-	1:  "DUMP",
-	2:  "RESTORE",
-	3:  "CHECK",
-	4:  "PRE_DUMP",
-	5:  "PAGE_SERVER",
-	6:  "NOTIFY",
-	7:  "CPUINFO_DUMP",
-	8:  "CPUINFO_CHECK",
-	9:  "FEATURE_CHECK",
-	10: "VERSION",
-}
-var CriuReqType_value = map[string]int32{
-	"EMPTY":         0,
-	"DUMP":          1,
-	"RESTORE":       2,
-	"CHECK":         3,
-	"PRE_DUMP":      4,
-	"PAGE_SERVER":   5,
-	"NOTIFY":        6,
-	"CPUINFO_DUMP":  7,
-	"CPUINFO_CHECK": 8,
-	"FEATURE_CHECK": 9,
-	"VERSION":       10,
-}
-
-func (x CriuReqType) Enum() *CriuReqType {
-	p := new(CriuReqType)
-	*p = x
-	return p
-}
-func (x CriuReqType) String() string {
-	return proto.EnumName(CriuReqType_name, int32(x))
-}
-func (x *CriuReqType) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CriuReqType_value, data, "CriuReqType")
-	if err != nil {
-		return err
-	}
-	*x = CriuReqType(value)
-	return nil
-}
-func (CriuReqType) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
-
-type CriuPageServerInfo struct {
-	Address          *string `protobuf:"bytes,1,opt,name=address" json:"address,omitempty"`
-	Port             *int32  `protobuf:"varint,2,opt,name=port" json:"port,omitempty"`
-	Pid              *int32  `protobuf:"varint,3,opt,name=pid" json:"pid,omitempty"`
-	Fd               *int32  `protobuf:"varint,4,opt,name=fd" json:"fd,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *CriuPageServerInfo) Reset()                    { *m = CriuPageServerInfo{} }
-func (m *CriuPageServerInfo) String() string            { return proto.CompactTextString(m) }
-func (*CriuPageServerInfo) ProtoMessage()               {}
-func (*CriuPageServerInfo) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
-
-func (m *CriuPageServerInfo) GetAddress() string {
-	if m != nil && m.Address != nil {
-		return *m.Address
-	}
-	return ""
-}
-
-func (m *CriuPageServerInfo) GetPort() int32 {
-	if m != nil && m.Port != nil {
-		return *m.Port
-	}
-	return 0
-}
-
-func (m *CriuPageServerInfo) GetPid() int32 {
-	if m != nil && m.Pid != nil {
-		return *m.Pid
-	}
-	return 0
-}
-
-func (m *CriuPageServerInfo) GetFd() int32 {
-	if m != nil && m.Fd != nil {
-		return *m.Fd
-	}
-	return 0
-}
-
-type CriuVethPair struct {
-	IfIn             *string `protobuf:"bytes,1,req,name=if_in,json=ifIn" json:"if_in,omitempty"`
-	IfOut            *string `protobuf:"bytes,2,req,name=if_out,json=ifOut" json:"if_out,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *CriuVethPair) Reset()                    { *m = CriuVethPair{} }
-func (m *CriuVethPair) String() string            { return proto.CompactTextString(m) }
-func (*CriuVethPair) ProtoMessage()               {}
-func (*CriuVethPair) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
-
-func (m *CriuVethPair) GetIfIn() string {
-	if m != nil && m.IfIn != nil {
-		return *m.IfIn
-	}
-	return ""
-}
-
-func (m *CriuVethPair) GetIfOut() string {
-	if m != nil && m.IfOut != nil {
-		return *m.IfOut
-	}
-	return ""
-}
-
-type ExtMountMap struct {
-	Key              *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"`
-	Val              *string `protobuf:"bytes,2,req,name=val" json:"val,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *ExtMountMap) Reset()                    { *m = ExtMountMap{} }
-func (m *ExtMountMap) String() string            { return proto.CompactTextString(m) }
-func (*ExtMountMap) ProtoMessage()               {}
-func (*ExtMountMap) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
-
-func (m *ExtMountMap) GetKey() string {
-	if m != nil && m.Key != nil {
-		return *m.Key
-	}
-	return ""
-}
-
-func (m *ExtMountMap) GetVal() string {
-	if m != nil && m.Val != nil {
-		return *m.Val
-	}
-	return ""
-}
-
-type JoinNamespace struct {
-	Ns               *string `protobuf:"bytes,1,req,name=ns" json:"ns,omitempty"`
-	NsFile           *string `protobuf:"bytes,2,req,name=ns_file,json=nsFile" json:"ns_file,omitempty"`
-	ExtraOpt         *string `protobuf:"bytes,3,opt,name=extra_opt,json=extraOpt" json:"extra_opt,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *JoinNamespace) Reset()                    { *m = JoinNamespace{} }
-func (m *JoinNamespace) String() string            { return proto.CompactTextString(m) }
-func (*JoinNamespace) ProtoMessage()               {}
-func (*JoinNamespace) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
-
-func (m *JoinNamespace) GetNs() string {
-	if m != nil && m.Ns != nil {
-		return *m.Ns
-	}
-	return ""
-}
-
-func (m *JoinNamespace) GetNsFile() string {
-	if m != nil && m.NsFile != nil {
-		return *m.NsFile
-	}
-	return ""
-}
-
-func (m *JoinNamespace) GetExtraOpt() string {
-	if m != nil && m.ExtraOpt != nil {
-		return *m.ExtraOpt
-	}
-	return ""
-}
-
-type InheritFd struct {
-	Key              *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"`
-	Fd               *int32  `protobuf:"varint,2,req,name=fd" json:"fd,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *InheritFd) Reset()                    { *m = InheritFd{} }
-func (m *InheritFd) String() string            { return proto.CompactTextString(m) }
-func (*InheritFd) ProtoMessage()               {}
-func (*InheritFd) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
-
-func (m *InheritFd) GetKey() string {
-	if m != nil && m.Key != nil {
-		return *m.Key
-	}
-	return ""
-}
-
-func (m *InheritFd) GetFd() int32 {
-	if m != nil && m.Fd != nil {
-		return *m.Fd
-	}
-	return 0
-}
-
-type CgroupRoot struct {
-	Ctrl             *string `protobuf:"bytes,1,opt,name=ctrl" json:"ctrl,omitempty"`
-	Path             *string `protobuf:"bytes,2,req,name=path" json:"path,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *CgroupRoot) Reset()                    { *m = CgroupRoot{} }
-func (m *CgroupRoot) String() string            { return proto.CompactTextString(m) }
-func (*CgroupRoot) ProtoMessage()               {}
-func (*CgroupRoot) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
-
-func (m *CgroupRoot) GetCtrl() string {
-	if m != nil && m.Ctrl != nil {
-		return *m.Ctrl
-	}
-	return ""
-}
-
-func (m *CgroupRoot) GetPath() string {
-	if m != nil && m.Path != nil {
-		return *m.Path
-	}
-	return ""
-}
-
-type UnixSk struct {
-	Inode            *uint32 `protobuf:"varint,1,req,name=inode" json:"inode,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *UnixSk) Reset()                    { *m = UnixSk{} }
-func (m *UnixSk) String() string            { return proto.CompactTextString(m) }
-func (*UnixSk) ProtoMessage()               {}
-func (*UnixSk) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
-
-func (m *UnixSk) GetInode() uint32 {
-	if m != nil && m.Inode != nil {
-		return *m.Inode
-	}
-	return 0
-}
-
-type CriuOpts struct {
-	ImagesDirFd          *int32              `protobuf:"varint,1,req,name=images_dir_fd,json=imagesDirFd" json:"images_dir_fd,omitempty"`
-	Pid                  *int32              `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"`
-	LeaveRunning         *bool               `protobuf:"varint,3,opt,name=leave_running,json=leaveRunning" json:"leave_running,omitempty"`
-	ExtUnixSk            *bool               `protobuf:"varint,4,opt,name=ext_unix_sk,json=extUnixSk" json:"ext_unix_sk,omitempty"`
-	TcpEstablished       *bool               `protobuf:"varint,5,opt,name=tcp_established,json=tcpEstablished" json:"tcp_established,omitempty"`
-	EvasiveDevices       *bool               `protobuf:"varint,6,opt,name=evasive_devices,json=evasiveDevices" json:"evasive_devices,omitempty"`
-	ShellJob             *bool               `protobuf:"varint,7,opt,name=shell_job,json=shellJob" json:"shell_job,omitempty"`
-	FileLocks            *bool               `protobuf:"varint,8,opt,name=file_locks,json=fileLocks" json:"file_locks,omitempty"`
-	LogLevel             *int32              `protobuf:"varint,9,opt,name=log_level,json=logLevel,def=2" json:"log_level,omitempty"`
-	LogFile              *string             `protobuf:"bytes,10,opt,name=log_file,json=logFile" json:"log_file,omitempty"`
-	Ps                   *CriuPageServerInfo `protobuf:"bytes,11,opt,name=ps" json:"ps,omitempty"`
-	NotifyScripts        *bool               `protobuf:"varint,12,opt,name=notify_scripts,json=notifyScripts" json:"notify_scripts,omitempty"`
-	Root                 *string             `protobuf:"bytes,13,opt,name=root" json:"root,omitempty"`
-	ParentImg            *string             `protobuf:"bytes,14,opt,name=parent_img,json=parentImg" json:"parent_img,omitempty"`
-	TrackMem             *bool               `protobuf:"varint,15,opt,name=track_mem,json=trackMem" json:"track_mem,omitempty"`
-	AutoDedup            *bool               `protobuf:"varint,16,opt,name=auto_dedup,json=autoDedup" json:"auto_dedup,omitempty"`
-	WorkDirFd            *int32              `protobuf:"varint,17,opt,name=work_dir_fd,json=workDirFd" json:"work_dir_fd,omitempty"`
-	LinkRemap            *bool               `protobuf:"varint,18,opt,name=link_remap,json=linkRemap" json:"link_remap,omitempty"`
-	Veths                []*CriuVethPair     `protobuf:"bytes,19,rep,name=veths" json:"veths,omitempty"`
-	CpuCap               *uint32             `protobuf:"varint,20,opt,name=cpu_cap,json=cpuCap,def=4294967295" json:"cpu_cap,omitempty"`
-	ForceIrmap           *bool               `protobuf:"varint,21,opt,name=force_irmap,json=forceIrmap" json:"force_irmap,omitempty"`
-	ExecCmd              []string            `protobuf:"bytes,22,rep,name=exec_cmd,json=execCmd" json:"exec_cmd,omitempty"`
-	ExtMnt               []*ExtMountMap      `protobuf:"bytes,23,rep,name=ext_mnt,json=extMnt" json:"ext_mnt,omitempty"`
-	ManageCgroups        *bool               `protobuf:"varint,24,opt,name=manage_cgroups,json=manageCgroups" json:"manage_cgroups,omitempty"`
-	CgRoot               []*CgroupRoot       `protobuf:"bytes,25,rep,name=cg_root,json=cgRoot" json:"cg_root,omitempty"`
-	RstSibling           *bool               `protobuf:"varint,26,opt,name=rst_sibling,json=rstSibling" json:"rst_sibling,omitempty"`
-	InheritFd            []*InheritFd        `protobuf:"bytes,27,rep,name=inherit_fd,json=inheritFd" json:"inherit_fd,omitempty"`
-	AutoExtMnt           *bool               `protobuf:"varint,28,opt,name=auto_ext_mnt,json=autoExtMnt" json:"auto_ext_mnt,omitempty"`
-	ExtSharing           *bool               `protobuf:"varint,29,opt,name=ext_sharing,json=extSharing" json:"ext_sharing,omitempty"`
-	ExtMasters           *bool               `protobuf:"varint,30,opt,name=ext_masters,json=extMasters" json:"ext_masters,omitempty"`
-	SkipMnt              []string            `protobuf:"bytes,31,rep,name=skip_mnt,json=skipMnt" json:"skip_mnt,omitempty"`
-	EnableFs             []string            `protobuf:"bytes,32,rep,name=enable_fs,json=enableFs" json:"enable_fs,omitempty"`
-	UnixSkIno            []*UnixSk           `protobuf:"bytes,33,rep,name=unix_sk_ino,json=unixSkIno" json:"unix_sk_ino,omitempty"`
-	ManageCgroupsMode    *CriuCgMode         `protobuf:"varint,34,opt,name=manage_cgroups_mode,json=manageCgroupsMode,enum=CriuCgMode" json:"manage_cgroups_mode,omitempty"`
-	GhostLimit           *uint32             `protobuf:"varint,35,opt,name=ghost_limit,json=ghostLimit,def=1048576" json:"ghost_limit,omitempty"`
-	IrmapScanPaths       []string            `protobuf:"bytes,36,rep,name=irmap_scan_paths,json=irmapScanPaths" json:"irmap_scan_paths,omitempty"`
-	External             []string            `protobuf:"bytes,37,rep,name=external" json:"external,omitempty"`
-	EmptyNs              *uint32             `protobuf:"varint,38,opt,name=empty_ns,json=emptyNs" json:"empty_ns,omitempty"`
-	JoinNs               []*JoinNamespace    `protobuf:"bytes,39,rep,name=join_ns,json=joinNs" json:"join_ns,omitempty"`
-	CgroupProps          *string             `protobuf:"bytes,41,opt,name=cgroup_props,json=cgroupProps" json:"cgroup_props,omitempty"`
-	CgroupPropsFile      *string             `protobuf:"bytes,42,opt,name=cgroup_props_file,json=cgroupPropsFile" json:"cgroup_props_file,omitempty"`
-	CgroupDumpController []string            `protobuf:"bytes,43,rep,name=cgroup_dump_controller,json=cgroupDumpController" json:"cgroup_dump_controller,omitempty"`
-	FreezeCgroup         *string             `protobuf:"bytes,44,opt,name=freeze_cgroup,json=freezeCgroup" json:"freeze_cgroup,omitempty"`
-	Timeout              *uint32             `protobuf:"varint,45,opt,name=timeout" json:"timeout,omitempty"`
-	TcpSkipInFlight      *bool               `protobuf:"varint,46,opt,name=tcp_skip_in_flight,json=tcpSkipInFlight" json:"tcp_skip_in_flight,omitempty"`
-	WeakSysctls          *bool               `protobuf:"varint,47,opt,name=weak_sysctls,json=weakSysctls" json:"weak_sysctls,omitempty"`
-	LazyPages            *bool               `protobuf:"varint,48,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"`
-	StatusFd             *int32              `protobuf:"varint,49,opt,name=status_fd,json=statusFd" json:"status_fd,omitempty"`
-	OrphanPtsMaster      *bool               `protobuf:"varint,50,opt,name=orphan_pts_master,json=orphanPtsMaster" json:"orphan_pts_master,omitempty"`
-	XXX_unrecognized     []byte              `json:"-"`
-}
-
-func (m *CriuOpts) Reset()                    { *m = CriuOpts{} }
-func (m *CriuOpts) String() string            { return proto.CompactTextString(m) }
-func (*CriuOpts) ProtoMessage()               {}
-func (*CriuOpts) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
-
-const Default_CriuOpts_LogLevel int32 = 2
-const Default_CriuOpts_CpuCap uint32 = 4294967295
-const Default_CriuOpts_GhostLimit uint32 = 1048576
-
-func (m *CriuOpts) GetImagesDirFd() int32 {
-	if m != nil && m.ImagesDirFd != nil {
-		return *m.ImagesDirFd
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetPid() int32 {
-	if m != nil && m.Pid != nil {
-		return *m.Pid
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetLeaveRunning() bool {
-	if m != nil && m.LeaveRunning != nil {
-		return *m.LeaveRunning
-	}
-	return false
-}
-
-func (m *CriuOpts) GetExtUnixSk() bool {
-	if m != nil && m.ExtUnixSk != nil {
-		return *m.ExtUnixSk
-	}
-	return false
-}
-
-func (m *CriuOpts) GetTcpEstablished() bool {
-	if m != nil && m.TcpEstablished != nil {
-		return *m.TcpEstablished
-	}
-	return false
-}
-
-func (m *CriuOpts) GetEvasiveDevices() bool {
-	if m != nil && m.EvasiveDevices != nil {
-		return *m.EvasiveDevices
-	}
-	return false
-}
-
-func (m *CriuOpts) GetShellJob() bool {
-	if m != nil && m.ShellJob != nil {
-		return *m.ShellJob
-	}
-	return false
-}
-
-func (m *CriuOpts) GetFileLocks() bool {
-	if m != nil && m.FileLocks != nil {
-		return *m.FileLocks
-	}
-	return false
-}
-
-func (m *CriuOpts) GetLogLevel() int32 {
-	if m != nil && m.LogLevel != nil {
-		return *m.LogLevel
-	}
-	return Default_CriuOpts_LogLevel
-}
-
-func (m *CriuOpts) GetLogFile() string {
-	if m != nil && m.LogFile != nil {
-		return *m.LogFile
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetPs() *CriuPageServerInfo {
-	if m != nil {
-		return m.Ps
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetNotifyScripts() bool {
-	if m != nil && m.NotifyScripts != nil {
-		return *m.NotifyScripts
-	}
-	return false
-}
-
-func (m *CriuOpts) GetRoot() string {
-	if m != nil && m.Root != nil {
-		return *m.Root
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetParentImg() string {
-	if m != nil && m.ParentImg != nil {
-		return *m.ParentImg
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetTrackMem() bool {
-	if m != nil && m.TrackMem != nil {
-		return *m.TrackMem
-	}
-	return false
-}
-
-func (m *CriuOpts) GetAutoDedup() bool {
-	if m != nil && m.AutoDedup != nil {
-		return *m.AutoDedup
-	}
-	return false
-}
-
-func (m *CriuOpts) GetWorkDirFd() int32 {
-	if m != nil && m.WorkDirFd != nil {
-		return *m.WorkDirFd
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetLinkRemap() bool {
-	if m != nil && m.LinkRemap != nil {
-		return *m.LinkRemap
-	}
-	return false
-}
-
-func (m *CriuOpts) GetVeths() []*CriuVethPair {
-	if m != nil {
-		return m.Veths
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetCpuCap() uint32 {
-	if m != nil && m.CpuCap != nil {
-		return *m.CpuCap
-	}
-	return Default_CriuOpts_CpuCap
-}
-
-func (m *CriuOpts) GetForceIrmap() bool {
-	if m != nil && m.ForceIrmap != nil {
-		return *m.ForceIrmap
-	}
-	return false
-}
-
-func (m *CriuOpts) GetExecCmd() []string {
-	if m != nil {
-		return m.ExecCmd
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetExtMnt() []*ExtMountMap {
-	if m != nil {
-		return m.ExtMnt
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetManageCgroups() bool {
-	if m != nil && m.ManageCgroups != nil {
-		return *m.ManageCgroups
-	}
-	return false
-}
-
-func (m *CriuOpts) GetCgRoot() []*CgroupRoot {
-	if m != nil {
-		return m.CgRoot
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetRstSibling() bool {
-	if m != nil && m.RstSibling != nil {
-		return *m.RstSibling
-	}
-	return false
-}
-
-func (m *CriuOpts) GetInheritFd() []*InheritFd {
-	if m != nil {
-		return m.InheritFd
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetAutoExtMnt() bool {
-	if m != nil && m.AutoExtMnt != nil {
-		return *m.AutoExtMnt
-	}
-	return false
-}
-
-func (m *CriuOpts) GetExtSharing() bool {
-	if m != nil && m.ExtSharing != nil {
-		return *m.ExtSharing
-	}
-	return false
-}
-
-func (m *CriuOpts) GetExtMasters() bool {
-	if m != nil && m.ExtMasters != nil {
-		return *m.ExtMasters
-	}
-	return false
-}
-
-func (m *CriuOpts) GetSkipMnt() []string {
-	if m != nil {
-		return m.SkipMnt
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetEnableFs() []string {
-	if m != nil {
-		return m.EnableFs
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetUnixSkIno() []*UnixSk {
-	if m != nil {
-		return m.UnixSkIno
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetManageCgroupsMode() CriuCgMode {
-	if m != nil && m.ManageCgroupsMode != nil {
-		return *m.ManageCgroupsMode
-	}
-	return CriuCgMode_IGNORE
-}
-
-func (m *CriuOpts) GetGhostLimit() uint32 {
-	if m != nil && m.GhostLimit != nil {
-		return *m.GhostLimit
-	}
-	return Default_CriuOpts_GhostLimit
-}
-
-func (m *CriuOpts) GetIrmapScanPaths() []string {
-	if m != nil {
-		return m.IrmapScanPaths
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetExternal() []string {
-	if m != nil {
-		return m.External
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetEmptyNs() uint32 {
-	if m != nil && m.EmptyNs != nil {
-		return *m.EmptyNs
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetJoinNs() []*JoinNamespace {
-	if m != nil {
-		return m.JoinNs
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetCgroupProps() string {
-	if m != nil && m.CgroupProps != nil {
-		return *m.CgroupProps
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetCgroupPropsFile() string {
-	if m != nil && m.CgroupPropsFile != nil {
-		return *m.CgroupPropsFile
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetCgroupDumpController() []string {
-	if m != nil {
-		return m.CgroupDumpController
-	}
-	return nil
-}
-
-func (m *CriuOpts) GetFreezeCgroup() string {
-	if m != nil && m.FreezeCgroup != nil {
-		return *m.FreezeCgroup
-	}
-	return ""
-}
-
-func (m *CriuOpts) GetTimeout() uint32 {
-	if m != nil && m.Timeout != nil {
-		return *m.Timeout
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetTcpSkipInFlight() bool {
-	if m != nil && m.TcpSkipInFlight != nil {
-		return *m.TcpSkipInFlight
-	}
-	return false
-}
-
-func (m *CriuOpts) GetWeakSysctls() bool {
-	if m != nil && m.WeakSysctls != nil {
-		return *m.WeakSysctls
-	}
-	return false
-}
-
-func (m *CriuOpts) GetLazyPages() bool {
-	if m != nil && m.LazyPages != nil {
-		return *m.LazyPages
-	}
-	return false
-}
-
-func (m *CriuOpts) GetStatusFd() int32 {
-	if m != nil && m.StatusFd != nil {
-		return *m.StatusFd
-	}
-	return 0
-}
-
-func (m *CriuOpts) GetOrphanPtsMaster() bool {
-	if m != nil && m.OrphanPtsMaster != nil {
-		return *m.OrphanPtsMaster
-	}
-	return false
-}
-
-type CriuDumpResp struct {
-	Restored         *bool  `protobuf:"varint,1,opt,name=restored" json:"restored,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
-}
-
-func (m *CriuDumpResp) Reset()                    { *m = CriuDumpResp{} }
-func (m *CriuDumpResp) String() string            { return proto.CompactTextString(m) }
-func (*CriuDumpResp) ProtoMessage()               {}
-func (*CriuDumpResp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
-
-func (m *CriuDumpResp) GetRestored() bool {
-	if m != nil && m.Restored != nil {
-		return *m.Restored
-	}
-	return false
-}
-
-type CriuRestoreResp struct {
-	Pid              *int32 `protobuf:"varint,1,req,name=pid" json:"pid,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
-}
-
-func (m *CriuRestoreResp) Reset()                    { *m = CriuRestoreResp{} }
-func (m *CriuRestoreResp) String() string            { return proto.CompactTextString(m) }
-func (*CriuRestoreResp) ProtoMessage()               {}
-func (*CriuRestoreResp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
-
-func (m *CriuRestoreResp) GetPid() int32 {
-	if m != nil && m.Pid != nil {
-		return *m.Pid
-	}
-	return 0
-}
-
-type CriuNotify struct {
-	Script           *string `protobuf:"bytes,1,opt,name=script" json:"script,omitempty"`
-	Pid              *int32  `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *CriuNotify) Reset()                    { *m = CriuNotify{} }
-func (m *CriuNotify) String() string            { return proto.CompactTextString(m) }
-func (*CriuNotify) ProtoMessage()               {}
-func (*CriuNotify) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} }
-
-func (m *CriuNotify) GetScript() string {
-	if m != nil && m.Script != nil {
-		return *m.Script
-	}
-	return ""
-}
-
-func (m *CriuNotify) GetPid() int32 {
-	if m != nil && m.Pid != nil {
-		return *m.Pid
-	}
-	return 0
-}
-
-//
-// List of features which can queried via
-// CRIU_REQ_TYPE__FEATURE_CHECK
-type CriuFeatures struct {
-	MemTrack         *bool  `protobuf:"varint,1,opt,name=mem_track,json=memTrack" json:"mem_track,omitempty"`
-	LazyPages        *bool  `protobuf:"varint,2,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"`
-	XXX_unrecognized []byte `json:"-"`
-}
-
-func (m *CriuFeatures) Reset()                    { *m = CriuFeatures{} }
-func (m *CriuFeatures) String() string            { return proto.CompactTextString(m) }
-func (*CriuFeatures) ProtoMessage()               {}
-func (*CriuFeatures) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{11} }
-
-func (m *CriuFeatures) GetMemTrack() bool {
-	if m != nil && m.MemTrack != nil {
-		return *m.MemTrack
-	}
-	return false
-}
-
-func (m *CriuFeatures) GetLazyPages() bool {
-	if m != nil && m.LazyPages != nil {
-		return *m.LazyPages
-	}
-	return false
-}
-
-type CriuReq struct {
-	Type          *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"`
-	Opts          *CriuOpts    `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"`
-	NotifySuccess *bool        `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"`
-	//
-	// When set service won't close the connection but
-	// will wait for more req-s to appear. Works not
-	// for all request types.
-	KeepOpen *bool `protobuf:"varint,4,opt,name=keep_open,json=keepOpen" json:"keep_open,omitempty"`
-	//
-	// 'features' can be used to query which features
-	// are supported by the installed criu/kernel
-	// via RPC.
-	Features         *CriuFeatures `protobuf:"bytes,5,opt,name=features" json:"features,omitempty"`
-	XXX_unrecognized []byte        `json:"-"`
-}
-
-func (m *CriuReq) Reset()                    { *m = CriuReq{} }
-func (m *CriuReq) String() string            { return proto.CompactTextString(m) }
-func (*CriuReq) ProtoMessage()               {}
-func (*CriuReq) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{12} }
-
-func (m *CriuReq) GetType() CriuReqType {
-	if m != nil && m.Type != nil {
-		return *m.Type
-	}
-	return CriuReqType_EMPTY
-}
-
-func (m *CriuReq) GetOpts() *CriuOpts {
-	if m != nil {
-		return m.Opts
-	}
-	return nil
-}
-
-func (m *CriuReq) GetNotifySuccess() bool {
-	if m != nil && m.NotifySuccess != nil {
-		return *m.NotifySuccess
-	}
-	return false
-}
-
-func (m *CriuReq) GetKeepOpen() bool {
-	if m != nil && m.KeepOpen != nil {
-		return *m.KeepOpen
-	}
-	return false
-}
-
-func (m *CriuReq) GetFeatures() *CriuFeatures {
-	if m != nil {
-		return m.Features
-	}
-	return nil
-}
-
-type CriuResp struct {
-	Type             *CriuReqType        `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"`
-	Success          *bool               `protobuf:"varint,2,req,name=success" json:"success,omitempty"`
-	Dump             *CriuDumpResp       `protobuf:"bytes,3,opt,name=dump" json:"dump,omitempty"`
-	Restore          *CriuRestoreResp    `protobuf:"bytes,4,opt,name=restore" json:"restore,omitempty"`
-	Notify           *CriuNotify         `protobuf:"bytes,5,opt,name=notify" json:"notify,omitempty"`
-	Ps               *CriuPageServerInfo `protobuf:"bytes,6,opt,name=ps" json:"ps,omitempty"`
-	CrErrno          *int32              `protobuf:"varint,7,opt,name=cr_errno,json=crErrno" json:"cr_errno,omitempty"`
-	Features         *CriuFeatures       `protobuf:"bytes,8,opt,name=features" json:"features,omitempty"`
-	CrErrmsg         *string             `protobuf:"bytes,9,opt,name=cr_errmsg,json=crErrmsg" json:"cr_errmsg,omitempty"`
-	Version          *CriuVersion        `protobuf:"bytes,10,opt,name=version" json:"version,omitempty"`
-	XXX_unrecognized []byte              `json:"-"`
-}
-
-func (m *CriuResp) Reset()                    { *m = CriuResp{} }
-func (m *CriuResp) String() string            { return proto.CompactTextString(m) }
-func (*CriuResp) ProtoMessage()               {}
-func (*CriuResp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{13} }
-
-func (m *CriuResp) GetType() CriuReqType {
-	if m != nil && m.Type != nil {
-		return *m.Type
-	}
-	return CriuReqType_EMPTY
-}
-
-func (m *CriuResp) GetSuccess() bool {
-	if m != nil && m.Success != nil {
-		return *m.Success
-	}
-	return false
-}
-
-func (m *CriuResp) GetDump() *CriuDumpResp {
-	if m != nil {
-		return m.Dump
-	}
-	return nil
-}
-
-func (m *CriuResp) GetRestore() *CriuRestoreResp {
-	if m != nil {
-		return m.Restore
-	}
-	return nil
-}
-
-func (m *CriuResp) GetNotify() *CriuNotify {
-	if m != nil {
-		return m.Notify
-	}
-	return nil
-}
-
-func (m *CriuResp) GetPs() *CriuPageServerInfo {
-	if m != nil {
-		return m.Ps
-	}
-	return nil
-}
-
-func (m *CriuResp) GetCrErrno() int32 {
-	if m != nil && m.CrErrno != nil {
-		return *m.CrErrno
-	}
-	return 0
-}
-
-func (m *CriuResp) GetFeatures() *CriuFeatures {
-	if m != nil {
-		return m.Features
-	}
-	return nil
-}
-
-func (m *CriuResp) GetCrErrmsg() string {
-	if m != nil && m.CrErrmsg != nil {
-		return *m.CrErrmsg
-	}
-	return ""
-}
-
-func (m *CriuResp) GetVersion() *CriuVersion {
-	if m != nil {
-		return m.Version
-	}
-	return nil
-}
-
-// Answer for criu_req_type.VERSION requests
-type CriuVersion struct {
-	Major            *int32  `protobuf:"varint,1,req,name=major" json:"major,omitempty"`
-	Minor            *int32  `protobuf:"varint,2,req,name=minor" json:"minor,omitempty"`
-	Gitid            *string `protobuf:"bytes,3,opt,name=gitid" json:"gitid,omitempty"`
-	Sublevel         *int32  `protobuf:"varint,4,opt,name=sublevel" json:"sublevel,omitempty"`
-	Extra            *int32  `protobuf:"varint,5,opt,name=extra" json:"extra,omitempty"`
-	Name             *string `protobuf:"bytes,6,opt,name=name" json:"name,omitempty"`
-	XXX_unrecognized []byte  `json:"-"`
-}
-
-func (m *CriuVersion) Reset()                    { *m = CriuVersion{} }
-func (m *CriuVersion) String() string            { return proto.CompactTextString(m) }
-func (*CriuVersion) ProtoMessage()               {}
-func (*CriuVersion) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{14} }
-
-func (m *CriuVersion) GetMajor() int32 {
-	if m != nil && m.Major != nil {
-		return *m.Major
-	}
-	return 0
-}
-
-func (m *CriuVersion) GetMinor() int32 {
-	if m != nil && m.Minor != nil {
-		return *m.Minor
-	}
-	return 0
-}
-
-func (m *CriuVersion) GetGitid() string {
-	if m != nil && m.Gitid != nil {
-		return *m.Gitid
-	}
-	return ""
-}
-
-func (m *CriuVersion) GetSublevel() int32 {
-	if m != nil && m.Sublevel != nil {
-		return *m.Sublevel
-	}
-	return 0
-}
-
-func (m *CriuVersion) GetExtra() int32 {
-	if m != nil && m.Extra != nil {
-		return *m.Extra
-	}
-	return 0
-}
-
-func (m *CriuVersion) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func init() {
-	proto.RegisterType((*CriuPageServerInfo)(nil), "criu_page_server_info")
-	proto.RegisterType((*CriuVethPair)(nil), "criu_veth_pair")
-	proto.RegisterType((*ExtMountMap)(nil), "ext_mount_map")
-	proto.RegisterType((*JoinNamespace)(nil), "join_namespace")
-	proto.RegisterType((*InheritFd)(nil), "inherit_fd")
-	proto.RegisterType((*CgroupRoot)(nil), "cgroup_root")
-	proto.RegisterType((*UnixSk)(nil), "unix_sk")
-	proto.RegisterType((*CriuOpts)(nil), "criu_opts")
-	proto.RegisterType((*CriuDumpResp)(nil), "criu_dump_resp")
-	proto.RegisterType((*CriuRestoreResp)(nil), "criu_restore_resp")
-	proto.RegisterType((*CriuNotify)(nil), "criu_notify")
-	proto.RegisterType((*CriuFeatures)(nil), "criu_features")
-	proto.RegisterType((*CriuReq)(nil), "criu_req")
-	proto.RegisterType((*CriuResp)(nil), "criu_resp")
-	proto.RegisterType((*CriuVersion)(nil), "criu_version")
-	proto.RegisterEnum("CriuCgMode", CriuCgMode_name, CriuCgMode_value)
-	proto.RegisterEnum("CriuReqType", CriuReqType_name, CriuReqType_value)
-}
-
-func init() { proto.RegisterFile("criurpc.proto", fileDescriptor0) }
-
-var fileDescriptor0 = []byte{
-	// 1781 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x56, 0xdd, 0x72, 0x5b, 0xb7,
-	0x11, 0x0e, 0x29, 0xfe, 0x1c, 0x82, 0x3f, 0xa6, 0x10, 0xdb, 0x81, 0x93, 0xda, 0x62, 0xe8, 0x28,
-	0x51, 0x15, 0x97, 0x4d, 0x58, 0x3b, 0xae, 0x33, 0xed, 0x85, 0x47, 0x22, 0x5d, 0x36, 0x92, 0xc8,
-	0x01, 0x25, 0xcf, 0xe4, 0x0a, 0x73, 0x74, 0x0e, 0x48, 0xc1, 0x3c, 0x7f, 0x05, 0x40, 0x45, 0xf2,
-	0x83, 0xf4, 0x29, 0xfa, 0x0c, 0x7d, 0x84, 0xbe, 0x4e, 0x6f, 0x3b, 0xbb, 0x00, 0x65, 0x29, 0xc9,
-	0xb4, 0xbd, 0xc3, 0x7e, 0x58, 0x00, 0xbb, 0xfb, 0xed, 0x0f, 0x48, 0x3b, 0xd2, 0x6a, 0xad, 0x8b,
-	0x68, 0x50, 0xe8, 0xdc, 0xe6, 0xfd, 0x25, 0x79, 0x00, 0x80, 0x28, 0xc2, 0xa5, 0x14, 0x46, 0xea,
-	0x4b, 0xa9, 0x85, 0xca, 0x16, 0x39, 0x65, 0xa4, 0x1e, 0xc6, 0xb1, 0x96, 0xc6, 0xb0, 0x52, 0xaf,
-	0xb4, 0xd7, 0xe0, 0x1b, 0x91, 0x52, 0x52, 0x29, 0x72, 0x6d, 0x59, 0xb9, 0x57, 0xda, 0xab, 0x72,
-	0x5c, 0xd3, 0x2e, 0xd9, 0x2a, 0x54, 0xcc, 0xb6, 0x10, 0x82, 0x25, 0xed, 0x90, 0xf2, 0x22, 0x66,
-	0x15, 0x04, 0xca, 0x8b, 0xb8, 0xff, 0x27, 0xd2, 0xc1, 0x87, 0x2e, 0xa5, 0xbd, 0x10, 0x45, 0xa8,
-	0x34, 0xfd, 0x98, 0x54, 0xd5, 0x42, 0xa8, 0x8c, 0x95, 0x7a, 0xe5, 0xbd, 0x06, 0xaf, 0xa8, 0xc5,
-	0x24, 0xa3, 0x0f, 0x48, 0x4d, 0x2d, 0x44, 0xbe, 0x86, 0xeb, 0x01, 0xad, 0xaa, 0xc5, 0x74, 0x6d,
-	0xfb, 0x7f, 0x20, 0x6d, 0x79, 0x65, 0x45, 0x9a, 0xaf, 0x33, 0x2b, 0xd2, 0xb0, 0x80, 0x07, 0x57,
-	0xf2, 0xda, 0x1f, 0x85, 0x25, 0x20, 0x97, 0x61, 0xe2, 0x8f, 0xc1, 0xb2, 0xff, 0x96, 0x74, 0xde,
-	0xe5, 0x2a, 0x13, 0x59, 0x98, 0x4a, 0x53, 0x84, 0x91, 0x04, 0xa3, 0x32, 0xe3, 0x0f, 0x95, 0x33,
-	0x43, 0x3f, 0x21, 0xf5, 0xcc, 0x88, 0x85, 0x4a, 0xa4, 0x3f, 0x57, 0xcb, 0xcc, 0x58, 0x25, 0x92,
-	0x7e, 0x46, 0x1a, 0xf2, 0xca, 0xea, 0x50, 0xe4, 0x85, 0x45, 0xaf, 0x1a, 0x3c, 0x40, 0x60, 0x5a,
-	0xd8, 0xfe, 0x80, 0x10, 0x95, 0x5d, 0x48, 0xad, 0xac, 0x58, 0xc4, 0xbf, 0x62, 0x89, 0x73, 0x1d,
-	0x2e, 0x74, 0xae, 0xbf, 0x20, 0xcd, 0x68, 0xa9, 0xf3, 0x75, 0x21, 0x74, 0x9e, 0x5b, 0x88, 0x5f,
-	0x64, 0x75, 0xe2, 0xc3, 0x8a, 0x6b, 0x8c, 0x69, 0x68, 0x2f, 0xbc, 0x15, 0xb8, 0xee, 0xef, 0x90,
-	0xfa, 0x3a, 0x53, 0x57, 0xc2, 0xac, 0xe8, 0x7d, 0x52, 0x55, 0x59, 0x1e, 0x4b, 0x7c, 0xa5, 0xcd,
-	0x9d, 0xd0, 0xff, 0x57, 0x9b, 0x34, 0x30, 0xa6, 0x79, 0x61, 0x0d, 0xed, 0x93, 0xb6, 0x4a, 0xc3,
-	0xa5, 0x34, 0x22, 0x56, 0x5a, 0x2c, 0x62, 0xd4, 0xad, 0xf2, 0xa6, 0x03, 0x0f, 0x95, 0x1e, 0xc7,
-	0x1b, 0x9a, 0xca, 0x1f, 0x68, 0x7a, 0x4a, 0xda, 0x89, 0x0c, 0x2f, 0xa5, 0xd0, 0xeb, 0x2c, 0x53,
-	0xd9, 0x12, 0x9d, 0x0d, 0x78, 0x0b, 0x41, 0xee, 0x30, 0xfa, 0x84, 0x34, 0x21, 0xfa, 0xde, 0x1a,
-	0x24, 0x35, 0xe0, 0x10, 0xa0, 0xb3, 0x4c, 0x5d, 0xcd, 0x57, 0xf4, 0x2b, 0x72, 0xcf, 0x46, 0x85,
-	0x90, 0xc6, 0x86, 0xe7, 0x89, 0x32, 0x17, 0x32, 0x66, 0x55, 0xd4, 0xe9, 0xd8, 0xa8, 0x18, 0x7d,
-	0x40, 0x41, 0x51, 0x5e, 0x86, 0x46, 0x5d, 0x4a, 0x11, 0xcb, 0x4b, 0x15, 0x49, 0xc3, 0x6a, 0x4e,
-	0xd1, 0xc3, 0x87, 0x0e, 0x85, 0xf8, 0x9b, 0x0b, 0x99, 0x24, 0xe2, 0x5d, 0x7e, 0xce, 0xea, 0xa8,
-	0x12, 0x20, 0xf0, 0xd7, 0xfc, 0x9c, 0x3e, 0x26, 0x04, 0x28, 0x13, 0x49, 0x1e, 0xad, 0x0c, 0x0b,
-	0x9c, 0x35, 0x80, 0x1c, 0x01, 0x40, 0x9f, 0x90, 0x46, 0x92, 0x2f, 0x45, 0x22, 0x2f, 0x65, 0xc2,
-	0x1a, 0xe0, 0xea, 0xf7, 0xa5, 0x21, 0x0f, 0x92, 0x7c, 0x79, 0x04, 0x10, 0x7d, 0x44, 0x60, 0xed,
-	0x58, 0x27, 0x2e, 0xb5, 0x93, 0x7c, 0x89, 0xb4, 0x7f, 0x49, 0xca, 0x85, 0x61, 0xcd, 0x5e, 0x69,
-	0xaf, 0x39, 0x7c, 0x38, 0xf8, 0xd5, 0xc2, 0xe0, 0xe5, 0xc2, 0xd0, 0x5d, 0xd2, 0xc9, 0x72, 0xab,
-	0x16, 0xd7, 0xc2, 0x44, 0x5a, 0x15, 0xd6, 0xb0, 0x16, 0x5a, 0xd1, 0x76, 0xe8, 0xdc, 0x81, 0xc0,
-	0x2a, 0x30, 0xce, 0xda, 0x8e, 0x69, 0x64, 0xff, 0x31, 0x21, 0x45, 0xa8, 0x65, 0x66, 0x85, 0x4a,
-	0x97, 0xac, 0x83, 0x3b, 0x0d, 0x87, 0x4c, 0xd2, 0x25, 0x38, 0x6e, 0x75, 0x18, 0xad, 0x44, 0x2a,
-	0x53, 0x76, 0xcf, 0x39, 0x8e, 0xc0, 0xb1, 0x4c, 0xe1, 0x6c, 0xb8, 0xb6, 0xb9, 0x88, 0x65, 0xbc,
-	0x2e, 0x58, 0xd7, 0x39, 0x0e, 0xc8, 0x21, 0x00, 0x40, 0xd3, 0x4f, 0xb9, 0x5e, 0x6d, 0xf8, 0xdf,
-	0x46, 0x96, 0x1b, 0x00, 0x39, 0xf6, 0x1f, 0x13, 0x92, 0xa8, 0x6c, 0x25, 0xb4, 0x4c, 0xc3, 0x82,
-	0x51, 0x77, 0x1c, 0x10, 0x0e, 0x00, 0xdd, 0x25, 0x55, 0x28, 0x4e, 0xc3, 0x3e, 0xee, 0x6d, 0xed,
-	0x35, 0x87, 0xf7, 0x06, 0x77, 0xeb, 0x95, 0xbb, 0x5d, 0xfa, 0x94, 0xd4, 0xa3, 0x62, 0x2d, 0xa2,
-	0xb0, 0x60, 0xf7, 0x7b, 0xa5, 0xbd, 0xf6, 0xf7, 0xe4, 0xf9, 0xf0, 0xd5, 0xf3, 0x57, 0xdf, 0xbd,
-	0x1c, 0xbe, 0x7a, 0xc1, 0x6b, 0x51, 0xb1, 0x3e, 0x08, 0x0b, 0xba, 0x43, 0x9a, 0x8b, 0x5c, 0x47,
-	0x52, 0x28, 0x0d, 0x6f, 0x3d, 0xc0, 0xb7, 0x08, 0x42, 0x13, 0x40, 0x80, 0x04, 0x79, 0x25, 0x23,
-	0x11, 0xa5, 0x31, 0x7b, 0xd8, 0xdb, 0x02, 0x12, 0x40, 0x3e, 0x48, 0x21, 0x49, 0xea, 0x58, 0xeb,
-	0x99, 0x65, 0x9f, 0xa0, 0x25, 0x9d, 0xc1, 0x9d, 0xda, 0xe7, 0x35, 0x79, 0x65, 0x8f, 0x33, 0x0b,
-	0x2c, 0xa4, 0x61, 0x06, 0xfc, 0xb8, 0xf2, 0x32, 0x8c, 0x39, 0x16, 0x1c, 0x7a, 0xe0, 0x40, 0xba,
-	0x4b, 0xea, 0xd1, 0x12, 0x4b, 0x8f, 0x3d, 0xc2, 0xfb, 0x5a, 0x83, 0x5b, 0xe5, 0xc8, 0x6b, 0xd1,
-	0x92, 0x03, 0x31, 0x3b, 0xa4, 0xa9, 0x8d, 0x15, 0x46, 0x9d, 0x27, 0x50, 0x07, 0x9f, 0x3a, 0x93,
-	0xb5, 0xb1, 0x73, 0x87, 0xd0, 0xfd, 0xdb, 0x65, 0xcf, 0x3e, 0xc3, 0xab, 0x9a, 0x83, 0x0f, 0x10,
-	0x6f, 0xf8, 0xf5, 0x38, 0xa6, 0x3d, 0xd2, 0x42, 0xa6, 0x36, 0x8e, 0xfc, 0xc6, 0xdd, 0x06, 0xd8,
-	0xc8, 0x19, 0xbf, 0xe3, 0x6a, 0xca, 0x5c, 0x84, 0x1a, 0x9e, 0x7b, 0xec, 0x14, 0xe4, 0x95, 0x9d,
-	0x3b, 0x64, 0xa3, 0x90, 0x86, 0xc6, 0x4a, 0x6d, 0xd8, 0x93, 0x1b, 0x85, 0x63, 0x87, 0x40, 0x08,
-	0xcd, 0x4a, 0x15, 0x78, 0xff, 0x8e, 0x0b, 0x21, 0xc8, 0x70, 0x39, 0xb4, 0xaf, 0x2c, 0x3c, 0x4f,
-	0xa4, 0x58, 0x18, 0xd6, 0xc3, 0xbd, 0xc0, 0x01, 0x63, 0x43, 0xf7, 0x48, 0xd3, 0x57, 0xb2, 0x50,
-	0x59, 0xce, 0x3e, 0x47, 0x47, 0x82, 0x81, 0xc7, 0x78, 0x63, 0x8d, 0x45, 0x3d, 0xc9, 0x72, 0xfa,
-	0x67, 0xf2, 0xf1, 0xdd, 0x00, 0x8b, 0x14, 0x9a, 0x50, 0xbf, 0x57, 0xda, 0xeb, 0x0c, 0xdb, 0x2e,
-	0x3f, 0xa2, 0x25, 0x82, 0x7c, 0xfb, 0x4e, 0xd0, 0x8f, 0xf3, 0x58, 0xc2, 0x43, 0xcb, 0x8b, 0xdc,
-	0x58, 0x91, 0xa8, 0x54, 0x59, 0xf6, 0x14, 0xb3, 0xa5, 0xfe, 0xed, 0x37, 0xcf, 0xff, 0xf8, 0xe2,
-	0xe5, 0x77, 0x9c, 0xe0, 0xde, 0x11, 0x6c, 0xd1, 0x3d, 0xd2, 0xc5, 0x44, 0x11, 0x26, 0x0a, 0x33,
-	0x01, 0xdd, 0xcf, 0xb0, 0x2f, 0xd0, 0xec, 0x0e, 0xe2, 0xf3, 0x28, 0xcc, 0x66, 0x80, 0xd2, 0x4f,
-	0x21, 0x6f, 0xac, 0xd4, 0x59, 0x98, 0xb0, 0x5d, 0xef, 0x98, 0x97, 0x31, 0xa7, 0xd2, 0xc2, 0x5e,
-	0x8b, 0xcc, 0xb0, 0x2f, 0xe1, 0x31, 0x5e, 0x47, 0xf9, 0x04, 0x7c, 0xae, 0xbb, 0x51, 0x60, 0xd8,
-	0x57, 0x3e, 0xbb, 0xef, 0x8e, 0x06, 0x5e, 0x03, 0xf9, 0xc4, 0xd0, 0xcf, 0x49, 0xcb, 0x67, 0x47,
-	0xa1, 0xf3, 0xc2, 0xb0, 0xdf, 0x62, 0x85, 0xfa, 0x06, 0x3e, 0x03, 0x88, 0xee, 0x93, 0xed, 0xdb,
-	0x2a, 0xae, 0x93, 0xec, 0xa3, 0xde, 0xbd, 0x5b, 0x7a, 0xd8, 0x51, 0x9e, 0x93, 0x87, 0x5e, 0x37,
-	0x5e, 0xa7, 0x85, 0x88, 0xf2, 0xcc, 0xea, 0x3c, 0x49, 0xa4, 0x66, 0x5f, 0xa3, 0xf5, 0xf7, 0xdd,
-	0xee, 0xe1, 0x3a, 0x2d, 0x0e, 0x6e, 0xf6, 0xa0, 0x2b, 0x2f, 0xb4, 0x94, 0xef, 0x37, 0x81, 0x67,
-	0xcf, 0xf0, 0xf6, 0x96, 0x03, 0x5d, 0x8c, 0x61, 0x42, 0x5b, 0x95, 0x4a, 0x98, 0x95, 0xbf, 0x73,
-	0xde, 0x7a, 0x91, 0x7e, 0x4d, 0x28, 0xf4, 0x63, 0xcc, 0x0e, 0x95, 0x89, 0x45, 0xa2, 0x96, 0x17,
-	0x96, 0x0d, 0x30, 0x83, 0xa0, 0x53, 0xcf, 0x57, 0xaa, 0x98, 0x64, 0x63, 0x84, 0xc1, 0xe1, 0x9f,
-	0x64, 0xb8, 0x12, 0xe6, 0xda, 0x44, 0x36, 0x31, 0xec, 0xf7, 0xa8, 0xd6, 0x04, 0x6c, 0xee, 0x20,
-	0x6c, 0x1c, 0xe1, 0xfb, 0x6b, 0xec, 0x85, 0x86, 0x7d, 0xe3, 0x1b, 0x47, 0xf8, 0xfe, 0x7a, 0x06,
-	0x00, 0x36, 0x6b, 0x1b, 0xda, 0xb5, 0x81, 0xba, 0xf8, 0x16, 0xbb, 0x4e, 0xe0, 0x80, 0x71, 0x0c,
-	0xc1, 0xca, 0x75, 0x71, 0x01, 0xb4, 0x5a, 0xe3, 0xb3, 0x99, 0x0d, 0x9d, 0x29, 0x6e, 0x63, 0x66,
-	0x8d, 0x4b, 0xe9, 0xfe, 0x33, 0xff, 0x47, 0xc0, 0x50, 0x69, 0x69, 0x0a, 0xa0, 0x5b, 0x4b, 0x63,
-	0x73, 0x2d, 0x63, 0x9c, 0x97, 0x01, 0xbf, 0x91, 0xfb, 0xbb, 0x64, 0x1b, 0xb5, 0x3d, 0xe0, 0x0e,
-	0xf8, 0x09, 0xe7, 0x66, 0x1f, 0x2c, 0xfb, 0x2f, 0x49, 0x13, 0xd5, 0x5c, 0x6b, 0xa6, 0x0f, 0x49,
-	0xcd, 0xf5, 0x6c, 0x3f, 0x7f, 0xbd, 0xf4, 0xcb, 0xd1, 0xd8, 0xff, 0xc1, 0xfd, 0x95, 0xc4, 0x42,
-	0x86, 0x76, 0xad, 0x9d, 0x9f, 0xa9, 0x4c, 0x05, 0xb6, 0xe3, 0x8d, 0x35, 0xa9, 0x4c, 0x4f, 0x41,
-	0xfe, 0x59, 0x8c, 0xca, 0x3f, 0x8b, 0x51, 0xff, 0x9f, 0x25, 0x12, 0x78, 0x6b, 0xff, 0x46, 0xfb,
-	0xa4, 0x62, 0xaf, 0x0b, 0x37, 0xcd, 0x3b, 0xc3, 0xce, 0x60, 0xb3, 0x21, 0x00, 0xe5, 0xb8, 0x47,
-	0x9f, 0x90, 0x0a, 0x8c, 0x75, 0xbc, 0xa9, 0x39, 0x24, 0x83, 0x9b, 0x41, 0xcf, 0x11, 0xbf, 0x3d,
-	0x82, 0xd6, 0x51, 0x04, 0xdf, 0xb4, 0xad, 0x3b, 0x23, 0xc8, 0x81, 0x60, 0xf3, 0x4a, 0xca, 0x42,
-	0xe4, 0x85, 0xcc, 0xfc, 0xe0, 0x0e, 0x00, 0x98, 0x16, 0x32, 0xa3, 0xfb, 0x24, 0xd8, 0x38, 0x87,
-	0x03, 0xbb, 0xb9, 0xb1, 0x65, 0x83, 0xf2, 0x9b, 0xfd, 0xfe, 0xbf, 0xcb, 0xfe, 0xb3, 0x81, 0x61,
-	0xfe, 0x7f, 0x3c, 0x60, 0xa4, 0xbe, 0x31, 0x0d, 0xbe, 0x35, 0x01, 0xdf, 0x88, 0xf4, 0x29, 0xa9,
-	0x00, 0xc5, 0x68, 0xf1, 0xcd, 0xa0, 0xb9, 0x21, 0x9d, 0xe3, 0x26, 0x7d, 0x46, 0xea, 0x9e, 0x59,
-	0xb4, 0xbb, 0x39, 0xa4, 0x83, 0x5f, 0xd0, 0xcd, 0x37, 0x2a, 0xf4, 0x0b, 0x52, 0x73, 0x8e, 0x7b,
-	0x47, 0x5a, 0x83, 0x5b, 0xa4, 0x73, 0xbf, 0xe7, 0xe7, 0x7b, 0xed, 0x7f, 0xce, 0xf7, 0x47, 0x40,
-	0x96, 0x90, 0x5a, 0x67, 0x39, 0xfe, 0x3e, 0xaa, 0xbc, 0x1e, 0xe9, 0x11, 0x88, 0x77, 0x62, 0x16,
-	0xfc, 0xf7, 0x98, 0x41, 0xf0, 0xdd, 0x35, 0xa9, 0x59, 0xe2, 0x4f, 0xa4, 0xc1, 0x03, 0xbc, 0x27,
-	0x35, 0x4b, 0x18, 0x73, 0x97, 0x52, 0x1b, 0x95, 0x67, 0xf8, 0x0b, 0x69, 0x6e, 0x1a, 0xaa, 0x07,
-	0xf9, 0x66, 0xb7, 0xff, 0xf7, 0x12, 0x69, 0xdd, 0xde, 0x81, 0xdf, 0x60, 0x1a, 0xbe, 0xcb, 0xb5,
-	0xcf, 0x72, 0x27, 0x20, 0xaa, 0xb2, 0x5c, 0xfb, 0x8f, 0xa7, 0x13, 0x00, 0x5d, 0x2a, 0xeb, 0xbf,
-	0xe6, 0x0d, 0xee, 0x04, 0x28, 0x2b, 0xb3, 0x3e, 0x77, 0x3f, 0xa4, 0x8a, 0x2f, 0x58, 0x2f, 0xc3,
-	0x09, 0xfc, 0xe9, 0x62, 0x20, 0xab, 0xdc, 0x09, 0xf0, 0x95, 0x81, 0x5e, 0x89, 0xb1, 0x6b, 0x70,
-	0x5c, 0xef, 0x0b, 0x6f, 0x97, 0x1f, 0x01, 0x94, 0x90, 0xda, 0xe4, 0xcd, 0xc9, 0x94, 0x8f, 0xba,
-	0x1f, 0xd1, 0x26, 0xa9, 0x1f, 0xbc, 0x11, 0x27, 0xd3, 0x93, 0x51, 0xb7, 0x44, 0x1b, 0xa4, 0x3a,
-	0xe3, 0xd3, 0xd9, 0xbc, 0x5b, 0xa6, 0x01, 0xa9, 0xcc, 0xa7, 0xe3, 0xd3, 0xee, 0x16, 0xac, 0xc6,
-	0x67, 0x47, 0x47, 0xdd, 0x0a, 0x9c, 0x9b, 0x9f, 0xf2, 0xc9, 0xc1, 0x69, 0xb7, 0x0a, 0xe7, 0x0e,
-	0x47, 0xe3, 0xd7, 0x67, 0x47, 0xa7, 0xdd, 0xda, 0xfe, 0x3f, 0x4a, 0xbe, 0x04, 0x37, 0x99, 0x05,
-	0x37, 0x8d, 0x8e, 0x67, 0xa7, 0x3f, 0x76, 0x3f, 0x82, 0xf3, 0x87, 0x67, 0xc7, 0xb3, 0x6e, 0x09,
-	0xce, 0xf0, 0xd1, 0xfc, 0x14, 0x1e, 0x2e, 0x83, 0xc6, 0xc1, 0x5f, 0x46, 0x07, 0x3f, 0x74, 0xb7,
-	0x68, 0x8b, 0x04, 0x33, 0x3e, 0x12, 0xa8, 0x55, 0xa1, 0xf7, 0x48, 0x73, 0xf6, 0xfa, 0xcd, 0x48,
-	0xcc, 0x47, 0xfc, 0xed, 0x88, 0x77, 0xab, 0xf0, 0xec, 0xc9, 0xf4, 0x74, 0x32, 0xfe, 0xb1, 0x5b,
-	0xa3, 0x5d, 0xd2, 0x3a, 0x98, 0x9d, 0x4d, 0x4e, 0xc6, 0x53, 0xa7, 0x5e, 0xa7, 0xdb, 0xa4, 0xbd,
-	0x41, 0xdc, 0x7d, 0x01, 0x40, 0xe3, 0xd1, 0xeb, 0xd3, 0x33, 0x3e, 0xf2, 0x50, 0x03, 0x9e, 0x7e,
-	0x3b, 0xe2, 0xf3, 0xc9, 0xf4, 0xa4, 0x4b, 0xfe, 0x13, 0x00, 0x00, 0xff, 0xff, 0x5f, 0x2a, 0xaf,
-	0x49, 0x5b, 0x0d, 0x00, 0x00,
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/criurpc/criurpc.proto

