* [gentoo-commits] repo/gentoo:master commit in: app-containers/containers-common/, app-containers/containers-common/files/
@ 2023-09-21 22:17 Sam James
0 siblings, 0 replies; 3+ messages in thread
From: Sam James @ 2023-09-21 22:17 UTC (permalink / raw
To: gentoo-commits
commit: 2941140a0760ca358eecc44391a79479f024a3de
Author: Rahil Bhimjiani <rahil3108 <AT> gmail <DOT> com>
AuthorDate: Thu Sep 21 18:34:24 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 22:16:19 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2941140a
app-containers/containers-common: add 0.56.0 and live
Common configs & docs for Containers eco-system (i.e. podman buildah skopeo...)
Go realm, executables are all in compiled, static, tidy in one binary but docs & configs...OMG all over the place. Spent whole day coding all these (such noob, I know), but was fun & fulfilling. Once this is merged the foundation of podman-stack is built, so will proceed to update frontend packages of eco-system.
Closes: https://bugs.gentoo.org/907805
Closes: https://bugs.gentoo.org/904433
Closes: https://bugs.gentoo.org/914456
Closes: https://bugs.gentoo.org/907804
Signed-off-by: Rahil Bhimjiani <rahil3108 <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/32976
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-containers/containers-common/Manifest | 1 +
.../containers-common-0.56.0.ebuild | 76 ++
.../containers-common-9999.ebuild | 76 ++
.../containers-common/files/default.yaml | 28 +
.../containers-common/files/fix-warnings.patch | 24 +
app-containers/containers-common/files/mounts.conf | 3 +
app-containers/containers-common/files/policy.json | 14 +
.../containers-common/files/seccomp.json | 1051 ++++++++++++++++++++
app-containers/containers-common/metadata.xml | 17 +
9 files changed, 1290 insertions(+)
diff --git a/app-containers/containers-common/Manifest b/app-containers/containers-common/Manifest
new file mode 100644
index 000000000000..6c7325fe1c77
--- /dev/null
+++ b/app-containers/containers-common/Manifest
@@ -0,0 +1 @@
+DIST containers-common-0.56.0.tar.gz 12616120 BLAKE2B 6495ca7d0c9134bc8bd5f7b7541bb4f1160c74abb7a64bd4d2124104ea563f5381f0092da20ab45d81929a8632b1fcc1107ac05fdae011be446cff14ebf88c45 SHA512 4af720be95e6b5ca7d0664f99a389bf092b9f45d4e0602d9b49ef1d21b359d2307a94e0c88378fe0c751f5b40db54d7aab67eb497185a289cea9288cbfaa042c
diff --git a/app-containers/containers-common/containers-common-0.56.0.ebuild b/app-containers/containers-common/containers-common-0.56.0.ebuild
new file mode 100644
index 000000000000..f2bba24b1975
--- /dev/null
+++ b/app-containers/containers-common/containers-common-0.56.0.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Common config files and docs for Containers eco-system"
+HOMEPAGE="https://github.com/containers/common"
+
+if [[ ${PV} == *9999* ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/containers/common.git"
+else
+ SRC_URI="https://github.com/containers/common/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+ S="${WORKDIR}/${P#containers-}"
+ KEYWORDS="~amd64"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+
+RDEPEND="
+ app-containers/containers-image
+ app-containers/containers-storage
+ app-containers/containers-shortnames
+ net-firewall/nftables
+ net-firewall/iptables[nftables]
+ || ( app-containers/crun app-containers/runc )
+ || (
+ ( >=app-containers/netavark-1.6.0 >=app-containers/aardvark-dns-1.6.0 )
+ >=app-containers/cni-plugins-0.9.1
+ )
+"
+
+BDEPEND="
+ >=dev-go/go-md2man-2.0.2
+"
+
+src_prepare() {
+ default
+
+ [[ -f docs/Makefile ]] || die
+ sed -i -e 's|/usr/local|/usr|g;' docs/Makefile || die
+
+ eapply "${FILESDIR}/fix-warnings.patch"
+}
+
+src_configure() {
+ return
+}
+
+src_compile() {
+ emake docs
+}
+
+src_test() {
+ return
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ insinto /etc/containers
+ # https://github.com/containers/skopeo/raw/main/default-policy.json
+ doins pkg/config/containers.conf "${FILESDIR}/policy.json"
+
+ insinto /etc/containers/registries.d
+ # https://github.com/containers/skopeo/raw/main/default.yaml
+ doins "${FILESDIR}/default.yaml"
+
+ insinto /usr/share/containers
+ # https://github.com/containers/common/raw/main/pkg/seccomp/seccomp.json
+ # https://github.com/containers/common/raw/main/pkg/subscriptions/mounts.conf
+ doins "${FILESDIR}/seccomp.json" "${FILESDIR}/mounts.conf"
+
+ keepdir /etc/containers/certs.d /etc/containers/oci/hooks.d /etc/containers/systemd /var/lib/containers/sigstore
+}
diff --git a/app-containers/containers-common/containers-common-9999.ebuild b/app-containers/containers-common/containers-common-9999.ebuild
new file mode 100644
index 000000000000..f2bba24b1975
--- /dev/null
+++ b/app-containers/containers-common/containers-common-9999.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Common config files and docs for Containers eco-system"
+HOMEPAGE="https://github.com/containers/common"
+
+if [[ ${PV} == *9999* ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/containers/common.git"
+else
+ SRC_URI="https://github.com/containers/common/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+ S="${WORKDIR}/${P#containers-}"
+ KEYWORDS="~amd64"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+
+RDEPEND="
+ app-containers/containers-image
+ app-containers/containers-storage
+ app-containers/containers-shortnames
+ net-firewall/nftables
+ net-firewall/iptables[nftables]
+ || ( app-containers/crun app-containers/runc )
+ || (
+ ( >=app-containers/netavark-1.6.0 >=app-containers/aardvark-dns-1.6.0 )
+ >=app-containers/cni-plugins-0.9.1
+ )
+"
+
+BDEPEND="
+ >=dev-go/go-md2man-2.0.2
+"
+
+src_prepare() {
+ default
+
+ [[ -f docs/Makefile ]] || die
+ sed -i -e 's|/usr/local|/usr|g;' docs/Makefile || die
+
+ eapply "${FILESDIR}/fix-warnings.patch"
+}
+
+src_configure() {
+ return
+}
+
+src_compile() {
+ emake docs
+}
+
+src_test() {
+ return
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ insinto /etc/containers
+ # https://github.com/containers/skopeo/raw/main/default-policy.json
+ doins pkg/config/containers.conf "${FILESDIR}/policy.json"
+
+ insinto /etc/containers/registries.d
+ # https://github.com/containers/skopeo/raw/main/default.yaml
+ doins "${FILESDIR}/default.yaml"
+
+ insinto /usr/share/containers
+ # https://github.com/containers/common/raw/main/pkg/seccomp/seccomp.json
+ # https://github.com/containers/common/raw/main/pkg/subscriptions/mounts.conf
+ doins "${FILESDIR}/seccomp.json" "${FILESDIR}/mounts.conf"
+
+ keepdir /etc/containers/certs.d /etc/containers/oci/hooks.d /etc/containers/systemd /var/lib/containers/sigstore
+}
diff --git a/app-containers/containers-common/files/default.yaml b/app-containers/containers-common/files/default.yaml
new file mode 100644
index 000000000000..a7f3d2823136
--- /dev/null
+++ b/app-containers/containers-common/files/default.yaml
@@ -0,0 +1,28 @@
+# This is a default registries.d configuration file. You may
+# add to this file or create additional files in registries.d/.
