forked from pool/docker
Accepting request 347470 from home:michel_mno:branches:Virtualization:containers
- remove 2 patches and add 5 others after 1.9.1 upgrade
Removed:
docker_missing_ppc64le_netlink_linux_files.patch
docker_rename_jump_amd64_as_jump_linux.patch
Added:
add_bolt_ppc64.patch
add_bolt_arm64.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
OBS-URL: https://build.opensuse.org/request/show/347470
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=47
This commit is contained in:
Jordi Massaguer
Git OBS Bridge
parent
c22c6eb66c
commit
b348880837
20
add_bolt_arm64.patch
Normal file
20
add_bolt_arm64.patch
Normal file
@ -0,0 +1,20 @@
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Subject: add bolt arm64
|
||||
Date: Fri, 04 Dec 2015 17:07:22 +0100
|
||||
|
||||
add bolt arm64
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
|
||||
@@ -0,0 +1,4 @@
|
||||
+package bolt
|
||||
+
|
||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
||||
23
add_bolt_ppc64.patch
Normal file
23
add_bolt_ppc64.patch
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++
|
||||
vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
|
||||
@@ -0,0 +1,4 @@
|
||||
+package bolt
|
||||
+
|
||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
||||
Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
|
||||
@@ -0,0 +1,4 @@
|
||||
+package bolt
|
||||
+
|
||||
+// maxMapSize represents the largest mmap size supported by Bolt.
|
||||
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
|
||||
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 4 16:08:22 UTC 2015 - normand@linux.vnet.ibm.com
|
||||
|
||||
- remove 2 patches and add 5 others after 1.9.1 upgrade
|
||||
Removed:
|
||||
docker_missing_ppc64le_netlink_linux_files.patch
|
||||
docker_rename_jump_amd64_as_jump_linux.patch
|
||||
Added:
|
||||
add_bolt_ppc64.patch
|
||||
add_bolt_arm64.patch
|
||||
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||||
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||||
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com
|
||||
|
||||
|
||||
10
docker.spec
10
docker.spec
@ -49,8 +49,11 @@ Patch1: libcontainer-apparmor-fixes.patch
|
||||
# to simply disable this check
|
||||
Patch100: ignore-dockerinit-checksum.patch
|
||||
Patch101: gcc-go-build-static-libgo.patch
|
||||
Patch102: docker_rename_jump_amd64_as_jump_linux.patch
|
||||
Patch103: docker_missing_ppc64le_netlink_linux_files.patch
|
||||
Patch102: add_bolt_ppc64.patch
|
||||
Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||||
Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||||
Patch105: add_bolt_arm64.patch
|
||||
Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: device-mapper-devel >= 1.2.68
|
||||
BuildRequires: glibc-devel-static
|
||||
@ -147,6 +150,9 @@ Test package for docker. It contains the source code and the tests.
|
||||
%patch101 -p0
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
%patch106 -p1
|
||||
%endif
|
||||
cp %{SOURCE7} .
