diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 26691f51..32bebdb4 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -1,7 +1,7 @@ { "ImportPath": "github.com/hyperhq/runv", "GoVersion": "go1.7", - "GodepVersion": "v76", + "GodepVersion": "v79", "Packages": [ "./..." ], @@ -126,8 +126,8 @@ }, { "ImportPath": "github.com/opencontainers/runtime-spec/specs-go", - "Comment": "v1.0.0-rc4-54-gd87ec69", - "Rev": "d87ec6945fa5ff5c0553056c5510d46fe3490203" + "Comment": "v1.0.0-rc4-8-g0d104bb", + "Rev": "0d104bb63cf1f6a7b5434eaf664a61147a0c796b" }, { "ImportPath": "github.com/philhofer/fwd", diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index bd8e96a8..1660b776 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -44,8 +44,8 @@ type Process struct { // Cwd is the current working directory for the process and must be // relative to the container's root. Cwd string `json:"cwd"` - // Capabilities are Linux capabilities that are kept for the process. - Capabilities *LinuxCapabilities `json:"capabilities,omitempty" platform:"linux"` + // Capabilities are Linux capabilities that are kept for the container. + Capabilities []string `json:"capabilities,omitempty" platform:"linux"` // Rlimits specifies rlimit options to apply to the process. Rlimits []LinuxRlimit `json:"rlimits,omitempty" platform:"linux"` // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. @@ -56,21 +56,6 @@ type Process struct { SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` } -// LinuxCapabilities specifies the whitelist of capabilities that are kept for a process. -// http://man7.org/linux/man-pages/man7/capabilities.7.html -type LinuxCapabilities struct { - // Bounding is the set of capabilities checked by the kernel. - Bounding []string `json:"bounding,omitempty" platform:"linux"` - // Effective is the set of capabilities checked by the kernel. - Effective []string `json:"effective,omitempty" platform:"linux"` - // Inheritable is the capabilities preserved across execve. - Inheritable []string `json:"inheritable,omitempty" platform:"linux"` - // Permitted is the limiting superset for effective capabilities. - Permitted []string `json:"permitted,omitempty" platform:"linux"` - // Ambient is the ambient set of capabilities that are kept. - Ambient []string `json:"ambient,omitempty" platform:"linux"` -} - // Box specifies dimensions of a rectangle. Used for specifying the size of a console. type Box struct { // Height is the vertical dimension of a box. @@ -113,10 +98,10 @@ type Mount struct { // Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point. Destination string `json:"destination"` // Type specifies the mount kind. - Type string `json:"type,omitempty"` + Type string `json:"type"` // Source specifies the source path of the mount. In the case of bind mounts on // Linux based systems this would be the file on the host. - Source string `json:"source,omitempty"` + Source string `json:"source"` // Options are fstab style mount options. Options []string `json:"options,omitempty"` } @@ -225,7 +210,7 @@ type LinuxHugepageLimit struct { // Pagesize is the hugepage size Pagesize string `json:"pageSize"` // Limit is the limit of "hugepagesize" hugetlb usage - Limit uint64 `json:"limit"` + Limit int64 `json:"limit"` } // LinuxInterfacePriority for network interfaces @@ -281,15 +266,15 @@ type LinuxBlockIO struct { // LinuxMemory for Linux cgroup 'memory' resource management type LinuxMemory struct { // Memory limit (in bytes). - Limit *uint64 `json:"limit,omitempty"` + Limit *int64 `json:"limit,omitempty"` // Memory reservation or soft_limit (in bytes). - Reservation *uint64 `json:"reservation,omitempty"` + Reservation *int64 `json:"reservation,omitempty"` // Total memory limit (memory + swap). - Swap *uint64 `json:"swap,omitempty"` + Swap *int64 `json:"swap,omitempty"` // Kernel memory limit (in bytes). - Kernel *uint64 `json:"kernel,omitempty"` + Kernel *int64 `json:"kernel,omitempty"` // Kernel memory limit for tcp (in bytes) - KernelTCP *uint64 `json:"kernelTCP,omitempty"` + KernelTCP *int64 `json:"kernelTCP,omitempty"` // How aggressive the kernel will swap memory pages. Range from 0 to 100. Swappiness *uint64 `json:"swappiness,omitempty"` } @@ -380,6 +365,13 @@ type LinuxDeviceCgroup struct { Access string `json:"access,omitempty"` } +// LinuxSeccomp represents syscall restrictions +type LinuxSeccomp struct { + DefaultAction LinuxSeccompAction `json:"defaultAction"` + Architectures []Arch `json:"architectures"` + Syscalls []LinuxSyscall `json:"syscalls,omitempty"` +} + // Solaris contains platform specific configuration for Solaris application containers. type Solaris struct { // SMF FMRI which should go "online" before we start the container process. @@ -477,13 +469,6 @@ type WindowsNetworkResources struct { EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"` } -// LinuxSeccomp represents syscall restrictions -type LinuxSeccomp struct { - DefaultAction LinuxSeccompAction `json:"defaultAction"` - Architectures []Arch `json:"architectures,omitempty"` - Syscalls []LinuxSyscall `json:"syscalls"` -} - // Arch used for additional architectures type Arch string @@ -506,8 +491,6 @@ const ( ArchPPC64LE Arch = "SCMP_ARCH_PPC64LE" ArchS390 Arch = "SCMP_ARCH_S390" ArchS390X Arch = "SCMP_ARCH_S390X" - ArchPARISC Arch = "SCMP_ARCH_PARISC" - ArchPARISC64 Arch = "SCMP_ARCH_PARISC64" ) // LinuxSeccompAction taken upon Seccomp rule match @@ -546,8 +529,7 @@ type LinuxSeccompArg struct { // LinuxSyscall is used to match a syscall in Seccomp type LinuxSyscall struct { - Names []string `json:"names"` - Action LinuxSeccompAction `json:"action"` - Args []LinuxSeccompArg `json:"args"` - Comment string `json:"comment"` + Name string `json:"name"` + Action LinuxSeccompAction `json:"action"` + Args []LinuxSeccompArg `json:"args,omitempty"` }