+#
+# lookaside: for reading/writing simple signing signatures
+# lookaside-staging: for writing simple signing signatures, preferred over lookaside
+#
+# lookaside and lookaside-staging take a value of the following:
+# lookaside: {schema}://location
+#
+# For reading signatures, schema may be http, https, or file.
+# For writing signatures, schema may only be file.
+
+# The default locations are built-in, for both reading and writing:
+# /var/lib/containers/sigstore for root, or
+# ~/.local/share/containers/sigstore for non-root users.
+default-docker:
+# lookaside: https://…
+# lookaside-staging: file:///…
+
+# The 'docker' indicator here is the start of the configuration
+# for docker registries.
+#
+# docker:
+#
+# privateregistry.com:
+# lookaside: https://privateregistry.com/sigstore/
+# lookaside-staging: /mnt/nfs/privateregistry/sigstore
+
diff --git a/app-containers/containers-common/files/fix-warnings.patch b/app-containers/containers-common/files/fix-warnings.patch
new file mode 100644
index 000000000000..7f9cfe4e196c
--- /dev/null
+++ b/app-containers/containers-common/files/fix-warnings.patch
@@ -0,0 +1,24 @@
+--- a/Makefile
++++ b/Makefile
+@@ -4,20 +4,5 @@
+ DESTDIR ?=
+-PREFIX := /usr/local
++PREFIX := /usr
+ CONFIGDIR := ${PREFIX}/share/containers
+
+-define go-build
+- CGO_ENABLED=0 \
+- GOOS=$(1) GOARCH=$(2) $(GO) build -tags "$(3)" ./...
+-endef
+-
+-ifeq ($(shell uname -s),Linux)
+-define go-build-c
+- CGO_ENABLED=1 \
+- GOOS=$(1) GOARCH=$(2) $(GO) build -tags "$(3)" ./...
+-endef
+-else
+-define go-build-c
+-endef
+-endif
+-
+ .PHONY:
diff --git a/app-containers/containers-common/files/mounts.conf b/app-containers/containers-common/files/mounts.conf
new file mode 100644
index 000000000000..281e1d687f94
--- /dev/null
+++ b/app-containers/containers-common/files/mounts.conf
@@ -0,0 +1,3 @@
+# Refer to containers-mounts.conf(5)
+# Example:
+# /usr/share/rhel/secrets:/run/secrets
diff --git a/app-containers/containers-common/files/policy.json b/app-containers/containers-common/files/policy.json
new file mode 100644
index 000000000000..dffc54a62647
--- /dev/null
+++ b/app-containers/containers-common/files/policy.json
@@ -0,0 +1,14 @@
+{
+ "default": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ],
+ "transports":
+ {
+ "docker-daemon":
+ {
+ "": [{"type":"insecureAcceptAnything"}]
+ }
+ }
+}
diff --git a/app-containers/containers-common/files/seccomp.json b/app-containers/containers-common/files/seccomp.json
new file mode 100644
index 000000000000..18674db4d62e
--- /dev/null
+++ b/app-containers/containers-common/files/seccomp.json
@@ -0,0 +1,1051 @@
+{
+ "defaultAction": "SCMP_ACT_ERRNO",
+ "defaultErrnoRet": 38,
+ "defaultErrno": "ENOSYS",
+ "archMap": [
+ {
+ "architecture": "SCMP_ARCH_X86_64",
+ "subArchitectures": [
+ "SCMP_ARCH_X86",
+ "SCMP_ARCH_X32"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_AARCH64",
+ "subArchitectures": [
+ "SCMP_ARCH_ARM"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_MIPS64",
+ "subArchitectures": [
+ "SCMP_ARCH_MIPS",
+ "SCMP_ARCH_MIPS64N32"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_MIPS64N32",
+ "subArchitectures": [
+ "SCMP_ARCH_MIPS",
+ "SCMP_ARCH_MIPS64"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_MIPSEL64",
+ "subArchitectures": [
+ "SCMP_ARCH_MIPSEL",
+ "SCMP_ARCH_MIPSEL64N32"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_MIPSEL64N32",
+ "subArchitectures": [
+ "SCMP_ARCH_MIPSEL",
+ "SCMP_ARCH_MIPSEL64"
+ ]
+ },
+ {
+ "architecture": "SCMP_ARCH_S390X",
+ "subArchitectures": [
+ "SCMP_ARCH_S390"
+ ]
+ }
+ ],
+ "syscalls": [
+ {
+ "names": [
+ "bdflush",
+ "io_pgetevents",
+ "kexec_file_load",
+ "kexec_load",
+ "migrate_pages",
+ "move_pages",
+ "nfsservctl",
+ "nice",
+ "oldfstat",
+ "oldlstat",
+ "oldolduname",
+ "oldstat",
+ "olduname",
+ "pciconfig_iobase",
+ "pciconfig_read",
+ "pciconfig_write",
+ "sgetmask",
+ "ssetmask",
+ "swapcontext",
+ "swapoff",
+ "swapon",
+ "sysfs",
+ "uselib",
+ "userfaultfd",
+ "ustat",
+ "vm86",
+ "vm86old",
+ "vmsplice"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {},
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "_llseek",
+ "_newselect",
+ "accept",
+ "accept4",
+ "access",
+ "adjtimex",
+ "alarm",
+ "bind",
+ "brk",
+ "capget",
+ "capset",
+ "chdir",
+ "chmod",
+ "chown",
+ "chown32",
+ "clock_adjtime",
+ "clock_adjtime64",
+ "clock_getres",
+ "clock_getres_time64",
+ "clock_gettime",
+ "clock_gettime64",
+ "clock_nanosleep",
+ "clock_nanosleep_time64",
+ "clone",
+ "clone3",
+ "close",
+ "close_range",
+ "connect",
+ "copy_file_range",
+ "creat",
+ "dup",
+ "dup2",
+ "dup3",
+ "epoll_create",
+ "epoll_create1",
+ "epoll_ctl",
+ "epoll_ctl_old",
+ "epoll_pwait",
+ "epoll_pwait2",
+ "epoll_wait",
+ "epoll_wait_old",
+ "eventfd",
+ "eventfd2",
+ "execve",
+ "execveat",
+ "exit",
+ "exit_group",
+ "faccessat",
+ "faccessat2",
+ "fadvise64",
+ "fadvise64_64",
+ "fallocate",
+ "fanotify_mark",
+ "fchdir",
+ "fchmod",
+ "fchmodat",
+ "fchown",
+ "fchown32",
+ "fchownat",
+ "fcntl",
+ "fcntl64",
+ "fdatasync",
+ "fgetxattr",
+ "flistxattr",
+ "flock",
+ "fork",
+ "fremovexattr",
+ "fsconfig",
+ "fsetxattr",
+ "fsmount",