|
||||
|
||||
|
||||
@ -1,61 +0,0 @@
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Subject: docker missing ppc64le netlink linux files
|
||||
Date: Mon, 26 Oct 2015 15:00:07 +0100
|
||||
|
||||
docker missing ppc64le netlink linux files
|
||||
patch to avoid build error like:
|
||||
===
|
||||
[ 29s] # github.com/opencontainers/runc/libcontainer/netlink
|
||||
[ 29s] vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go:1260:26: error: incompatible types in assignment (cannot use type int8 as type uint8)
|
||||
[ 29s] ifr.IfruHwaddr.Data[i] = ifrDataByte(hw[i])
|
||||
[ 29s] ^
|
||||
===
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +-
|
||||
vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +-
|
||||
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go | 2 +-
|
||||
vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
||||
===================================================================
|
||||
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
||||
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build arm ppc64
|
||||
+// +build arm ppc64 ppc64le
|
||||
|
||||
package netlink
|
||||
|
||||
Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
||||
===================================================================
|
||||
--- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
||||
+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build !arm,!ppc64
|
||||
+// +build !arm,!ppc64,!ppc64le
|
||||
|
||||
package netlink
|
||||
|
||||
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
||||
===================================================================
|
||||
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
||||
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build arm ppc64
|
||||
+// +build arm ppc64 ppc64le
|
||||
|
||||
package bridge
|
||||
|
||||
Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
||||
===================================================================
|
||||
--- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
||||
+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build !arm,!ppc64
|
||||
+// +build !arm,!ppc64,!ppc64le
|
||||
|
||||
package bridge
|
||||
|
||||
53
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
Normal file
53
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Scherer <scherer_stefan@icloud.com>
|
||||
Date: Thu, 19 Nov 2015 17:09:20 +0100
|
||||
Subject: [PATCH] prevent journald from being built on ARM
|
||||
|
||||
Signed-off-by: Govinda Fichtner <govinda.fichtner@googlemail.com>
|
||||
|
||||
---
|
||||
daemon/logger/journald/journald.go | 2 +-
|
||||
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||
daemon/logger/journald/read.go | 2 +-
|
||||
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux
|
||||
+// +build linux,!arm
|
||||
|
||||
// Package journald provides the log driver for forwarding server logs
|
||||
// to endpoints that receive the systemd format.
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
@@ -1,3 +1,3 @@
|
||||
-// +build !linux
|
||||
+// +build !linux linux,arm
|
||||
|
||||
package journald
|
||||
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux,cgo,!static_build,journald
|
||||
+// +build linux,cgo,!static_build,journald,!arm
|
||||
|
||||
package journald
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build !linux !cgo static_build !journald
|
||||
+// +build !linux !cgo static_build !journald linux,arm
|
||||
|
||||
package journald
|
||||
|
||||
53
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
Normal file
53
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Subject: docker remove journald to fix dynbinary build on arm64
|
||||
Date: Fri, 04 Dec 2015 17:07:12 +0100
|
||||
|
||||
docker remove journald to fix dynbinary build on arm64
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
daemon/logger/journald/journald.go | 2 +-
|
||||
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||
daemon/logger/journald/read.go | 2 +-
|
||||
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux,!arm linux,!ppc64 linux,!ppc64le
|
||||
+// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le
|
||||
|
||||
// Package journald provides the log driver for forwarding server logs
|
||||
// to endpoints that receive the systemd format.
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
@@ -1,3 +1,3 @@
|
||||
-// +build !linux linux,arm linux,ppc64 linux,ppc64le
|
||||
+// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le
|
||||
|
||||
package journald
|
||||
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
|
||||
+// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le
|
||||
|
||||
package journald
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
|
||||
+// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le
|
||||
|
||||
package journald
|
||||
|
||||
@ -0,0 +1,53 @@
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Subject: docker remove journald to fix dynbinary build on powerpc
|
||||
Date: Fri, 04 Dec 2015 14:45:43 +0100
|
||||
|
||||
docker remove journald to fix dynbinary build on powerpc
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
daemon/logger/journald/journald.go | 2 +-
|
||||
daemon/logger/journald/journald_unsupported.go | 2 +-
|
||||
daemon/logger/journald/read.go | 2 +-
|
||||
daemon/logger/journald/read_unsupported.go | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux,!arm
|
||||
+// +build linux,!arm linux,!ppc64 linux,!ppc64le
|
||||
|
||||
// Package journald provides the log driver for forwarding server logs
|
||||
// to endpoints that receive the systemd format.
