Update libcontainer to 227771c8f611f03639f0ee
This fixes regressions for docker containers mounting into
/sys/fs/cgroup.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
diff --git a/hack/vendor.sh b/hack/vendor.sh
index 2a6c409..c0b1112 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -75,7 +75,7 @@
mkdir -p src/github.com/docker/distribution
mv tmp-digest src/github.com/docker/distribution/digest
-clone git github.com/docker/libcontainer 1b471834b45063b61e0aedefbb1739a8f34b414e
+clone git github.com/docker/libcontainer 227771c8f611f03639f0eeb169428761d9504ab5
# see src/github.com/docker/libcontainer/update-vendor.sh which is the "source of truth" for libcontainer deps (just like this file)
rm -rf src/github.com/docker/libcontainer/vendor
eval "$(grep '^clone ' src/github.com/docker/libcontainer/update-vendor.sh | grep -v 'github.com/codegangsta/cli' | grep -v 'github.com/Sirupsen/logrus')"
diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 9f7f578..7fda0a4 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -3499,9 +3499,9 @@
func TestMountIntoSys(t *testing.T) {
defer deleteAllContainers()
- code, err := runCommand(exec.Command(dockerBinary, "run", "-v", "/sys/", "busybox", "true"))
- if err == nil || code == 0 {
- t.Fatal("container should not be able to mount into /sys")
+ _, err := runCommand(exec.Command(dockerBinary, "run", "-v", "/sys/fs/cgroup", "busybox", "true"))
+ if err != nil {
+ t.Fatal("container should be able to mount into /sys")
}
logDone("run - mount into sys")
}
diff --git a/vendor/src/github.com/docker/libcontainer/process_linux.go b/vendor/src/github.com/docker/libcontainer/process_linux.go
index 1c74b65..66411a8 100644
--- a/vendor/src/github.com/docker/libcontainer/process_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/process_linux.go
@@ -119,6 +119,9 @@
// terminate sends a SIGKILL to the forked process for the setns routine then waits to
// avoid the process becomming a zombie.
func (p *setnsProcess) terminate() error {
+ if p.cmd.Process == nil {
+ return nil
+ }
err := p.cmd.Process.Kill()
if _, werr := p.wait(); err == nil {
err = werr
diff --git a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
index 7a82edb..472a4a9 100644
--- a/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
+++ b/vendor/src/github.com/docker/libcontainer/rootfs_linux.go
@@ -150,7 +150,6 @@
}
invalidDestinations := []string{
"/proc",
- "/sys",
}
for _, invalid := range invalidDestinations {
path, err := filepath.Rel(filepath.Join(rootfs, invalid), dest)
diff --git a/vendor/src/github.com/docker/libcontainer/rootfs_linux_test.go b/vendor/src/github.com/docker/libcontainer/rootfs_linux_test.go
index 54df065..a3bb077 100644
--- a/vendor/src/github.com/docker/libcontainer/rootfs_linux_test.go
+++ b/vendor/src/github.com/docker/libcontainer/rootfs_linux_test.go
@@ -15,8 +15,8 @@
func TestCheckMountDestInSys(t *testing.T) {
dest := "/rootfs//sys/fs/cgroup"
err := checkMountDestination("/rootfs", dest)
- if err == nil {
- t.Fatal("destination inside proc should return an error")
+ if err != nil {
+ t.Fatal("destination inside /sys should not return an error")
}
}