+ "fsopen",
+ "fspick",
+ "fstat",
+ "fstat64",
+ "fstatat64",
+ "fstatfs",
+ "fstatfs64",
+ "fsync",
+ "ftruncate",
+ "ftruncate64",
+ "futex",
+ "futex_time64",
+ "futimesat",
+ "get_mempolicy",
+ "get_robust_list",
+ "get_thread_area",
+ "getcpu",
+ "getcwd",
+ "getdents",
+ "getdents64",
+ "getegid",
+ "getegid32",
+ "geteuid",
+ "geteuid32",
+ "getgid",
+ "getgid32",
+ "getgroups",
+ "getgroups32",
+ "getitimer",
+ "getpeername",
+ "getpgid",
+ "getpgrp",
+ "getpid",
+ "getppid",
+ "getpriority",
+ "getrandom",
+ "getresgid",
+ "getresgid32",
+ "getresuid",
+ "getresuid32",
+ "getrlimit",
+ "getrusage",
+ "getsid",
+ "getsockname",
+ "getsockopt",
+ "gettid",
+ "gettimeofday",
+ "getuid",
+ "getuid32",
+ "getxattr",
+ "inotify_add_watch",
+ "inotify_init",
+ "inotify_init1",
+ "inotify_rm_watch",
+ "io_cancel",
+ "io_destroy",
+ "io_getevents",
+ "io_setup",
+ "io_submit",
+ "ioctl",
+ "ioprio_get",
+ "ioprio_set",
+ "ipc",
+ "keyctl",
+ "kill",
+ "landlock_add_rule",
+ "landlock_create_ruleset",
+ "landlock_restrict_self",
+ "lchown",
+ "lchown32",
+ "lgetxattr",
+ "link",
+ "linkat",
+ "listen",
+ "listxattr",
+ "llistxattr",
+ "lremovexattr",
+ "lseek",
+ "lsetxattr",
+ "lstat",
+ "lstat64",
+ "madvise",
+ "mbind",
+ "membarrier",
+ "memfd_create",
+ "memfd_secret",
+ "mincore",
+ "mkdir",
+ "mkdirat",
+ "mknod",
+ "mknodat",
+ "mlock",
+ "mlock2",
+ "mlockall",
+ "mmap",
+ "mmap2",
+ "mount",
+ "mount_setattr",
+ "move_mount",
+ "mprotect",
+ "mq_getsetattr",
+ "mq_notify",
+ "mq_open",
+ "mq_timedreceive",
+ "mq_timedreceive_time64",
+ "mq_timedsend",
+ "mq_timedsend_time64",
+ "mq_unlink",
+ "mremap",
+ "msgctl",
+ "msgget",
+ "msgrcv",
+ "msgsnd",
+ "msync",
+ "munlock",
+ "munlockall",
+ "munmap",
+ "name_to_handle_at",
+ "nanosleep",
+ "newfstatat",
+ "open",
+ "open_tree",
+ "openat",
+ "openat2",
+ "pause",
+ "pidfd_getfd",
+ "pidfd_open",
+ "pidfd_send_signal",
+ "pipe",
+ "pipe2",
+ "pivot_root",
+ "pkey_alloc",
+ "pkey_free",
+ "pkey_mprotect",
+ "poll",
+ "ppoll",
+ "ppoll_time64",
+ "prctl",
+ "pread64",
+ "preadv",
+ "preadv2",
+ "prlimit64",
+ "process_mrelease",
+ "process_vm_readv",
+ "process_vm_writev",
+ "pselect6",
+ "pselect6_time64",
+ "ptrace",
+ "pwrite64",
+ "pwritev",
+ "pwritev2",
+ "read",
+ "readahead",
+ "readdir",
+ "readlink",
+ "readlinkat",
+ "readv",
+ "reboot",
+ "recv",
+ "recvfrom",
+ "recvmmsg",
+ "recvmmsg_time64",
+ "recvmsg",
+ "remap_file_pages",
+ "removexattr",
+ "rename",
+ "renameat",
+ "renameat2",
+ "restart_syscall",
+ "rmdir",
+ "rseq",
+ "rt_sigaction",
+ "rt_sigpending",
+ "rt_sigprocmask",
+ "rt_sigqueueinfo",
+ "rt_sigreturn",
+ "rt_sigsuspend",
+ "rt_sigtimedwait",
+ "rt_sigtimedwait_time64",
+ "rt_tgsigqueueinfo",
+ "sched_get_priority_max",
+ "sched_get_priority_min",
+ "sched_getaffinity",
+ "sched_getattr",
+ "sched_getparam",
+ "sched_getscheduler",
+ "sched_rr_get_interval",
+ "sched_rr_get_interval_time64",
+ "sched_setaffinity",
+ "sched_setattr",
+ "sched_setparam",
+ "sched_setscheduler",
+ "sched_yield",
+ "seccomp",
+ "select",
+ "semctl",
+ "semget",
+ "semop",
+ "semtimedop",
+ "semtimedop_time64",
+ "send",
+ "sendfile",
+ "sendfile64",
+ "sendmmsg",
+ "sendmsg",
+ "sendto",
+ "set_mempolicy",
+ "set_robust_list",
+ "set_thread_area",
+ "set_tid_address",
+ "setfsgid",
+ "setfsgid32",
+ "setfsuid",
+ "setfsuid32",
+ "setgid",
+ "setgid32",
+ "setgroups",
+ "setgroups32",
+ "setitimer",
+ "setns",
+ "setpgid",
+ "setpriority",
+ "setregid",
+ "setregid32",
+ "setresgid",
+ "setresgid32",
+ "setresuid",
+ "setresuid32",
+ "setreuid",
+ "setreuid32",
+ "setrlimit",
+ "setsid",
+ "setsockopt",
+ "setuid",
+ "setuid32",
+ "setxattr",
+ "shmat",
+ "shmctl",
+ "shmdt",
+ "shmget",
+ "shutdown",
+ "sigaction",
+ "sigaltstack",
+ "signal",
+ "signalfd",
+ "signalfd4",
+ "sigpending",
+ "sigprocmask",
+ "sigreturn",
+ "sigsuspend",
+ "socketcall",
+ "socketpair",
+ "splice",
+ "stat",
+ "stat64",
+ "statfs",
+ "statfs64",
+ "statx",
+ "symlink",
+ "symlinkat",
+ "sync",
+ "sync_file_range",
+ "syncfs",
+ "syscall",
+ "sysinfo",
+ "syslog",
+ "tee",
+ "tgkill",
+ "time",
+ "timer_create",
+ "timer_delete",
+ "timer_getoverrun",
+ "timer_gettime",
+ "timer_gettime64",
+ "timer_settime",
+ "timer_settime64",
+ "timerfd",
+ "timerfd_create",
+ "timerfd_gettime",
+ "timerfd_gettime64",
+ "timerfd_settime",
+ "timerfd_settime64",
+ "times",
+ "tkill",
+ "truncate",
+ "truncate64",
+ "ugetrlimit",
+ "umask",
+ "umount",
+ "umount2",
+ "uname",
+ "unlink",
+ "unlinkat",
+ "unshare",
+ "utime",
+ "utimensat",
+ "utimensat_time64",
+ "utimes",
+ "vfork",
+ "wait4",
+ "waitid",
+ "waitpid",
+ "write",
+ "writev"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 0,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 8,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 131072,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 131080,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "personality"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 4294967295,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {}
+ },
+ {
+ "names": [
+ "sync_file_range2"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "arches": [