|
||||
Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
|
||||
@@ -1,3 +1,3 @@
|
||||
-// +build !linux linux,arm
|
||||
+// +build !linux linux,arm linux,ppc64 linux,ppc64le
|
||||
|
||||
package journald
|
||||
Index: docker-1.9.1/daemon/logger/journald/read.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build linux,cgo,!static_build,journald,!arm
|
||||
+// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
|
||||
|
||||
package journald
|
||||
|
||||
Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
===================================================================
|
||||
--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
|
||||
+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
|
||||
@@ -1,4 +1,4 @@
|
||||
-// +build !linux !cgo static_build !journald linux,arm
|
||||
+// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
|
||||
|
||||
package journald
|
||||
|
||||
@ -1,157 +0,0 @@
|
||||
From: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
Subject: docker rename jump amd64 as jump linux
|
||||
Date: Fri, 21 Aug 2015 10:42:37 +0200
|
||||
|
||||
docker rename jump amd64 as jump linux
|
||||
based on https://github.com/docker/docker/issues/14056#issuecomment-113680944
|
||||
|
||||
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
|
||||
---
|
||||
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go | 68 ----------
|
||||
vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go | 66 +++++++++
|
||||
2 files changed, 66 insertions(+), 68 deletions(-)
|
||||
|
||||
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
|
||||
===================================================================
|
||||
--- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
|
||||
+++ /dev/null
|
||||
@@ -1,68 +0,0 @@
|
||||
-// +build linux,amd64
|
||||
-
|
||||
-package seccomp
|
||||
-
|
||||
-// Using BPF filters
|
||||
-//
|
||||
-// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
|
||||
-import "syscall"
|
||||
-
|
||||
-func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
|
||||
- lo := uint32(uint64(v) % 0x100000000)
|
||||
- hi := uint32(uint64(v) / 0x100000000)
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
- *f = append(*f, jt)
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
-}
|
||||
-
|
||||
-func jumpEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
- lo := uint32(uint64(v) % 0x100000000)
|
||||
- hi := uint32(uint64(v) / 0x100000000)
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
- *f = append(*f, jt)
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
-}
|
||||
-
|
||||
-func jumpLessThan(f *filter, v uint, jt sockFilter) {
|
||||
- lo := uint32(uint64(v) % 0x100000000)
|
||||
- hi := uint32(uint64(v) / 0x100000000)
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
- *f = append(*f, jt)
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
-}
|
||||
-
|
||||
-func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
- lo := uint32(uint64(v) % 0x100000000)
|
||||
- hi := uint32(uint64(v) / 0x100000000)
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
- *f = append(*f, jt)
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
-}
|
||||
-
|
||||
-// this checks for a value inside a mask. The evalusation is equal to doing
|
||||
-// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
|
||||
-func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
- lo := uint32(uint64(v) % 0x100000000)
|
||||
- hi := uint32(uint64(v) / 0x100000000)
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
|
||||
- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
- *f = append(*f, jt)
|
||||
- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
-}
|
||||
Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
|
||||
@@ -0,0 +1,66 @@
|
||||
+package seccomp
|
||||
+
|
||||
+// Using BPF filters
|
||||
+//
|
||||
+// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
|
||||
+import "syscall"
|
||||
+
|
||||
+func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
|
||||
+ lo := uint32(uint64(v) % 0x100000000)
|
||||
+ hi := uint32(uint64(v) / 0x100000000)
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+ *f = append(*f, jt)
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+}
|
||||
+
|
||||
+func jumpEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
+ lo := uint32(uint64(v) % 0x100000000)
|
||||
+ hi := uint32(uint64(v) / 0x100000000)
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+ *f = append(*f, jt)
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+}
|
||||
+
|
||||
+func jumpLessThan(f *filter, v uint, jt sockFilter) {
|
||||
+ lo := uint32(uint64(v) % 0x100000000)
|
||||
+ hi := uint32(uint64(v) / 0x100000000)
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+ *f = append(*f, jt)
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+}
|
||||
+
|
||||
+func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
+ lo := uint32(uint64(v) % 0x100000000)
|
||||
+ hi := uint32(uint64(v) / 0x100000000)
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+ *f = append(*f, jt)
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+}
|
||||
+
|
||||
+// this checks for a value inside a mask. The evalusation is equal to doing
|
||||
+// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
|
||||
+func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
|
||||
+ lo := uint32(uint64(v) % 0x100000000)
|
||||
+ hi := uint32(uint64(v) / 0x100000000)
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
|
||||
+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+ *f = append(*f, jt)
|
||||
+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
|
||||
+}
|
||||
Loading…
Reference in New Issue
Block a user