@@ -1,209 +0,0 @@
-syntax = "proto2";
-
-message criu_page_server_info {
-	optional string		address	= 1;
-	optional int32		port	= 2;
-	optional int32		pid	= 3;
-	optional int32		fd	= 4;
-}
-
-message criu_veth_pair {
-	required string		if_in	= 1;
-	required string		if_out	= 2;
-};
-
-message ext_mount_map {
-	required string		key	= 1;
-	required string		val	= 2;
-};
-
-message join_namespace {
-	required string		ns		= 1;
-	required string		ns_file		= 2;
-	optional string		extra_opt	= 3;
-}
-
-message inherit_fd {
-	required string		key	= 1;
-	required int32		fd	= 2;
-};
-
-message cgroup_root {
-	optional string		ctrl	= 1;
-	required string		path	= 2;
-};
-
-message unix_sk {
-	required uint32		inode 	= 1;
-};
-
-enum criu_cg_mode {
-	IGNORE	= 0;
-	CG_NONE	= 1;
-	PROPS	= 2;
-	SOFT	= 3;
-	FULL	= 4;
-	STRICT	= 5;
-	DEFAULT = 6;
-};
-
-message criu_opts {
-	required int32			images_dir_fd	= 1;
-	optional int32			pid		= 2; /* if not set on dump, will dump requesting process */
-
-	optional bool			leave_running	= 3;
-	optional bool			ext_unix_sk	= 4;
-	optional bool			tcp_established	= 5;
-	optional bool			evasive_devices	= 6;
-	optional bool			shell_job	= 7;
-	optional bool			file_locks	= 8;
-	optional int32			log_level	= 9 [default = 2];
-	optional string			log_file	= 10; /* No subdirs are allowed. Consider using work-dir */
-
-	optional criu_page_server_info	ps		= 11;
-
-	optional bool			notify_scripts	= 12;
-
-	optional string			root		= 13;
-	optional string			parent_img	= 14;
-	optional bool			track_mem	= 15;
-	optional bool			auto_dedup	= 16;
-
-	optional int32			work_dir_fd	= 17;
-	optional bool			link_remap	= 18;
-	repeated criu_veth_pair		veths		= 19; /* DEPRECATED, use external instead */
-
-	optional uint32			cpu_cap		= 20 [default = 0xffffffff];
-	optional bool			force_irmap	= 21;
-	repeated string			exec_cmd	= 22;
-
-	repeated ext_mount_map		ext_mnt		= 23; /* DEPRECATED, use external instead */
-	optional bool			manage_cgroups	= 24; /* backward compatibility */
-	repeated cgroup_root		cg_root		= 25;
-
-	optional bool			rst_sibling	= 26; /* swrk only */
-	repeated inherit_fd		inherit_fd	= 27; /* swrk only */
-
-	optional bool			auto_ext_mnt	= 28;
-	optional bool			ext_sharing 	= 29;
-	optional bool			ext_masters	= 30;
-
-	repeated string			skip_mnt	= 31;
-	repeated string			enable_fs	= 32;
-
-	repeated unix_sk                unix_sk_ino     = 33; /* DEPRECATED, use external instead */
-
-	optional criu_cg_mode		manage_cgroups_mode = 34;
-	optional uint32			ghost_limit	= 35 [default = 0x100000];
-	repeated string			irmap_scan_paths = 36;
-	repeated string			external	= 37;
-	optional uint32			empty_ns	= 38;
-	repeated join_namespace		join_ns		= 39;
-
-	optional string			cgroup_props		= 41;
-	optional string			cgroup_props_file	= 42;
-	repeated string			cgroup_dump_controller	= 43;
-
-	optional string			freeze_cgroup		= 44;
-	optional uint32			timeout			= 45;
-	optional bool			tcp_skip_in_flight	= 46;
-	optional bool			weak_sysctls		= 47;
-	optional bool			lazy_pages		= 48;
-	optional int32			status_fd		= 49;
-	optional bool			orphan_pts_master	= 50;
-}
-
-message criu_dump_resp {
-	optional bool restored		= 1;
-}
-
-message criu_restore_resp {
-	required int32 pid		= 1;
-}
-
-message criu_notify {
-	optional string script		= 1;
-	optional int32	pid		= 2;
-}
-
-enum criu_req_type {
-	EMPTY		= 0;
-	DUMP		= 1;
-	RESTORE		= 2;
-	CHECK		= 3;
-	PRE_DUMP	= 4;
-	PAGE_SERVER	= 5;
-
-	NOTIFY		= 6;
-
-	CPUINFO_DUMP	= 7;
-	CPUINFO_CHECK	= 8;
-
-	FEATURE_CHECK	= 9;
-
-	VERSION		= 10;
-}
-
-/*
- * List of features which can queried via
- * CRIU_REQ_TYPE__FEATURE_CHECK
- */
-message criu_features {
-	optional bool			mem_track	= 1;
-	optional bool			lazy_pages	= 2;
-}
-
-/*
- * Request -- each type corresponds to must-be-there
- * request arguments of respective type
- */
-
-message criu_req {
-	required criu_req_type		type		= 1;
-
-	optional criu_opts		opts		= 2;
-	optional bool			notify_success	= 3;
-
-	/*
-	 * When set service won't close the connection but
-	 * will wait for more req-s to appear. Works not
-	 * for all request types.
-	 */
-	optional bool			keep_open	= 4;
-	/*
-	 * 'features' can be used to query which features
-	 * are supported by the installed criu/kernel
-	 * via RPC.
-	 */
-	optional criu_features		features	= 5;
-}
-
-/*
- * Response -- it states whether the request was served
- * and additional request-specific information
- */
-
-message criu_resp {
-	required criu_req_type		type		= 1;
-	required bool			success		= 2;
-
-	optional criu_dump_resp		dump		= 3;
-	optional criu_restore_resp	restore		= 4;
-	optional criu_notify		notify		= 5;
-	optional criu_page_server_info	ps		= 6;
-
-	optional int32			cr_errno	= 7;
-	optional criu_features		features	= 8;
-	optional string			cr_errmsg	= 9;
-	optional criu_version		version		= 10;
-}
-
-/* Answer for criu_req_type.VERSION requests */
-message criu_version {
-	required int32			major		= 1;
-	required int32			minor		= 2;
-	optional string			gitid		= 3;
-	optional int32			sublevel	= 4;
-	optional int32			extra		= 5;
-	optional string			name		= 6;
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/error.go

