diff options
Diffstat (limited to 'runsc/specutils/fs.go')
-rw-r--r-- | runsc/specutils/fs.go | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/runsc/specutils/fs.go b/runsc/specutils/fs.go index 138aa4dd1..b62504a8c 100644 --- a/runsc/specutils/fs.go +++ b/runsc/specutils/fs.go @@ -18,9 +18,9 @@ import ( "fmt" "math/bits" "path" - "syscall" specs "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" ) type mapping struct { @@ -31,48 +31,48 @@ type mapping struct { // optionsMap maps mount propagation-related OCI filesystem options to mount(2) // syscall flags. var optionsMap = map[string]mapping{ - "acl": {set: true, val: syscall.MS_POSIXACL}, - "async": {set: false, val: syscall.MS_SYNCHRONOUS}, - "atime": {set: false, val: syscall.MS_NOATIME}, - "bind": {set: true, val: syscall.MS_BIND}, + "acl": {set: true, val: unix.MS_POSIXACL}, + "async": {set: false, val: unix.MS_SYNCHRONOUS}, + "atime": {set: false, val: unix.MS_NOATIME}, + "bind": {set: true, val: unix.MS_BIND}, "defaults": {set: true, val: 0}, - "dev": {set: false, val: syscall.MS_NODEV}, - "diratime": {set: false, val: syscall.MS_NODIRATIME}, - "dirsync": {set: true, val: syscall.MS_DIRSYNC}, - "exec": {set: false, val: syscall.MS_NOEXEC}, - "noexec": {set: true, val: syscall.MS_NOEXEC}, - "iversion": {set: true, val: syscall.MS_I_VERSION}, - "loud": {set: false, val: syscall.MS_SILENT}, - "mand": {set: true, val: syscall.MS_MANDLOCK}, - "noacl": {set: false, val: syscall.MS_POSIXACL}, - "noatime": {set: true, val: syscall.MS_NOATIME}, - "nodev": {set: true, val: syscall.MS_NODEV}, - "nodiratime": {set: true, val: syscall.MS_NODIRATIME}, - "noiversion": {set: false, val: syscall.MS_I_VERSION}, - "nomand": {set: false, val: syscall.MS_MANDLOCK}, - "norelatime": {set: false, val: syscall.MS_RELATIME}, - "nostrictatime": {set: false, val: syscall.MS_STRICTATIME}, - "nosuid": {set: true, val: syscall.MS_NOSUID}, - "rbind": {set: true, val: syscall.MS_BIND | syscall.MS_REC}, - "relatime": {set: true, val: syscall.MS_RELATIME}, - "remount": {set: true, val: syscall.MS_REMOUNT}, - "ro": {set: true, val: syscall.MS_RDONLY}, - "rw": {set: false, val: syscall.MS_RDONLY}, - "silent": {set: true, val: syscall.MS_SILENT}, - "strictatime": {set: true, val: syscall.MS_STRICTATIME}, - "suid": {set: false, val: syscall.MS_NOSUID}, - "sync": {set: true, val: syscall.MS_SYNCHRONOUS}, + "dev": {set: false, val: unix.MS_NODEV}, + "diratime": {set: false, val: unix.MS_NODIRATIME}, + "dirsync": {set: true, val: unix.MS_DIRSYNC}, + "exec": {set: false, val: unix.MS_NOEXEC}, + "noexec": {set: true, val: unix.MS_NOEXEC}, + "iversion": {set: true, val: unix.MS_I_VERSION}, + "loud": {set: false, val: unix.MS_SILENT}, + "mand": {set: true, val: unix.MS_MANDLOCK}, + "noacl": {set: false, val: unix.MS_POSIXACL}, + "noatime": {set: true, val: unix.MS_NOATIME}, + "nodev": {set: true, val: unix.MS_NODEV}, + "nodiratime": {set: true, val: unix.MS_NODIRATIME}, + "noiversion": {set: false, val: unix.MS_I_VERSION}, + "nomand": {set: false, val: unix.MS_MANDLOCK}, + "norelatime": {set: false, val: unix.MS_RELATIME}, + "nostrictatime": {set: false, val: unix.MS_STRICTATIME}, + "nosuid": {set: true, val: unix.MS_NOSUID}, + "rbind": {set: true, val: unix.MS_BIND | unix.MS_REC}, + "relatime": {set: true, val: unix.MS_RELATIME}, + "remount": {set: true, val: unix.MS_REMOUNT}, + "ro": {set: true, val: unix.MS_RDONLY}, + "rw": {set: false, val: unix.MS_RDONLY}, + "silent": {set: true, val: unix.MS_SILENT}, + "strictatime": {set: true, val: unix.MS_STRICTATIME}, + "suid": {set: false, val: unix.MS_NOSUID}, + "sync": {set: true, val: unix.MS_SYNCHRONOUS}, } // propOptionsMap is similar to optionsMap, but it lists propagation options // that cannot be used together with other flags. var propOptionsMap = map[string]mapping{ - "private": {set: true, val: syscall.MS_PRIVATE}, - "rprivate": {set: true, val: syscall.MS_PRIVATE | syscall.MS_REC}, - "slave": {set: true, val: syscall.MS_SLAVE}, - "rslave": {set: true, val: syscall.MS_SLAVE | syscall.MS_REC}, - "unbindable": {set: true, val: syscall.MS_UNBINDABLE}, - "runbindable": {set: true, val: syscall.MS_UNBINDABLE | syscall.MS_REC}, + "private": {set: true, val: unix.MS_PRIVATE}, + "rprivate": {set: true, val: unix.MS_PRIVATE | unix.MS_REC}, + "slave": {set: true, val: unix.MS_SLAVE}, + "rslave": {set: true, val: unix.MS_SLAVE | unix.MS_REC}, + "unbindable": {set: true, val: unix.MS_UNBINDABLE}, + "runbindable": {set: true, val: unix.MS_UNBINDABLE | unix.MS_REC}, } // invalidOptions list options not allowed. @@ -139,7 +139,7 @@ func ValidateMountOptions(opts []string) error { // correct. func validateRootfsPropagation(opt string) error { flags := PropOptionsToFlags([]string{opt}) - if flags&(syscall.MS_SLAVE|syscall.MS_PRIVATE) == 0 { + if flags&(unix.MS_SLAVE|unix.MS_PRIVATE) == 0 { return fmt.Errorf("root mount propagation option must specify private or slave: %q", opt) } return validatePropagation(opt) @@ -147,7 +147,7 @@ func validateRootfsPropagation(opt string) error { func validatePropagation(opt string) error { flags := PropOptionsToFlags([]string{opt}) - exclusive := flags & (syscall.MS_SLAVE | syscall.MS_PRIVATE | syscall.MS_SHARED | syscall.MS_UNBINDABLE) + exclusive := flags & (unix.MS_SLAVE | unix.MS_PRIVATE | unix.MS_SHARED | unix.MS_UNBINDABLE) if bits.OnesCount32(exclusive) > 1 { return fmt.Errorf("mount propagation options are mutually exclusive: %q", opt) } |