Accepting request 347470 from home:michel_mno:branches:Virtualization:containers
- remove 2 patches and add 5 others after 1.9.1 upgrade Removed: docker_missing_ppc64le_netlink_linux_files.patch docker_rename_jump_amd64_as_jump_linux.patch Added: add_bolt_ppc64.patch add_bolt_arm64.patch docker_remove_journald_to_fix_dynbinary_build_on_arm.patch docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch OBS-URL: https://build.opensuse.org/request/show/347470 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=47
This commit is contained in:
parent
c22c6eb66c
commit
b348880837
20
add_bolt_arm64.patch
Normal file
20
add_bolt_arm64.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
Subject: add bolt arm64
|
||||||
|
Date: Fri, 04 Dec 2015 17:07:22 +0100
|
||||||
|
|
||||||
|
add bolt arm64
|
||||||
|
|
||||||
|
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
---
|
||||||
|
vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
||||||
|
@@ -0,0 +1,4 @@
|
||||||
|
+package bolt
|
||||||
|
+
|
||||||
|
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||||
|
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
23
add_bolt_ppc64.patch
Normal file
23
add_bolt_ppc64.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++
|
||||||
|
vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++
|
||||||
|
2 files changed, 8 insertions(+)
|
||||||
|
|
||||||
|
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
||||||
|
@@ -0,0 +1,4 @@
|
||||||
|
+package bolt
|
||||||
|
+
|
||||||
|
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||||
|
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
||||||
|
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
||||||
|
@@ -0,0 +1,4 @@
|
||||||
|
+package bolt
|
||||||
|
+
|
||||||
|
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||||
|
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 4 16:08:22 UTC 2015 - normand@linux.vnet.ibm.com
|
||||||
|
|
||||||
|
- remove 2 patches and add 5 others after 1.9.1 upgrade
|
||||||
|
Removed:
|
||||||
|
docker_missing_ppc64le_netlink_linux_files.patch
|
||||||
|
docker_rename_jump_amd64_as_jump_linux.patch
|
||||||
|
Added:
|
||||||
|
add_bolt_ppc64.patch
|
||||||
|
add_bolt_arm64.patch
|
||||||
|
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||||||
|
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||||||
|
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com
|
Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com
|
||||||
|
|
||||||
|
10
docker.spec
10
docker.spec
@ -49,8 +49,11 @@ Patch1: libcontainer-apparmor-fixes.patch
|
|||||||
# to simply disable this check
|
# to simply disable this check
|
||||||
Patch100: ignore-dockerinit-checksum.patch
|
Patch100: ignore-dockerinit-checksum.patch
|
||||||
Patch101: gcc-go-build-static-libgo.patch
|
Patch101: gcc-go-build-static-libgo.patch
|
||||||
Patch102: docker_rename_jump_amd64_as_jump_linux.patch
|
Patch102: add_bolt_ppc64.patch
|
||||||
Patch103: docker_missing_ppc64le_netlink_linux_files.patch
|
Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||||||
|
Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||||||
|
Patch105: add_bolt_arm64.patch
|
||||||
|
Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: device-mapper-devel >= 1.2.68
|
BuildRequires: device-mapper-devel >= 1.2.68
|
||||||
BuildRequires: glibc-devel-static
|
BuildRequires: glibc-devel-static
|
||||||
@ -147,6 +150,9 @@ Test package for docker. It contains the source code and the tests.
|
|||||||
%patch101 -p0
|
%patch101 -p0
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
%patch103 -p1
|
%patch103 -p1
|
||||||
|
%patch104 -p1
|
||||||
|
%patch105 -p1
|
||||||
|
%patch106 -p1
|
||||||
%endif
|
%endif
|
||||||
cp %{SOURCE7} .
|
cp %{SOURCE7} .