+ "ppc64le"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "arm_fadvise64_64",
+ "arm_sync_file_range",
+ "breakpoint",
+ "cacheflush",
+ "set_tls",
+ "sync_file_range2"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "arches": [
+ "arm",
+ "arm64"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "arch_prctl"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "arches": [
+ "amd64",
+ "x32"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "modify_ldt"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "arches": [
+ "amd64",
+ "x32",
+ "x86"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "s390_pci_mmio_read",
+ "s390_pci_mmio_write",
+ "s390_runtime_instr"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "arches": [
+ "s390",
+ "s390x"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "open_by_handle_at"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_DAC_READ_SEARCH"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "open_by_handle_at"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_DAC_READ_SEARCH"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "bpf",
+ "fanotify_init",
+ "lookup_dcookie",
+ "perf_event_open",
+ "quotactl",
+ "setdomainname",
+ "sethostname",
+ "setns"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_ADMIN"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "bpf",
+ "fanotify_init",
+ "lookup_dcookie",
+ "perf_event_open",
+ "quotactl",
+ "setdomainname",
+ "sethostname",
+ "setns"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_ADMIN"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "chroot"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_CHROOT"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "chroot"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_CHROOT"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "delete_module",
+ "finit_module",
+ "init_module",
+ "query_module"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_MODULE"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "delete_module",
+ "finit_module",
+ "init_module",
+ "query_module"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_MODULE"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "acct"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_PACCT"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "acct"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_PACCT"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "kcmp",
+ "process_madvise"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_PTRACE"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "kcmp",
+ "process_madvise"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_PTRACE"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "ioperm",
+ "iopl"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_RAWIO"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "ioperm",
+ "iopl"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_RAWIO"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "clock_settime",
+ "clock_settime64",
+ "settimeofday",
+ "stime"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_TIME"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "clock_settime",
+ "clock_settime64",
+ "settimeofday",
+ "stime"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_TIME"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "vhangup"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [],
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_SYS_TTY_CONFIG"
+ ]
+ },
+ "excludes": {}
+ },
+ {
+ "names": [
+ "vhangup"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_SYS_TTY_CONFIG"
+ ]
+ },
+ "errnoRet": 1,
+ "errno": "EPERM"
+ },
+ {
+ "names": [
+ "socket"
+ ],
+ "action": "SCMP_ACT_ERRNO",
+ "args": [
+ {
+ "index": 0,
+ "value": 16,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ },
+ {
+ "index": 2,
+ "value": 9,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_EQ"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_AUDIT_WRITE"
+ ]
+ },
+ "errnoRet": 22,
+ "errno": "EINVAL"
+ },
+ {
+ "names": [
+ "socket"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 2,
+ "value": 9,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_NE"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_AUDIT_WRITE"
+ ]
+ }
+ },
+ {
+ "names": [
+ "socket"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 0,
+ "value": 16,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_NE"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_AUDIT_WRITE"
+ ]
+ }
+ },
+ {
+ "names": [
+ "socket"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": [
+ {
+ "index": 2,
+ "value": 9,
+ "valueTwo": 0,
+ "op": "SCMP_CMP_NE"
+ }
+ ],
+ "comment": "",
+ "includes": {},
+ "excludes": {
+ "caps": [
+ "CAP_AUDIT_WRITE"
+ ]
+ }
+ },
+ {
+ "names": [
+ "socket"
+ ],
+ "action": "SCMP_ACT_ALLOW",
+ "args": null,
+ "comment": "",
+ "includes": {
+ "caps": [
+ "CAP_AUDIT_WRITE"
+ ]
+ },
+ "excludes": {}
+ }
+ ]
+}
\ No newline at end of file
diff --git a/app-containers/containers-common/metadata.xml b/app-containers/containers-common/metadata.xml
new file mode 100644
index 000000000000..f933e2eba60b
--- /dev/null
