upgrade #2
Merged
upgrade #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This are based on the core libseccomp docs. Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
These constants are equal in libseccomp but Go definitions were defined separately. This resulted in dead code that never executed due to identical case statements in switch. Go can usually detect these error cases and refuses to build but for some reason this detection doesn’t work with cgo+gcc. Clang detects the equal constants correctly and therefore libseccomp-golang builds with clang broke after ActKillThread was added. In order to fix the clang build only removal of the switch case is needed. But I assumed that the setter/getter logic is supposed to work for ActKillThread as well and only way to ensure that is to set them equal like they are in C. Signed-off-by: Tonis Tiigi <[email protected]> Signed-off-by: Sebastiaan van Stijn <[email protected]> Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]> Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
According to the Go release policy[1], only the two most recent releases are supported: Each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release. We fix critical problems, including critical security problems, in supported releases as needed by issuing minor revisions (for example, Go 1.6.1, Go 1.6.2, and so on). ... and with Go v1.18 being the most recent major release, trim the Go versions to the two supported 1.18.x and 1.17.x, leaving 1.16.x as it remains part of the GH Ubuntu 20.04 environment even though it is officially unsupported. Go 1.15.x is dropped from the test matrix. We also update the core libseccomp library to the latest v2.5.x release, which is v2.5.4 as of April 21, 2022. The previous libseccomp versions are left untouched in the test matrix, even though they are no longer supported upstream. [1] https://go.dev/doc/devel/release#policy Acked-by: Tom Hromatka <[email protected]> Acked-by: Kir Kolyshkin <[email protected]> Signed-off-by: Paul Moore <[email protected]>
As per seccomp#87 Signed-off-by: Kir Kolyshkin <[email protected]> Signed-off-by: Paul Moore <[email protected]>
Bumps: * Update actions/checkout, actions/setup-go, golangci/golangci-lint-action from v2 to v3. * Bump golangci-lint to v1.45. Cleanups: * Remove "stable" parameter for setup-go (not needed since v3, see [1]). * Remove the obsoleted comment for golangci-lint (no longer true, see [2]). [1] https://github.com/actions/setup-go/releases/tag/v3.0.0 [2] golangci/golangci-lint-action#167 Signed-off-by: Kir Kolyshkin <[email protected]> Acked-by: Paul Moore <[email protected]> Signed-off-by: Tom Hromatka <[email protected]>
The mailing list has been deprecated and made read-only, remove references from the README.md file. Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
Update our release process and README documentation based on our current plans. These docs can (and should!) be updated as needed to reflect changes in our processes. Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Whenever we do not return the error code from a libseccomp call directly, embed it into our error (via %w), so that a user can still check for it using something like errors.Is(err, syscall.EINVAL). Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]>
In case seccomp_api_set() failed, embed its return code into the error (rather than merely adding -N text into it), so that a user can check for a particular error using e.g. errors.Is(err, syscall.EINVAL). Do not embed EOPNOTSUPP since this is not what libseccomp returns (this is returned by own code in case it is compiled with old (< 2.4.0) libseccomp headers). Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]>
If there are no %-style directives, using errors.New is preferable. Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]>
Acked-by: Paul Moore <[email protected]> Acked-by: Tom Hromatka <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]>
1 task
|
Could you add the description to this PR? I guess you are trying to sync from the upstream? |
Oh, sorry. That's right! |
jenting
approved these changes
Jul 4, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
sync upstream