|
||||||
|
|
||||||
|
@ -1,61 +0,0 @@
|
|||||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
Subject: docker missing ppc64le netlink linux files
|
|
||||||
Date: Mon, 26 Oct 2015 15:00:07 +0100
|
|
||||||
|
|
||||||
docker missing ppc64le netlink linux files
|
|
||||||
patch to avoid build error like:
|
|
||||||
===
|
|
||||||
[ 29s] # github.com/opencontainers/runc/libcontainer/netlink
|
|
||||||
[ 29s] vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go:1260:26: error: incompatible types in assignment (cannot use type int8 as type uint8)
|
|
||||||
[ 29s] ifr.IfruHwaddr.Data[i] = ifrDataByte(hw[i])
|
|
||||||
[ 29s] ^
|
|
||||||
===
|
|
||||||
|
|
||||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
---
|
|
||||||
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +-
|
|
||||||
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +-
|
|
||||||
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go | 2 +-
|
|
||||||
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go | 2 +-
|
|
||||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
|
||||||
===================================================================
|
|
||||||
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
|
||||||
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-// +build arm ppc64
|
|
||||||
+// +build arm ppc64 ppc64le
|
|
||||||
|
|
||||||
package netlink
|
|
||||||
|
|
||||||
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
|
||||||
===================================================================
|
|
||||||
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
|
||||||
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-// +build !arm,!ppc64
|
|
||||||
+// +build !arm,!ppc64,!ppc64le
|
|
||||||
|
|
||||||
package netlink
|
|
||||||
|
|
||||||
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
|
||||||
===================================================================
|
|
||||||
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
|
||||||
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-// +build arm ppc64
|
|
||||||
+// +build arm ppc64 ppc64le
|
|
||||||
|
|
||||||
package bridge
|
|
||||||
|
|
||||||
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
|
||||||
===================================================================
|
|
||||||
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
|
||||||
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-// +build !arm,!ppc64
|
|
||||||
+// +build !arm,!ppc64,!ppc64le
|
|
||||||
|
|
||||||
package bridge
|
|
||||||
|
|
53
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
Normal file
53
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Scherer <scherer_stefan@icloud.com>
|
||||||
|
Date: Thu, 19 Nov 2015 17:09:20 +0100
|
||||||
|
Subject: [PATCH] prevent journald from being built on ARM
|
||||||
|
|
||||||
|
Signed-off-by: Govinda Fichtner <govinda.fichtner@googlemail.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
daemon/logger/journald/journald.go | 2 +-
|
||||||
|
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||||
|
daemon/logger/journald/read.go | 2 +-
|
||||||
|
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||||
|
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux
|
||||||
|
+// +build linux,!arm
|
||||||
|
|
||||||
|
// Package journald provides the log driver for forwarding server logs
|
||||||
|
// to endpoints that receive the systemd format.
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
@@ -1,3 +1,3 @@
|
||||||
|
-// +build !linux
|
||||||
|
+// +build !linux linux,arm
|
||||||
|
|
||||||
|
package journald
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,cgo,!static_build,journald
|
||||||
|
+// +build linux,cgo,!static_build,journald,!arm
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build !linux !cgo static_build !journald
|
||||||
|
+// +build !linux !cgo static_build !journald linux,arm
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
53
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
Normal file
53
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
Subject: docker remove journald to fix dynbinary build on arm64
|
||||||
|
Date: Fri, 04 Dec 2015 17:07:12 +0100
|
||||||
|
|
||||||
|
docker remove journald to fix dynbinary build on arm64
|
||||||
|
|
||||||
|
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
---
|
||||||
|
daemon/logger/journald/journald.go | 2 +-
|
||||||
|
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||||
|
daemon/logger/journald/read.go | 2 +-
|
||||||
|
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||||
|
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,!arm linux,!ppc64 linux,!ppc64le
|
||||||
|
+// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le
|
||||||
|
|
||||||
|
// Package journald provides the log driver for forwarding server logs
|
||||||
|
// to endpoints that receive the systemd format.
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
@@ -1,3 +1,3 @@
|
||||||
|
-// +build !linux linux,arm linux,ppc64 linux,ppc64le
|
||||||
|
+// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
|
||||||
|
+// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
|
||||||
|
+// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
Subject: docker remove journald to fix dynbinary build on powerpc
|
||||||
|
Date: Fri, 04 Dec 2015 14:45:43 +0100
|
||||||
|
|
||||||
|
docker remove journald to fix dynbinary build on powerpc
|
||||||
|
|
||||||
|
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
---
|
||||||
|
daemon/logger/journald/journald.go | 2 +-
|
||||||
|
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||||
|
daemon/logger/journald/read.go | 2 +-
|
||||||
|
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||||
|
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,!arm
|
||||||
|
+// +build linux,!arm linux,!ppc64 linux,!ppc64le
|
||||||
|
|
||||||
|
// Package journald provides the log driver for forwarding server logs
|
||||||
|
// to endpoints that receive the systemd format.
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||||
|
@@ -1,3 +1,3 @@
|
||||||
|
-// +build !linux linux,arm
|
||||||
|
+// +build !linux linux,arm linux,ppc64 linux,ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build linux,cgo,!static_build,journald,!arm
|
||||||
|
+// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
||||||
|
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
===================================================================
|
||||||
|
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||||
|
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-// +build !linux !cgo static_build !journald linux,arm
|
||||||
|
+// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
|
||||||
|
|
||||||
|
package journald
|
||||||
|
|
@ -1,157 +0,0 @@
|
|||||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
Subject: docker rename jump amd64 as jump linux
|
|
||||||
Date: Fri, 21 Aug 2015 10:42:37 +0200
|
|
||||||
|
|
||||||
docker rename jump amd64 as jump linux
|
|
||||||
based on https://github.com/docker/docker/issues/14056#issuecomment-113680944
|
|
||||||
|
|
||||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
|
||||||
---
|
|
||||||
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go | 68 ----------
|
|
||||||
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go | 66 +++++++++
|
|
||||||
2 files changed, 66 insertions(+), 68 deletions(-)
|
|
||||||
|
|
||||||
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
|
|
||||||
===================================================================
|
|
||||||
--- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,68 +0,0 @@
|
|
||||||
-// +build linux,amd64
|
|
||||||
-
|
|
||||||
-package seccomp
|
|
||||||
-
|
|
||||||
-// Using BPF filters
|
|
||||||
-//
|
|
||||||
-// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
|
|
||||||
-import "syscall"
|
|
||||||
-
|
|
||||||
-func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
|
|
||||||
- lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
- hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
- *f = append(*f, jt)
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-func jumpEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
- lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
- hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
- *f = append(*f, jt)
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-func jumpLessThan(f *filter, v uint, jt sockFilter) {
|
|
||||||
- lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
- hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
- *f = append(*f, jt)
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
- lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
- hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
- *f = append(*f, jt)
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-// this checks for a value inside a mask. The evalusation is equal to doing
|
|
||||||
-// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
|
|
||||||
-func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
- lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
- hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
|
|
||||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
- *f = append(*f, jt)
|
|
||||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
-}
|
|
||||||
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
|
|
||||||
@@ -0,0 +1,66 @@
|
|
||||||
+package seccomp
|
|
||||||
+
|
|
||||||
+// Using BPF filters
|
|
||||||
+//
|
|
||||||
+// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
|
|
||||||
+import "syscall"
|
|
||||||
+
|
|
||||||
+func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
|
|
||||||
+ lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
+ hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+ *f = append(*f, jt)
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+func jumpEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
+ lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
+ hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+ *f = append(*f, jt)
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+func jumpLessThan(f *filter, v uint, jt sockFilter) {
|
|
||||||
+ lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
+ hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+ *f = append(*f, jt)
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
+ lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
+ hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+ *f = append(*f, jt)
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+// this checks for a value inside a mask. The evalusation is equal to doing
|
|
||||||
+// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
|
|
||||||
+func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
|
|
||||||
+ lo := uint32(uint64(v) % 0x100000000)
|
|
||||||
+ hi := uint32(uint64(v) / 0x100000000)
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
|
|
||||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+ *f = append(*f, jt)
|
|
||||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
|
||||||
+}
|
|
Loading…
Reference in New Issue
Block a user