From b3488808376f69ed6da10e81f5154b8c0a1b0f6f9a60d099601911e1db27f986 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Mon, 7 Dec 2015 08:58:45 +0000 Subject: [PATCH] Accepting request 347470 from home:michel_mno:branches:Virtualization:containers - remove 2 patches and add 5 others after 1.9.1 upgrade Removed: docker_missing_ppc64le_netlink_linux_files.patch docker_rename_jump_amd64_as_jump_linux.patch Added: add_bolt_ppc64.patch add_bolt_arm64.patch docker_remove_journald_to_fix_dynbinary_build_on_arm.patch docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch OBS-URL: https://build.opensuse.org/request/show/347470 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=47 --- add_bolt_arm64.patch | 20 +++ add_bolt_ppc64.patch | 23 +++ docker.changes | 14 ++ docker.spec | 10 +- ..._missing_ppc64le_netlink_linux_files.patch | 61 ------- ...urnald_to_fix_dynbinary_build_on_arm.patch | 53 ++++++ ...nald_to_fix_dynbinary_build_on_arm64.patch | 53 ++++++ ...ld_to_fix_dynbinary_build_on_powerpc.patch | 53 ++++++ docker_rename_jump_amd64_as_jump_linux.patch | 157 ------------------ 9 files changed, 224 insertions(+), 220 deletions(-) create mode 100644 add_bolt_arm64.patch create mode 100644 add_bolt_ppc64.patch delete mode 100644 docker_missing_ppc64le_netlink_linux_files.patch create mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_arm.patch create mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch create mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch delete mode 100644 docker_rename_jump_amd64_as_jump_linux.patch diff --git a/add_bolt_arm64.patch b/add_bolt_arm64.patch new file mode 100644 index 0000000..731efa3 --- /dev/null +++ b/add_bolt_arm64.patch @@ -0,0 +1,20 @@ +From: Michel Normand +Subject: add bolt arm64 +Date: Fri, 04 Dec 2015 17:07:22 +0100 + +add bolt arm64 + +Signed-off-by: Michel Normand +--- + vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go +=================================================================== +--- /dev/null ++++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go +@@ -0,0 +1,4 @@ ++package bolt ++ ++// maxMapSize represents the largest mmap size supported by Bolt. ++const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/add_bolt_ppc64.patch b/add_bolt_ppc64.patch new file mode 100644 index 0000000..3db9b71 --- /dev/null +++ b/add_bolt_ppc64.patch @@ -0,0 +1,23 @@ +--- + vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++ + vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++ + 2 files changed, 8 insertions(+) + +Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +=================================================================== +--- /dev/null ++++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +@@ -0,0 +1,4 @@ ++package bolt ++ ++// maxMapSize represents the largest mmap size supported by Bolt. ++const maxMapSize = 0xFFFFFFFFFFFF // 256TB +Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go +=================================================================== +--- /dev/null ++++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go +@@ -0,0 +1,4 @@ ++package bolt ++ ++// maxMapSize represents the largest mmap size supported by Bolt. ++const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/docker.changes b/docker.changes index 62441af..aaf7c69 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Dec 4 16:08:22 UTC 2015 - normand@linux.vnet.ibm.com + +- remove 2 patches and add 5 others after 1.9.1 upgrade + Removed: + docker_missing_ppc64le_netlink_linux_files.patch + docker_rename_jump_amd64_as_jump_linux.patch + Added: + add_bolt_ppc64.patch + add_bolt_arm64.patch + docker_remove_journald_to_fix_dynbinary_build_on_arm.patch + docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch + docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch + ------------------------------------------------------------------- Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com diff --git a/docker.spec b/docker.spec index db7b502..32f9576 100644 --- a/docker.spec +++ b/docker.spec @@ -49,8 +49,11 @@ Patch1: libcontainer-apparmor-fixes.patch # to simply disable this check Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-build-static-libgo.patch -Patch102: docker_rename_jump_amd64_as_jump_linux.patch -Patch103: docker_missing_ppc64le_netlink_linux_files.patch +Patch102: add_bolt_ppc64.patch +Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch +Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch +Patch105: add_bolt_arm64.patch +Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static @@ -147,6 +150,9 @@ Test package for docker. It contains the source code and the tests. %patch101 -p0 %patch102 -p1 %patch103 -p1 +%patch104 -p1 +%patch105 -p1 +%patch106 -p1 %endif cp %{SOURCE7} . diff --git a/docker_missing_ppc64le_netlink_linux_files.patch b/docker_missing_ppc64le_netlink_linux_files.patch deleted file mode 100644 index b2808fd..0000000 --- a/docker_missing_ppc64le_netlink_linux_files.