@@ -1,70 +0,0 @@
-package libcontainer
-
-import "io"
-
-// ErrorCode is the API error code type.
-type ErrorCode int
-
-// API error codes.
-const (
-	// Factory errors
-	IdInUse ErrorCode = iota
-	InvalidIdFormat
-
-	// Container errors
-	ContainerNotExists
-	ContainerPaused
-	ContainerNotStopped
-	ContainerNotRunning
-	ContainerNotPaused
-
-	// Process errors
-	NoProcessOps
-
-	// Common errors
-	ConfigInvalid
-	ConsoleExists
-	SystemError
-)
-
-func (c ErrorCode) String() string {
-	switch c {
-	case IdInUse:
-		return "Id already in use"
-	case InvalidIdFormat:
-		return "Invalid format"
-	case ContainerPaused:
-		return "Container paused"
-	case ConfigInvalid:
-		return "Invalid configuration"
-	case SystemError:
-		return "System error"
-	case ContainerNotExists:
-		return "Container does not exist"
-	case ContainerNotStopped:
-		return "Container is not stopped"
-	case ContainerNotRunning:
-		return "Container is not running"
-	case ConsoleExists:
-		return "Console exists for process"
-	case ContainerNotPaused:
-		return "Container is not paused"
-	case NoProcessOps:
-		return "No process operations"
-	default:
-		return "Unknown error"
-	}
-}
-
-// Error is the API error type.
-type Error interface {
-	error
-
-	// Returns an error if it failed to write the detail of the Error to w.
-	// The detail of the Error may include the error message and a
-	// representation of the stack trace.
-	Detail(w io.Writer) error
-
-	// Returns the error code for this error.
-	Code() ErrorCode
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/factory.go

@@ -1,44 +0,0 @@
-package libcontainer
-
-import (
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type Factory interface {
-	// Creates a new container with the given id and starts the initial process inside it.
-	// id must be a string containing only letters, digits and underscores and must contain
-	// between 1 and 1024 characters, inclusive.
-	//
-	// The id must not already be in use by an existing container. Containers created using
-	// a factory with the same path (and filesystem) must have distinct ids.
-	//
-	// Returns the new container with a running process.
-	//
-	// errors:
-	// IdInUse - id is already in use by a container
-	// InvalidIdFormat - id has incorrect format
-	// ConfigInvalid - config is invalid
-	// Systemerror - System error
-	//
-	// On error, any partially created container parts are cleaned up (the operation is atomic).
-	Create(id string, config *configs.Config) (Container, error)
-
-	// Load takes an ID for an existing container and returns the container information
-	// from the state.  This presents a read only view of the container.
-	//
-	// errors:
-	// Path does not exist
-	// System error
-	Load(id string) (Container, error)
-
-	// StartInitialization is an internal API to libcontainer used during the reexec of the
-	// container.
-	//
-	// Errors:
-	// Pipe connection error
-	// System error
-	StartInitialization() error
-
-	// Type returns info string about factory type (e.g. lxc, libcontainer...)
-	Type() string
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go

@@ -1,364 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"regexp"
-	"runtime/debug"
-	"strconv"
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/cgroups/fs"
-	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/configs/validate"
-	"github.com/opencontainers/runc/libcontainer/intelrdt"
-	"github.com/opencontainers/runc/libcontainer/mount"
-	"github.com/opencontainers/runc/libcontainer/utils"
-
-	"golang.org/x/sys/unix"
-)
-
-const (
-	stateFilename    = "state.json"
-	execFifoFilename = "exec.fifo"
-)
-
-var idRegex = regexp.MustCompile(`^[\w+-\.]+$`)
-
-// InitArgs returns an options func to configure a LinuxFactory with the
-// provided init binary path and arguments.
-func InitArgs(args ...string) func(*LinuxFactory) error {
-	return func(l *LinuxFactory) (err error) {
-		if len(args) > 0 {
-			// Resolve relative paths to ensure that its available
-			// after directory changes.
-			if args[0], err = filepath.Abs(args[0]); err != nil {
-				return newGenericError(err, ConfigInvalid)
-			}
-		}
-
-		l.InitArgs = args
-		return nil
-	}
-}
-
-// SystemdCgroups is an options func to configure a LinuxFactory to return
-// containers that use systemd to create and manage cgroups.
-func SystemdCgroups(l *LinuxFactory) error {
-	l.NewCgroupsManager = func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
-		return &systemd.Manager{
-			Cgroups: config,
-			Paths:   paths,
-		}
-	}
-	return nil
-}
-
-// Cgroupfs is an options func to configure a LinuxFactory to return
-// containers that use the native cgroups filesystem implementation to
-// create and manage cgroups.
-func Cgroupfs(l *LinuxFactory) error {
-	l.NewCgroupsManager = func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
-		return &fs.Manager{
-			Cgroups: config,
-			Paths:   paths,
-		}
-	}
-	return nil
-}
-
-// IntelRdtfs is an options func to configure a LinuxFactory to return
-// containers that use the Intel RDT "resource control" filesystem to
-// create and manage Intel Xeon platform shared resources (e.g., L3 cache).
-func IntelRdtFs(l *LinuxFactory) error {
-	l.NewIntelRdtManager = func(config *configs.Config, id string, path string) intelrdt.Manager {
-		return &intelrdt.IntelRdtManager{
-			Config: config,
-			Id:     id,
-			Path:   path,
-		}
-	}
-	return nil
-}
-
-// TmpfsRoot is an option func to mount LinuxFactory.Root to tmpfs.
-func TmpfsRoot(l *LinuxFactory) error {
-	mounted, err := mount.Mounted(l.Root)
-	if err != nil {
-		return err
-	}
-	if !mounted {
-		if err := unix.Mount("tmpfs", l.Root, "tmpfs", 0, ""); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// CriuPath returns an option func to configure a LinuxFactory with the
-// provided criupath
-func CriuPath(criupath string) func(*LinuxFactory) error {
-	return func(l *LinuxFactory) error {
-		l.CriuPath = criupath
-		return nil
-	}
-}
-
-// New returns a linux based container factory based in the root directory and
-// configures the factory with the provided option funcs.
-func New(root string, options ...func(*LinuxFactory) error) (Factory, error) {
-	if root != "" {
-		if err := os.MkdirAll(root, 0700); err != nil {
-			return nil, newGenericError(err, SystemError)
-		}
-	}
-	l := &LinuxFactory{
-		Root:      root,
-		InitPath:  "/proc/self/exe",
-		InitArgs:  []string{os.Args[0], "init"},
-		Validator: validate.New(),
-		CriuPath:  "criu",
-	}
-	Cgroupfs(l)
-	for _, opt := range options {
-		if opt == nil {
-			continue
-		}
-		if err := opt(l); err != nil {
-			return nil, err
-		}
-	}
-	return l, nil
-}
-
-// LinuxFactory implements the default factory interface for linux based systems.
-type LinuxFactory struct {
-	// Root directory for the factory to store state.
-	Root string
-
-	// InitPath is the path for calling the init responsibilities for spawning
-	// a container.
-	InitPath string
-
-	// InitArgs are arguments for calling the init responsibilities for spawning
-	// a container.
-	InitArgs []string
-
-	// CriuPath is the path to the criu binary used for checkpoint and restore of
-	// containers.
-	CriuPath string
-
-	// New{u,g}uidmapPath is the path to the binaries used for mapping with
-	// rootless containers.
-	NewuidmapPath string
-	NewgidmapPath string
-
-	// Validator provides validation to container configurations.
-	Validator validate.Validator
-
-	// NewCgroupsManager returns an initialized cgroups manager for a single container.
-	NewCgroupsManager func(config *configs.Cgroup, paths map[string]string) cgroups.Manager
-
-	// NewIntelRdtManager returns an initialized Intel RDT manager for a single container.
-	NewIntelRdtManager func(config *configs.Config, id string, path string) intelrdt.Manager
-}
-
-func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, error) {
-	if l.Root == "" {
-		return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
-	}
-	if err := l.validateID(id); err != nil {
-		return nil, err
-	}
-	if err := l.Validator.Validate(config); err != nil {
-		return nil, newGenericError(err, ConfigInvalid)
-	}
-	containerRoot := filepath.Join(l.Root, id)
-	if _, err := os.Stat(containerRoot); err == nil {
-		return nil, newGenericError(fmt.Errorf("container with id exists: %v", id), IdInUse)
-	} else if !os.IsNotExist(err) {
-		return nil, newGenericError(err, SystemError)
-	}
-	if err := os.MkdirAll(containerRoot, 0711); err != nil {
-		return nil, newGenericError(err, SystemError)
-	}
-	if err := os.Chown(containerRoot, unix.Geteuid(), unix.Getegid()); err != nil {
-		return nil, newGenericError(err, SystemError)
-	}
-	c := &linuxContainer{
-		id:            id,
-		root:          containerRoot,
-		config:        config,
-		initPath:      l.InitPath,
-		initArgs:      l.InitArgs,
-		criuPath:      l.CriuPath,
-		newuidmapPath: l.NewuidmapPath,
-		newgidmapPath: l.NewgidmapPath,
-		cgroupManager: l.NewCgroupsManager(config.Cgroups, nil),
-	}
-	if intelrdt.IsEnabled() {
-		c.intelRdtManager = l.NewIntelRdtManager(config, id, "")
-	}
-	c.state = &stoppedState{c: c}
-	return c, nil
-}
-
-func (l *LinuxFactory) Load(id string) (Container, error) {
-	if l.Root == "" {
-		return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
-	}
-	containerRoot := filepath.Join(l.Root, id)
-	state, err := l.loadState(containerRoot, id)
-	if err != nil {
-		return nil, err
-	}
-	r := &nonChildProcess{
-		processPid:       state.InitProcessPid,
-		processStartTime: state.InitProcessStartTime,
-		fds:              state.ExternalDescriptors,
-	}
-	c := &linuxContainer{
-		initProcess:          r,
-		initProcessStartTime: state.InitProcessStartTime,
-		id:                   id,
-		config:               &state.Config,
-		initPath:             l.InitPath,
-		initArgs:             l.InitArgs,
-		criuPath:             l.CriuPath,
-		newuidmapPath:        l.NewuidmapPath,
-		newgidmapPath:        l.NewgidmapPath,
-		cgroupManager:        l.NewCgroupsManager(state.Config.Cgroups, state.CgroupPaths),
-		root:                 containerRoot,
-		created:              state.Created,
-	}
-	c.state = &loadedState{c: c}
-	if err := c.refreshState(); err != nil {
-		return nil, err
-	}
-	if intelrdt.IsEnabled() {
-		c.intelRdtManager = l.NewIntelRdtManager(&state.Config, id, state.IntelRdtPath)
-	}
-	return c, nil
-}
-
-func (l *LinuxFactory) Type() string {
-	return "libcontainer"
-}
-
-// StartInitialization loads a container by opening the pipe fd from the parent to read the configuration and state
-// This is a low level implementation detail of the reexec and should not be consumed externally
-func (l *LinuxFactory) StartInitialization() (err error) {
-	var (
-		pipefd, fifofd int
-		consoleSocket  *os.File
-		envInitPipe    = os.Getenv("_LIBCONTAINER_INITPIPE")
-		envFifoFd      = os.Getenv("_LIBCONTAINER_FIFOFD")
-		envConsole     = os.Getenv("_LIBCONTAINER_CONSOLE")
-	)
-
-	// Get the INITPIPE.
-	pipefd, err = strconv.Atoi(envInitPipe)
-	if err != nil {
-		return fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE=%s to int: %s", envInitPipe, err)
-	}
-
-	var (
-		pipe = os.NewFile(uintptr(pipefd), "pipe")
-		it   = initType(os.Getenv("_LIBCONTAINER_INITTYPE"))
-	)
-	defer pipe.Close()
-
-	// Only init processes have FIFOFD.
-	fifofd = -1
-	if it == initStandard {
-		if fifofd, err = strconv.Atoi(envFifoFd); err != nil {
-			return fmt.Errorf("unable to convert _LIBCONTAINER_FIFOFD=%s to int: %s", envFifoFd, err)
-		}
-	}
-
-	if envConsole != "" {
-		console, err := strconv.Atoi(envConsole)
-		if err != nil {
-			return fmt.Errorf("unable to convert _LIBCONTAINER_CONSOLE=%s to int: %s", envConsole, err)
-		}
-		consoleSocket = os.NewFile(uintptr(console), "console-socket")
-		defer consoleSocket.Close()
-	}
-
-	// clear the current process's environment to clean any libcontainer
-	// specific env vars.
-	os.Clearenv()
-
-	defer func() {
-		// We have an error during the initialization of the container's init,
-		// send it back to the parent process in the form of an initError.
-		if werr := utils.WriteJSON(pipe, syncT{procError}); werr != nil {
-			fmt.Fprintln(os.Stderr, err)
-			return
-		}
-		if werr := utils.WriteJSON(pipe, newSystemError(err)); werr != nil {
-			fmt.Fprintln(os.Stderr, err)
-			return
-		}
-	}()
-	defer func() {
-		if e := recover(); e != nil {
-			err = fmt.Errorf("panic from initialization: %v, %v", e, string(debug.Stack()))
-		}
-	}()
-
-	i, err := newContainerInit(it, pipe, consoleSocket, fifofd)
-	if err != nil {
-		return err
-	}
-
-	// If Init succeeds, syscall.Exec will not return, hence none of the defers will be called.
-	return i.Init()
-}
-
-func (l *LinuxFactory) loadState(root, id string) (*State, error) {
-	f, err := os.Open(filepath.Join(root, stateFilename))
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, newGenericError(fmt.Errorf("container %q does not exist", id), ContainerNotExists)
-		}
-		return nil, newGenericError(err, SystemError)
-	}
-	defer f.Close()
-	var state *State
-	if err := json.NewDecoder(f).Decode(&state); err != nil {
-		return nil, newGenericError(err, SystemError)
-	}
-	return state, nil
-}
-
-func (l *LinuxFactory) validateID(id string) error {
-	if !idRegex.MatchString(id) {
-		return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat)
-	}
-
-	return nil
-}
-
-// NewuidmapPath returns an option func to configure a LinuxFactory with the
-// provided ..
-func NewuidmapPath(newuidmapPath string) func(*LinuxFactory) error {
-	return func(l *LinuxFactory) error {
-		l.NewuidmapPath = newuidmapPath
-		return nil
-	}
-}
-
-// NewgidmapPath returns an option func to configure a LinuxFactory with the
-// provided ..
-func NewgidmapPath(newgidmapPath string) func(*LinuxFactory) error {
-	return func(l *LinuxFactory) error {
-		l.NewgidmapPath = newgidmapPath
-		return nil
-	}
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/generic_error.go

@@ -1,92 +0,0 @@
-package libcontainer
-
-import (
-	"fmt"
-	"io"
-	"text/template"
-	"time"
-
-	"github.com/opencontainers/runc/libcontainer/stacktrace"
-)
-
-var errorTemplate = template.Must(template.New("error").Parse(`Timestamp: {{.Timestamp}}
-Code: {{.ECode}}
-{{if .Message }}
-Message: {{.Message}}
-{{end}}
-Frames:{{range $i, $frame := .Stack.Frames}}
----
-{{$i}}: {{$frame.Function}}
-Package: {{$frame.Package}}
-File: {{$frame.File}}@{{$frame.Line}}{{end}}
-`))
-
-func newGenericError(err error, c ErrorCode) Error {
-	if le, ok := err.(Error); ok {
-		return le
-	}
-	gerr := &genericError{
-		Timestamp: time.Now(),
-		Err:       err,
-		ECode:     c,
-		Stack:     stacktrace.Capture(1),
-	}
-	if err != nil {
-		gerr.Message = err.Error()
-	}
-	return gerr
-}
-
-func newSystemError(err error) Error {
-	return createSystemError(err, "")
-}
-
-func newSystemErrorWithCausef(err error, cause string, v ...interface{}) Error {
-	return createSystemError(err, fmt.Sprintf(cause, v...))
-}
-
-func newSystemErrorWithCause(err error, cause string) Error {
-	return createSystemError(err, cause)
-}
-
-// createSystemError creates the specified error with the correct number of
-// stack frames skipped. This is only to be called by the other functions for
-// formatting the error.
-func createSystemError(err error, cause string) Error {
-	gerr := &genericError{
-		Timestamp: time.Now(),
-		Err:       err,
-		ECode:     SystemError,
-		Cause:     cause,
-		Stack:     stacktrace.Capture(2),
-	}
-	if err != nil {
-		gerr.Message = err.Error()
-	}
-	return gerr
-}
-
-type genericError struct {
-	Timestamp time.Time
-	ECode     ErrorCode
-	Err       error `json:"-"`
-	Cause     string
-	Message   string
-	Stack     stacktrace.Stacktrace
-}
-
-func (e *genericError) Error() string {
-	if e.Cause == "" {
-		return e.Message
-	}
-	frame := e.Stack.Frames[0]
-	return fmt.Sprintf("%s:%d: %s caused %q", frame.File, frame.Line, e.Cause, e.Message)
-}
-
-func (e *genericError) Code() ErrorCode {
-	return e.ECode
-}
-
-func (e *genericError) Detail(w io.Writer) error {
-	return errorTemplate.Execute(w, e)
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go

@@ -1,534 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net"
-	"os"
-	"strings"
-	"syscall" // only for Errno
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-
-	"github.com/containerd/console"
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/runc/libcontainer/user"
-	"github.com/opencontainers/runc/libcontainer/utils"
-	"github.com/sirupsen/logrus"
-	"github.com/vishvananda/netlink"
-)
-
-type initType string
-
-const (
-	initSetns    initType = "setns"
-	initStandard initType = "standard"
-)
-
-type pid struct {
-	Pid           int `json:"pid"`
-	PidFirstChild int `json:"pid_first"`
-}
-
-// network is an internal struct used to setup container networks.
-type network struct {
-	configs.Network
-
-	// TempVethPeerName is a unique temporary veth peer name that was placed into
-	// the container's namespace.
-	TempVethPeerName string `json:"temp_veth_peer_name"`
-}
-
-// initConfig is used for transferring parameters from Exec() to Init()
-type initConfig struct {
-	Args             []string              `json:"args"`
-	Env              []string              `json:"env"`
-	Cwd              string                `json:"cwd"`
-	Capabilities     *configs.Capabilities `json:"capabilities"`
-	ProcessLabel     string                `json:"process_label"`
-	AppArmorProfile  string                `json:"apparmor_profile"`
-	NoNewPrivileges  bool                  `json:"no_new_privileges"`
-	User             string                `json:"user"`
-	AdditionalGroups []string              `json:"additional_groups"`
-	Config           *configs.Config       `json:"config"`
-	Networks         []*network            `json:"network"`
-	PassedFilesCount int                   `json:"passed_files_count"`
-	ContainerId      string                `json:"containerid"`
-	Rlimits          []configs.Rlimit      `json:"rlimits"`
-	CreateConsole    bool                  `json:"create_console"`
-	ConsoleWidth     uint16                `json:"console_width"`
-	ConsoleHeight    uint16                `json:"console_height"`
-	Rootless         bool                  `json:"rootless"`
-}
-
-type initer interface {
-	Init() error
-}
-
-func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd int) (initer, error) {
-	var config *initConfig
-	if err := json.NewDecoder(pipe).Decode(&config); err != nil {
-		return nil, err
-	}
-	if err := populateProcessEnvironment(config.Env); err != nil {
-		return nil, err
-	}
-	switch t {
-	case initSetns:
-		return &linuxSetnsInit{
-			pipe:          pipe,
-			consoleSocket: consoleSocket,
-			config:        config,
-		}, nil
-	case initStandard:
-		return &linuxStandardInit{
-			pipe:          pipe,
-			consoleSocket: consoleSocket,
-			parentPid:     unix.Getppid(),
-			config:        config,
-			fifoFd:        fifoFd,
-		}, nil
-	}
-	return nil, fmt.Errorf("unknown init type %q", t)
-}
-
-// populateProcessEnvironment loads the provided environment variables into the
-// current processes's environment.
-func populateProcessEnvironment(env []string) error {
-	for _, pair := range env {
-		p := strings.SplitN(pair, "=", 2)
-		if len(p) < 2 {
-			return fmt.Errorf("invalid environment '%v'", pair)
-		}
-		if err := os.Setenv(p[0], p[1]); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// finalizeNamespace drops the caps, sets the correct user
-// and working dir, and closes any leaked file descriptors
-// before executing the command inside the namespace
-func finalizeNamespace(config *initConfig) error {
-	// Ensure that all unwanted fds we may have accidentally
-	// inherited are marked close-on-exec so they stay out of the
-	// container
-	if err := utils.CloseExecFrom(config.PassedFilesCount + 3); err != nil {
-		return err
-	}
-
-	capabilities := &configs.Capabilities{}
-	if config.Capabilities != nil {
-		capabilities = config.Capabilities
-	} else if config.Config.Capabilities != nil {
-		capabilities = config.Config.Capabilities
-	}
-	w, err := newContainerCapList(capabilities)
-	if err != nil {
-		return err
-	}
-	// drop capabilities in bounding set before changing user
-	if err := w.ApplyBoundingSet(); err != nil {
-		return err
-	}
-	// preserve existing capabilities while we change users
-	if err := system.SetKeepCaps(); err != nil {
-		return err
-	}
-	if err := setupUser(config); err != nil {
-		return err
-	}
-	if err := system.ClearKeepCaps(); err != nil {
-		return err
-	}
-	if err := w.ApplyCaps(); err != nil {
-		return err
-	}
-	if config.Cwd != "" {
-		if err := unix.Chdir(config.Cwd); err != nil {
-			return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
-		}
-	}
-	return nil
-}
-
-// setupConsole sets up the console from inside the container, and sends the
-// master pty fd to the config.Pipe (using cmsg). This is done to ensure that
-// consoles are scoped to a container properly (see runc#814 and the many
-// issues related to that). This has to be run *after* we've pivoted to the new
-// rootfs (and the users' configuration is entirely set up).
-func setupConsole(socket *os.File, config *initConfig, mount bool) error {
-	defer socket.Close()
-	// At this point, /dev/ptmx points to something that we would expect. We
-	// used to change the owner of the slave path, but since the /dev/pts mount
-	// can have gid=X set (at the users' option). So touching the owner of the
-	// slave PTY is not necessary, as the kernel will handle that for us. Note
-	// however, that setupUser (specifically fixStdioPermissions) *will* change
-	// the UID owner of the console to be the user the process will run as (so
-	// they can actually control their console).
-
-	pty, slavePath, err := console.NewPty()
-	if err != nil {
-		return err
-	}
-
-	if config.ConsoleHeight != 0 && config.ConsoleWidth != 0 {
-		err = pty.Resize(console.WinSize{
-			Height: config.ConsoleHeight,
-			Width:  config.ConsoleWidth,
-		})
-
-		if err != nil {
-			return err
-		}
-	}
-
-	// After we return from here, we don't need the console anymore.
-	defer pty.Close()
-
-	// Mount the console inside our rootfs.
-	if mount {
-		if err := mountConsole(slavePath); err != nil {
-			return err
-		}
-	}
-	// While we can access console.master, using the API is a good idea.
-	if err := utils.SendFd(socket, pty.Name(), pty.Fd()); err != nil {
-		return err
-	}
-	// Now, dup over all the things.
-	return dupStdio(slavePath)
-}
-
-// syncParentReady sends to the given pipe a JSON payload which indicates that
-// the init is ready to Exec the child process. It then waits for the parent to
-// indicate that it is cleared to Exec.
-func syncParentReady(pipe io.ReadWriter) error {
-	// Tell parent.
-	if err := writeSync(pipe, procReady); err != nil {
-		return err
-	}
-
-	// Wait for parent to give the all-clear.
-	if err := readSync(pipe, procRun); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// syncParentHooks sends to the given pipe a JSON payload which indicates that
-// the parent should execute pre-start hooks. It then waits for the parent to
-// indicate that it is cleared to resume.
-func syncParentHooks(pipe io.ReadWriter) error {
-	// Tell parent.
-	if err := writeSync(pipe, procHooks); err != nil {
-		return err
-	}
-
-	// Wait for parent to give the all-clear.
-	if err := readSync(pipe, procResume); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// setupUser changes the groups, gid, and uid for the user inside the container
-func setupUser(config *initConfig) error {
-	// Set up defaults.
-	defaultExecUser := user.ExecUser{
-		Uid:  0,
-		Gid:  0,
-		Home: "/",
-	}
-
-	passwdPath, err := user.GetPasswdPath()
-	if err != nil {
-		return err
-	}
-
-	groupPath, err := user.GetGroupPath()
-	if err != nil {
-		return err
-	}
-
-	execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
-	if err != nil {
-		return err
-	}
-
-	var addGroups []int
-	if len(config.AdditionalGroups) > 0 {
-		addGroups, err = user.GetAdditionalGroupsPath(config.AdditionalGroups, groupPath)
-		if err != nil {
-			return err
-		}
-	}
-
-	// Rather than just erroring out later in setuid(2) and setgid(2), check
-	// that the user is mapped here.
-	if _, err := config.Config.HostUID(execUser.Uid); err != nil {
-		return fmt.Errorf("cannot set uid to unmapped user in user namespace")
-	}
-	if _, err := config.Config.HostGID(execUser.Gid); err != nil {
-		return fmt.Errorf("cannot set gid to unmapped user in user namespace")
-	}
-
-	if config.Rootless {
-		// We cannot set any additional groups in a rootless container and thus
-		// we bail if the user asked us to do so. TODO: We currently can't do
-		// this check earlier, but if libcontainer.Process.User was typesafe
-		// this might work.
-		if len(addGroups) > 0 {
-			return fmt.Errorf("cannot set any additional groups in a rootless container")
-		}
-	}
-
-	// Before we change to the container's user make sure that the processes
-	// STDIO is correctly owned by the user that we are switching to.
-	if err := fixStdioPermissions(config, execUser); err != nil {
-		return err
-	}
-
-	// This isn't allowed in an unprivileged user namespace since Linux 3.19.
-	// There's nothing we can do about /etc/group entries, so we silently
-	// ignore setting groups here (since the user didn't explicitly ask us to
-	// set the group).
-	if !config.Rootless {
-		suppGroups := append(execUser.Sgids, addGroups...)
-		if err := unix.Setgroups(suppGroups); err != nil {
-			return err
-		}
-	}
-
-	if err := system.Setgid(execUser.Gid); err != nil {
-		return err
-	}
-	if err := system.Setuid(execUser.Uid); err != nil {
-		return err
-	}
-
-	// if we didn't get HOME already, set it based on the user's HOME
-	if envHome := os.Getenv("HOME"); envHome == "" {
-		if err := os.Setenv("HOME", execUser.Home); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
-// The ownership needs to match because it is created outside of the container and needs to be
-// localized.
-func fixStdioPermissions(config *initConfig, u *user.ExecUser) error {
-	var null unix.Stat_t
-	if err := unix.Stat("/dev/null", &null); err != nil {
-		return err
-	}
-	for _, fd := range []uintptr{
-		os.Stdin.Fd(),
-		os.Stderr.Fd(),
-		os.Stdout.Fd(),
-	} {
-		var s unix.Stat_t
-		if err := unix.Fstat(int(fd), &s); err != nil {
-			return err
-		}
-
-		// Skip chown of /dev/null if it was used as one of the STDIO fds.
-		if s.Rdev == null.Rdev {
-			continue
-		}
-
-		// We only change the uid owner (as it is possible for the mount to
-		// prefer a different gid, and there's no reason for us to change it).
-		// The reason why we don't just leave the default uid=X mount setup is
-		// that users expect to be able to actually use their console. Without
-		// this code, you couldn't effectively run as a non-root user inside a
-		// container and also have a console set up.
-		if err := unix.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil {
-			// If we've hit an EINVAL then s.Gid isn't mapped in the user
-			// namespace. If we've hit an EPERM then the inode's current owner
-			// is not mapped in our user namespace (in particular,
-			// privileged_wrt_inode_uidgid() has failed). In either case, we
-			// are in a configuration where it's better for us to just not
-			// touch the stdio rather than bail at this point.
-			if err == unix.EINVAL || err == unix.EPERM {
-				continue
-			}
-			return err
-		}
-	}
-	return nil
-}
-
-// setupNetwork sets up and initializes any network interface inside the container.
-func setupNetwork(config *initConfig) error {
-	for _, config := range config.Networks {
-		strategy, err := getStrategy(config.Type)
-		if err != nil {
-			return err
-		}
-		if err := strategy.initialize(config); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func setupRoute(config *configs.Config) error {
-	for _, config := range config.Routes {
-		_, dst, err := net.ParseCIDR(config.Destination)
-		if err != nil {
-			return err
-		}
-		src := net.ParseIP(config.Source)
-		if src == nil {
-			return fmt.Errorf("Invalid source for route: %s", config.Source)
-		}
-		gw := net.ParseIP(config.Gateway)
-		if gw == nil {
-			return fmt.Errorf("Invalid gateway for route: %s", config.Gateway)
-		}
-		l, err := netlink.LinkByName(config.InterfaceName)
-		if err != nil {
-			return err
-		}
-		route := &netlink.Route{
-			Scope:     netlink.SCOPE_UNIVERSE,
-			Dst:       dst,
-			Src:       src,
-			Gw:        gw,
-			LinkIndex: l.Attrs().Index,
-		}
-		if err := netlink.RouteAdd(route); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func setupRlimits(limits []configs.Rlimit, pid int) error {
-	for _, rlimit := range limits {
-		if err := system.Prlimit(pid, rlimit.Type, unix.Rlimit{Max: rlimit.Hard, Cur: rlimit.Soft}); err != nil {
-			return fmt.Errorf("error setting rlimit type %v: %v", rlimit.Type, err)
-		}
-	}
-	return nil
-}
-
-const _P_PID = 1
-
-type siginfo struct {
-	si_signo int32
-	si_errno int32
-	si_code  int32
-	// below here is a union; si_pid is the only field we use
-	si_pid int32
-	// Pad to 128 bytes as detailed in blockUntilWaitable
-	pad [96]byte
-}
-
-// isWaitable returns true if the process has exited false otherwise.
-// Its based off blockUntilWaitable in src/os/wait_waitid.go
-func isWaitable(pid int) (bool, error) {
-	si := &siginfo{}
-	_, _, e := unix.Syscall6(unix.SYS_WAITID, _P_PID, uintptr(pid), uintptr(unsafe.Pointer(si)), unix.WEXITED|unix.WNOWAIT|unix.WNOHANG, 0, 0)
-	if e != 0 {
-		return false, os.NewSyscallError("waitid", e)
-	}
-
-	return si.si_pid != 0, nil
-}
-
-// isNoChildren returns true if err represents a unix.ECHILD (formerly syscall.ECHILD) false otherwise
-func isNoChildren(err error) bool {
-	switch err := err.(type) {
-	case syscall.Errno:
-		if err == unix.ECHILD {
-			return true
-		}
-	case *os.SyscallError:
-		if err.Err == unix.ECHILD {
-			return true
-		}
-	}
-	return false
-}
-
-// signalAllProcesses freezes then iterates over all the processes inside the
-// manager's cgroups sending the signal s to them.
-// If s is SIGKILL then it will wait for each process to exit.
-// For all other signals it will check if the process is ready to report its
-// exit status and only if it is will a wait be performed.
-func signalAllProcesses(m cgroups.Manager, s os.Signal) error {
-	var procs []*os.Process
-	if err := m.Freeze(configs.Frozen); err != nil {
-		logrus.Warn(err)
-	}
-	pids, err := m.GetAllPids()
-	if err != nil {
-		m.Freeze(configs.Thawed)
-		return err
-	}
-	for _, pid := range pids {
-		p, err := os.FindProcess(pid)
-		if err != nil {
-			logrus.Warn(err)
-			continue
-		}
-		procs = append(procs, p)
-		if err := p.Signal(s); err != nil {
-			logrus.Warn(err)
-		}
-	}
-	if err := m.Freeze(configs.Thawed); err != nil {
-		logrus.Warn(err)
-	}
-
-	subreaper, err := system.GetSubreaper()
-	if err != nil {
-		// The error here means that PR_GET_CHILD_SUBREAPER is not
-		// supported because this code might run on a kernel older
-		// than 3.4. We don't want to throw an error in that case,
-		// and we simplify things, considering there is no subreaper
-		// set.
-		subreaper = 0
-	}
-
-	for _, p := range procs {
-		if s != unix.SIGKILL {
-			if ok, err := isWaitable(p.Pid); err != nil {
-				if !isNoChildren(err) {
-					logrus.Warn("signalAllProcesses: ", p.Pid, err)
-				}
-				continue
-			} else if !ok {
-				// Not ready to report so don't wait
-				continue
-			}
-		}
-
-		// In case a subreaper has been setup, this code must not
-		// wait for the process. Otherwise, we cannot be sure the
-		// current process will be reaped by the subreaper, while
-		// the subreaper might be waiting for this process in order
-		// to retrieve its exit code.
-		if subreaper == 0 {
-			if _, err := p.Wait(); err != nil {
-				if !isNoChildren(err) {
-					logrus.Warn("wait: ", err)
-				}
-			}
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/intelrdt/intelrdt.go

@@ -1,553 +0,0 @@
-// +build linux
-
-package intelrdt
-
-import (
-	"bufio"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-/*
- * About Intel RDT/CAT feature:
- * Intel platforms with new Xeon CPU support Resource Director Technology (RDT).
- * Intel Cache Allocation Technology (CAT) is a sub-feature of RDT. Currently L3
- * Cache is the only resource that is supported in RDT.
- *
- * This feature provides a way for the software to restrict cache allocation to a
- * defined 'subset' of L3 cache which may be overlapping with other 'subsets'.
- * The different subsets are identified by class of service (CLOS) and each CLOS
- * has a capacity bitmask (CBM).
- *
- * For more information about Intel RDT/CAT can be found in the section 17.17
- * of Intel Software Developer Manual.
- *
- * About Intel RDT/CAT kernel interface:
- * In Linux 4.10 kernel or newer, the interface is defined and exposed via
- * "resource control" filesystem, which is a "cgroup-like" interface.
- *
- * Comparing with cgroups, it has similar process management lifecycle and
- * interfaces in a container. But unlike cgroups' hierarchy, it has single level
- * filesystem layout.
- *
- * Intel RDT "resource control" filesystem hierarchy:
- * mount -t resctrl resctrl /sys/fs/resctrl
- * tree /sys/fs/resctrl
- * /sys/fs/resctrl/
- * |-- info
- * |   |-- L3
- * |       |-- cbm_mask
- * |       |-- min_cbm_bits
- * |       |-- num_closids
- * |-- cpus
- * |-- schemata
- * |-- tasks
- * |-- <container_id>
- *     |-- cpus
- *     |-- schemata
- *     |-- tasks
- *
- * For runc, we can make use of `tasks` and `schemata` configuration for L3 cache
- * resource constraints.
- *
- *  The file `tasks` has a list of tasks that belongs to this group (e.g.,
- * <container_id>" group). Tasks can be added to a group by writing the task ID
- * to the "tasks" file  (which will automatically remove them from the previous
- * group to which they belonged). New tasks created by fork(2) and clone(2) are
- * added to the same group as their parent. If a pid is not in any sub group, it is
- * in root group.
- *
- * The file `schemata` has allocation bitmasks/values for L3 cache on each socket,
- * which contains L3 cache id and capacity bitmask (CBM).
- * 	Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
- * For example, on a two-socket machine, L3's schema line could be `L3:0=ff;1=c0`
- * which means L3 cache id 0's CBM is 0xff, and L3 cache id 1's CBM is 0xc0.
- *
- * The valid L3 cache CBM is a *contiguous bits set* and number of bits that can
- * be set is less than the max bit. The max bits in the CBM is varied among
- * supported Intel Xeon platforms. In Intel RDT "resource control" filesystem
- * layout, the CBM in a group should be a subset of the CBM in root. Kernel will
- * check if it is valid when writing. e.g., 0xfffff in root indicates the max bits
- * of CBM is 20 bits, which mapping to entire L3 cache capacity. Some valid CBM
- * values to set in a group: 0xf, 0xf0, 0x3ff, 0x1f00 and etc.
- *
- * For more information about Intel RDT/CAT kernel interface:
- * https://www.kernel.org/doc/Documentation/x86/intel_rdt_ui.txt
- *
- * An example for runc:
- * Consider a two-socket machine with two L3 caches where the default CBM is
- * 0xfffff and the max CBM length is 20 bits. With this configuration, tasks
- * inside the container only have access to the "upper" 80% of L3 cache id 0 and
- * the "lower" 50% L3 cache id 1:
- *
- * "linux": {
- * 	"intelRdt": {
- * 		"l3CacheSchema": "L3:0=ffff0;1=3ff"
- * 	}
- * }
- */
-
-type Manager interface {
-	// Applies Intel RDT configuration to the process with the specified pid
-	Apply(pid int) error
-
-	// Returns statistics for Intel RDT
-	GetStats() (*Stats, error)
-
-	// Destroys the Intel RDT 'container_id' group
-	Destroy() error
-
-	// Returns Intel RDT path to save in a state file and to be able to
-	// restore the object later
-	GetPath() string
-
-	// Set Intel RDT "resource control" filesystem as configured.
-	Set(container *configs.Config) error
-}
-
-// This implements interface Manager
-type IntelRdtManager struct {
-	mu     sync.Mutex
-	Config *configs.Config
-	Id     string
-	Path   string
-}
-
-const (
-	IntelRdtTasks = "tasks"
-)
-
-var (
-	// The absolute root path of the Intel RDT "resource control" filesystem
-	intelRdtRoot     string
-	intelRdtRootLock sync.Mutex
-
-	// The flag to indicate if Intel RDT is supported
-	isEnabled bool
-)
-
-type intelRdtData struct {
-	root   string
-	config *configs.Config
-	pid    int
-}
-
-// Check if Intel RDT is enabled in init()
-func init() {
-	// 1. Check if hardware and kernel support Intel RDT/CAT feature
-	// "cat_l3" flag is set if supported
-	isFlagSet, err := parseCpuInfoFile("/proc/cpuinfo")
-	if !isFlagSet || err != nil {
-		isEnabled = false
-		return
-	}
-
-	// 2. Check if Intel RDT "resource control" filesystem is mounted
-	// The user guarantees to mount the filesystem
-	isEnabled = isIntelRdtMounted()
-}
-
-// Return the mount point path of Intel RDT "resource control" filesysem
-func findIntelRdtMountpointDir() (string, error) {
-	f, err := os.Open("/proc/self/mountinfo")
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		text := s.Text()
-		fields := strings.Split(text, " ")
-		// Safe as mountinfo encodes mountpoints with spaces as \040.
-		index := strings.Index(text, " - ")
-		postSeparatorFields := strings.Fields(text[index+3:])
-		numPostFields := len(postSeparatorFields)
-
-		// This is an error as we can't detect if the mount is for "Intel RDT"
-		if numPostFields == 0 {
-			return "", fmt.Errorf("Found no fields post '-' in %q", text)
-		}
-
-		if postSeparatorFields[0] == "resctrl" {
-			// Check that the mount is properly formated.
-			if numPostFields < 3 {
-				return "", fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
-			}
-
-			return fields[4], nil
-		}
-	}
-	if err := s.Err(); err != nil {
-		return "", err
-	}
-
-	return "", NewNotFoundError("Intel RDT")
-}
-
-// Gets the root path of Intel RDT "resource control" filesystem
-func getIntelRdtRoot() (string, error) {
-	intelRdtRootLock.Lock()
-	defer intelRdtRootLock.Unlock()
-
-	if intelRdtRoot != "" {
-		return intelRdtRoot, nil
-	}
-
-	root, err := findIntelRdtMountpointDir()
-	if err != nil {
-		return "", err
-	}
-
-	if _, err := os.Stat(root); err != nil {
-		return "", err
-	}
-
-	intelRdtRoot = root
-	return intelRdtRoot, nil
-}
-
-func isIntelRdtMounted() bool {
-	_, err := getIntelRdtRoot()
-	if err != nil {
-		return false
-	}
-
-	return true
-}
-
-func parseCpuInfoFile(path string) (bool, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return false, err
-		}
-
-		text := s.Text()
-		flags := strings.Split(text, " ")
-
-		// "cat_l3" flag is set if Intel RDT/CAT is supported
-		for _, flag := range flags {
-			if flag == "cat_l3" {
-				return true, nil
-			}
-		}
-	}
-	return false, nil
-}
-
-func parseUint(s string, base, bitSize int) (uint64, error) {
-	value, err := strconv.ParseUint(s, base, bitSize)
-	if err != nil {
-		intValue, intErr := strconv.ParseInt(s, base, bitSize)
-		// 1. Handle negative values greater than MinInt64 (and)
-		// 2. Handle negative values lesser than MinInt64
-		if intErr == nil && intValue < 0 {
-			return 0, nil
-		} else if intErr != nil && intErr.(*strconv.NumError).Err == strconv.ErrRange && intValue < 0 {
-			return 0, nil
-		}
-
-		return value, err
-	}
-
-	return value, nil
-}
-
-// Gets a single uint64 value from the specified file.
-func getIntelRdtParamUint(path, file string) (uint64, error) {
-	fileName := filepath.Join(path, file)
-	contents, err := ioutil.ReadFile(fileName)
-	if err != nil {
-		return 0, err
-	}
-
-	res, err := parseUint(strings.TrimSpace(string(contents)), 10, 64)
-	if err != nil {
-		return res, fmt.Errorf("unable to parse %q as a uint from file %q", string(contents), fileName)
-	}
-	return res, nil
-}
-
-// Gets a string value from the specified file
-func getIntelRdtParamString(path, file string) (string, error) {
-	contents, err := ioutil.ReadFile(filepath.Join(path, file))
-	if err != nil {
-		return "", err
-	}
-
-	return strings.TrimSpace(string(contents)), nil
-}
-
-func readTasksFile(dir string) ([]int, error) {
-	f, err := os.Open(filepath.Join(dir, IntelRdtTasks))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	var (
-		s   = bufio.NewScanner(f)
-		out = []int{}
-	)
-
-	for s.Scan() {
-		if t := s.Text(); t != "" {
-			pid, err := strconv.Atoi(t)
-			if err != nil {
-				return nil, err
-			}
-			out = append(out, pid)
-		}
-	}
-	return out, nil
-}
-
-func writeFile(dir, file, data string) error {
-	if dir == "" {
-		return fmt.Errorf("no such directory for %s", file)
-	}
-	if err := ioutil.WriteFile(filepath.Join(dir, file), []byte(data+"\n"), 0700); err != nil {
-		return fmt.Errorf("failed to write %v to %v: %v", data, file, err)
-	}
-	return nil
-}
-
-func getIntelRdtData(c *configs.Config, pid int) (*intelRdtData, error) {
-	rootPath, err := getIntelRdtRoot()
-	if err != nil {
-		return nil, err
-	}
-	return &intelRdtData{
-		root:   rootPath,
-		config: c,
-		pid:    pid,
-	}, nil
-}
-
-// Get the read-only L3 cache information
-func getL3CacheInfo() (*L3CacheInfo, error) {
-	l3CacheInfo := &L3CacheInfo{}
-
-	rootPath, err := getIntelRdtRoot()
-	if err != nil {
-		return l3CacheInfo, err
-	}
-
-	path := filepath.Join(rootPath, "info", "L3")
-	cbmMask, err := getIntelRdtParamString(path, "cbm_mask")
-	if err != nil {
-		return l3CacheInfo, err
-	}
-	minCbmBits, err := getIntelRdtParamUint(path, "min_cbm_bits")
-	if err != nil {
-		return l3CacheInfo, err
-	}
-	numClosids, err := getIntelRdtParamUint(path, "num_closids")
-	if err != nil {
-		return l3CacheInfo, err
-	}
-
-	l3CacheInfo.CbmMask = cbmMask
-	l3CacheInfo.MinCbmBits = minCbmBits
-	l3CacheInfo.NumClosids = numClosids
-
-	return l3CacheInfo, nil
-}
-
-// WriteIntelRdtTasks writes the specified pid into the "tasks" file
-func WriteIntelRdtTasks(dir string, pid int) error {
-	if dir == "" {
-		return fmt.Errorf("no such directory for %s", IntelRdtTasks)
-	}
-
-	// Dont attach any pid if -1 is specified as a pid
-	if pid != -1 {
-		if err := ioutil.WriteFile(filepath.Join(dir, IntelRdtTasks), []byte(strconv.Itoa(pid)), 0700); err != nil {
-			return fmt.Errorf("failed to write %v to %v: %v", pid, IntelRdtTasks, err)
-		}
-	}
-	return nil
-}
-
-// Check if Intel RDT is enabled
-func IsEnabled() bool {
-	return isEnabled
-}
-
-// Get the 'container_id' path in Intel RDT "resource control" filesystem
-func GetIntelRdtPath(id string) (string, error) {
-	rootPath, err := getIntelRdtRoot()
-	if err != nil {
-		return "", err
-	}
-
-	path := filepath.Join(rootPath, id)
-	return path, nil
-}
-
-// Applies Intel RDT configuration to the process with the specified pid
-func (m *IntelRdtManager) Apply(pid int) (err error) {
-	// If intelRdt is not specified in config, we do nothing
-	if m.Config.IntelRdt == nil {
-		return nil
-	}
-	d, err := getIntelRdtData(m.Config, pid)
-	if err != nil && !IsNotFound(err) {
-		return err
-	}
-
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	path, err := d.join(m.Id)
-	if err != nil {
-		return err
-	}
-
-	m.Path = path
-	return nil
-}
-
-// Destroys the Intel RDT 'container_id' group
-func (m *IntelRdtManager) Destroy() error {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	if err := os.RemoveAll(m.Path); err != nil {
-		return err
-	}
-	m.Path = ""
-	return nil
-}
-
-// Returns Intel RDT path to save in a state file and to be able to
-// restore the object later
-func (m *IntelRdtManager) GetPath() string {
-	if m.Path == "" {
-		m.Path, _ = GetIntelRdtPath(m.Id)
-	}
-	return m.Path
-}
-
-// Returns statistics for Intel RDT
-func (m *IntelRdtManager) GetStats() (*Stats, error) {
-	// If intelRdt is not specified in config
-	if m.Config.IntelRdt == nil {
-		return nil, nil
-	}
-
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	stats := NewStats()
-
-	// The read-only L3 cache information
-	l3CacheInfo, err := getL3CacheInfo()
-	if err != nil {
-		return nil, err
-	}
-	stats.L3CacheInfo = l3CacheInfo
-
-	// The read-only L3 cache schema in root
-	rootPath, err := getIntelRdtRoot()
-	if err != nil {
-		return nil, err
-	}
-	tmpRootStrings, err := getIntelRdtParamString(rootPath, "schemata")
-	if err != nil {
-		return nil, err
-	}
-	// L3 cache schema is in the first line
-	schemaRootStrings := strings.Split(tmpRootStrings, "\n")
-	stats.L3CacheSchemaRoot = schemaRootStrings[0]
-
-	// The L3 cache schema in 'container_id' group
-	tmpStrings, err := getIntelRdtParamString(m.GetPath(), "schemata")
-	if err != nil {
-		return nil, err
-	}
-	// L3 cache schema is in the first line
-	schemaStrings := strings.Split(tmpStrings, "\n")
-	stats.L3CacheSchema = schemaStrings[0]
-
-	return stats, nil
-}
-
-// Set Intel RDT "resource control" filesystem as configured.
-func (m *IntelRdtManager) Set(container *configs.Config) error {
-	path := m.GetPath()
-
-	// About L3 cache schema file:
-	// The schema has allocation masks/values for L3 cache on each socket,
-	// which contains L3 cache id and capacity bitmask (CBM).
-	//     Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
-	// For example, on a two-socket machine, L3's schema line could be:
-	//     L3:0=ff;1=c0
-	// Which means L3 cache id 0's CBM is 0xff, and L3 cache id 1's CBM is 0xc0.
-	//
-	// About L3 cache CBM validity:
-	// The valid L3 cache CBM is a *contiguous bits set* and number of
-	// bits that can be set is less than the max bit. The max bits in the
-	// CBM is varied among supported Intel Xeon platforms. In Intel RDT
-	// "resource control" filesystem layout, the CBM in a group should
-	// be a subset of the CBM in root. Kernel will check if it is valid
-	// when writing.
-	// e.g., 0xfffff in root indicates the max bits of CBM is 20 bits,
-	// which mapping to entire L3 cache capacity. Some valid CBM values
-	// to set in a group: 0xf, 0xf0, 0x3ff, 0x1f00 and etc.
-	if container.IntelRdt != nil {
-		l3CacheSchema := container.IntelRdt.L3CacheSchema
-		if l3CacheSchema != "" {
-			if err := writeFile(path, "schemata", l3CacheSchema); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func (raw *intelRdtData) join(id string) (string, error) {
-	path := filepath.Join(raw.root, id)
-	if err := os.MkdirAll(path, 0755); err != nil {
-		return "", err
-	}
-
-	if err := WriteIntelRdtTasks(path, raw.pid); err != nil {
-		return "", err
-	}
-	return path, nil
-}
-
-type NotFoundError struct {
-	ResourceControl string
-}
-
-func (e *NotFoundError) Error() string {
-	return fmt.Sprintf("mountpoint for %s not found", e.ResourceControl)
-}
-
-func NewNotFoundError(res string) error {
-	return &NotFoundError{
-		ResourceControl: res,
-	}
-}
-
-func IsNotFound(err error) bool {
-	if err == nil {
-		return false
-	}
-	_, ok := err.(*NotFoundError)
-	return ok
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/intelrdt/stats.go

@@ -1,24 +0,0 @@
-// +build linux
-
-package intelrdt
-
-type L3CacheInfo struct {
-	CbmMask    string `json:"cbm_mask,omitempty"`
-	MinCbmBits uint64 `json:"min_cbm_bits,omitempty"`
-	NumClosids uint64 `json:"num_closids,omitempty"`
-}
-
-type Stats struct {
-	// The read-only L3 cache information
-	L3CacheInfo *L3CacheInfo `json:"l3_cache_info,omitempty"`
-
-	// The read-only L3 cache schema in root
-	L3CacheSchemaRoot string `json:"l3_cache_schema_root,omitempty"`
-
-	// The L3 cache schema in 'container_id' group
-	L3CacheSchema string `json:"l3_cache_schema,omitempty"`
-}
-
-func NewStats() *Stats {
-	return &Stats{}
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/keys/keyctl.go

@@ -1,50 +0,0 @@
-// +build linux
-
-package keys
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"golang.org/x/sys/unix"
-)
-
-type KeySerial uint32
-
-func JoinSessionKeyring(name string) (KeySerial, error) {
-	sessKeyId, err := unix.KeyctlJoinSessionKeyring(name)
-	if err != nil {
-		return 0, fmt.Errorf("could not create session key: %v", err)
-	}
-	return KeySerial(sessKeyId), nil
-}
-
-// ModKeyringPerm modifies permissions on a keyring by reading the current permissions,
-// anding the bits with the given mask (clearing permissions) and setting
-// additional permission bits
-func ModKeyringPerm(ringId KeySerial, mask, setbits uint32) error {
-	dest, err := unix.KeyctlString(unix.KEYCTL_DESCRIBE, int(ringId))
-	if err != nil {
-		return err
-	}
-
-	res := strings.Split(dest, ";")
-	if len(res) < 5 {
-		return fmt.Errorf("Destination buffer for key description is too small")
-	}
-
-	// parse permissions
-	perm64, err := strconv.ParseUint(res[3], 16, 32)
-	if err != nil {
-		return err
-	}
-
-	perm := (uint32(perm64) & mask) | setbits
-
-	if err := unix.KeyctlSetperm(int(ringId), perm); err != nil {
-		return err
-	}
-
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/message_linux.go

@@ -1,89 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"github.com/vishvananda/netlink/nl"
-	"golang.org/x/sys/unix"
-)
-
-// list of known message types we want to send to bootstrap program
-// The number is randomly chosen to not conflict with known netlink types
-const (
-	InitMsg         uint16 = 62000
-	CloneFlagsAttr  uint16 = 27281
-	NsPathsAttr     uint16 = 27282
-	UidmapAttr      uint16 = 27283
-	GidmapAttr      uint16 = 27284
-	SetgroupAttr    uint16 = 27285
-	OomScoreAdjAttr uint16 = 27286
-	RootlessAttr    uint16 = 27287
-	UidmapPathAttr  uint16 = 27288
-	GidmapPathAttr  uint16 = 27289
-)
-
-type Int32msg struct {
-	Type  uint16
-	Value uint32
-}
-
-// Serialize serializes the message.
-// Int32msg has the following representation
-// | nlattr len | nlattr type |
-// | uint32 value             |
-func (msg *Int32msg) Serialize() []byte {
-	buf := make([]byte, msg.Len())
-	native := nl.NativeEndian()
-	native.PutUint16(buf[0:2], uint16(msg.Len()))
-	native.PutUint16(buf[2:4], msg.Type)
-	native.PutUint32(buf[4:8], msg.Value)
-	return buf
-}
-
-func (msg *Int32msg) Len() int {
-	return unix.NLA_HDRLEN + 4
-}
-
-// Bytemsg has the following representation
-// | nlattr len | nlattr type |
-// | value              | pad |
-type Bytemsg struct {
-	Type  uint16
-	Value []byte
-}
-
-func (msg *Bytemsg) Serialize() []byte {
-	l := msg.Len()
-	buf := make([]byte, (l+unix.NLA_ALIGNTO-1) & ^(unix.NLA_ALIGNTO-1))
-	native := nl.NativeEndian()
-	native.PutUint16(buf[0:2], uint16(l))
-	native.PutUint16(buf[2:4], msg.Type)
-	copy(buf[4:], msg.Value)
-	return buf
-}
-
-func (msg *Bytemsg) Len() int {
-	return unix.NLA_HDRLEN + len(msg.Value) + 1 // null-terminated
-}
-
-type Boolmsg struct {
-	Type  uint16
-	Value bool
-}
-
-func (msg *Boolmsg) Serialize() []byte {
-	buf := make([]byte, msg.Len())
-	native := nl.NativeEndian()
-	native.PutUint16(buf[0:2], uint16(msg.Len()))
-	native.PutUint16(buf[2:4], msg.Type)
-	if msg.Value {
-		buf[4] = 1
-	} else {
-		buf[4] = 0
-	}
-	return buf
-}
-
-func (msg *Boolmsg) Len() int {
-	return unix.NLA_HDRLEN + 1
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/network_linux.go

@@ -1,259 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net"
-	"path/filepath"
-	"strconv"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/utils"
-	"github.com/vishvananda/netlink"
-)
-
-var strategies = map[string]networkStrategy{
-	"veth":     &veth{},
-	"loopback": &loopback{},
-}
-
-// networkStrategy represents a specific network configuration for
-// a container's networking stack
-type networkStrategy interface {
-	create(*network, int) error
-	initialize(*network) error
-	detach(*configs.Network) error
-	attach(*configs.Network) error
-}
-
-// getStrategy returns the specific network strategy for the
-// provided type.
-func getStrategy(tpe string) (networkStrategy, error) {
-	s, exists := strategies[tpe]
-	if !exists {
-		return nil, fmt.Errorf("unknown strategy type %q", tpe)
-	}
-	return s, nil
-}
-
-// Returns the network statistics for the network interfaces represented by the NetworkRuntimeInfo.
-func getNetworkInterfaceStats(interfaceName string) (*NetworkInterface, error) {
-	out := &NetworkInterface{Name: interfaceName}
-	// This can happen if the network runtime information is missing - possible if the
-	// container was created by an old version of libcontainer.
-	if interfaceName == "" {
-		return out, nil
-	}
-	type netStatsPair struct {
-		// Where to write the output.
-		Out *uint64
-		// The network stats file to read.
-		File string
-	}
-	// Ingress for host veth is from the container. Hence tx_bytes stat on the host veth is actually number of bytes received by the container.
-	netStats := []netStatsPair{
-		{Out: &out.RxBytes, File: "tx_bytes"},
-		{Out: &out.RxPackets, File: "tx_packets"},
-		{Out: &out.RxErrors, File: "tx_errors"},
-		{Out: &out.RxDropped, File: "tx_dropped"},
-
-		{Out: &out.TxBytes, File: "rx_bytes"},
-		{Out: &out.TxPackets, File: "rx_packets"},
-		{Out: &out.TxErrors, File: "rx_errors"},
-		{Out: &out.TxDropped, File: "rx_dropped"},
-	}
-	for _, netStat := range netStats {
-		data, err := readSysfsNetworkStats(interfaceName, netStat.File)
-		if err != nil {
-			return nil, err
-		}
-		*(netStat.Out) = data
-	}
-	return out, nil
-}
-
-// Reads the specified statistics available under /sys/class/net/<EthInterface>/statistics
-func readSysfsNetworkStats(ethInterface, statsFile string) (uint64, error) {
-	data, err := ioutil.ReadFile(filepath.Join("/sys/class/net", ethInterface, "statistics", statsFile))
-	if err != nil {
-		return 0, err
-	}
-	return strconv.ParseUint(strings.TrimSpace(string(data)), 10, 64)
-}
-
-// loopback is a network strategy that provides a basic loopback device
-type loopback struct {
-}
-
-func (l *loopback) create(n *network, nspid int) error {
-	return nil
-}
-
-func (l *loopback) initialize(config *network) error {
-	return netlink.LinkSetUp(&netlink.Device{LinkAttrs: netlink.LinkAttrs{Name: "lo"}})
-}
-
-func (l *loopback) attach(n *configs.Network) (err error) {
-	return nil
-}
-
-func (l *loopback) detach(n *configs.Network) (err error) {
-	return nil
-}
-
-// veth is a network strategy that uses a bridge and creates
-// a veth pair, one that is attached to the bridge on the host and the other
-// is placed inside the container's namespace
-type veth struct {
-}
-
-func (v *veth) detach(n *configs.Network) (err error) {
-	return netlink.LinkSetMaster(&netlink.Device{LinkAttrs: netlink.LinkAttrs{Name: n.HostInterfaceName}}, nil)
-}
-
-// attach a container network interface to an external network
-func (v *veth) attach(n *configs.Network) (err error) {
-	brl, err := netlink.LinkByName(n.Bridge)
-	if err != nil {
-		return err
-	}
-	br, ok := brl.(*netlink.Bridge)
-	if !ok {
-		return fmt.Errorf("Wrong device type %T", brl)
-	}
-	host, err := netlink.LinkByName(n.HostInterfaceName)
-	if err != nil {
-		return err
-	}
-
-	if err := netlink.LinkSetMaster(host, br); err != nil {
-		return err
-	}
-	if err := netlink.LinkSetMTU(host, n.Mtu); err != nil {
-		return err
-	}
-	if n.HairpinMode {
-		if err := netlink.LinkSetHairpin(host, true); err != nil {
-			return err
-		}
-	}
-	if err := netlink.LinkSetUp(host); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (v *veth) create(n *network, nspid int) (err error) {
-	tmpName, err := v.generateTempPeerName()
-	if err != nil {
-		return err
-	}
-	n.TempVethPeerName = tmpName
-	if n.Bridge == "" {
-		return fmt.Errorf("bridge is not specified")
-	}
-	veth := &netlink.Veth{
-		LinkAttrs: netlink.LinkAttrs{
-			Name:   n.HostInterfaceName,
-			TxQLen: n.TxQueueLen,
-		},
-		PeerName: n.TempVethPeerName,
-	}
-	if err := netlink.LinkAdd(veth); err != nil {
-		return err
-	}
-	defer func() {
-		if err != nil {
-			netlink.LinkDel(veth)
-		}
-	}()
-	if err := v.attach(&n.Network); err != nil {
-		return err
-	}
-	child, err := netlink.LinkByName(n.TempVethPeerName)
-	if err != nil {
-		return err
-	}
-	return netlink.LinkSetNsPid(child, nspid)
-}
-
-func (v *veth) generateTempPeerName() (string, error) {
-	return utils.GenerateRandomName("veth", 7)
-}
-
-func (v *veth) initialize(config *network) error {
-	peer := config.TempVethPeerName
-	if peer == "" {
-		return fmt.Errorf("peer is not specified")
-	}
-	child, err := netlink.LinkByName(peer)
-	if err != nil {
-		return err
-	}
-	if err := netlink.LinkSetDown(child); err != nil {
-		return err
-	}
-	if err := netlink.LinkSetName(child, config.Name); err != nil {
-		return err
-	}
-	// get the interface again after we changed the name as the index also changes.
-	if child, err = netlink.LinkByName(config.Name); err != nil {
-		return err
-	}
-	if config.MacAddress != "" {
-		mac, err := net.ParseMAC(config.MacAddress)
-		if err != nil {
-			return err
-		}
-		if err := netlink.LinkSetHardwareAddr(child, mac); err != nil {
-			return err
-		}
-	}
-	ip, err := netlink.ParseAddr(config.Address)
-	if err != nil {
-		return err
-	}
-	if err := netlink.AddrAdd(child, ip); err != nil {
-		return err
-	}
-	if config.IPv6Address != "" {
-		ip6, err := netlink.ParseAddr(config.IPv6Address)
-		if err != nil {
-			return err
-		}
-		if err := netlink.AddrAdd(child, ip6); err != nil {
-			return err
-		}
-	}
-	if err := netlink.LinkSetMTU(child, config.Mtu); err != nil {
-		return err
-	}
-	if err := netlink.LinkSetUp(child); err != nil {
-		return err
-	}
-	if config.Gateway != "" {
-		gw := net.ParseIP(config.Gateway)
-		if err := netlink.RouteAdd(&netlink.Route{
-			Scope:     netlink.SCOPE_UNIVERSE,
-			LinkIndex: child.Attrs().Index,
-			Gw:        gw,
-		}); err != nil {
-			return err
-		}
-	}
-	if config.IPv6Gateway != "" {
-		gw := net.ParseIP(config.IPv6Gateway)
-		if err := netlink.RouteAdd(&netlink.Route{
-			Scope:     netlink.SCOPE_UNIVERSE,
-			LinkIndex: child.Attrs().Index,
-			Gw:        gw,
-		}); err != nil {
-			return err
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/notify_linux.go

@@ -1,90 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"golang.org/x/sys/unix"
-)
-
-const oomCgroupName = "memory"
-
-type PressureLevel uint
-
-const (
-	LowPressure PressureLevel = iota
-	MediumPressure
-	CriticalPressure
-)
-
-func registerMemoryEvent(cgDir string, evName string, arg string) (<-chan struct{}, error) {
-	evFile, err := os.Open(filepath.Join(cgDir, evName))
-	if err != nil {
-		return nil, err
-	}
-	fd, err := unix.Eventfd(0, unix.EFD_CLOEXEC)
-	if err != nil {
-		evFile.Close()
-		return nil, err
-	}
-
-	eventfd := os.NewFile(uintptr(fd), "eventfd")
-
-	eventControlPath := filepath.Join(cgDir, "cgroup.event_control")
-	data := fmt.Sprintf("%d %d %s", eventfd.Fd(), evFile.Fd(), arg)
-	if err := ioutil.WriteFile(eventControlPath, []byte(data), 0700); err != nil {
-		eventfd.Close()
-		evFile.Close()
-		return nil, err
-	}
-	ch := make(chan struct{})
-	go func() {
-		defer func() {
-			eventfd.Close()
-			evFile.Close()
-			close(ch)
-		}()
-		buf := make([]byte, 8)
-		for {
-			if _, err := eventfd.Read(buf); err != nil {
-				return
-			}
-			// When a cgroup is destroyed, an event is sent to eventfd.
-			// So if the control path is gone, return instead of notifying.
-			if _, err := os.Lstat(eventControlPath); os.IsNotExist(err) {
-				return
-			}
-			ch <- struct{}{}
-		}
-	}()
-	return ch, nil
-}
-
-// notifyOnOOM returns channel on which you can expect event about OOM,
-// if process died without OOM this channel will be closed.
-func notifyOnOOM(paths map[string]string) (<-chan struct{}, error) {
-	dir := paths[oomCgroupName]
-	if dir == "" {
-		return nil, fmt.Errorf("path %q missing", oomCgroupName)
-	}
-
-	return registerMemoryEvent(dir, "memory.oom_control", "")
-}
-
-func notifyMemoryPressure(paths map[string]string, level PressureLevel) (<-chan struct{}, error) {
-	dir := paths[oomCgroupName]
-	if dir == "" {
-		return nil, fmt.Errorf("path %q missing", oomCgroupName)
-	}
-
-	if level > CriticalPressure {
-		return nil, fmt.Errorf("invalid pressure level %d", level)
-	}
-
-	levelStr := []string{"low", "medium", "critical"}[level]
-	return registerMemoryEvent(dir, "memory.pressure_level", levelStr)
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/process.go

@@ -1,110 +0,0 @@
-package libcontainer
-
-import (
-	"fmt"
-	"io"
-	"math"
-	"os"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-type processOperations interface {
-	wait() (*os.ProcessState, error)
-	signal(sig os.Signal) error
-	pid() int
-}
-
-// Process specifies the configuration and IO for a process inside
-// a container.
-type Process struct {
-	// The command to be run followed by any arguments.
-	Args []string
-
-	// Env specifies the environment variables for the process.
-	Env []string
-
-	// User will set the uid and gid of the executing process running inside the container
-	// local to the container's user and group configuration.
-	User string
-
-	// AdditionalGroups specifies the gids that should be added to supplementary groups
-	// in addition to those that the user belongs to.
-	AdditionalGroups []string
-
-	// Cwd will change the processes current working directory inside the container's rootfs.
-	Cwd string
-
-	// Stdin is a pointer to a reader which provides the standard input stream.
-	Stdin io.Reader
-
-	// Stdout is a pointer to a writer which receives the standard output stream.
-	Stdout io.Writer
-
-	// Stderr is a pointer to a writer which receives the standard error stream.
-	Stderr io.Writer
-
-	// ExtraFiles specifies additional open files to be inherited by the container
-	ExtraFiles []*os.File
-
-	// Initial sizings for the console
-	ConsoleWidth  uint16
-	ConsoleHeight uint16
-
-	// Capabilities specify the capabilities to keep when executing the process inside the container
-	// All capabilities not specified will be dropped from the processes capability mask
-	Capabilities *configs.Capabilities
-
-	// AppArmorProfile specifies the profile to apply to the process and is
-	// changed at the time the process is execed
-	AppArmorProfile string
-
-	// Label specifies the label to apply to the process.  It is commonly used by selinux
-	Label string
-
-	// NoNewPrivileges controls whether processes can gain additional privileges.
-	NoNewPrivileges *bool
-
-	// Rlimits specifies the resource limits, such as max open files, to set in the container
-	// If Rlimits are not set, the container will inherit rlimits from the parent process
-	Rlimits []configs.Rlimit
-
-	// ConsoleSocket provides the masterfd console.
-	ConsoleSocket *os.File
-
-	ops processOperations
-}
-
-// Wait waits for the process to exit.
-// Wait releases any resources associated with the Process
-func (p Process) Wait() (*os.ProcessState, error) {
-	if p.ops == nil {
-		return nil, newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
-	}
-	return p.ops.wait()
-}
-
-// Pid returns the process ID
-func (p Process) Pid() (int, error) {
-	// math.MinInt32 is returned here, because it's invalid value
-	// for the kill() system call.
-	if p.ops == nil {
-		return math.MinInt32, newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
-	}
-	return p.ops.pid(), nil
-}
-
-// Signal sends a signal to the Process.
-func (p Process) Signal(sig os.Signal) error {
-	if p.ops == nil {
-		return newGenericError(fmt.Errorf("invalid process"), NoProcessOps)
-	}
-	return p.ops.signal(sig)
-}
-
-// IO holds the process's STDIO
-type IO struct {
-	Stdin  io.WriteCloser
-	Stdout io.ReadCloser
-	Stderr io.ReadCloser
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/process_linux.go

@@ -1,547 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"syscall" // only for Signal
-
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/intelrdt"
-	"github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/runc/libcontainer/utils"
-
-	"golang.org/x/sys/unix"
-)
-
-type parentProcess interface {
-	// pid returns the pid for the running process.
-	pid() int
-
-	// start starts the process execution.
-	start() error
-
-	// send a SIGKILL to the process and wait for the exit.
-	terminate() error
-
-	// wait waits on the process returning the process state.
-	wait() (*os.ProcessState, error)
-
-	// startTime returns the process start time.
-	startTime() (uint64, error)
-
-	signal(os.Signal) error
-
-	externalDescriptors() []string
-
-	setExternalDescriptors(fds []string)
-}
-
-type setnsProcess struct {
-	cmd           *exec.Cmd
-	parentPipe    *os.File
-	childPipe     *os.File
-	cgroupPaths   map[string]string
-	intelRdtPath  string
-	config        *initConfig
-	fds           []string
-	process       *Process
-	bootstrapData io.Reader
-}
-
-func (p *setnsProcess) startTime() (uint64, error) {
-	stat, err := system.Stat(p.pid())
-	return stat.StartTime, err
-}
-
-func (p *setnsProcess) signal(sig os.Signal) error {
-	s, ok := sig.(syscall.Signal)
-	if !ok {
-		return errors.New("os: unsupported signal type")
-	}
-	return unix.Kill(p.pid(), s)
-}
-
-func (p *setnsProcess) start() (err error) {
-	defer p.parentPipe.Close()
-	err = p.cmd.Start()
-	p.childPipe.Close()
-	if err != nil {
-		return newSystemErrorWithCause(err, "starting setns process")
-	}
-	if p.bootstrapData != nil {
-		if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
-			return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
-		}
-	}
-	if err = p.execSetns(); err != nil {
-		return newSystemErrorWithCause(err, "executing setns process")
-	}
-	if len(p.cgroupPaths) > 0 {
-		if err := cgroups.EnterPid(p.cgroupPaths, p.pid()); err != nil {
-			return newSystemErrorWithCausef(err, "adding pid %d to cgroups", p.pid())
-		}
-	}
-	if p.intelRdtPath != "" {
-		// if Intel RDT "resource control" filesystem path exists
-		_, err := os.Stat(p.intelRdtPath)
-		if err == nil {
-			if err := intelrdt.WriteIntelRdtTasks(p.intelRdtPath, p.pid()); err != nil {
-				return newSystemErrorWithCausef(err, "adding pid %d to Intel RDT resource control filesystem", p.pid())
-			}
-		}
-	}
-	// set rlimits, this has to be done here because we lose permissions
-	// to raise the limits once we enter a user-namespace
-	if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
-		return newSystemErrorWithCause(err, "setting rlimits for process")
-	}
-	if err := utils.WriteJSON(p.parentPipe, p.config); err != nil {
-		return newSystemErrorWithCause(err, "writing config to pipe")
-	}
-
-	ierr := parseSync(p.parentPipe, func(sync *syncT) error {
-		switch sync.Type {
-		case procReady:
-			// This shouldn't happen.
-			panic("unexpected procReady in setns")
-		case procHooks:
-			// This shouldn't happen.
-			panic("unexpected procHooks in setns")
-		default:
-			return newSystemError(fmt.Errorf("invalid JSON payload from child"))
-		}
-	})
-
-	if err := unix.Shutdown(int(p.parentPipe.Fd()), unix.SHUT_WR); err != nil {
-		return newSystemErrorWithCause(err, "calling shutdown on init pipe")
-	}
-	// Must be done after Shutdown so the child will exit and we can wait for it.
-	if ierr != nil {
-		p.wait()
-		return ierr
-	}
-	return nil
-}
-
-// execSetns runs the process that executes C code to perform the setns calls
-// because setns support requires the C process to fork off a child and perform the setns
-// before the go runtime boots, we wait on the process to die and receive the child's pid
-// over the provided pipe.
-func (p *setnsProcess) execSetns() error {
-	status, err := p.cmd.Process.Wait()
-	if err != nil {
-		p.cmd.Wait()
-		return newSystemErrorWithCause(err, "waiting on setns process to finish")
-	}
-	if !status.Success() {
-		p.cmd.Wait()
-		return newSystemError(&exec.ExitError{ProcessState: status})
-	}
-	var pid *pid
-	if err := json.NewDecoder(p.parentPipe).Decode(&pid); err != nil {
-		p.cmd.Wait()
-		return newSystemErrorWithCause(err, "reading pid from init pipe")
-	}
-
-	// Clean up the zombie parent process
-	firstChildProcess, err := os.FindProcess(pid.PidFirstChild)
-	if err != nil {
-		return err
-	}
-
-	// Ignore the error in case the child has already been reaped for any reason
-	_, _ = firstChildProcess.Wait()
-
-	process, err := os.FindProcess(pid.Pid)
-	if err != nil {
-		return err
-	}
-	p.cmd.Process = process
-	p.process.ops = p
-	return nil
-}
-
-// terminate sends a SIGKILL to the forked process for the setns routine then waits to
-// avoid the process becoming a zombie.
-func (p *setnsProcess) terminate() error {
-	if p.cmd.Process == nil {
-		return nil
-	}
-	err := p.cmd.Process.Kill()
-	if _, werr := p.wait(); err == nil {
-		err = werr
-	}
-	return err
-}
-
-func (p *setnsProcess) wait() (*os.ProcessState, error) {
-	err := p.cmd.Wait()
-
-	// Return actual ProcessState even on Wait error
-	return p.cmd.ProcessState, err
-}
-
-func (p *setnsProcess) pid() int {
-	return p.cmd.Process.Pid
-}
-
-func (p *setnsProcess) externalDescriptors() []string {
-	return p.fds
-}
-
-func (p *setnsProcess) setExternalDescriptors(newFds []string) {
-	p.fds = newFds
-}
-
-type initProcess struct {
-	cmd             *exec.Cmd
-	parentPipe      *os.File
-	childPipe       *os.File
-	config          *initConfig
-	manager         cgroups.Manager
-	intelRdtManager intelrdt.Manager
-	container       *linuxContainer
-	fds             []string
-	process         *Process
-	bootstrapData   io.Reader
-	sharePidns      bool
-}
-
-func (p *initProcess) pid() int {
-	return p.cmd.Process.Pid
-}
-
-func (p *initProcess) externalDescriptors() []string {
-	return p.fds
-}
-
-// execSetns runs the process that executes C code to perform the setns calls
-// because setns support requires the C process to fork off a child and perform the setns
-// before the go runtime boots, we wait on the process to die and receive the child's pid
-// over the provided pipe.
-// This is called by initProcess.start function
-func (p *initProcess) execSetns() error {
-	status, err := p.cmd.Process.Wait()
-	if err != nil {
-		p.cmd.Wait()
-		return err
-	}
-	if !status.Success() {
-		p.cmd.Wait()
-		return &exec.ExitError{ProcessState: status}
-	}
-	var pid *pid
-	if err := json.NewDecoder(p.parentPipe).Decode(&pid); err != nil {
-		p.cmd.Wait()
-		return err
-	}
-
-	// Clean up the zombie parent process
-	firstChildProcess, err := os.FindProcess(pid.PidFirstChild)
-	if err != nil {
-		return err
-	}
-
-	// Ignore the error in case the child has already been reaped for any reason
-	_, _ = firstChildProcess.Wait()
-
-	process, err := os.FindProcess(pid.Pid)
-	if err != nil {
-		return err
-	}
-	p.cmd.Process = process
-	p.process.ops = p
-	return nil
-}
-
-func (p *initProcess) start() error {
-	defer p.parentPipe.Close()
-	err := p.cmd.Start()
-	p.process.ops = p
-	p.childPipe.Close()
-	if err != nil {
-		p.process.ops = nil
-		return newSystemErrorWithCause(err, "starting init process command")
-	}
-	// Do this before syncing with child so that no children can escape the
-	// cgroup. We don't need to worry about not doing this and not being root
-	// because we'd be using the rootless cgroup manager in that case.
-	if err := p.manager.Apply(p.pid()); err != nil {
-		return newSystemErrorWithCause(err, "applying cgroup configuration for process")
-	}
-	if p.intelRdtManager != nil {
-		if err := p.intelRdtManager.Apply(p.pid()); err != nil {
-			return newSystemErrorWithCause(err, "applying Intel RDT configuration for process")
-		}
-	}
-	defer func() {
-		if err != nil {
-			// TODO: should not be the responsibility to call here
-			p.manager.Destroy()
-			if p.intelRdtManager != nil {
-				p.intelRdtManager.Destroy()
-			}
-		}
-	}()
-
-	if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
-		return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
-	}
-
-	if err := p.execSetns(); err != nil {
-		return newSystemErrorWithCause(err, "running exec setns process for init")
-	}
-
-	// Save the standard descriptor names before the container process
-	// can potentially move them (e.g., via dup2()).  If we don't do this now,
-	// we won't know at checkpoint time which file descriptor to look up.
-	fds, err := getPipeFds(p.pid())
-	if err != nil {
-		return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid())
-	}
-	p.setExternalDescriptors(fds)
-	if err := p.createNetworkInterfaces(); err != nil {
-		return newSystemErrorWithCause(err, "creating network interfaces")
-	}
-	if err := p.sendConfig(); err != nil {
-		return newSystemErrorWithCause(err, "sending config to init process")
-	}
-	var (
-		sentRun    bool
-		sentResume bool
-	)
-
-	ierr := parseSync(p.parentPipe, func(sync *syncT) error {
-		switch sync.Type {
-		case procReady:
-			// set rlimits, this has to be done here because we lose permissions
-			// to raise the limits once we enter a user-namespace
-			if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
-				return newSystemErrorWithCause(err, "setting rlimits for ready process")
-			}
-			// call prestart hooks
-			if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
-				// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
-				if err := p.manager.Set(p.config.Config); err != nil {
-					return newSystemErrorWithCause(err, "setting cgroup config for ready process")
-				}
-				if p.intelRdtManager != nil {
-					if err := p.intelRdtManager.Set(p.config.Config); err != nil {
-						return newSystemErrorWithCause(err, "setting Intel RDT config for ready process")
-					}
-				}
-
-				if p.config.Config.Hooks != nil {
-					bundle, annotations := utils.Annotations(p.container.config.Labels)
-					s := configs.HookState{
-						Version:     p.container.config.Version,
-						ID:          p.container.id,
-						Pid:         p.pid(),
-						Bundle:      bundle,
-						Annotations: annotations,
-					}
-					for i, hook := range p.config.Config.Hooks.Prestart {
-						if err := hook.Run(s); err != nil {
-							return newSystemErrorWithCausef(err, "running prestart hook %d", i)
-						}
-					}
-				}
-			}
-			// Sync with child.
-			if err := writeSync(p.parentPipe, procRun); err != nil {
-				return newSystemErrorWithCause(err, "writing syncT 'run'")
-			}
-			sentRun = true
-		case procHooks:
-			// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
-			if err := p.manager.Set(p.config.Config); err != nil {
-				return newSystemErrorWithCause(err, "setting cgroup config for procHooks process")
-			}
-			if p.intelRdtManager != nil {
-				if err := p.intelRdtManager.Set(p.config.Config); err != nil {
-					return newSystemErrorWithCause(err, "setting Intel RDT config for procHooks process")
-				}
-			}
-			if p.config.Config.Hooks != nil {
-				bundle, annotations := utils.Annotations(p.container.config.Labels)
-				s := configs.HookState{
-					Version:     p.container.config.Version,
-					ID:          p.container.id,
-					Pid:         p.pid(),
-					Bundle:      bundle,
-					Annotations: annotations,
-				}
-				for i, hook := range p.config.Config.Hooks.Prestart {
-					if err := hook.Run(s); err != nil {
-						return newSystemErrorWithCausef(err, "running prestart hook %d", i)
-					}
-				}
-			}
-			// Sync with child.
-			if err := writeSync(p.parentPipe, procResume); err != nil {
-				return newSystemErrorWithCause(err, "writing syncT 'resume'")
-			}
-			sentResume = true
-		default:
-			return newSystemError(fmt.Errorf("invalid JSON payload from child"))
-		}
-
-		return nil
-	})
-
-	if !sentRun {
-		return newSystemErrorWithCause(ierr, "container init")
-	}
-	if p.config.Config.Namespaces.Contains(configs.NEWNS) && !sentResume {
-		return newSystemError(fmt.Errorf("could not synchronise after executing prestart hooks with container process"))
-	}
-	if err := unix.Shutdown(int(p.parentPipe.Fd()), unix.SHUT_WR); err != nil {
-		return newSystemErrorWithCause(err, "shutting down init pipe")
-	}
-
-	// Must be done after Shutdown so the child will exit and we can wait for it.
-	if ierr != nil {
-		p.wait()
-		return ierr
-	}
-	return nil
-}
-
-func (p *initProcess) wait() (*os.ProcessState, error) {
-	err := p.cmd.Wait()
-	if err != nil {
-		return p.cmd.ProcessState, err
-	}
-	// we should kill all processes in cgroup when init is died if we use host PID namespace
-	if p.sharePidns {
-		signalAllProcesses(p.manager, unix.SIGKILL)
-	}
-	return p.cmd.ProcessState, nil
-}
-
-func (p *initProcess) terminate() error {
-	if p.cmd.Process == nil {
-		return nil
-	}
-	err := p.cmd.Process.Kill()
-	if _, werr := p.wait(); err == nil {
-		err = werr
-	}
-	return err
-}
-
-func (p *initProcess) startTime() (uint64, error) {
-	stat, err := system.Stat(p.pid())
-	return stat.StartTime, err
-}
-
-func (p *initProcess) sendConfig() error {
-	// send the config to the container's init process, we don't use JSON Encode
-	// here because there might be a problem in JSON decoder in some cases, see:
-	// https://github.com/docker/docker/issues/14203#issuecomment-174177790
-	return utils.WriteJSON(p.parentPipe, p.config)
-}
-
-func (p *initProcess) createNetworkInterfaces() error {
-	for _, config := range p.config.Config.Networks {
-		strategy, err := getStrategy(config.Type)
-		if err != nil {
-			return err
-		}
-		n := &network{
-			Network: *config,
-		}
-		if err := strategy.create(n, p.pid()); err != nil {
-			return err
-		}
-		p.config.Networks = append(p.config.Networks, n)
-	}
-	return nil
-}
-
-func (p *initProcess) signal(sig os.Signal) error {
-	s, ok := sig.(syscall.Signal)
-	if !ok {
-		return errors.New("os: unsupported signal type")
-	}
-	return unix.Kill(p.pid(), s)
-}
-
-func (p *initProcess) setExternalDescriptors(newFds []string) {
-	p.fds = newFds
-}
-
-func getPipeFds(pid int) ([]string, error) {
-	fds := make([]string, 3)
-
-	dirPath := filepath.Join("/proc", strconv.Itoa(pid), "/fd")
-	for i := 0; i < 3; i++ {
-		// XXX: This breaks if the path is not a valid symlink (which can
-		//      happen in certain particularly unlucky mount namespace setups).
-		f := filepath.Join(dirPath, strconv.Itoa(i))
-		target, err := os.Readlink(f)
-		if err != nil {
-			// Ignore permission errors, for rootless containers and other
-			// non-dumpable processes. if we can't get the fd for a particular
-			// file, there's not much we can do.
-			if os.IsPermission(err) {
-				continue
-			}
-			return fds, err
-		}
-		fds[i] = target
-	}
-	return fds, nil
-}
-
-// InitializeIO creates pipes for use with the process's stdio and returns the
-// opposite side for each. Do not use this if you want to have a pseudoterminal
-// set up for you by libcontainer (TODO: fix that too).
-// TODO: This is mostly unnecessary, and should be handled by clients.
-func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) {
-	var fds []uintptr
-	i = &IO{}
-	// cleanup in case of an error
-	defer func() {
-		if err != nil {
-			for _, fd := range fds {
-				unix.Close(int(fd))
-			}
-		}
-	}()
-	// STDIN
-	r, w, err := os.Pipe()
-	if err != nil {
-		return nil, err
-	}
-	fds = append(fds, r.Fd(), w.Fd())
-	p.Stdin, i.Stdin = r, w
-	// STDOUT
-	if r, w, err = os.Pipe(); err != nil {
-		return nil, err
-	}
-	fds = append(fds, r.Fd(), w.Fd())
-	p.Stdout, i.Stdout = w, r
-	// STDERR
-	if r, w, err = os.Pipe(); err != nil {
-		return nil, err
-	}
-	fds = append(fds, r.Fd(), w.Fd())
-	p.Stderr, i.Stderr = w, r
-	// change ownership of the pipes incase we are in a user namespace
-	for _, fd := range fds {
-		if err := unix.Fchown(int(fd), rootuid, rootgid); err != nil {
-			return nil, err
-		}
-	}
-	return i, nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/restored_process.go

@@ -1,122 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/opencontainers/runc/libcontainer/system"
-)
-
-func newRestoredProcess(pid int, fds []string) (*restoredProcess, error) {
-	var (
-		err error
-	)
-	proc, err := os.FindProcess(pid)
-	if err != nil {
-		return nil, err
-	}
-	stat, err := system.Stat(pid)
-	if err != nil {
-		return nil, err
-	}
-	return &restoredProcess{
-		proc:             proc,
-		processStartTime: stat.StartTime,
-		fds:              fds,
-	}, nil
-}
-
-type restoredProcess struct {
-	proc             *os.Process
-	processStartTime uint64
-	fds              []string
-}
-
-func (p *restoredProcess) start() error {
-	return newGenericError(fmt.Errorf("restored process cannot be started"), SystemError)
-}
-
-func (p *restoredProcess) pid() int {
-	return p.proc.Pid
-}
-
-func (p *restoredProcess) terminate() error {
-	err := p.proc.Kill()
-	if _, werr := p.wait(); err == nil {
-		err = werr
-	}
-	return err
-}
-
-func (p *restoredProcess) wait() (*os.ProcessState, error) {
-	// TODO: how do we wait on the actual process?
-	// maybe use --exec-cmd in criu
-	st, err := p.proc.Wait()
-	if err != nil {
-		return nil, err
-	}
-	return st, nil
-}
-
-func (p *restoredProcess) startTime() (uint64, error) {
-	return p.processStartTime, nil
-}
-
-func (p *restoredProcess) signal(s os.Signal) error {
-	return p.proc.Signal(s)
-}
-
-func (p *restoredProcess) externalDescriptors() []string {
-	return p.fds
-}
-
-func (p *restoredProcess) setExternalDescriptors(newFds []string) {
-	p.fds = newFds
-}
-
-// nonChildProcess represents a process where the calling process is not
-// the parent process.  This process is created when a factory loads a container from
-// a persisted state.
-type nonChildProcess struct {
-	processPid       int
-	processStartTime uint64
-	fds              []string
-}
-
-func (p *nonChildProcess) start() error {
-	return newGenericError(fmt.Errorf("restored process cannot be started"), SystemError)
-}
-
-func (p *nonChildProcess) pid() int {
-	return p.processPid
-}
-
-func (p *nonChildProcess) terminate() error {
-	return newGenericError(fmt.Errorf("restored process cannot be terminated"), SystemError)
-}
-
-func (p *nonChildProcess) wait() (*os.ProcessState, error) {
-	return nil, newGenericError(fmt.Errorf("restored process cannot be waited on"), SystemError)
-}
-
-func (p *nonChildProcess) startTime() (uint64, error) {
-	return p.processStartTime, nil
-}
-
-func (p *nonChildProcess) signal(s os.Signal) error {
-	proc, err := os.FindProcess(p.processPid)
-	if err != nil {
-		return err
-	}
-	return proc.Signal(s)
-}
-
-func (p *nonChildProcess) externalDescriptors() []string {
-	return p.fds
-}
-
-func (p *nonChildProcess) setExternalDescriptors(newFds []string) {
-	p.fds = newFds
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go

@@ -1,838 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/cyphar/filepath-securejoin"
-	"github.com/mrunalp/fileutils"
-	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/mount"
-	"github.com/opencontainers/runc/libcontainer/system"
-	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
-	"github.com/opencontainers/selinux/go-selinux/label"
-
-	"golang.org/x/sys/unix"
-)
-
-const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV
-
-// needsSetupDev returns true if /dev needs to be set up.
-func needsSetupDev(config *configs.Config) bool {
-	for _, m := range config.Mounts {
-		if m.Device == "bind" && libcontainerUtils.CleanPath(m.Destination) == "/dev" {
-			return false
-		}
-	}
-	return true
-}
-
-// prepareRootfs sets up the devices, mount points, and filesystems for use
-// inside a new mount namespace. It doesn't set anything as ro. You must call
-// finalizeRootfs after this function to finish setting up the rootfs.
-func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) {
-	config := iConfig.Config
-	if err := prepareRoot(config); err != nil {
-		return newSystemErrorWithCause(err, "preparing rootfs")
-	}
-
-	setupDev := needsSetupDev(config)
-	for _, m := range config.Mounts {
-		for _, precmd := range m.PremountCmds {
-			if err := mountCmd(precmd); err != nil {
-				return newSystemErrorWithCause(err, "running premount command")
-			}
-		}
-
-		if err := mountToRootfs(m, config.Rootfs, config.MountLabel); err != nil {
-			return newSystemErrorWithCausef(err, "mounting %q to rootfs %q at %q", m.Source, config.Rootfs, m.Destination)
-		}
-
-		for _, postcmd := range m.PostmountCmds {
-			if err := mountCmd(postcmd); err != nil {
-				return newSystemErrorWithCause(err, "running postmount command")
-			}
-		}
-	}
-
-	if setupDev {
-		if err := createDevices(config); err != nil {
-			return newSystemErrorWithCause(err, "creating device nodes")
-		}
-		if err := setupPtmx(config); err != nil {
-			return newSystemErrorWithCause(err, "setting up ptmx")
-		}
-		if err := setupDevSymlinks(config.Rootfs); err != nil {
-			return newSystemErrorWithCause(err, "setting up /dev symlinks")
-		}
-	}
-
-	// Signal the parent to run the pre-start hooks.
-	// The hooks are run after the mounts are setup, but before we switch to the new
-	// root, so that the old root is still available in the hooks for any mount
-	// manipulations.
-	// Note that iConfig.Cwd is not guaranteed to exist here.
-	if err := syncParentHooks(pipe); err != nil {
-		return err
-	}
-
-	// The reason these operations are done here rather than in finalizeRootfs
-	// is because the console-handling code gets quite sticky if we have to set
-	// up the console before doing the pivot_root(2). This is because the
-	// Console API has to also work with the ExecIn case, which means that the
-	// API must be able to deal with being inside as well as outside the
-	// container. It's just cleaner to do this here (at the expense of the
-	// operation not being perfectly split).
-
-	if err := unix.Chdir(config.Rootfs); err != nil {
-		return newSystemErrorWithCausef(err, "changing dir to %q", config.Rootfs)
-	}
-
-	if config.NoPivotRoot {
-		err = msMoveRoot(config.Rootfs)
-	} else if config.Namespaces.Contains(configs.NEWNS) {
-		err = pivotRoot(config.Rootfs)
-	} else {
-		err = chroot(config.Rootfs)
-	}
-	if err != nil {
-		return newSystemErrorWithCause(err, "jailing process inside rootfs")
-	}
-
-	if setupDev {
-		if err := reOpenDevNull(); err != nil {
-			return newSystemErrorWithCause(err, "reopening /dev/null inside container")
-		}
-	}
-
-	if cwd := iConfig.Cwd; cwd != "" {
-		// Note that spec.Process.Cwd can contain unclean value like  "../../../../foo/bar...".
-		// However, we are safe to call MkDirAll directly because we are in the jail here.
-		if err := os.MkdirAll(cwd, 0755); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// finalizeRootfs sets anything to ro if necessary. You must call
-// prepareRootfs first.
-func finalizeRootfs(config *configs.Config) (err error) {
-	// remount dev as ro if specified
-	for _, m := range config.Mounts {
-		if libcontainerUtils.CleanPath(m.Destination) == "/dev" {
-			if m.Flags&unix.MS_RDONLY == unix.MS_RDONLY {
-				if err := remountReadonly(m); err != nil {
-					return newSystemErrorWithCausef(err, "remounting %q as readonly", m.Destination)
-				}
-			}
-			break
-		}
-	}
-
-	// set rootfs ( / ) as readonly
-	if config.Readonlyfs {
-		if err := setReadonly(); err != nil {
-			return newSystemErrorWithCause(err, "setting rootfs as readonly")
-		}
-	}
-
-	unix.Umask(0022)
-	return nil
-}
-
-func mountCmd(cmd configs.Command) error {
-	command := exec.Command(cmd.Path, cmd.Args[:]...)
-	command.Env = cmd.Env
-	command.Dir = cmd.Dir
-	if out, err := command.CombinedOutput(); err != nil {
-		return fmt.Errorf("%#v failed: %s: %v", cmd, string(out), err)
-	}
-	return nil
-}
-
-func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
-	var (
-		dest = m.Destination
-	)
-	if !strings.HasPrefix(dest, rootfs) {
-		dest = filepath.Join(rootfs, dest)
-	}
-
-	switch m.Device {
-	case "proc", "sysfs":
-		if err := os.MkdirAll(dest, 0755); err != nil {
-			return err
-		}
-		// Selinux kernels do not support labeling of /proc or /sys
-		return mountPropagate(m, rootfs, "")
-	case "mqueue":
-		if err := os.MkdirAll(dest, 0755); err != nil {
-			return err
-		}
-		if err := mountPropagate(m, rootfs, mountLabel); err != nil {
-			// older kernels do not support labeling of /dev/mqueue
-			if err := mountPropagate(m, rootfs, ""); err != nil {
-				return err
-			}
-			return label.SetFileLabel(dest, mountLabel)
-		}
-		return nil
-	case "tmpfs":
-		copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP
-		tmpDir := ""
-		stat, err := os.Stat(dest)
-		if err != nil {
-			if err := os.MkdirAll(dest, 0755); err != nil {
-				return err
-			}
-		}
-		if copyUp {
-			tmpDir, err = ioutil.TempDir("/tmp", "runctmpdir")
-			if err != nil {
-				return newSystemErrorWithCause(err, "tmpcopyup: failed to create tmpdir")
-			}
-			defer os.RemoveAll(tmpDir)
-			m.Destination = tmpDir
-		}
-		if err := mountPropagate(m, rootfs, mountLabel); err != nil {
-			return err
-		}
-		if copyUp {
-			if err := fileutils.CopyDirectory(dest, tmpDir); err != nil {
-				errMsg := fmt.Errorf("tmpcopyup: failed to copy %s to %s: %v", dest, tmpDir, err)
-				if err1 := unix.Unmount(tmpDir, unix.MNT_DETACH); err1 != nil {
-					return newSystemErrorWithCausef(err1, "tmpcopyup: %v: failed to unmount", errMsg)
-				}
-				return errMsg
-			}
-			if err := unix.Mount(tmpDir, dest, "", unix.MS_MOVE, ""); err != nil {
-				errMsg := fmt.Errorf("tmpcopyup: failed to move mount %s to %s: %v", tmpDir, dest, err)
-				if err1 := unix.Unmount(tmpDir, unix.MNT_DETACH); err1 != nil {
-					return newSystemErrorWithCausef(err1, "tmpcopyup: %v: failed to unmount", errMsg)
-				}
-				return errMsg
-			}
-		}
-		if stat != nil {
-			if err = os.Chmod(dest, stat.Mode()); err != nil {
-				return err
-			}
-		}
-		return nil
-	case "bind":
-		stat, err := os.Stat(m.Source)
-		if err != nil {
-			// error out if the source of a bind mount does not exist as we will be
-			// unable to bind anything to it.
-			return err
-		}
-		// ensure that the destination of the bind mount is resolved of symlinks at mount time because
-		// any previous mounts can invalidate the next mount's destination.
-		// this can happen when a user specifies mounts within other mounts to cause breakouts or other
-		// evil stuff to try to escape the container's rootfs.
-		if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil {
-			return err
-		}
-		if err := checkMountDestination(rootfs, dest); err != nil {
-			return err
-		}
-		// update the mount with the correct dest after symlinks are resolved.
-		m.Destination = dest
-		if err := createIfNotExists(dest, stat.IsDir()); err != nil {
-			return err
-		}
-		if err := mountPropagate(m, rootfs, mountLabel); err != nil {
-			return err
-		}
-		// bind mount won't change mount options, we need remount to make mount options effective.
-		// first check that we have non-default options required before attempting a remount
-		if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 {
-			// only remount if unique mount options are set
-			if err := remount(m, rootfs); err != nil {
-				return err
-			}
-		}
-
-		if m.Relabel != "" {
-			if err := label.Validate(m.Relabel); err != nil {
-				return err
-			}
-			shared := label.IsShared(m.Relabel)
-			if err := label.Relabel(m.Source, mountLabel, shared); err != nil {
-				return err
-			}
-		}
-	case "cgroup":
-		binds, err := getCgroupMounts(m)
-		if err != nil {
-			return err
-		}
-		var merged []string
-		for _, b := range binds {
-			ss := filepath.Base(b.Destination)
-			if strings.Contains(ss, ",") {
-				merged = append(merged, ss)
-			}
-		}
-		tmpfs := &configs.Mount{
-			Source:           "tmpfs",
-			Device:           "tmpfs",
-			Destination:      m.Destination,
-			Flags:            defaultMountFlags,
-			Data:             "mode=755",
-			PropagationFlags: m.PropagationFlags,
-		}
-		if err := mountToRootfs(tmpfs, rootfs, mountLabel); err != nil {
-			return err
-		}
-		for _, b := range binds {
-			if err := mountToRootfs(b, rootfs, mountLabel); err != nil {
-				return err
-			}
-		}
-		for _, mc := range merged {
-			for _, ss := range strings.Split(mc, ",") {
-				// symlink(2) is very dumb, it will just shove the path into
-				// the link and doesn't do any checks or relative path
-				// conversion. Also, don't error out if the cgroup already exists.
-				if err := os.Symlink(mc, filepath.Join(rootfs, m.Destination, ss)); err != nil && !os.IsExist(err) {
-					return err
-				}
-			}
-		}
-		if m.Flags&unix.MS_RDONLY != 0 {
-			// remount cgroup root as readonly
-			mcgrouproot := &configs.Mount{
-				Source:      m.Destination,
-				Device:      "bind",
-				Destination: m.Destination,
-				Flags:       defaultMountFlags | unix.MS_RDONLY | unix.MS_BIND,
-			}
-			if err := remount(mcgrouproot, rootfs); err != nil {
-				return err
-			}
-		}
-	default:
-		// ensure that the destination of the mount is resolved of symlinks at mount time because
-		// any previous mounts can invalidate the next mount's destination.
-		// this can happen when a user specifies mounts within other mounts to cause breakouts or other
-		// evil stuff to try to escape the container's rootfs.
-		var err error
-		if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil {
-			return err
-		}
-		if err := checkMountDestination(rootfs, dest); err != nil {
-			return err
-		}
-		// update the mount with the correct dest after symlinks are resolved.
-		m.Destination = dest
-		if err := os.MkdirAll(dest, 0755); err != nil {
-			return err
-		}
-		return mountPropagate(m, rootfs, mountLabel)
-	}
-	return nil
-}
-
-func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) {
-	mounts, err := cgroups.GetCgroupMounts(false)
-	if err != nil {
-		return nil, err
-	}
-
-	cgroupPaths, err := cgroups.ParseCgroupFile("/proc/self/cgroup")
-	if err != nil {
-		return nil, err
-	}
-
-	var binds []*configs.Mount
-
-	for _, mm := range mounts {
-		dir, err := mm.GetOwnCgroup(cgroupPaths)
-		if err != nil {
-			return nil, err
-		}
-		relDir, err := filepath.Rel(mm.Root, dir)
-		if err != nil {
-			return nil, err
-		}
-		binds = append(binds, &configs.Mount{
-			Device:           "bind",
-			Source:           filepath.Join(mm.Mountpoint, relDir),
-			Destination:      filepath.Join(m.Destination, filepath.Base(mm.Mountpoint)),
-			Flags:            unix.MS_BIND | unix.MS_REC | m.Flags,
-			PropagationFlags: m.PropagationFlags,
-		})
-	}
-
-	return binds, nil
-}
-
-// checkMountDestination checks to ensure that the mount destination is not over the top of /proc.
-// dest is required to be an abs path and have any symlinks resolved before calling this function.
-func checkMountDestination(rootfs, dest string) error {
-	invalidDestinations := []string{
-		"/proc",
-	}
-	// White list, it should be sub directories of invalid destinations
-	validDestinations := []string{
-		// These entries can be bind mounted by files emulated by fuse,
-		// so commands like top, free displays stats in container.
-		"/proc/cpuinfo",
-		"/proc/diskstats",
-		"/proc/meminfo",
-		"/proc/stat",
-		"/proc/swaps",
-		"/proc/uptime",
-		"/proc/net/dev",
-	}
-	for _, valid := range validDestinations {
-		path, err := filepath.Rel(filepath.Join(rootfs, valid), dest)
-		if err != nil {
-			return err
-		}
-		if path == "." {
-			return nil
-		}
-	}
-	for _, invalid := range invalidDestinations {
-		path, err := filepath.Rel(filepath.Join(rootfs, invalid), dest)
-		if err != nil {
-			return err
-		}
-		if path == "." || !strings.HasPrefix(path, "..") {
-			return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)
-		}
-	}
-	return nil
-}
-
-func setupDevSymlinks(rootfs string) error {
-	var links = [][2]string{
-		{"/proc/self/fd", "/dev/fd"},
-		{"/proc/self/fd/0", "/dev/stdin"},
-		{"/proc/self/fd/1", "/dev/stdout"},
-		{"/proc/self/fd/2", "/dev/stderr"},
-	}
-	// kcore support can be toggled with CONFIG_PROC_KCORE; only create a symlink
-	// in /dev if it exists in /proc.
-	if _, err := os.Stat("/proc/kcore"); err == nil {
-		links = append(links, [2]string{"/proc/kcore", "/dev/core"})
-	}
-	for _, link := range links {
-		var (
-			src = link[0]
-			dst = filepath.Join(rootfs, link[1])
-		)
-		if err := os.Symlink(src, dst); err != nil && !os.IsExist(err) {
-			return fmt.Errorf("symlink %s %s %s", src, dst, err)
-		}
-	}
-	return nil
-}
-
-// If stdin, stdout, and/or stderr are pointing to `/dev/null` in the parent's rootfs
-// this method will make them point to `/dev/null` in this container's rootfs.  This
-// needs to be called after we chroot/pivot into the container's rootfs so that any
-// symlinks are resolved locally.
-func reOpenDevNull() error {
-	var stat, devNullStat unix.Stat_t
-	file, err := os.OpenFile("/dev/null", os.O_RDWR, 0)
-	if err != nil {
-		return fmt.Errorf("Failed to open /dev/null - %s", err)
-	}
-	defer file.Close()
-	if err := unix.Fstat(int(file.Fd()), &devNullStat); err != nil {
-		return err
-	}
-	for fd := 0; fd < 3; fd++ {
-		if err := unix.Fstat(fd, &stat); err != nil {
-			return err
-		}
-		if stat.Rdev == devNullStat.Rdev {
-			// Close and re-open the fd.
-			if err := unix.Dup3(int(file.Fd()), fd, 0); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-// Create the device nodes in the container.
-func createDevices(config *configs.Config) error {
-	useBindMount := system.RunningInUserNS() || config.Namespaces.Contains(configs.NEWUSER)
-	oldMask := unix.Umask(0000)
-	for _, node := range config.Devices {
-		// containers running in a user namespace are not allowed to mknod
-		// devices so we can just bind mount it from the host.
-		if err := createDeviceNode(config.Rootfs, node, useBindMount); err != nil {
-			unix.Umask(oldMask)
-			return err
-		}
-	}
-	unix.Umask(oldMask)
-	return nil
-}
-
-func bindMountDeviceNode(dest string, node *configs.Device) error {
-	f, err := os.Create(dest)
-	if err != nil && !os.IsExist(err) {
-		return err
-	}
-	if f != nil {
-		f.Close()
-	}
-	return unix.Mount(node.Path, dest, "bind", unix.MS_BIND, "")
-}
-
-// Creates the device node in the rootfs of the container.
-func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
-	dest := filepath.Join(rootfs, node.Path)
-	if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil {
-		return err
-	}
-
-	if bind {
-		return bindMountDeviceNode(dest, node)
-	}
-	if err := mknodDevice(dest, node); err != nil {
-		if os.IsExist(err) {
-			return nil
-		} else if os.IsPermission(err) {
-			return bindMountDeviceNode(dest, node)
-		}
-		return err
-	}
-	return nil
-}
-
-func mknodDevice(dest string, node *configs.Device) error {
-	fileMode := node.FileMode
-	switch node.Type {
-	case 'c', 'u':
-		fileMode |= unix.S_IFCHR
-	case 'b':
-		fileMode |= unix.S_IFBLK
-	case 'p':
-		fileMode |= unix.S_IFIFO
-	default:
-		return fmt.Errorf("%c is not a valid device type for device %s", node.Type, node.Path)
-	}
-	if err := unix.Mknod(dest, uint32(fileMode), node.Mkdev()); err != nil {
-		return err
-	}
-	return unix.Chown(dest, int(node.Uid), int(node.Gid))
-}
-
-func getMountInfo(mountinfo []*mount.Info, dir string) *mount.Info {
-	for _, m := range mountinfo {
-		if m.Mountpoint == dir {
-			return m
-		}
-	}
-	return nil
-}
-
-// Get the parent mount point of directory passed in as argument. Also return
-// optional fields.
-func getParentMount(rootfs string) (string, string, error) {
-	var path string
-
-	mountinfos, err := mount.GetMounts()
-	if err != nil {
-		return "", "", err
-	}
-
-	mountinfo := getMountInfo(mountinfos, rootfs)
-	if mountinfo != nil {
-		return rootfs, mountinfo.Optional, nil
-	}
-
-	path = rootfs
-	for {
-		path = filepath.Dir(path)
-
-		mountinfo = getMountInfo(mountinfos, path)
-		if mountinfo != nil {
-			return path, mountinfo.Optional, nil
-		}
-
-		if path == "/" {
-			break
-		}
-	}
-
-	// If we are here, we did not find parent mount. Something is wrong.
-	return "", "", fmt.Errorf("Could not find parent mount of %s", rootfs)
-}
-
-// Make parent mount private if it was shared
-func rootfsParentMountPrivate(rootfs string) error {
-	sharedMount := false
-
-	parentMount, optionalOpts, err := getParentMount(rootfs)
-	if err != nil {
-		return err
-	}
-
-	optsSplit := strings.Split(optionalOpts, " ")
-	for _, opt := range optsSplit {
-		if strings.HasPrefix(opt, "shared:") {
-			sharedMount = true
-			break
-		}
-	}
-
-	// Make parent mount PRIVATE if it was shared. It is needed for two
-	// reasons. First of all pivot_root() will fail if parent mount is
-	// shared. Secondly when we bind mount rootfs it will propagate to
-	// parent namespace and we don't want that to happen.
-	if sharedMount {
-		return unix.Mount("", parentMount, "", unix.MS_PRIVATE, "")
-	}
-
-	return nil
-}
-
-func prepareRoot(config *configs.Config) error {
-	flag := unix.MS_SLAVE | unix.MS_REC
-	if config.RootPropagation != 0 {
-		flag = config.RootPropagation
-	}
-	if err := unix.Mount("", "/", "", uintptr(flag), ""); err != nil {
-		return err
-	}
-
-	// Make parent mount private to make sure following bind mount does
-	// not propagate in other namespaces. Also it will help with kernel
-	// check pass in pivot_root. (IS_SHARED(new_mnt->mnt_parent))
-	if err := rootfsParentMountPrivate(config.Rootfs); err != nil {
-		return err
-	}
-
-	return unix.Mount(config.Rootfs, config.Rootfs, "bind", unix.MS_BIND|unix.MS_REC, "")
-}
-
-func setReadonly() error {
-	return unix.Mount("/", "/", "bind", unix.MS_BIND|unix.MS_REMOUNT|unix.MS_RDONLY|unix.MS_REC, "")
-}
-
-func setupPtmx(config *configs.Config) error {
-	ptmx := filepath.Join(config.Rootfs, "dev/ptmx")
-	if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	if err := os.Symlink("pts/ptmx", ptmx); err != nil {
-		return fmt.Errorf("symlink dev ptmx %s", err)
-	}
-	return nil
-}
-
-// pivotRoot will call pivot_root such that rootfs becomes the new root
-// filesystem, and everything else is cleaned up.
-func pivotRoot(rootfs string) error {
-	// While the documentation may claim otherwise, pivot_root(".", ".") is
-	// actually valid. What this results in is / being the new root but
-	// /proc/self/cwd being the old root. Since we can play around with the cwd
-	// with pivot_root this allows us to pivot without creating directories in
-	// the rootfs. Shout-outs to the LXC developers for giving us this idea.
-
-	oldroot, err := unix.Open("/", unix.O_DIRECTORY|unix.O_RDONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer unix.Close(oldroot)
-
-	newroot, err := unix.Open(rootfs, unix.O_DIRECTORY|unix.O_RDONLY, 0)
-	if err != nil {
-		return err
-	}
-	defer unix.Close(newroot)
-
-	// Change to the new root so that the pivot_root actually acts on it.
-	if err := unix.Fchdir(newroot); err != nil {
-		return err
-	}
-
-	if err := unix.PivotRoot(".", "."); err != nil {
-		return fmt.Errorf("pivot_root %s", err)
-	}
-
-	// Currently our "." is oldroot (according to the current kernel code).
-	// However, purely for safety, we will fchdir(oldroot) since there isn't
-	// really any guarantee from the kernel what /proc/self/cwd will be after a
-	// pivot_root(2).
-
-	if err := unix.Fchdir(oldroot); err != nil {
-		return err
-	}
-
-	// Make oldroot rslave to make sure our unmounts don't propagate to the
-	// host (and thus bork the machine). We don't use rprivate because this is
-	// known to cause issues due to races where we still have a reference to a
-	// mount while a process in the host namespace are trying to operate on
-	// something they think has no mounts (devicemapper in particular).
-	if err := unix.Mount("", ".", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil {
-		return err
-	}
-	// Preform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd.
-	if err := unix.Unmount(".", unix.MNT_DETACH); err != nil {
-		return err
-	}
-
-	// Switch back to our shiny new root.
-	if err := unix.Chdir("/"); err != nil {
-		return fmt.Errorf("chdir / %s", err)
-	}
-	return nil
-}
-
-func msMoveRoot(rootfs string) error {
-	if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil {
-		return err
-	}
-	return chroot(rootfs)
-}
-
-func chroot(rootfs string) error {
-	if err := unix.Chroot("."); err != nil {
-		return err
-	}
-	return unix.Chdir("/")
-}
-
-// createIfNotExists creates a file or a directory only if it does not already exist.
-func createIfNotExists(path string, isDir bool) error {
-	if _, err := os.Stat(path); err != nil {
-		if os.IsNotExist(err) {
-			if isDir {
-				return os.MkdirAll(path, 0755)
-			}
-			if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
-				return err
-			}
-			f, err := os.OpenFile(path, os.O_CREATE, 0755)
-			if err != nil {
-				return err
-			}
-			f.Close()
-		}
-	}
-	return nil
-}
-
-// readonlyPath will make a path read only.
-func readonlyPath(path string) error {
-	if err := unix.Mount(path, path, "", unix.MS_BIND|unix.MS_REC, ""); err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	return unix.Mount(path, path, "", unix.MS_BIND|unix.MS_REMOUNT|unix.MS_RDONLY|unix.MS_REC, "")
-}
-
-// remountReadonly will remount an existing mount point and ensure that it is read-only.
-func remountReadonly(m *configs.Mount) error {
-	var (
-		dest  = m.Destination
-		flags = m.Flags
-	)
-	for i := 0; i < 5; i++ {
-		// There is a special case in the kernel for
-		// MS_REMOUNT | MS_BIND, which allows us to change only the
-		// flags even as an unprivileged user (i.e. user namespace)
-		// assuming we don't drop any security related flags (nodev,
-		// nosuid, etc.). So, let's use that case so that we can do
-		// this re-mount without failing in a userns.
-		flags |= unix.MS_REMOUNT | unix.MS_BIND | unix.MS_RDONLY
-		if err := unix.Mount("", dest, "", uintptr(flags), ""); err != nil {
-			switch err {
-			case unix.EBUSY:
-				time.Sleep(100 * time.Millisecond)
-				continue
-			default:
-				return err
-			}
-		}
-		return nil
-	}
-	return fmt.Errorf("unable to mount %s as readonly max retries reached", dest)
-}
-
-// maskPath masks the top of the specified path inside a container to avoid
-// security issues from processes reading information from non-namespace aware
-// mounts ( proc/kcore ).
-// For files, maskPath bind mounts /dev/null over the top of the specified path.
-// For directories, maskPath mounts read-only tmpfs over the top of the specified path.
-func maskPath(path string, mountLabel string) error {
-	if err := unix.Mount("/dev/null", path, "", unix.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
-		if err == unix.ENOTDIR {
-			return unix.Mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel))
-		}
-		return err
-	}
-	return nil
-}
-
-// writeSystemProperty writes the value to a path under /proc/sys as determined from the key.
-// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward.
-func writeSystemProperty(key, value string) error {
-	keyPath := strings.Replace(key, ".", "/", -1)
-	return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644)
-}
-
-func remount(m *configs.Mount, rootfs string) error {
-	var (
-		dest = m.Destination
-	)
-	if !strings.HasPrefix(dest, rootfs) {
-		dest = filepath.Join(rootfs, dest)
-	}
-	if err := unix.Mount(m.Source, dest, m.Device, uintptr(m.Flags|unix.MS_REMOUNT), ""); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Do the mount operation followed by additional mounts required to take care
-// of propagation flags.
-func mountPropagate(m *configs.Mount, rootfs string, mountLabel string) error {
-	var (
-		dest  = m.Destination
-		data  = label.FormatMountLabel(m.Data, mountLabel)
-		flags = m.Flags
-	)
-	if libcontainerUtils.CleanPath(dest) == "/dev" {
-		flags &= ^unix.MS_RDONLY
-	}
-
-	copyUp := m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP
-	if !(copyUp || strings.HasPrefix(dest, rootfs)) {
-		dest = filepath.Join(rootfs, dest)
-	}
-
-	if err := unix.Mount(m.Source, dest, m.Device, uintptr(flags), data); err != nil {
-		return err
-	}
-
-	for _, pflag := range m.PropagationFlags {
-		if err := unix.Mount("", dest, "", uintptr(pflag), ""); err != nil {
-			return err
-		}
-	}
-	return nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go

