summaryrefslogtreecommitdiffhomepage
path: root/runsc/specutils/fs.go
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-03-07 06:11:49 +0000
committergVisor bot <gvisor-bot@google.com>2021-03-07 06:11:49 +0000
commit05c2d6c038777818932d3991c0de9cfa2a7bea51 (patch)
tree2a394d8666124ff8188b0c945854e2b7e3281217 /runsc/specutils/fs.go
parent2fa12b2aa91ba00211df440f5e6a64e45a2ecb91 (diff)
parente668288fafe378ab4dc7fbb23ac933a15a2fff94 (diff)
Merge release-20210301.0-22-ge668288fa (automated)
Diffstat (limited to 'runsc/specutils/fs.go')
-rw-r--r--runsc/specutils/fs.go78
1 files changed, 39 insertions, 39 deletions
diff --git a/runsc/specutils/fs.go b/runsc/specutils/fs.go
index 138aa4dd1..b62504a8c 100644
--- a/runsc/specutils/fs.go
+++ b/runsc/specutils/fs.go
@@ -18,9 +18,9 @@ import (
"fmt"
"math/bits"
"path"
- "syscall"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "golang.org/x/sys/unix"
)
type mapping struct {
@@ -31,48 +31,48 @@ type mapping struct {
// optionsMap maps mount propagation-related OCI filesystem options to mount(2)
// syscall flags.
var optionsMap = map[string]mapping{
- "acl": {set: true, val: syscall.MS_POSIXACL},
- "async": {set: false, val: syscall.MS_SYNCHRONOUS},
- "atime": {set: false, val: syscall.MS_NOATIME},
- "bind": {set: true, val: syscall.MS_BIND},
+ "acl": {set: true, val: unix.MS_POSIXACL},
+ "async": {set: false, val: unix.MS_SYNCHRONOUS},
+ "atime": {set: false, val: unix.MS_NOATIME},
+ "bind": {set: true, val: unix.MS_BIND},
"defaults": {set: true, val: 0},
- "dev": {set: false, val: syscall.MS_NODEV},
- "diratime": {set: false, val: syscall.MS_NODIRATIME},
- "dirsync": {set: true, val: syscall.MS_DIRSYNC},
- "exec": {set: false, val: syscall.MS_NOEXEC},
- "noexec": {set: true, val: syscall.MS_NOEXEC},
- "iversion": {set: true, val: syscall.MS_I_VERSION},
- "loud": {set: false, val: syscall.MS_SILENT},
- "mand": {set: true, val: syscall.MS_MANDLOCK},
- "noacl": {set: false, val: syscall.MS_POSIXACL},
- "noatime": {set: true, val: syscall.MS_NOATIME},
- "nodev": {set: true, val: syscall.MS_NODEV},
- "nodiratime": {set: true, val: syscall.MS_NODIRATIME},
- "noiversion": {set: false, val: syscall.MS_I_VERSION},
- "nomand": {set: false, val: syscall.MS_MANDLOCK},
- "norelatime": {set: false, val: syscall.MS_RELATIME},
- "nostrictatime": {set: false, val: syscall.MS_STRICTATIME},
- "nosuid": {set: true, val: syscall.MS_NOSUID},
- "rbind": {set: true, val: syscall.MS_BIND | syscall.MS_REC},
- "relatime": {set: true, val: syscall.MS_RELATIME},
- "remount": {set: true, val: syscall.MS_REMOUNT},
- "ro": {set: true, val: syscall.MS_RDONLY},
- "rw": {set: false, val: syscall.MS_RDONLY},
- "silent": {set: true, val: syscall.MS_SILENT},
- "strictatime": {set: true, val: syscall.MS_STRICTATIME},
- "suid": {set: false, val: syscall.MS_NOSUID},
- "sync": {set: true, val: syscall.MS_SYNCHRONOUS},
+ "dev": {set: false, val: unix.MS_NODEV},
+ "diratime": {set: false, val: unix.MS_NODIRATIME},