+++ b/app-containers/containers-common/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project" proxied="proxy">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <maintainer type="person" proxied="yes">
+ <email>rahil3108@gmail.com</email>
+ <name>Rahil Bhimjiani</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">containers/common</remote-id>
+ <bugs-to>https://github.com/containers/common/issues</bugs-to>
+ <doc>https://github.com/containers/common/blob/main/README.md</doc>
+ </upstream>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-containers/containers-common/, app-containers/containers-common/files/
@ 2023-09-25 3:45 Zac Medico
0 siblings, 0 replies; 3+ messages in thread
From: Zac Medico @ 2023-09-25 3:45 UTC (permalink / raw
To: gentoo-commits
commit: 9b045bfa3778f78b53823fb54511ac39f981a67e
Author: Rahil Bhimjiani <rahil3108 <AT> gmail <DOT> com>
AuthorDate: Mon Sep 25 02:36:17 2023 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon Sep 25 03:45:16 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b045bfa
app-containers/containers-common: update live
add blocker for podman, use upstream files as much as possible, remove
redundant functions
Closes: https://github.com/gentoo/gentoo/pull/33044
Signed-off-by: Rahil Bhimjiani <rahil3108 <AT> gmail.com>
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
.../containers-common/containers-common-9999.ebuild | 16 ++++------------
.../containers-common/files/examplify-mounts-conf.patch | 7 +++++++
2 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/app-containers/containers-common/containers-common-9999.ebuild b/app-containers/containers-common/containers-common-9999.ebuild
index f2bba24b1975..73407d6e4994 100644
--- a/app-containers/containers-common/containers-common-9999.ebuild
+++ b/app-containers/containers-common/containers-common-9999.ebuild
@@ -17,11 +17,12 @@ fi
LICENSE="Apache-2.0"
SLOT="0"
-
+RESTRICT="test"
RDEPEND="
app-containers/containers-image
app-containers/containers-storage
app-containers/containers-shortnames
+ !<app-containers/podman-4.5.0-r1
net-firewall/nftables
net-firewall/iptables[nftables]
|| ( app-containers/crun app-containers/runc )
@@ -42,20 +43,13 @@ src_prepare() {
sed -i -e 's|/usr/local|/usr|g;' docs/Makefile || die
eapply "${FILESDIR}/fix-warnings.patch"
-}
-
-src_configure() {
- return
+ eapply "${FILESDIR}/examplify-mounts-conf.patch"
}
src_compile() {
emake docs
}
-src_test() {
- return
-}
-
src_install() {
emake DESTDIR="${D}" install
@@ -68,9 +62,7 @@ src_install() {
doins "${FILESDIR}/default.yaml"
insinto /usr/share/containers
- # https://github.com/containers/common/raw/main/pkg/seccomp/seccomp.json
- # https://github.com/containers/common/raw/main/pkg/subscriptions/mounts.conf
- doins "${FILESDIR}/seccomp.json" "${FILESDIR}/mounts.conf"
+ doins pkg/seccomp/seccomp.json pkg/subscriptions/mounts.conf
keepdir /etc/containers/certs.d /etc/containers/oci/hooks.d /etc/containers/systemd /var/lib/containers/sigstore
}
diff --git a/app-containers/containers-common/files/examplify-mounts-conf.patch b/app-containers/containers-common/files/examplify-mounts-conf.patch
new file mode 100644
index 000000000000..eeaca09d5f1e
--- /dev/null
+++ b/app-containers/containers-common/files/examplify-mounts-conf.patch
@@ -0,0 +1,7 @@
+--- a/pkg/subscriptions/mounts.conf
++++ a/pkg/subscriptions/mounts.conf
+@@ -1 +1,3 @@
+-/usr/share/rhel/secrets:/run/secrets
++# Refer to containers-mounts.conf(5)
++# Example:
++# /usr/share/rhel/secrets:/run/secrets
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-containers/containers-common/, app-containers/containers-common/files/
@ 2023-10-31 17:19 Mike Gilbert
0 siblings, 0 replies; 3+ messages in thread
From: Mike Gilbert @ 2023-10-31 17:19 UTC (permalink / raw
To: gentoo-commits
commit: ad3eecb3f2690c328de4a539d915299c309af7fc
Author: Rahil Bhimjiani <rahil3108 <AT> gmail <DOT> com>
AuthorDate: Tue Oct 31 16:00:53 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Oct 31 17:18:48 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad3eecb3
app-containers/containers-common: drop 0.56.0, fix metadata.xml
Signed-off-by: Rahil Bhimjiani <rahil3108 <AT> gmail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../containers-common-0.56.0.ebuild | 76 --
.../containers-common-9999.ebuild | 2 +-
app-containers/containers-common/files/mounts.conf | 3 -
.../containers-common/files/seccomp.json | 1051 --------------------
app-containers/containers-common/metadata.xml | 8 +-
5 files changed, 5 insertions(+), 1135 deletions(-)
diff --git a/app-containers/containers-common/containers-common-0.56.0.ebuild b/app-containers/containers-common/containers-common-0.56.0.ebuild
deleted file mode 100644
index f2bba24b1975..000000000000
--- a/app-containers/containers-common/containers-common-0.56.0.ebuild
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DESCRIPTION="Common config files and docs for Containers eco-system"
-HOMEPAGE="https://github.com/containers/common"
-
-if [[ ${PV} == *9999* ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/containers/common.git"
-else
