Chown clears suid bits even for root on Linux.
Also move a few functions to x/sys/unix from syscall, to be
more arm64 friendly.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
To enable this bump github.com/Azure/go-ansiterm and github.com/docker/docker
to their latest version which have switched to lower case.
This in turn requires bumping golang.org/x/sys since github.com/docker/docker/pkg/term
now uses `unix.IoctlGetTermios`. I picked the revision from docker/docker's vendor.conf.
Signed-off-by: Ian Campbell <ijc@docker.com>
Runc is master as of this morning, slightly newer than what is vendored into
containerd v1.0.0-alpha3 but the differences[0] seemed benign and/or good to have.
Signed-off-by: Ian Campbell <ijc@docker.com>
[0] 429a538712...45bde006ca
In line with BIOS ISO changes previously.
Remove boot options, user can add if required, they made boot very slow.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The PR to enable notary signing has been merged. Also update
documentation as `got get` should now also work.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
On arm64 the serial console is a ttyAMA0. Non-existing
consoles are ignored, so this should work on x86 and arm64.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- When executing on aarch64, use it as the default arch
- When selecting aarch64 on a non aarch64 system set the
CPU flag to a default value (not 'host').
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This requires that users have `CAP_SYSLOG` in order to access `dmesg`.
This means that containers by default have no access to `dmesg` (which
can leak information about the host or other containers) unless they
have this capability added.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
They either won't work or the packages are specific
to x86_64 like the DfM or VMware packages.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The following packages did not work on aarch64:
- linuxkit/test-docker-bench
- linuxkit/test-ltp
- linuxkit/test-ns
- linuxkit/test-virtsock
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
A package makefile can specify a list of architectures ('ARCHES')
it supports. If build on a unsupported architecture, a message is
printed and make exits without an error.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
