From 68ccb8a94771137a1902a18886384117ca174421 Mon Sep 17 00:00:00 2001 From: ironyman Date: Fri, 7 May 2021 23:21:17 -0700 Subject: [PATCH] Use system-validators v1.5.0 --- go.mod | 4 ++-- go.sum | 4 ++-- .../validators/docker_validator.go | 20 +++++++++++++++---- .../validators/types_unix.go | 2 ++ vendor/modules.txt | 4 ++-- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 31aa17b94c3..521c2a0dfbd 100644 --- a/go.mod +++ b/go.mod @@ -130,7 +130,7 @@ require ( k8s.io/mount-utils v0.0.0 k8s.io/pod-security-admission v0.0.0 k8s.io/sample-apiserver v0.0.0 - k8s.io/system-validators v1.4.0 + k8s.io/system-validators v1.5.0 k8s.io/utils v0.0.0-20210521133846-da695404a2bc sigs.k8s.io/structured-merge-diff/v4 v4.1.2 sigs.k8s.io/yaml v1.2.0 @@ -513,7 +513,7 @@ replace ( k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller - k8s.io/system-validators => k8s.io/system-validators v1.4.0 + k8s.io/system-validators => k8s.io/system-validators v1.5.0 k8s.io/utils => k8s.io/utils v0.0.0-20210521133846-da695404a2bc modernc.org/cc => modernc.org/cc v1.0.0 modernc.org/golex => modernc.org/golex v1.0.0 diff --git a/go.sum b/go.sum index 5e9c1ba3220..082afd19da6 100644 --- a/go.sum +++ b/go.sum @@ -589,8 +589,8 @@ k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/system-validators v1.4.0 h1:8ruXIHkuTAGfv9rHJproNWFW8oLASThFkCOxeHPYkNU= -k8s.io/system-validators v1.4.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q= +k8s.io/system-validators v1.5.0 h1:gGgluCTkpKc/zUszjamp4LFfMVM0wuYG2qjIFL4MMeQ= +k8s.io/system-validators v1.5.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q= k8s.io/utils v0.0.0-20210521133846-da695404a2bc h1:dx6VGe+PnOW/kD/2UV4aUSsRfJGd7+lcqgJ6Xg0HwUs= k8s.io/utils v0.0.0-20210521133846-da695404a2bc/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= diff --git a/vendor/k8s.io/system-validators/validators/docker_validator.go b/vendor/k8s.io/system-validators/validators/docker_validator.go index 6cb0ab23623..4ebed9f6bfe 100644 --- a/vendor/k8s.io/system-validators/validators/docker_validator.go +++ b/vendor/k8s.io/system-validators/validators/docker_validator.go @@ -17,6 +17,7 @@ limitations under the License. package system import ( + "bytes" "encoding/json" "os/exec" "regexp" @@ -63,16 +64,27 @@ func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error) { // Run 'docker info' with a JSON output and unmarshal it into a dockerInfo object info := dockerInfo{} - out, err := exec.Command("docker", "info", "--format", "{{json .}}").CombinedOutput() + cmd := exec.Command("docker", "info", "--format", "{{json .}}") + + // Stderr can contain warnings despite docker info success. + var outb, errb bytes.Buffer + cmd.Stdout = &outb + cmd.Stderr = &errb + err := cmd.Run() if err != nil { - return nil, []error{errors.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nerror: %v`, string(out), err)} + return nil, []error{errors.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nstderr: %s\nerror: %v`, outb.String(), errb.String(), err)} } - if err := d.unmarshalDockerInfo(out, &info); err != nil { + if err := d.unmarshalDockerInfo(outb.Bytes(), &info); err != nil { return nil, []error{err} } // validate the resulted docker info object against the spec - return d.validateDockerInfo(spec.RuntimeSpec.DockerSpec, info) + warnings, errs := d.validateDockerInfo(spec.RuntimeSpec.DockerSpec, info) + + if len(errb.String()) > 0 { + warnings = append(warnings, errors.Errorf(`the command "docker info --format '{{json.}}'" succeeded with potential warnings\noutput: %s`, errb.String())) + } + return warnings, errs } func (d *DockerValidator) unmarshalDockerInfo(b []byte, info *dockerInfo) error { diff --git a/vendor/k8s.io/system-validators/validators/types_unix.go b/vendor/k8s.io/system-validators/validators/types_unix.go index a315bb6cc96..9658ffdd771 100644 --- a/vendor/k8s.io/system-validators/validators/types_unix.go +++ b/vendor/k8s.io/system-validators/validators/types_unix.go @@ -57,6 +57,8 @@ var DefaultSysSpec = SysSpec{ {Name: "BLK_DEV_DM", Description: "Required for devicemapper."}, {Name: "CFS_BANDWIDTH", Description: "Required for CPU quota."}, {Name: "CGROUP_HUGETLB", Description: "Required for hugetlb cgroup."}, + {Name: "SECCOMP", Description: "Required for seccomp."}, + {Name: "SECCOMP_FILTER", Description: "Required for seccomp mode 2."}, }, Forbidden: []KernelConfig{}, }, diff --git a/vendor/modules.txt b/vendor/modules.txt index f910b229657..24d193ac7f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2259,7 +2259,7 @@ k8s.io/sample-apiserver/pkg/generated/openapi k8s.io/sample-apiserver/pkg/registry k8s.io/sample-apiserver/pkg/registry/wardle/fischer k8s.io/sample-apiserver/pkg/registry/wardle/flunder -# k8s.io/system-validators v1.4.0 => k8s.io/system-validators v1.4.0 +# k8s.io/system-validators v1.5.0 => k8s.io/system-validators v1.5.0 ## explicit k8s.io/system-validators/validators # k8s.io/utils v0.0.0-20210521133846-da695404a2bc => k8s.io/utils v0.0.0-20210521133846-da695404a2bc @@ -2745,7 +2745,7 @@ sigs.k8s.io/yaml # k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver # k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin # k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller -# k8s.io/system-validators => k8s.io/system-validators v1.4.0 +# k8s.io/system-validators => k8s.io/system-validators v1.5.0 # k8s.io/utils => k8s.io/utils v0.0.0-20210521133846-da695404a2bc # modernc.org/cc => modernc.org/cc v1.0.0 # modernc.org/golex => modernc.org/golex v1.0.0