diff --git a/.cirrus.yml b/.cirrus.yml index cb16fa89c67..c4e0e6f1fec 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,7 +6,7 @@ env: #### Global variables used for all tasks #### # Name of the ultimate destination branch for this CI run, PR or post-merge. - DEST_BRANCH: "master" + DEST_BRANCH: "release-1.15" GOPATH: "/var/tmp/go" GOSRC: "${GOPATH}/src/github.com/containers/buildah" # Overrides default location (/tmp/cirrus) for repo clone diff --git a/CHANGELOG.md b/CHANGELOG.md index a0a9656235c..cedb12798f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,9 +12,7 @@ vendor golang.org/x/text@v0.3.3 Cirrus: Fix missing htpasswd in registry img Switch scripts to use containers.conf - Merge pull request #2471 from vrothberg/1.15-update-x/text Make imagebuildah.BuildOptions.Architecture/OS optional - Merge pull request #2483 from nalind/release-1.15-arch ## v1.15.0 (2020-06-17) Bump github.com/containers/common from 0.12.0 to 0.13.1 diff --git a/changelog.txt b/changelog.txt index aedbffa40b5..6a688fb5ea3 100644 --- a/changelog.txt +++ b/changelog.txt @@ -8,9 +8,7 @@ * vendor golang.org/x/text@v0.3.3 * Cirrus: Fix missing htpasswd in registry img * Switch scripts to use containers.conf - * Merge pull request #2471 from vrothberg/1.15-update-x/text * Make imagebuildah.BuildOptions.Architecture/OS optional - * Merge pull request #2483 from nalind/release-1.15-arch - Changelog for v1.15.0 (2020-06-17) * Bump github.com/containers/common from 0.12.0 to 0.13.1 diff --git a/chroot/run.go b/chroot/run.go index f00cf596013..8616c4cac80 100644 --- a/chroot/run.go +++ b/chroot/run.go @@ -1106,10 +1106,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } logrus.Debugf("bind mounted %q to %q", "/sys", filepath.Join(spec.Root.Path, "/sys")) - // Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes - // attempting to interact with labeling, when they aren't allowed to do so. - spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") - // Bind mount in everything we've been asked to mount. for _, m := range spec.Mounts { // Skip anything that we just mounted. diff --git a/contrib/rpm/buildah.spec b/contrib/rpm/buildah.spec index f33f5ab5090..ad63cd9d8b0 100644 --- a/contrib/rpm/buildah.spec +++ b/contrib/rpm/buildah.spec @@ -109,9 +109,7 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install.completions - vendor golang.org/x/text@v0.3.3 - Cirrus: Fix missing htpasswd in registry img - Switch scripts to use containers.conf -- Merge pull request #2471 from vrothberg/1.15-update-x/text - Make imagebuildah.BuildOptions.Architecture/OS optional -- Merge pull request #2483 from nalind/release-1.15-arch * Wed Jun 17, 2020 Tom Sweeney 1.15.0-1 - Bump github.com/containers/common from 0.12.0 to 0.13.1 diff --git a/run_linux.go b/run_linux.go index fd2597d6229..412d1f38578 100644 --- a/run_linux.go +++ b/run_linux.go @@ -1779,6 +1779,7 @@ func setupMaskedPaths(g *generate.Generator) { "/proc/sched_debug", "/proc/scsi", "/sys/firmware", + "/sys/fs/selinux", } { g.AddLinuxMaskedPaths(mp) } @@ -2023,13 +2024,10 @@ func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string Options: []string{bind.NoBindOption, "rbind", "private", "nodev", "noexec", "nosuid", "ro"}, }, } - // Cover up /sys/fs/cgroup and /sys/fs/selinux, if they exist in our source for /sys. + // Cover up /sys/fs/cgroup, if it exist in our source for /sys. if _, err := os.Stat("/sys/fs/cgroup"); err == nil { spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/cgroup") } - if _, err := os.Stat("/sys/fs/selinux"); err == nil { - spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") - } // Keep anything that isn't under /dev, /proc, or /sys. for i := range spec.Mounts { if spec.Mounts[i].Destination == "/dev" || strings.HasPrefix(spec.Mounts[i].Destination, "/dev/") || diff --git a/tests/validate/git-validation.sh b/tests/validate/git-validation.sh index 1ecd9b6d077..823d80c3b6e 100755 --- a/tests/validate/git-validation.sh +++ b/tests/validate/git-validation.sh @@ -13,7 +13,8 @@ fi if [[ "$TRAVIS" != 'true' ]]; then #GITVALIDATE_EPOCH=":/git-validation epoch" - GITVALIDATE_EPOCH="c5546750573cdef524be7159fe837f23274e9718" + # Set to the branch's origin point + GITVALIDATE_EPOCH="3b1d6ebe12445dfe84cb5932634440a20b10fc03" fi OUTPUT_OPTIONS="-q"