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Michel Normand -Subject: docker missing ppc64le netlink linux files -Date: Mon, 26 Oct 2015 15:00:07 +0100 - -docker missing ppc64le netlink linux files -patch to avoid build error like: -=== -[ 29s] # github.com/opencontainers/runc/libcontainer/netlink -[ 29s] vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux.go:1260:26: error: incompatible types in assignment (cannot use type int8 as type uint8) -[ 29s] ifr.IfruHwaddr.Data[i] = ifrDataByte(hw[i]) -[ 29s] ^ -=== - -Signed-off-by: Michel Normand ---- - vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +- - vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +- - vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go | 2 +- - vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go -=================================================================== ---- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go -+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_armppc64.go -@@ -1,4 +1,4 @@ --// +build arm ppc64 -+// +build arm ppc64 ppc64le - - package netlink - -Index: docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go -=================================================================== ---- docker-1.8.3.orig/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go -+++ docker-1.8.3/vendor/src/github.com/opencontainers/runc/libcontainer/netlink/netlink_linux_notarm.go -@@ -1,4 +1,4 @@ --// +build !arm,!ppc64 -+// +build !arm,!ppc64,!ppc64le - - package netlink - -Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -=================================================================== ---- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -@@ -1,4 +1,4 @@ --// +build arm ppc64 -+// +build arm ppc64 ppc64le - - package bridge - -Index: docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -=================================================================== ---- docker-1.8.3.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -+++ docker-1.8.3/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -@@ -1,4 +1,4 @@ --// +build !arm,!ppc64 -+// +build !arm,!ppc64,!ppc64le - - package bridge - diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch new file mode 100644 index 0000000..94b4950 --- /dev/null +++ b/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch @@ -0,0 +1,53 @@ +From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001 +From: Stefan Scherer +Date: Thu, 19 Nov 2015 17:09:20 +0100 +Subject: [PATCH] prevent journald from being built on ARM + +Signed-off-by: Govinda Fichtner + +--- + daemon/logger/journald/journald.go | 2 +- + daemon/logger/journald/journald_unsupported.go | 2 +- + daemon/logger/journald/read.go | 2 +- + daemon/logger/journald/read_unsupported.go | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +Index: docker-1.9.1/daemon/logger/journald/journald.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald.go ++++ docker-1.9.1/daemon/logger/journald/journald.go +@@ -1,4 +1,4 @@ +-// +build linux ++// +build linux,!arm + + // Package journald provides the log driver for forwarding server logs + // to endpoints that receive the systemd format. +Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go +@@ -1,3 +1,3 @@ +-// +build !linux ++// +build !linux linux,arm + + package journald +Index: docker-1.9.1/daemon/logger/journald/read.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read.go ++++ docker-1.9.1/daemon/logger/journald/read.go +@@ -1,4 +1,4 @@ +-// +build linux,cgo,!static_build,journald ++// +build linux,cgo,!static_build,journald,!arm + + package journald + +Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/read_unsupported.go +@@ -1,4 +1,4 @@ +-// +build !linux !cgo static_build !journald ++// +build !linux !cgo static_build !journald linux,arm + + package journald + diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch new file mode 100644 index 0000000..729b7d3 --- /dev/null +++ b/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch @@ -0,0 +1,53 @@ +From: Michel Normand +Subject: docker remove journald to fix dynbinary build on arm64 +Date: Fri, 04 Dec 2015 17:07:12 +0100 + +docker remove journald to fix dynbinary build on arm64 + +Signed-off-by: Michel Normand +--- + daemon/logger/journald/journald.go | 2 +- + daemon/logger/journald/journald_unsupported.go | 2 +- + daemon/logger/journald/read.go | 2 +- + daemon/logger/journald/read_unsupported.go | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +Index: docker-1.9.1/daemon/logger/journald/journald.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald.go ++++ docker-1.9.1/daemon/logger/journald/journald.go +@@ -1,4 +1,4 @@ +-// +build linux,!arm linux,!ppc64 linux,!ppc64le ++// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le + + // Package journald provides the log driver for forwarding server logs + // to endpoints that receive the systemd format. +Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go +@@ -1,3 +1,3 @@ +-// +build !linux linux,arm linux,ppc64 linux,ppc64le ++// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le + + package journald +Index: docker-1.9.1/daemon/logger/journald/read.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read.go ++++ docker-1.9.1/daemon/logger/journald/read.go +@@ -1,4 +1,4 @@ +-// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le ++// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le + + package journald + +Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/read_unsupported.go +@@ -1,4 +1,4 @@ +-// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le ++// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le + + package journald + diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch b/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch new file mode 100644 index 0000000..ec2fb22 --- /dev/null +++ b/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch @@ -0,0 +1,53 @@ +From: Michel Normand +Subject: docker remove journald to fix dynbinary build on powerpc +Date: Fri, 04 Dec 2015 14:45:43 +0100 + +docker remove journald to fix dynbinary build on powerpc + +Signed-off-by: Michel Normand +--- + daemon/logger/journald/journald.go | 2 +- + daemon/logger/journald/journald_unsupported.go | 2 +- + daemon/logger/journald/read.go | 2 +- + daemon/logger/journald/read_unsupported.go | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +Index: docker-1.9.1/daemon/logger/journald/journald.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald.go ++++ docker-1.9.1/daemon/logger/journald/journald.go +@@ -1,4 +1,4 @@ +-// +build linux,!arm ++// +build linux,!arm linux,!ppc64 linux,!ppc64le + + // Package journald provides the log driver for forwarding server logs + // to endpoints that receive the systemd format. +Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go +@@ -1,3 +1,3 @@ +-// +build !linux linux,arm ++// +build !linux linux,arm linux,ppc64 linux,ppc64le + + package journald +Index: docker-1.9.1/daemon/logger/journald/read.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read.go ++++ docker-1.9.1/daemon/logger/journald/read.go +@@ -1,4 +1,4 @@ +-// +build linux,cgo,!static_build,journald,!arm ++// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le + + package journald + +Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go +=================================================================== +--- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go ++++ docker-1.9.1/daemon/logger/journald/read_unsupported.go +@@ -1,4 +1,4 @@ +-// +build !linux !cgo static_build !journald linux,arm ++// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le + + package journald + diff --git a/docker_rename_jump_amd64_as_jump_linux.patch b/docker_rename_jump_amd64_as_jump_linux.patch deleted file mode 100644 index c6af949..0000000 --- a/docker_rename_jump_amd64_as_jump_linux.patch +++ /dev/null @@ -1,157 +0,0 @@ -From: Michel Normand -Subject: docker rename jump amd64 as jump linux -Date: Fri, 21 Aug 2015 10:42:37 +0200 - -docker rename jump amd64 as jump linux -based on https://github.com/docker/docker/issues/14056#issuecomment-113680944 - -Signed-off-by: Michel Normand ---- - vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go | 68 ---------- - vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go | 66 +++++++++ - 2 files changed, 66 insertions(+), 68 deletions(-) - -Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go -=================================================================== ---- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go -+++ /dev/null -@@ -1,68 +0,0 @@ --// +build linux,amd64 -- --package seccomp -- --// Using BPF filters --// --// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf --import "syscall" -- --func jumpGreaterThan(f *filter, v uint, jt sockFilter) { -- lo := uint32(uint64(v) % 0x100000000) -- hi := uint32(uint64(v) / 0x100000000) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -- *f = append(*f, jt) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) --} -- --func jumpEqualTo(f *filter, v uint, jt sockFilter) { -- lo := uint32(uint64(v) % 0x100000000) -- hi := uint32(uint64(v) / 0x100000000) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -- *f = append(*f, jt) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) --} -- --func jumpLessThan(f *filter, v uint, jt sockFilter) { -- lo := uint32(uint64(v) % 0x100000000) -- hi := uint32(uint64(v) / 0x100000000) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -- *f = append(*f, jt) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) --} -- --func jumpNotEqualTo(f *filter, v uint, jt sockFilter) { -- lo := uint32(uint64(v) % 0x100000000) -- hi := uint32(uint64(v) / 0x100000000) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -- *f = append(*f, jt) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) --} -- --// this checks for a value inside a mask. The evalusation is equal to doing --// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER --func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) { -- lo := uint32(uint64(v) % 0x100000000) -- hi := uint32(uint64(v) / 0x100000000) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v))) -- *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2)) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -- *f = append(*f, jt) -- *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) --} -Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go -=================================================================== ---- /dev/null -+++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go -@@ -0,0 +1,66 @@ -+package seccomp -+ -+// Using BPF filters -+// -+// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf -+import "syscall" -+ -+func jumpGreaterThan(f *filter, v uint, jt sockFilter) { -+ lo := uint32(uint64(v) % 0x100000000) -+ hi := uint32(uint64(v) / 0x100000000) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+ *f = append(*f, jt) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+} -+ -+func jumpEqualTo(f *filter, v uint, jt sockFilter) { -+ lo := uint32(uint64(v) % 0x100000000) -+ hi := uint32(uint64(v) / 0x100000000) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+ *f = append(*f, jt) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+} -+ -+func jumpLessThan(f *filter, v uint, jt sockFilter) { -+ lo := uint32(uint64(v) % 0x100000000) -+ hi := uint32(uint64(v) / 0x100000000) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+ *f = append(*f, jt) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+} -+ -+func jumpNotEqualTo(f *filter, v uint, jt sockFilter) { -+ lo := uint32(uint64(v) % 0x100000000) -+ hi := uint32(uint64(v) / 0x100000000) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+ *f = append(*f, jt) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+} -+ -+// this checks for a value inside a mask. The evalusation is equal to doing -+// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER -+func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) { -+ lo := uint32(uint64(v) % 0x100000000) -+ hi := uint32(uint64(v) / 0x100000000) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v))) -+ *f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2)) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+ *f = append(*f, jt) -+ *f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1)) -+}