mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 01:45:44 +03:00
bd90b8db77
* CVE-2019-5736: Update libcontainer depedencies
Libcontainer is vulnerable to a runc container breakout, that was
reported as CVE-2019-5736[1]. Upgrading vendored libcontainer with the fix.
The runc changes are captured in 369b920277 .
[1] https://seclists.org/oss-sec/2019/q1/119
33 lines
734 B
Go
33 lines
734 B
Go
// +build linux
|
|
|
|
package configs
|
|
|
|
import "golang.org/x/sys/unix"
|
|
|
|
func (n *Namespace) Syscall() int {
|
|
return namespaceInfo[n.Type]
|
|
}
|
|
|
|
var namespaceInfo = map[NamespaceType]int{
|
|
NEWNET: unix.CLONE_NEWNET,
|
|
NEWNS: unix.CLONE_NEWNS,
|
|
NEWUSER: unix.CLONE_NEWUSER,
|
|
NEWIPC: unix.CLONE_NEWIPC,
|
|
NEWUTS: unix.CLONE_NEWUTS,
|
|
NEWPID: unix.CLONE_NEWPID,
|
|
NEWCGROUP: unix.CLONE_NEWCGROUP,
|
|
}
|
|
|
|
// CloneFlags parses the container's Namespaces options to set the correct
|
|
// flags on clone, unshare. This function returns flags only for new namespaces.
|
|
func (n *Namespaces) CloneFlags() uintptr {
|
|
var flag int
|
|
for _, v := range *n {
|
|
if v.Path != "" {
|
|
continue
|
|
}
|
|
flag |= namespaceInfo[v.Type]
|
|
}
|
|
return uintptr(flag)
|
|
}
|