From d9aada88dcbf15ca8bd6941f9790d05588be55a7 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Tue, 30 May 2017 15:05:08 +0100 Subject: [PATCH] Update for new default namespaces See https://github.com/moby/tool/pull/56 Signed-off-by: Justin Cormack --- pkg/binfmt/Dockerfile | 2 +- pkg/dhcpcd/Dockerfile | 2 +- pkg/format/Dockerfile | 2 +- pkg/metadata/Dockerfile | 2 +- pkg/mount/Dockerfile | 2 +- pkg/node_exporter/Dockerfile | 2 +- pkg/open-vm-tools/Dockerfile | 1 - pkg/openntpd/Dockerfile | 2 +- pkg/rngd/Dockerfile | 2 +- pkg/sshd/Dockerfile | 2 +- pkg/swap/Dockerfile | 2 +- pkg/sysctl/Dockerfile | 2 +- pkg/sysfs/Dockerfile | 1 + test/pkg/poweroff/Dockerfile | 2 +- 14 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pkg/binfmt/Dockerfile b/pkg/binfmt/Dockerfile index 8d8acae13..9eae1e14e 100644 --- a/pkg/binfmt/Dockerfile +++ b/pkg/binfmt/Dockerfile @@ -19,4 +19,4 @@ COPY --from=qemu usr/bin/qemu-* usr/bin/ COPY --from=mirror /go/bin/binfmt usr/bin/binfmt COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] -LABEL org.mobyproject.config='{"binds": ["/proc/sys/fs/binfmt_misc:/binfmt_misc"], "readonly": true}' +LABEL org.mobyproject.config='{"binds": ["/proc/sys/fs/binfmt_misc:/binfmt_misc"], "readonly": true, "net": "new", "ipc": "new"}' diff --git a/pkg/dhcpcd/Dockerfile b/pkg/dhcpcd/Dockerfile index 6bf8536af..fd40b6fbb 100644 --- a/pkg/dhcpcd/Dockerfile +++ b/pkg/dhcpcd/Dockerfile @@ -16,4 +16,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY /dhcpcd.conf /usr/ / CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"] -LABEL org.mobyproject.config='{"binds": ["/var:/var", "/tmp/etc:/etc"], "net": "host", "capabilities": ["CAP_NET_ADMIN", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW"]}' +LABEL org.mobyproject.config='{"binds": ["/var:/var", "/tmp/etc:/etc"], "capabilities": ["CAP_NET_ADMIN", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW"]}' diff --git a/pkg/format/Dockerfile b/pkg/format/Dockerfile index 74cf2004a..73f1c604f 100644 --- a/pkg/format/Dockerfile +++ b/pkg/format/Dockerfile @@ -19,4 +19,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY format.sh / CMD ["/bin/sh", "/format.sh"] -LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"]}' +LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}' diff --git a/pkg/metadata/Dockerfile b/pkg/metadata/Dockerfile index 719e17681..d3fa8fd1d 100644 --- a/pkg/metadata/Dockerfile +++ b/pkg/metadata/Dockerfile @@ -12,4 +12,4 @@ CMD [] WORKDIR / COPY --from=mirror /go/bin/metadata /usr/bin/metadata CMD ["/usr/bin/metadata"] -LABEL org.mobyproject.config='{"net": "host", "binds": ["/dev:/dev", "/var:/var", "/tmp/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_ADMIN"]}' +LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var", "/tmp/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_ADMIN"]}' diff --git a/pkg/mount/Dockerfile b/pkg/mount/Dockerfile index 767f42d63..b4609b24b 100644 --- a/pkg/mount/Dockerfile +++ b/pkg/mount/Dockerfile @@ -17,4 +17,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY mount.sh / CMD ["/bin/sh", "/mount.sh"] -LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var:rshared,rbind"], "capabilities": ["CAP_SYS_ADMIN"], "rootfsPropagation": "shared"}' +LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var:rshared,rbind"], "capabilities": ["CAP_SYS_ADMIN"], "rootfsPropagation": "shared", "net": "new", "ipc": "new"}' diff --git a/pkg/node_exporter/Dockerfile b/pkg/node_exporter/Dockerfile index c680e3970..7bf17fdd9 100644 --- a/pkg/node_exporter/Dockerfile +++ b/pkg/node_exporter/Dockerfile @@ -4,4 +4,4 @@ ENTRYPOINT ["/bin/node_exporter", "-collector.procfs", "/host/proc", \ "-collector.sysfs", "/host/sys", \ "-collector.filesystem.ignored-mount-points", \ "^/(sys|proc|dev|host|etc)($|/)"] -LABEL org.mobyproject.config='{"net": "host", "pid": "host", "binds": ["/proc:/host/proc", "/sys:/host/sys", "/:/rootfs"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "binds": ["/proc:/host/proc", "/sys:/host/sys", "/:/rootfs"], "capabilities": ["all"]}' diff --git a/pkg/open-vm-tools/Dockerfile b/pkg/open-vm-tools/Dockerfile index 95a2ea10f..18db88aac 100644 --- a/pkg/open-vm-tools/Dockerfile +++ b/pkg/open-vm-tools/Dockerfile @@ -14,4 +14,3 @@ CMD [] WORKDIR / COPY --from=mirror /out/ / CMD ["/usr/bin/vmtoolsd"] -LABEL org.mobyproject.config='{"net": "host"}' diff --git a/pkg/openntpd/Dockerfile b/pkg/openntpd/Dockerfile index 318cdf938..a021587c4 100644 --- a/pkg/openntpd/Dockerfile +++ b/pkg/openntpd/Dockerfile @@ -16,4 +16,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY etc/ /etc/ CMD ["/usr/sbin/ntpd", "-d", "-s"] -LABEL org.mobyproject.config='{"net": "host", "capabilities": ["CAP_SYS_TIME", "CAP_SYS_NICE", "CAP_SYS_CHROOT", "CAP_SETUID", "CAP_SETGID"]}' +LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_TIME", "CAP_SYS_NICE", "CAP_SYS_CHROOT", "CAP_SETUID", "CAP_SETGID"]}' diff --git a/pkg/rngd/Dockerfile b/pkg/rngd/Dockerfile index 44efcf3ad..07fd49dbd 100644 --- a/pkg/rngd/Dockerfile +++ b/pkg/rngd/Dockerfile @@ -42,4 +42,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY --from=build usr/sbin/rngd usr/sbin/rngd CMD ["/sbin/tini", "/usr/sbin/rngd", "-f"] -LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_ADMIN"], "oomScoreAdj": -800, "readonly": true}' +LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_ADMIN"], "oomScoreAdj": -800, "readonly": true, "net": "new", "ipc": "new"}' diff --git a/pkg/sshd/Dockerfile b/pkg/sshd/Dockerfile index fd5457637..31c48bc7e 100644 --- a/pkg/sshd/Dockerfile +++ b/pkg/sshd/Dockerfile @@ -19,4 +19,4 @@ COPY etc/ /etc/ COPY usr/ /usr/ RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh CMD ["/sbin/tini", "/usr/bin/ssh.sh"] -LABEL org.mobyproject.config='{"net": "host", "pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["all"]}' diff --git a/pkg/swap/Dockerfile b/pkg/swap/Dockerfile index 9ee7d5fda..7ad7f0ab0 100644 --- a/pkg/swap/Dockerfile +++ b/pkg/swap/Dockerfile @@ -16,4 +16,4 @@ WORKDIR / COPY --from=mirror /out/ / COPY /swap.sh . ENTRYPOINT ["swap.sh"] -LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"]}' +LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}' diff --git a/pkg/sysctl/Dockerfile b/pkg/sysctl/Dockerfile index d2b4d7dfe..828e80ac1 100644 --- a/pkg/sysctl/Dockerfile +++ b/pkg/sysctl/Dockerfile @@ -13,4 +13,4 @@ WORKDIR / COPY --from=mirror /go/bin/sysctl /usr/bin/sysctl COPY etc/ /etc/ CMD ["/usr/bin/sysctl"] -LABEL org.mobyproject.config='{"net": "host","pid": "host", "ipc": "host", "readonly": true, "capabilities": ["CAP_SYS_ADMIN"]}' +LABEL org.mobyproject.config='{"pid": "host", "readonly": true, "capabilities": ["CAP_SYS_ADMIN"]}' diff --git a/pkg/sysfs/Dockerfile b/pkg/sysfs/Dockerfile index a76186f12..3383ef010 100644 --- a/pkg/sysfs/Dockerfile +++ b/pkg/sysfs/Dockerfile @@ -13,3 +13,4 @@ WORKDIR / COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs COPY etc/ /etc/ CMD ["/usr/bin/sysfs"] +LABEL org.mobyproject.config='{"net": "new", "ipc": "new"}' diff --git a/test/pkg/poweroff/Dockerfile b/test/pkg/poweroff/Dockerfile index 81bd752f7..597989a64 100644 --- a/test/pkg/poweroff/Dockerfile +++ b/test/pkg/poweroff/Dockerfile @@ -1,4 +1,4 @@ FROM alpine:3.5 ADD . ./ ENTRYPOINT ["/bin/sh", "/poweroff.sh"] -LABEL org.mobyproject.config='{"net": "host","pid": "host", "ipc": "host", "readonly": true, "capabilities": ["CAP_SYS_BOOT"]}' +LABEL org.mobyproject.config='{"pid": "host", "readonly": true, "capabilities": ["CAP_SYS_BOOT"]}'