Update go-landlock and use NewConfig instead

Signed-off-by: Kailun Qin <[email protected]>
opencontainers · Sep 9, 2021 · 075542f · 075542f
1 parent 22802a8
commit 075542f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
  github.com/cyphar/filepath-securejoin v0.2.3
  github.com/docker/go-units v0.4.0
  github.com/godbus/dbus/v5 v5.0.4
- github.com/landlock-lsm/go-landlock v0.0.0-20210828133255-ec6c6b87a946
+ github.com/landlock-lsm/go-landlock v0.0.0-20210908180355-c56710719da4
  github.com/moby/sys/mountinfo v0.4.1
  github.com/mrunalp/fileutils v0.5.0
  github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417

diff --git a/go.sum b/go.sum
@@ -40,8 +40,8 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/landlock-lsm/go-landlock v0.0.0-20210828133255-ec6c6b87a946 h1:RRTOwBnwZR4a3IMyPq1uchxJcrLKWF4NTCHB2fbvo5Y=
-github.com/landlock-lsm/go-landlock v0.0.0-20210828133255-ec6c6b87a946/go.mod h1:wjznJ04q4Tvsbx3vkzfmgfEOe6w5dSGlXFa+xbSl9X8=
+github.com/landlock-lsm/go-landlock v0.0.0-20210908180355-c56710719da4 h1:5FNPB9FxONNZ10VtNC2n15+0O4O6wfCqCBmkxm2O5x0=
+github.com/landlock-lsm/go-landlock v0.0.0-20210908180355-c56710719da4/go.mod h1:wjznJ04q4Tvsbx3vkzfmgfEOe6w5dSGlXFa+xbSl9X8=
 github.com/moby/sys/mountinfo v0.4.1 h1:1O+1cHA1aujwEwwVMa2Xm2l+gIpUHyd3+D+d7LZh1kM=
 github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
 github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4=

diff --git a/libcontainer/landlock/landlock.go b/libcontainer/landlock/landlock.go
@@ -21,14 +21,14 @@ func InitLandlock(config *configs.Landlock) error {
  return errors.New("cannot initialize Landlock - nil config passed")
  }
 
- var llConfig landlock.Config
-
  ruleset := config.Ruleset.HandledAccessFS
- // Panic on error when constructing the Landlock configuration using invalid config values.
- if config.DisableBestEffort {
- llConfig = landlock.MustConfig(ruleset)
- } else {
- llConfig = landlock.MustConfig(ruleset).BestEffort()
+ llConfig, err := landlock.NewConfig(ruleset)
+ if err != nil {
+ return fmt.Errorf("could not create ruleset: %w", err)
+ }
+
+ if !config.DisableBestEffort {
+ *llConfig = llConfig.BestEffort()
  }
 
  if err := llConfig.RestrictPaths(