diff --git a/Dockerfile b/Dockerfile index 1330106d49..209d4da869 100644 --- a/Dockerfile +++ b/Dockerfile @@ -258,7 +258,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 42b8d77925..943fe550c1 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -181,7 +181,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 8c5f2b133e..c8b35b6104 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -200,7 +200,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.gccgo b/Dockerfile.gccgo index c33f8e968b..48c40da710 100644 --- a/Dockerfile.gccgo +++ b/Dockerfile.gccgo @@ -74,7 +74,7 @@ WORKDIR /go/src/github.com/docker/docker ENV DOCKER_BUILDTAGS apparmor seccomp selinux # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 3fa5f204f0..4d1d76c9c5 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -196,7 +196,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index b391309521..629b3e9a84 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -178,7 +178,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/Dockerfile.simple b/Dockerfile.simple index 61ec64b13b..e2827fedcd 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -57,7 +57,7 @@ ENV GOPATH /go:/go/src/github.com/docker/docker/vendor ENV CGO_LDFLAGS -L/lib # Install runc -ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5 +ENV RUNC_COMMIT baf6536d6259209c3edfa2b22237af82942d3dfa RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go index 7ae90acb37..bb60efe89c 100644 --- a/daemon/oci_linux.go +++ b/daemon/oci_linux.go @@ -672,6 +672,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e } s.Process.SelinuxLabel = c.GetProcessLabel() s.Process.NoNewPrivileges = c.NoNewPrivileges + s.Linux.MountLabel = c.MountLabel return (*libcontainerd.Spec)(&s), nil } diff --git a/hack/vendor.sh b/hack/vendor.sh index d90393bf63..979ba02cd6 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -61,7 +61,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c clone git github.com/opencontainers/runc 2441732d6fcc0fb0a542671a4372e0c7bc99c19e # libcontainer -clone git github.com/opencontainers/specs 93ca97e83ca7fb4fba6d9e30d5470f99ddc02d11 # specs +clone git github.com/opencontainers/specs f955d90e70a98ddfb886bd930ffd076da9b67998 # specs clone git github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) clone git github.com/coreos/go-systemd v4 diff --git a/vendor/src/github.com/opencontainers/specs/specs-go/config.go b/vendor/src/github.com/opencontainers/specs/specs-go/config.go index 3e5d499e88..45e604cc3d 100644 --- a/vendor/src/github.com/opencontainers/specs/specs-go/config.go +++ b/vendor/src/github.com/opencontainers/specs/specs-go/config.go @@ -49,7 +49,7 @@ type Process struct { // ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent) ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` - // SelinuxProcessLabel specifies the selinux context that the container process is run as. (this field is platform dependent) + // SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent) SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` } @@ -140,6 +140,8 @@ type Linux struct { MaskedPaths []string `json:"maskedPaths,omitempty"` // ReadonlyPaths sets the provided paths as RO inside the container. ReadonlyPaths []string `json:"readonlyPaths,omitempty"` + // MountLabel specifies the selinux context for the mounts in the container. + MountLabel string `json:"mountLabel,omitempty"` } // Namespace is the configuration for a Linux namespace diff --git a/vendor/src/github.com/opencontainers/specs/specs-go/version.go b/vendor/src/github.com/opencontainers/specs/specs-go/version.go index 27f45e08b3..371289aea5 100644 --- a/vendor/src/github.com/opencontainers/specs/specs-go/version.go +++ b/vendor/src/github.com/opencontainers/specs/specs-go/version.go @@ -6,7 +6,7 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 0 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 5 + VersionMinor = 6 // VersionPatch is for backwards-compatible bug fixes VersionPatch = 0