- SRC_URI="https://github.com/containers/common/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- S="${WORKDIR}/${P#containers-}"
- KEYWORDS="~amd64"
-fi
-
-LICENSE="Apache-2.0"
-SLOT="0"
-
-RDEPEND="
- app-containers/containers-image
- app-containers/containers-storage
- app-containers/containers-shortnames
- net-firewall/nftables
- net-firewall/iptables[nftables]
- || ( app-containers/crun app-containers/runc )
- || (
- ( >=app-containers/netavark-1.6.0 >=app-containers/aardvark-dns-1.6.0 )
- >=app-containers/cni-plugins-0.9.1
- )
-"
-
-BDEPEND="
- >=dev-go/go-md2man-2.0.2
-"
-
-src_prepare() {
- default
-
- [[ -f docs/Makefile ]] || die
- sed -i -e 's|/usr/local|/usr|g;' docs/Makefile || die
-
- eapply "${FILESDIR}/fix-warnings.patch"
-}
-
-src_configure() {
- return
-}
-
-src_compile() {
- emake docs
-}
-
-src_test() {
- return
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- insinto /etc/containers
- # https://github.com/containers/skopeo/raw/main/default-policy.json
- doins pkg/config/containers.conf "${FILESDIR}/policy.json"
-
- insinto /etc/containers/registries.d
- # https://github.com/containers/skopeo/raw/main/default.yaml
- doins "${FILESDIR}/default.yaml"
-
- insinto /usr/share/containers
- # https://github.com/containers/common/raw/main/pkg/seccomp/seccomp.json
- # https://github.com/containers/common/raw/main/pkg/subscriptions/mounts.conf
- doins "${FILESDIR}/seccomp.json" "${FILESDIR}/mounts.conf"
-
- keepdir /etc/containers/certs.d /etc/containers/oci/hooks.d /etc/containers/systemd /var/lib/containers/sigstore
-}
diff --git a/app-containers/containers-common/containers-common-9999.ebuild b/app-containers/containers-common/containers-common-9999.ebuild
index 73407d6e4994..8963de7d6a47 100644
--- a/app-containers/containers-common/containers-common-9999.ebuild
+++ b/app-containers/containers-common/containers-common-9999.ebuild
@@ -12,7 +12,7 @@ if [[ ${PV} == *9999* ]]; then
else
SRC_URI="https://github.com/containers/common/archive/v${PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/${P#containers-}"
- KEYWORDS="~amd64"
+ KEYWORDS="~amd64 ~arm64 ~riscv"
fi
LICENSE="Apache-2.0"
diff --git a/app-containers/containers-common/files/mounts.conf b/app-containers/containers-common/files/mounts.conf
deleted file mode 100644
index 281e1d687f94..000000000000
--- a/app-containers/containers-common/files/mounts.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# Refer to containers-mounts.conf(5)
-# Example:
-# /usr/share/rhel/secrets:/run/secrets
diff --git a/app-containers/containers-common/files/seccomp.json b/app-containers/containers-common/files/seccomp.json
deleted file mode 100644
index 18674db4d62e..000000000000
--- a/app-containers/containers-common/files/seccomp.json
+++ /dev/null
@@ -1,1051 +0,0 @@
-{
- "defaultAction": "SCMP_ACT_ERRNO",
- "defaultErrnoRet": 38,
- "defaultErrno": "ENOSYS",
- "archMap": [
- {
- "architecture": "SCMP_ARCH_X86_64",
- "subArchitectures": [
- "SCMP_ARCH_X86",
- "SCMP_ARCH_X32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_AARCH64",
- "subArchitectures": [
- "SCMP_ARCH_ARM"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_S390X",
- "subArchitectures": [
- "SCMP_ARCH_S390"
- ]
- }
- ],
- "syscalls": [
- {
- "names": [
- "bdflush",
- "io_pgetevents",
- "kexec_file_load",
- "kexec_load",
- "migrate_pages",
- "move_pages",
- "nfsservctl",
- "nice",
- "oldfstat",
- "oldlstat",
- "oldolduname",
- "oldstat",
- "olduname",
- "pciconfig_iobase",
- "pciconfig_read",
- "pciconfig_write",
- "sgetmask",
- "ssetmask",
- "swapcontext",
- "swapoff",
- "swapon",
- "sysfs",
- "uselib",
- "userfaultfd",
- "ustat",
- "vm86",
- "vm86old",
- "vmsplice"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {},
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "_llseek",
- "_newselect",
- "accept",
- "accept4",
- "access",
- "adjtimex",
- "alarm",
- "bind",
- "brk",
- "capget",
- "capset",
- "chdir",
- "chmod",
- "chown",
- "chown32",
- "clock_adjtime",
- "clock_adjtime64",
- "clock_getres",
- "clock_getres_time64",
- "clock_gettime",
- "clock_gettime64",
- "clock_nanosleep",
- "clock_nanosleep_time64",
- "clone",
- "clone3",
- "close",
- "close_range",
- "connect",
- "copy_file_range",
- "creat",
- "dup",
- "dup2",
- "dup3",
- "epoll_create",
- "epoll_create1",
- "epoll_ctl",
- "epoll_ctl_old",
- "epoll_pwait",
- "epoll_pwait2",
- "epoll_wait",
- "epoll_wait_old",
- "eventfd",
- "eventfd2",
- "execve",
- "execveat",
- "exit",
- "exit_group",
- "faccessat",
- "faccessat2",
- "fadvise64",
- "fadvise64_64",
- "fallocate",
- "fanotify_mark",
- "fchdir",
- "fchmod",
- "fchmodat",
- "fchown",
- "fchown32",
- "fchownat",
- "fcntl",
- "fcntl64",
- "fdatasync",
- "fgetxattr",
- "flistxattr",
- "flock",
- "fork",
- "fremovexattr",
- "fsconfig",
- "fsetxattr",
- "fsmount",
- "fsopen",
- "fspick",
- "fstat",
- "fstat64",
- "fstatat64",
- "fstatfs",
- "fstatfs64",
- "fsync",
- "ftruncate",
- "ftruncate64",
- "futex",
- "futex_time64",
- "futimesat",
- "get_mempolicy",
- "get_robust_list",
- "get_thread_area",
- "getcpu",
- "getcwd",
- "getdents",
- "getdents64",
- "getegid",
- "getegid32",
- "geteuid",
- "geteuid32",
- "getgid",
- "getgid32",
- "getgroups",
- "getgroups32",
- "getitimer",