+ "dirsync": {set: true, val: unix.MS_DIRSYNC},
+ "exec": {set: false, val: unix.MS_NOEXEC},
+ "noexec": {set: true, val: unix.MS_NOEXEC},
+ "iversion": {set: true, val: unix.MS_I_VERSION},
+ "loud": {set: false, val: unix.MS_SILENT},
+ "mand": {set: true, val: unix.MS_MANDLOCK},
+ "noacl": {set: false, val: unix.MS_POSIXACL},
+ "noatime": {set: true, val: unix.MS_NOATIME},
+ "nodev": {set: true, val: unix.MS_NODEV},
+ "nodiratime": {set: true, val: unix.MS_NODIRATIME},
+ "noiversion": {set: false, val: unix.MS_I_VERSION},
+ "nomand": {set: false, val: unix.MS_MANDLOCK},
+ "norelatime": {set: false, val: unix.MS_RELATIME},
+ "nostrictatime": {set: false, val: unix.MS_STRICTATIME},
+ "nosuid": {set: true, val: unix.MS_NOSUID},
+ "rbind": {set: true, val: unix.MS_BIND | unix.MS_REC},
+ "relatime": {set: true, val: unix.MS_RELATIME},
+ "remount": {set: true, val: unix.MS_REMOUNT},
+ "ro": {set: true, val: unix.MS_RDONLY},
+ "rw": {set: false, val: unix.MS_RDONLY},
+ "silent": {set: true, val: unix.MS_SILENT},
+ "strictatime": {set: true, val: unix.MS_STRICTATIME},
+ "suid": {set: false, val: unix.MS_NOSUID},
+ "sync": {set: true, val: unix.MS_SYNCHRONOUS},
}
// propOptionsMap is similar to optionsMap, but it lists propagation options
// that cannot be used together with other flags.
var propOptionsMap = map[string]mapping{
- "private": {set: true, val: syscall.MS_PRIVATE},
- "rprivate": {set: true, val: syscall.MS_PRIVATE | syscall.MS_REC},
- "slave": {set: true, val: syscall.MS_SLAVE},
- "rslave": {set: true, val: syscall.MS_SLAVE | syscall.MS_REC},
- "unbindable": {set: true, val: syscall.MS_UNBINDABLE},
- "runbindable": {set: true, val: syscall.MS_UNBINDABLE | syscall.MS_REC},
+ "private": {set: true, val: unix.MS_PRIVATE},
+ "rprivate": {set: true, val: unix.MS_PRIVATE | unix.MS_REC},
+ "slave": {set: true, val: unix.MS_SLAVE},
+ "rslave": {set: true, val: unix.MS_SLAVE | unix.MS_REC},
+ "unbindable": {set: true, val: unix.MS_UNBINDABLE},
+ "runbindable": {set: true, val: unix.MS_UNBINDABLE | unix.MS_REC},
}
// invalidOptions list options not allowed.
@@ -139,7 +139,7 @@ func ValidateMountOptions(opts []string) error {
// correct.
func validateRootfsPropagation(opt string) error {
flags := PropOptionsToFlags([]string{opt})
- if flags&(syscall.MS_SLAVE|syscall.MS_PRIVATE) == 0 {
+ if flags&(unix.MS_SLAVE|unix.MS_PRIVATE) == 0 {
return fmt.Errorf("root mount propagation option must specify private or slave: %q", opt)
}
return validatePropagation(opt)
@@ -147,7 +147,7 @@ func validateRootfsPropagation(opt string) error {
func validatePropagation(opt string) error {
flags := PropOptionsToFlags([]string{opt})
- exclusive := flags & (syscall.MS_SLAVE | syscall.MS_PRIVATE | syscall.MS_SHARED | syscall.MS_UNBINDABLE)
+ exclusive := flags & (unix.MS_SLAVE | unix.MS_PRIVATE | unix.MS_SHARED | unix.MS_UNBINDABLE)
if bits.OnesCount32(exclusive) > 1 {
return fmt.Errorf("mount propagation options are mutually exclusive: %q", opt)
}