Accepting request 347470 from home:michel_mno:branches:Virtualization:containers

-  remove 2 patches and add 5 others after 1.9.1 upgrade
   Removed:
    docker_missing_ppc64le_netlink_linux_files.patch
    docker_rename_jump_amd64_as_jump_linux.patch
   Added:
    add_bolt_ppc64.patch
    add_bolt_arm64.patch
    docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
    docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
    docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch

OBS-URL: https://build.opensuse.org/request/show/347470
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=47
This commit is contained in:
Jordi Massaguer 2015-12-07 08:58:45 +00:00 committed by Git OBS Bridge
parent c22c6eb66c
commit b348880837
9 changed files with 224 additions and 220 deletions

20
add_bolt_arm64.patch Normal file
View File

@ -0,0 +1,20 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: add bolt arm64
Date: Fri, 04 Dec 2015 17:07:22 +0100
add bolt arm64
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++
1 file changed, 4 insertions(+)
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
===================================================================
--- /dev/null
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
@@ -0,0 +1,4 @@
+package bolt
+
+// maxMapSize represents the largest mmap size supported by Bolt.
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB

23
add_bolt_ppc64.patch Normal file
View File

@ -0,0 +1,23 @@
---
vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++
vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++
2 files changed, 8 insertions(+)
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
===================================================================
--- /dev/null
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
@@ -0,0 +1,4 @@
+package bolt
+
+// maxMapSize represents the largest mmap size supported by Bolt.
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
===================================================================
--- /dev/null
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
@@ -0,0 +1,4 @@
+package bolt
+
+// maxMapSize represents the largest mmap size supported by Bolt.
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Fri Dec 4 16:08:22 UTC 2015 - normand@linux.vnet.ibm.com
- remove 2 patches and add 5 others after 1.9.1 upgrade
Removed:
docker_missing_ppc64le_netlink_linux_files.patch
docker_rename_jump_amd64_as_jump_linux.patch
Added:
add_bolt_ppc64.patch
add_bolt_arm64.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
-------------------------------------------------------------------
Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com

View File

@ -49,8 +49,11 @@ Patch1: libcontainer-apparmor-fixes.patch
# to simply disable this check
Patch100: ignore-dockerinit-checksum.patch
Patch101: gcc-go-build-static-libgo.patch
Patch102: docker_rename_jump_amd64_as_jump_linux.patch
Patch103: docker_missing_ppc64le_netlink_linux_files.patch
Patch102: add_bolt_ppc64.patch
Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
Patch105: add_bolt_arm64.patch
Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
BuildRequires: bash-completion
BuildRequires: device-mapper-devel >= 1.2.68
BuildRequires: glibc-devel-static
@ -147,6 +150,9 @@ Test package for docker. It contains the source code and the tests.
%patch101 -p0
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%endif
cp %{SOURCE7} .

View File

@ -1,61 +0,0 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: docker missing ppc64le netlink linux files
Date: Mon, 26 Oct 2015 15:00:07 +0100
docker missing ppc64le netlink linux files
patch to avoid build error like:
===
[ 29s] # github.com/opencontainers/runc/libcontainer/netlink
[ 29s] vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go:1260:26: error: incompatible types in assignment (cannot use type int8 as type uint8)
[ 29s] ifr.IfruHwaddr.Data[i] = ifrDataByte(hw[i])
[ 29s] ^
===
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +-
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +-
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go | 2 +-
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
===================================================================
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
@@ -1,4 +1,4 @@
-// +build arm ppc64
+// +build arm ppc64 ppc64le
package netlink
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
===================================================================
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
@@ -1,4 +1,4 @@
-// +build !arm,!ppc64
+// +build !arm,!ppc64,!ppc64le
package netlink
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
===================================================================
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
@@ -1,4 +1,4 @@
-// +build arm ppc64
+// +build arm ppc64 ppc64le
package bridge
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
===================================================================
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
@@ -1,4 +1,4 @@
-// +build !arm,!ppc64
+// +build !arm,!ppc64,!ppc64le
package bridge

View File

@ -0,0 +1,53 @@
From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001
From: Stefan Scherer <scherer_stefan@icloud.com>
Date: Thu, 19 Nov 2015 17:09:20 +0100
Subject: [PATCH] prevent journald from being built on ARM
Signed-off-by: Govinda Fichtner <govinda.fichtner@googlemail.com>
---
daemon/logger/journald/journald.go | 2 +-
daemon/logger/journald/journald_unsupported.go | 2 +-
daemon/logger/journald/read.go | 2 +-
daemon/logger/journald/read_unsupported.go | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
Index: docker-1.9.1/daemon/logger/journald/journald.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
+++ docker-1.9.1/daemon/logger/journald/journald.go
@@ -1,4 +1,4 @@
-// +build linux
+// +build linux,!arm
// Package journald provides the log driver for forwarding server logs
// to endpoints that receive the systemd format.
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
@@ -1,3 +1,3 @@
-// +build !linux
+// +build !linux linux,arm
package journald
Index: docker-1.9.1/daemon/logger/journald/read.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read.go
+++ docker-1.9.1/daemon/logger/journald/read.go
@@ -1,4 +1,4 @@
-// +build linux,cgo,!static_build,journald
+// +build linux,cgo,!static_build,journald,!arm
package journald
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !cgo static_build !journald
+// +build !linux !cgo static_build !journald linux,arm
package journald

View File

@ -0,0 +1,53 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: docker remove journald to fix dynbinary build on arm64
Date: Fri, 04 Dec 2015 17:07:12 +0100
docker remove journald to fix dynbinary build on arm64
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
daemon/logger/journald/journald.go | 2 +-
daemon/logger/journald/journald_unsupported.go | 2 +-
daemon/logger/journald/read.go | 2 +-
daemon/logger/journald/read_unsupported.go | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
Index: docker-1.9.1/daemon/logger/journald/journald.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
+++ docker-1.9.1/daemon/logger/journald/journald.go
@@ -1,4 +1,4 @@
-// +build linux,!arm linux,!ppc64 linux,!ppc64le
+// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le
// Package journald provides the log driver for forwarding server logs
// to endpoints that receive the systemd format.
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
@@ -1,3 +1,3 @@
-// +build !linux linux,arm linux,ppc64 linux,ppc64le
+// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le
package journald
Index: docker-1.9.1/daemon/logger/journald/read.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read.go
+++ docker-1.9.1/daemon/logger/journald/read.go
@@ -1,4 +1,4 @@
-// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
+// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le
package journald
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
+// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le
package journald

View File

@ -0,0 +1,53 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: docker remove journald to fix dynbinary build on powerpc
Date: Fri, 04 Dec 2015 14:45:43 +0100
docker remove journald to fix dynbinary build on powerpc
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
daemon/logger/journald/journald.go | 2 +-
daemon/logger/journald/journald_unsupported.go | 2 +-
daemon/logger/journald/read.go | 2 +-
daemon/logger/journald/read_unsupported.go | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
Index: docker-1.9.1/daemon/logger/journald/journald.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
+++ docker-1.9.1/daemon/logger/journald/journald.go
@@ -1,4 +1,4 @@
-// +build linux,!arm
+// +build linux,!arm linux,!ppc64 linux,!ppc64le
// Package journald provides the log driver for forwarding server logs
// to endpoints that receive the systemd format.
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
@@ -1,3 +1,3 @@
-// +build !linux linux,arm
+// +build !linux linux,arm linux,ppc64 linux,ppc64le
package journald
Index: docker-1.9.1/daemon/logger/journald/read.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read.go
+++ docker-1.9.1/daemon/logger/journald/read.go
@@ -1,4 +1,4 @@
-// +build linux,cgo,!static_build,journald,!arm
+// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
package journald
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
===================================================================
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux !cgo static_build !journald linux,arm
+// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
package journald

View File

@ -1,157 +0,0 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: docker rename jump amd64 as jump linux
Date: Fri, 21 Aug 2015 10:42:37 +0200
docker rename jump amd64 as jump linux
based on https://github.com/docker/docker/issues/14056#issuecomment-113680944
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go | 68 ----------
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go | 66 +++++++++
2 files changed, 66 insertions(+), 68 deletions(-)
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
===================================================================
--- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
+++ /dev/null
@@ -1,68 +0,0 @@
-// +build linux,amd64
-
-package seccomp
-
-// Using BPF filters
-//
-// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
-import "syscall"
-
-func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpLessThan(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
-
-// this checks for a value inside a mask. The evalusation is equal to doing
-// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
-func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
- lo := uint32(uint64(v) % 0x100000000)
- hi := uint32(uint64(v) / 0x100000000)
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
- *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
- *f = append(*f, jt)
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
-}
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
===================================================================
--- /dev/null
+++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
@@ -0,0 +1,66 @@
+package seccomp
+
+// Using BPF filters
+//
+// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
+import "syscall"
+
+func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpLessThan(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}
+
+// this checks for a value inside a mask. The evalusation is equal to doing
+// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
+func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
+ lo := uint32(uint64(v) % 0x100000000)
+ hi := uint32(uint64(v) / 0x100000000)
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+ *f = append(*f, jt)
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+}