- "getpeername",
- "getpgid",
- "getpgrp",
- "getpid",
- "getppid",
- "getpriority",
- "getrandom",
- "getresgid",
- "getresgid32",
- "getresuid",
- "getresuid32",
- "getrlimit",
- "getrusage",
- "getsid",
- "getsockname",
- "getsockopt",
- "gettid",
- "gettimeofday",
- "getuid",
- "getuid32",
- "getxattr",
- "inotify_add_watch",
- "inotify_init",
- "inotify_init1",
- "inotify_rm_watch",
- "io_cancel",
- "io_destroy",
- "io_getevents",
- "io_setup",
- "io_submit",
- "ioctl",
- "ioprio_get",
- "ioprio_set",
- "ipc",
- "keyctl",
- "kill",
- "landlock_add_rule",
- "landlock_create_ruleset",
- "landlock_restrict_self",
- "lchown",
- "lchown32",
- "lgetxattr",
- "link",
- "linkat",
- "listen",
- "listxattr",
- "llistxattr",
- "lremovexattr",
- "lseek",
- "lsetxattr",
- "lstat",
- "lstat64",
- "madvise",
- "mbind",
- "membarrier",
- "memfd_create",
- "memfd_secret",
- "mincore",
- "mkdir",
- "mkdirat",
- "mknod",
- "mknodat",
- "mlock",
- "mlock2",
- "mlockall",
- "mmap",
- "mmap2",
- "mount",
- "mount_setattr",
- "move_mount",
- "mprotect",
- "mq_getsetattr",
- "mq_notify",
- "mq_open",
- "mq_timedreceive",
- "mq_timedreceive_time64",
- "mq_timedsend",
- "mq_timedsend_time64",
- "mq_unlink",
- "mremap",
- "msgctl",
- "msgget",
- "msgrcv",
- "msgsnd",
- "msync",
- "munlock",
- "munlockall",
- "munmap",
- "name_to_handle_at",
- "nanosleep",
- "newfstatat",
- "open",
- "open_tree",
- "openat",
- "openat2",
- "pause",
- "pidfd_getfd",
- "pidfd_open",
- "pidfd_send_signal",
- "pipe",
- "pipe2",
- "pivot_root",
- "pkey_alloc",
- "pkey_free",
- "pkey_mprotect",
- "poll",
- "ppoll",
- "ppoll_time64",
- "prctl",
- "pread64",
- "preadv",
- "preadv2",
- "prlimit64",
- "process_mrelease",
- "process_vm_readv",
- "process_vm_writev",
- "pselect6",
- "pselect6_time64",
- "ptrace",
- "pwrite64",
- "pwritev",
- "pwritev2",
- "read",
- "readahead",
- "readdir",
- "readlink",
- "readlinkat",
- "readv",
- "reboot",
- "recv",
- "recvfrom",
- "recvmmsg",
- "recvmmsg_time64",
- "recvmsg",
- "remap_file_pages",
- "removexattr",
- "rename",
- "renameat",
- "renameat2",
- "restart_syscall",
- "rmdir",
- "rseq",
- "rt_sigaction",
- "rt_sigpending",
- "rt_sigprocmask",
- "rt_sigqueueinfo",
- "rt_sigreturn",
- "rt_sigsuspend",
- "rt_sigtimedwait",
- "rt_sigtimedwait_time64",
- "rt_tgsigqueueinfo",
- "sched_get_priority_max",
- "sched_get_priority_min",
- "sched_getaffinity",
- "sched_getattr",
- "sched_getparam",
- "sched_getscheduler",
- "sched_rr_get_interval",
- "sched_rr_get_interval_time64",
- "sched_setaffinity",
- "sched_setattr",
- "sched_setparam",
- "sched_setscheduler",
- "sched_yield",
- "seccomp",
- "select",
- "semctl",
- "semget",
- "semop",
- "semtimedop",
- "semtimedop_time64",
- "send",
- "sendfile",
- "sendfile64",
- "sendmmsg",
- "sendmsg",
- "sendto",
- "set_mempolicy",
- "set_robust_list",
- "set_thread_area",
- "set_tid_address",
- "setfsgid",
- "setfsgid32",
- "setfsuid",
- "setfsuid32",
- "setgid",
- "setgid32",
- "setgroups",
- "setgroups32",
- "setitimer",
- "setns",
- "setpgid",
- "setpriority",
- "setregid",
- "setregid32",
- "setresgid",
- "setresgid32",
- "setresuid",
- "setresuid32",
- "setreuid",
- "setreuid32",
- "setrlimit",
- "setsid",
- "setsockopt",
- "setuid",
- "setuid32",
- "setxattr",
- "shmat",
- "shmctl",
- "shmdt",
- "shmget",
- "shutdown",
- "sigaction",
- "sigaltstack",
- "signal",
- "signalfd",
- "signalfd4",
- "sigpending",
- "sigprocmask",
- "sigreturn",
- "sigsuspend",
- "socketcall",
- "socketpair",
- "splice",
- "stat",
- "stat64",
- "statfs",
- "statfs64",
- "statx",
- "symlink",
- "symlinkat",
- "sync",
- "sync_file_range",
- "syncfs",
- "syscall",
- "sysinfo",
- "syslog",
- "tee",
- "tgkill",
- "time",
- "timer_create",
- "timer_delete",
- "timer_getoverrun",
- "timer_gettime",
- "timer_gettime64",
- "timer_settime",
- "timer_settime64",
- "timerfd",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_gettime64",
- "timerfd_settime",
- "timerfd_settime64",
- "times",
- "tkill",
- "truncate",
- "truncate64",
- "ugetrlimit",
- "umask",
- "umount",
- "umount2",
- "uname",
- "unlink",
- "unlinkat",
- "unshare",
- "utime",
- "utimensat",
- "utimensat_time64",
- "utimes",
- "vfork",
- "wait4",
- "waitid",
- "waitpid",
- "write",
- "writev"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 0,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 8,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131072,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131080,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 4294967295,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "sync_file_range2"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "ppc64le"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arm_fadvise64_64",
- "arm_sync_file_range",
- "breakpoint",
- "cacheflush",
- "set_tls",
- "sync_file_range2"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "arm",
- "arm64"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arch_prctl"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "modify_ldt"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32",
- "x86"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "s390_pci_mmio_read",