@@ -1,76 +0,0 @@
-package seccomp
-
-import (
-	"fmt"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-var operators = map[string]configs.Operator{
-	"SCMP_CMP_NE":        configs.NotEqualTo,
-	"SCMP_CMP_LT":        configs.LessThan,
-	"SCMP_CMP_LE":        configs.LessThanOrEqualTo,
-	"SCMP_CMP_EQ":        configs.EqualTo,
-	"SCMP_CMP_GE":        configs.GreaterThanOrEqualTo,
-	"SCMP_CMP_GT":        configs.GreaterThan,
-	"SCMP_CMP_MASKED_EQ": configs.MaskEqualTo,
-}
-
-var actions = map[string]configs.Action{
-	"SCMP_ACT_KILL":  configs.Kill,
-	"SCMP_ACT_ERRNO": configs.Errno,
-	"SCMP_ACT_TRAP":  configs.Trap,
-	"SCMP_ACT_ALLOW": configs.Allow,
-	"SCMP_ACT_TRACE": configs.Trace,
-}
-
-var archs = map[string]string{
-	"SCMP_ARCH_X86":         "x86",
-	"SCMP_ARCH_X86_64":      "amd64",
-	"SCMP_ARCH_X32":         "x32",
-	"SCMP_ARCH_ARM":         "arm",
-	"SCMP_ARCH_AARCH64":     "arm64",
-	"SCMP_ARCH_MIPS":        "mips",
-	"SCMP_ARCH_MIPS64":      "mips64",
-	"SCMP_ARCH_MIPS64N32":   "mips64n32",
-	"SCMP_ARCH_MIPSEL":      "mipsel",
-	"SCMP_ARCH_MIPSEL64":    "mipsel64",
-	"SCMP_ARCH_MIPSEL64N32": "mipsel64n32",
-	"SCMP_ARCH_PPC":         "ppc",
-	"SCMP_ARCH_PPC64":       "ppc64",
-	"SCMP_ARCH_PPC64LE":     "ppc64le",
-	"SCMP_ARCH_S390":        "s390",
-	"SCMP_ARCH_S390X":       "s390x",
-}
-
-// ConvertStringToOperator converts a string into a Seccomp comparison operator.
-// Comparison operators use the names they are assigned by Libseccomp's header.
-// Attempting to convert a string that is not a valid operator results in an
-// error.
-func ConvertStringToOperator(in string) (configs.Operator, error) {
-	if op, ok := operators[in]; ok == true {
-		return op, nil
-	}
-	return 0, fmt.Errorf("string %s is not a valid operator for seccomp", in)
-}
-
-// ConvertStringToAction converts a string into a Seccomp rule match action.
-// Actions use the names they are assigned in Libseccomp's header, though some
-// (notable, SCMP_ACT_TRACE) are not available in this implementation and will
-// return errors.
-// Attempting to convert a string that is not a valid action results in an
-// error.
-func ConvertStringToAction(in string) (configs.Action, error) {
-	if act, ok := actions[in]; ok == true {
-		return act, nil
-	}
-	return 0, fmt.Errorf("string %s is not a valid action for seccomp", in)
-}
-
-// ConvertStringToArch converts a string into a Seccomp comparison arch.
-func ConvertStringToArch(in string) (string, error) {
-	if arch, ok := archs[in]; ok == true {
-		return arch, nil
-	}
-	return "", fmt.Errorf("string %s is not a valid arch for seccomp", in)
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go

@@ -1,258 +0,0 @@
-// +build linux,cgo,seccomp
-
-package seccomp
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-	libseccomp "github.com/seccomp/libseccomp-golang"
-
-	"golang.org/x/sys/unix"
-)
-
-var (
-	actAllow = libseccomp.ActAllow
-	actTrap  = libseccomp.ActTrap
-	actKill  = libseccomp.ActKill
-	actTrace = libseccomp.ActTrace.SetReturnCode(int16(unix.EPERM))
-	actErrno = libseccomp.ActErrno.SetReturnCode(int16(unix.EPERM))
-)
-
-const (
-	// Linux system calls can have at most 6 arguments
-	syscallMaxArguments int = 6
-)
-
-// Filters given syscalls in a container, preventing them from being used
-// Started in the container init process, and carried over to all child processes
-// Setns calls, however, require a separate invocation, as they are not children
-// of the init until they join the namespace
-func InitSeccomp(config *configs.Seccomp) error {
-	if config == nil {
-		return fmt.Errorf("cannot initialize Seccomp - nil config passed")
-	}
-
-	defaultAction, err := getAction(config.DefaultAction)
-	if err != nil {
-		return fmt.Errorf("error initializing seccomp - invalid default action")
-	}
-
-	filter, err := libseccomp.NewFilter(defaultAction)
-	if err != nil {
-		return fmt.Errorf("error creating filter: %s", err)
-	}
-
-	// Add extra architectures
-	for _, arch := range config.Architectures {
-		scmpArch, err := libseccomp.GetArchFromString(arch)
-		if err != nil {
-			return fmt.Errorf("error validating Seccomp architecture: %s", err)
-		}
-
-		if err := filter.AddArch(scmpArch); err != nil {
-			return fmt.Errorf("error adding architecture to seccomp filter: %s", err)
-		}
-	}
-
-	// Unset no new privs bit
-	if err := filter.SetNoNewPrivsBit(false); err != nil {
-		return fmt.Errorf("error setting no new privileges: %s", err)
-	}
-
-	// Add a rule for each syscall
-	for _, call := range config.Syscalls {
-		if call == nil {
-			return fmt.Errorf("encountered nil syscall while initializing Seccomp")
-		}
-
-		if err = matchCall(filter, call); err != nil {
-			return err
-		}
-	}
-
-	if err = filter.Load(); err != nil {
-		return fmt.Errorf("error loading seccomp filter into kernel: %s", err)
-	}
-
-	return nil
-}
-
-// IsEnabled returns if the kernel has been configured to support seccomp.
-func IsEnabled() bool {
-	// Try to read from /proc/self/status for kernels > 3.8
-	s, err := parseStatusFile("/proc/self/status")
-	if err != nil {
-		// Check if Seccomp is supported, via CONFIG_SECCOMP.
-		if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
-			// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-			if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
-				return true
-			}
-		}
-		return false
-	}
-	_, ok := s["Seccomp"]
-	return ok
-}
-
-// Convert Libcontainer Action to Libseccomp ScmpAction
-func getAction(act configs.Action) (libseccomp.ScmpAction, error) {
-	switch act {
-	case configs.Kill:
-		return actKill, nil
-	case configs.Errno:
-		return actErrno, nil
-	case configs.Trap:
-		return actTrap, nil
-	case configs.Allow:
-		return actAllow, nil
-	case configs.Trace:
-		return actTrace, nil
-	default:
-		return libseccomp.ActInvalid, fmt.Errorf("invalid action, cannot use in rule")
-	}
-}
-
-// Convert Libcontainer Operator to Libseccomp ScmpCompareOp
-func getOperator(op configs.Operator) (libseccomp.ScmpCompareOp, error) {
-	switch op {
-	case configs.EqualTo:
-		return libseccomp.CompareEqual, nil
-	case configs.NotEqualTo:
-		return libseccomp.CompareNotEqual, nil
-	case configs.GreaterThan:
-		return libseccomp.CompareGreater, nil
-	case configs.GreaterThanOrEqualTo:
-		return libseccomp.CompareGreaterEqual, nil
-	case configs.LessThan:
-		return libseccomp.CompareLess, nil
-	case configs.LessThanOrEqualTo:
-		return libseccomp.CompareLessOrEqual, nil
-	case configs.MaskEqualTo:
-		return libseccomp.CompareMaskedEqual, nil
-	default:
-		return libseccomp.CompareInvalid, fmt.Errorf("invalid operator, cannot use in rule")
-	}
-}
-
-// Convert Libcontainer Arg to Libseccomp ScmpCondition
-func getCondition(arg *configs.Arg) (libseccomp.ScmpCondition, error) {
-	cond := libseccomp.ScmpCondition{}
-
-	if arg == nil {
-		return cond, fmt.Errorf("cannot convert nil to syscall condition")
-	}
-
-	op, err := getOperator(arg.Op)
-	if err != nil {
-		return cond, err
-	}
-
-	return libseccomp.MakeCondition(arg.Index, op, arg.Value, arg.ValueTwo)
-}
-
-// Add a rule to match a single syscall
-func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall) error {
-	if call == nil || filter == nil {
-		return fmt.Errorf("cannot use nil as syscall to block")
-	}
-
-	if len(call.Name) == 0 {
-		return fmt.Errorf("empty string is not a valid syscall")
-	}
-
-	// If we can't resolve the syscall, assume it's not supported on this kernel
-	// Ignore it, don't error out
-	callNum, err := libseccomp.GetSyscallFromName(call.Name)
-	if err != nil {
-		return nil
-	}
-
-	// Convert the call's action to the libseccomp equivalent
-	callAct, err := getAction(call.Action)
-	if err != nil {
-		return fmt.Errorf("action in seccomp profile is invalid: %s", err)
-	}
-
-	// Unconditional match - just add the rule
-	if len(call.Args) == 0 {
-		if err = filter.AddRule(callNum, callAct); err != nil {
-			return fmt.Errorf("error adding seccomp filter rule for syscall %s: %s", call.Name, err)
-		}
-	} else {
-		// If two or more arguments have the same condition,
-		// Revert to old behavior, adding each condition as a separate rule
-		argCounts := make([]uint, syscallMaxArguments)
-		conditions := []libseccomp.ScmpCondition{}
-
-		for _, cond := range call.Args {
-			newCond, err := getCondition(cond)
-			if err != nil {
-				return fmt.Errorf("error creating seccomp syscall condition for syscall %s: %s", call.Name, err)
-			}
-
-			argCounts[cond.Index] += 1
-
-			conditions = append(conditions, newCond)
-		}
-
-		hasMultipleArgs := false
-		for _, count := range argCounts {
-			if count > 1 {
-				hasMultipleArgs = true
-				break
-			}
-		}
-
-		if hasMultipleArgs {
-			// Revert to old behavior
-			// Add each condition attached to a separate rule
-			for _, cond := range conditions {
-				condArr := []libseccomp.ScmpCondition{cond}
-
-				if err = filter.AddRuleConditional(callNum, callAct, condArr); err != nil {
-					return fmt.Errorf("error adding seccomp rule for syscall %s: %s", call.Name, err)
-				}
-			}
-		} else {
-			// No conditions share same argument
-			// Use new, proper behavior
-			if err = filter.AddRuleConditional(callNum, callAct, conditions); err != nil {
-				return fmt.Errorf("error adding seccomp rule for syscall %s: %s", call.Name, err)
-			}
-		}
-	}
-
-	return nil
-}
-
-func parseStatusFile(path string) (map[string]string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-	status := make(map[string]string)
-
-	for s.Scan() {
-		text := s.Text()
-		parts := strings.Split(text, ":")
-
-		if len(parts) <= 1 {
-			continue
-		}
-
-		status[parts[0]] = parts[1]
-	}
-	if err := s.Err(); err != nil {
-		return nil, err
-	}
-
-	return status, nil
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_unsupported.go

@@ -1,24 +0,0 @@
-// +build !linux !cgo !seccomp
-
-package seccomp
-
-import (
-	"errors"
-
-	"github.com/opencontainers/runc/libcontainer/configs"
-)
-
-var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported")
-
-// InitSeccomp does nothing because seccomp is not supported.
-func InitSeccomp(config *configs.Seccomp) error {
-	if config != nil {
-		return ErrSeccompNotEnabled
-	}
-	return nil
-}
-
-// IsEnabled returns false, because it is not supported.
-func IsEnabled() bool {
-	return false
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/setns_init_linux.go

@@ -1,76 +0,0 @@
-// +build linux
-
-package libcontainer
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/opencontainers/runc/libcontainer/apparmor"
-	"github.com/opencontainers/runc/libcontainer/keys"
-	"github.com/opencontainers/runc/libcontainer/seccomp"
-	"github.com/opencontainers/runc/libcontainer/system"
-	"github.com/opencontainers/selinux/go-selinux/label"
-
-	"golang.org/x/sys/unix"
-)
-
-// linuxSetnsInit performs the container's initialization for running a new process
-// inside an existing container.
-type linuxSetnsInit struct {
-	pipe          *os.File
-	consoleSocket *os.File
-	config        *initConfig
-}
-
-func (l *linuxSetnsInit) getSessionRingName() string {
-	return fmt.Sprintf("_ses.%s", l.config.ContainerId)
-}
-
-func (l *linuxSetnsInit) Init() error {
-	if !l.config.Config.NoNewKeyring {
-		// do not inherit the parent's session keyring
-		if _, err := keys.JoinSessionKeyring(l.getSessionRingName()); err != nil {
-			return err
-		}
-	}
-	if l.config.CreateConsole {
-		if err := setupConsole(l.consoleSocket, l.config, false); err != nil {
-			return err
-		}
-		if err := system.Setctty(); err != nil {
-			return err
-		}
-	}
-	if l.config.NoNewPrivileges {
-		if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
-			return err
-		}
-	}
-	// Without NoNewPrivileges seccomp is a privileged operation, so we need to
-	// do this before dropping capabilities; otherwise do it as late as possible
-	// just before execve so as few syscalls take place after it as possible.
-	if l.config.Config.Seccomp != nil && !l.config.NoNewPrivileges {
-		if err := seccomp.InitSeccomp(l.config.Config.Seccomp); err != nil {
-			return err
-		}
-	}
-	if err := finalizeNamespace(l.config); err != nil {
-		return err
-	}
-	if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil {
-		return err
-	}
-	if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil {
-		return err
-	}
-	// Set seccomp as close to execve as possible, so as few syscalls take
-	// place afterward (reducing the amount of syscalls that users need to
-	// enable in their seccomp profiles).
-	if l.config.Config.Seccomp != nil && l.config.NoNewPrivileges {
-		if err := seccomp.InitSeccomp(l.config.Config.Seccomp); err != nil {
-			return newSystemErrorWithCause(err, "init seccomp")
-		}
-	}
-	return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ())
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/stacktrace/capture.go

@@ -1,27 +0,0 @@
-package stacktrace
-
-import "runtime"
-
-// Capture captures a stacktrace for the current calling go program
-//
-// skip is the number of frames to skip
-func Capture(userSkip int) Stacktrace {
-	var (
-		skip   = userSkip + 1 // add one for our own function
-		frames []Frame
-		prevPc uintptr
-	)
-	for i := skip; ; i++ {
-		pc, file, line, ok := runtime.Caller(i)
-		//detect if caller is repeated to avoid loop, gccgo
-		//currently runs  into a loop without this check
-		if !ok || pc == prevPc {
-			break
-		}
-		frames = append(frames, NewFrame(pc, file, line))
-		prevPc = pc
-	}
-	return Stacktrace{
-		Frames: frames,
-	}
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/stacktrace/frame.go

@@ -1,38 +0,0 @@
-package stacktrace
-
-import (
-	"path/filepath"
-	"runtime"
-	"strings"
-)
-
-// NewFrame returns a new stack frame for the provided information
-func NewFrame(pc uintptr, file string, line int) Frame {
-	fn := runtime.FuncForPC(pc)
-	if fn == nil {
-		return Frame{}
-	}
-	pack, name := parseFunctionName(fn.Name())
-	return Frame{
-		Line:     line,
-		File:     filepath.Base(file),
-		Package:  pack,
-		Function: name,
-	}
-}
-
-func parseFunctionName(name string) (string, string) {
-	i := strings.LastIndex(name, ".")
-	if i == -1 {
-		return "", name
-	}
-	return name[:i], name[i+1:]
-}
-
-// Frame contains all the information for a stack frame within a go program
-type Frame struct {
-	File     string
-	Function string
-	Package  string
-	Line     int
-}

libnetwork/vendor/github.com/opencontainers/runc/libcontainer/stacktrace/stacktrace.go

@@ -1,5 +0,0 @@
-package stacktrace
-
-type Stacktrace struct {
-	Frames []Frame
-}