From d864a1462037a2746b7633fb0212218d017a5532 Mon Sep 17 00:00:00 2001 From: Christy Perez Date: Tue, 24 May 2016 16:39:52 -0400 Subject: [PATCH] Bump the seccomp versions to pull in fixes and new commits enabling s390 and ppc64le function Signed-off-by: Christy Perez --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- Dockerfile.armhf | 2 +- Dockerfile.gccgo | 2 +- Dockerfile.ppc64le | 2 +- Dockerfile.s390x | 2 +- Dockerfile.simple | 2 +- hack/vendor.sh | 2 +- .../seccomp/libseccomp-golang/seccomp.go | 34 +++++++++++++++++-- .../libseccomp-golang/seccomp_internal.go | 2 +- 10 files changed, 41 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3be6e0a0b6..01fbea1bae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -109,7 +109,7 @@ RUN set -x \ ENV PATH /osxcross/target/bin:$PATH # install seccomp: the version shipped in trusty is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 9f122def23..74d4fe26b0 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -78,7 +78,7 @@ RUN cd /usr/local/lvm2 \ # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL # install seccomp: the version shipped in trusty is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 6dc893ee84..6986797c34 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -94,7 +94,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint && go install -v github.com/golang/lint/golint # install seccomp: the version shipped in trusty is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/Dockerfile.gccgo b/Dockerfile.gccgo index f4ab4c1360..458fd420d4 100644 --- a/Dockerfile.gccgo +++ b/Dockerfile.gccgo @@ -43,7 +43,7 @@ RUN cd /usr/local/lvm2 \ # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL # install seccomp: the version shipped in jessie is too old -ENV SECCOMP_VERSION v2.3.0 +ENV SECCOMP_VERSION v2.3.1 RUN set -x \ && export SECCOMP_PATH=$(mktemp -d) \ && git clone https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \ diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 8ea5d22b74..6240bb9509 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -72,7 +72,7 @@ RUN cd /usr/local/lvm2 \ # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL # install seccomp: the version shipped in jessie is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index bb7ec8b870..92c923bab0 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -49,7 +49,7 @@ RUN apt-get update && apt-get install -y \ --no-install-recommends # install seccomp: the version shipped in jessie is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/Dockerfile.simple b/Dockerfile.simple index d31a527447..61f6a1b5f2 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -31,7 +31,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && rm -rf /var/lib/apt/lists/* # install seccomp: the version shipped in trusty is too old -ENV SECCOMP_VERSION 2.3.0 +ENV SECCOMP_VERSION 2.3.1 RUN set -x \ && export SECCOMP_PATH="$(mktemp -d)" \ && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \ diff --git a/hack/vendor.sh b/hack/vendor.sh index a5cd27da87..227e8fb935 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -104,7 +104,7 @@ clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c clone git github.com/opencontainers/runc d49ece5a83da3dcb820121d6850e2b61bd0a5fbe # libcontainer clone git github.com/opencontainers/specs f955d90e70a98ddfb886bd930ffd076da9b67998 # specs -clone git github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 +clone git github.com/seccomp/libseccomp-golang 60c9953736798c4a04e90d0f3da2f933d44fd4c4 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) clone git github.com/coreos/go-systemd v4 clone git github.com/godbus/dbus v4.0.0 diff --git a/vendor/src/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/src/github.com/seccomp/libseccomp-golang/seccomp.go index cebafdfae8..b2c010fc38 100644 --- a/vendor/src/github.com/seccomp/libseccomp-golang/seccomp.go +++ b/vendor/src/github.com/seccomp/libseccomp-golang/seccomp.go @@ -3,7 +3,7 @@ // Public API specification for libseccomp Go bindings // Contains public API for the bindings -// Package seccomp rovides bindings for libseccomp, a library wrapping the Linux +// Package seccomp provides bindings for libseccomp, a library wrapping the Linux // seccomp syscall. Seccomp enables an application to restrict system call use // for itself and its children. package seccomp @@ -20,7 +20,7 @@ import ( // C wrapping code -// #cgo LDFLAGS: -lseccomp +// #cgo pkg-config: libseccomp // #include // #include import "C" @@ -85,6 +85,16 @@ const ( // ArchMIPSEL64N32 represents 64-bit MIPS syscalls (little endian, // 32-bit pointers) ArchMIPSEL64N32 ScmpArch = iota + // ArchPPC represents 32-bit POWERPC syscalls + ArchPPC ScmpArch = iota + // ArchPPC64 represents 64-bit POWER syscalls (big endian) + ArchPPC64 ScmpArch = iota + // ArchPPC64LE represents 64-bit POWER syscalls (little endian) + ArchPPC64LE ScmpArch = iota + // ArchS390 represents 31-bit System z/390 syscalls + ArchS390 ScmpArch = iota + // ArchS390X represents 64-bit System z/390 syscalls + ArchS390X ScmpArch = iota ) const ( @@ -164,6 +174,16 @@ func GetArchFromString(arch string) (ScmpArch, error) { return ArchMIPSEL64, nil case "mipsel64n32": return ArchMIPSEL64N32, nil + case "ppc": + return ArchPPC, nil + case "ppc64": + return ArchPPC64, nil + case "ppc64le": + return ArchPPC64LE, nil + case "s390": + return ArchS390, nil + case "s390x": + return ArchS390X, nil default: return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %s", arch) } @@ -194,6 +214,16 @@ func (a ScmpArch) String() string { return "mipsel64" case ArchMIPSEL64N32: return "mipsel64n32" + case ArchPPC: + return "ppc" + case ArchPPC64: + return "ppc64" + case ArchPPC64LE: + return "ppc64le" + case ArchS390: + return "s390" + case ArchS390X: + return "s390x" case ArchNative: return "native" case ArchInvalid: diff --git a/vendor/src/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/src/github.com/seccomp/libseccomp-golang/seccomp_internal.go index 306ed17570..04095f6648 100644 --- a/vendor/src/github.com/seccomp/libseccomp-golang/seccomp_internal.go +++ b/vendor/src/github.com/seccomp/libseccomp-golang/seccomp_internal.go @@ -15,7 +15,7 @@ import ( // Get the seccomp header in scope // Need stdlib.h for free() on cstrings -// #cgo LDFLAGS: -lseccomp +// #cgo pkg-config: libseccomp /* #include #include