- "s390_pci_mmio_write",
- "s390_runtime_instr"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "s390",
- "s390x"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "open_by_handle_at"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_DAC_READ_SEARCH"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "open_by_handle_at"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_DAC_READ_SEARCH"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "bpf",
- "fanotify_init",
- "lookup_dcookie",
- "perf_event_open",
- "quotactl",
- "setdomainname",
- "sethostname",
- "setns"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "bpf",
- "fanotify_init",
- "lookup_dcookie",
- "perf_event_open",
- "quotactl",
- "setdomainname",
- "sethostname",
- "setns"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "chroot"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_CHROOT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "chroot"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_CHROOT"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "delete_module",
- "finit_module",
- "init_module",
- "query_module"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_MODULE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "delete_module",
- "finit_module",
- "init_module",
- "query_module"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_MODULE"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "acct"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PACCT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "acct"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_PACCT"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "kcmp",
- "process_madvise"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PTRACE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "kcmp",
- "process_madvise"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_PTRACE"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "ioperm",
- "iopl"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_RAWIO"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "ioperm",
- "iopl"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_RAWIO"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "clock_settime",
- "clock_settime64",
- "settimeofday",
- "stime"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TIME"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "clock_settime",
- "clock_settime64",
- "settimeofday",
- "stime"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_TIME"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "vhangup"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TTY_CONFIG"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "vhangup"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_TTY_CONFIG"
- ]
- },
- "errnoRet": 1,
- "errno": "EPERM"
- },
- {
- "names": [
- "socket"
- ],
- "action": "SCMP_ACT_ERRNO",
- "args": [
- {
- "index": 0,
- "value": 16,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- },
- {
- "index": 2,
- "value": 9,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_AUDIT_WRITE"
- ]
- },
- "errnoRet": 22,
- "errno": "EINVAL"
- },
- {
- "names": [
- "socket"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 2,
- "value": 9,
- "valueTwo": 0,
- "op": "SCMP_CMP_NE"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_AUDIT_WRITE"
- ]
- }
- },
- {
- "names": [
- "socket"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 16,
- "valueTwo": 0,
- "op": "SCMP_CMP_NE"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_AUDIT_WRITE"
- ]
- }
- },
- {
- "names": [
- "socket"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 2,
- "value": 9,
- "valueTwo": 0,
- "op": "SCMP_CMP_NE"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_AUDIT_WRITE"
- ]
- }
- },
- {
- "names": [
- "socket"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": null,
- "comment": "",
- "includes": {
- "caps": [
- "CAP_AUDIT_WRITE"
- ]
- },
- "excludes": {}
- }
- ]
-}
\ No newline at end of file
diff --git a/app-containers/containers-common/metadata.xml b/app-containers/containers-common/metadata.xml
index f933e2eba60b..89e0921eddbb 100644
--- a/app-containers/containers-common/metadata.xml
+++ b/app-containers/containers-common/metadata.xml
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <maintainer type="project" proxied="proxy">
- <email>proxy-maint@gentoo.org</email>
- <name>Proxy Maintainers</name>
- </maintainer>
<maintainer type="person" proxied="yes">
<email>rahil3108@gmail.com</email>
<name>Rahil Bhimjiani</name>
</maintainer>
+ <maintainer type="project" proxied="proxy">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
<upstream>
<remote-id type="github">containers/common</remote-id>
<bugs-to>https://github.com/containers/common/issues</bugs-to>
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-10-31 17:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-21 22:17 [gentoo-commits] repo/gentoo:master commit in: app-containers/containers-common/, app-containers/containers-common/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2023-09-25 3:45 Zac Medico
2023-10-31 17:19 Mike Gilbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox