Merge pull request moby#11758 from crosbymichael/update-libct-mar25

crosbymichael · crosbymichael · commit 3d9cbf0e7176 · 2015-03-25T12:17:33.000-07:00
Update libcontainer to a6044b701c166fe538fc760f9e2
diff --git a/hack/vendor.sh b/hack/vendor.sh
@@ -75,7 +75,7 @@ rm -rf src/github.com/docker/distribution
 mkdir -p src/github.com/docker/distribution
 mv tmp-digest src/github.com/docker/distribution/digest
 
-clone git github.com/docker/libcontainer fd0087d3acdc4c5865de1829d4accee5e3ebb658
+clone git github.com/docker/libcontainer a6044b701c166fe538fc760f9e2dcea3d737cd2a
 # see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
 rm -rf src/github.com/docker/libcontainer/vendor
 eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')"
diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/docker/libcontainer/cgroups/fs/apply_raw.go
@@ -173,9 +173,6 @@ func (m *Manager) Freeze(state configs.FreezerState) error {
 	if err != nil {
 		return err
 	}
-	if !cgroups.PathExists(dir) {
-		return cgroups.NewNotFoundError("freezer")
-	}
 
 	prevState := m.Cgroups.Freezer
 	m.Cgroups.Freezer = state
@@ -200,9 +197,6 @@ func (m *Manager) GetPids() ([]int, error) {
 	if err != nil {
 		return nil, err
 	}
-	if !cgroups.PathExists(dir) {
-		return nil, cgroups.NewNotFoundError("devices")
-	}
 
 	return cgroups.ReadProcsFile(dir)
 }
diff --git a/vendor/src/github.com/docker/libcontainer/init_linux.go b/vendor/src/github.com/docker/libcontainer/init_linux.go
@@ -91,7 +91,7 @@ func populateProcessEnvironment(env []string) error {
 
 // finalizeNamespace drops the caps, sets the correct user
 // and working dir, and closes any leaked file descriptors
-// before execing the command inside the namespace
+// before executing the command inside the namespace
 func finalizeNamespace(config *initConfig) error {
 	// Ensure that all non-standard fds we may have accidentally
 	// inherited are marked close-on-exec so they stay out of the
diff --git a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
@@ -186,7 +186,9 @@ func reOpenDevNull(rootfs string) error {
 func createDevices(config *configs.Config) error {
 	oldMask := syscall.Umask(0000)
 	for _, node := range config.Devices {
-		if err := createDeviceNode(config.Rootfs, node); err != nil {
+		// containers running in a user namespace are not allowed to mknod
+		// devices so we can just bind mount it from the host.
+		if err := createDeviceNode(config.Rootfs, node, config.Namespaces.Contains(configs.NEWUSER)); err != nil {
 			syscall.Umask(oldMask)
 			return err
 		}
@@ -196,20 +198,13 @@ func createDevices(config *configs.Config) error {
 }
 
 // Creates the device node in the rootfs of the container.
-func createDeviceNode(rootfs string, node *configs.Device) error {
+func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
 	dest := filepath.Join(rootfs, node.Path)
 	if err := os.MkdirAll(filepath.Dir(dest), 0755); err != nil {
 		return err
 	}
-	if err := mknodDevice(dest, node); err != nil {
-		if os.IsExist(err) {
-			return nil
-		}
-		if err != syscall.EPERM {
-			return err
-		}
-		// containers running in a user namespace are not allowed to mknod
-		// devices so we can just bind mount it from the host.
+
+	if bind {
 		f, err := os.Create(dest)
 		if err != nil && !os.IsExist(err) {
 			return err
@@ -219,6 +214,12 @@ func createDeviceNode(rootfs string, node *configs.Device) error {
 		}
 		return syscall.Mount(node.Path, dest, "bind", syscall.MS_BIND, "")
 	}
+	if err := mknodDevice(dest, node); err != nil {
+		if os.IsExist(err) {
+			return nil
+		}
+		return err
+	}
 	return nil
 }
 
diff --git a/vendor/src/github.com/docker/libcontainer/update-vendor.sh b/vendor/src/github.com/docker/libcontainer/update-vendor.sh
@@ -44,6 +44,6 @@ clone git github.com/codegangsta/cli 1.1.0
 clone git github.com/coreos/go-systemd v2
 clone git github.com/godbus/dbus v2
 clone git github.com/Sirupsen/logrus v0.6.6
-clone git github.com/syndtr/gocapability e55e583369
+clone git github.com/syndtr/gocapability 8e4cdcb
 
 # intentionally not vendoring Docker itself...  that'd be a circle :)
diff --git a/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go
@@ -417,18 +417,14 @@ func (c *capsV3) Load() (err error) {
 }
 
 func (c *capsV3) Apply(kind CapType) (err error) {
-	err = initLastCap()
-	if err != nil {
-		return
-	}
 	if kind&BOUNDS == BOUNDS {
 		var data [2]capData
 		err = capget(&c.hdr, &data[0])
 		if err != nil {
 			return
 		}
 		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {
-			for i := Cap(0); i <= capLastCap; i++ {
+			for i := Cap(0); i <= CAP_LAST_CAP; i++ {
 				if c.Get(BOUNDING, i) {
 					continue
 				}

Original file line number	Diff line number	Diff line change
`@@ -173,9 +173,6 @@ func (m *Manager) Freeze(state configs.FreezerState) error {`
`173`	`173`	`if err != nil {`
`174`	`174`	`return err`
`175`	`175`	`}`
`176`		`- if !cgroups.PathExists(dir) {`
`177`		`- return cgroups.NewNotFoundError("freezer")`
`178`		`- }`
`179`	`176`
`180`	`177`	`prevState := m.Cgroups.Freezer`
`181`	`178`	`m.Cgroups.Freezer = state`
`@@ -200,9 +197,6 @@ func (m *Manager) GetPids() ([]int, error) {`
`200`	`197`	`if err != nil {`
`201`	`198`	`return nil, err`
`202`	`199`	`}`
`203`		`- if !cgroups.PathExists(dir) {`
`204`		`- return nil, cgroups.NewNotFoundError("devices")`
`205`		`- }`
`206`	`200`
`207`	`201`	`return cgroups.ReadProcsFile(dir)`
`208`	`202`	`}`
Original file line number	Diff line number	Diff line change
`@@ -417,18 +417,14 @@ func (c *capsV3) Load() (err error) {`
`417`	`417`	`}`
`418`	`418`
`419`	`419`	`func (c *capsV3) Apply(kind CapType) (err error) {`
`420`		`- err = initLastCap()`
`421`		`- if err != nil {`
`422`		`- return`
`423`		`- }`
`424`	`420`	`if kind&BOUNDS == BOUNDS {`
`425`	`421`	`var data [2]capData`
`426`	`422`	`err = capget(&c.hdr, &data[0])`
`427`	`423`	`if err != nil {`
`428`	`424`	`return`
`429`	`425`	`}`
`430`	`426`	`if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {`
`431`		`- for i := Cap(0); i <= capLastCap; i++ {`
	`427`	`+ for i := Cap(0); i <= CAP_LAST_CAP; i++ {`
`432`	`428`	`if c.Get(BOUNDING, i) {`
`433`	`429`	`continue`
`434`	`430`	`}`