update docker dependency to fix cross-compilation issues

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/containerd/ttrpc v1.0.2 // indirect
 	github.com/containerd/typeurl v1.0.1 // indirect
 	github.com/docker/cli v20.10.0-beta1.0.20201103165149-c20be83d6b34+incompatible
-	github.com/docker/docker v17.12.0-ce-rc1.0.20200528204242-89382f2f2074+incompatible
+	github.com/docker/docker v20.10.0+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/go-test/deep v1.0.4

go.sum

@@ -125,8 +125,8 @@ github.com/docker/distribution v0.0.0-20171011171712-7484e51bf6af h1:ujR+JcSHkOZ
 github.com/docker/distribution v0.0.0-20171011171712-7484e51bf6af/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c h1:6L6qod4JzOm9KEqmfSyO6ZhsnN9dlcISRt+xdoyZeGE=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/docker v17.12.0-ce-rc1.0.20200528204242-89382f2f2074+incompatible h1:oQeenT4rlzuBqBKczNk1n1aHdBxYVmv/uWZySvk3Boo=
+github.com/docker/docker v20.10.0+incompatible h1:4g8Xjho+7quMwzsTrhtrWpdQU9UTc2rX57A3iALaBmE=
-github.com/docker/docker v17.12.0-ce-rc1.0.20200528204242-89382f2f2074+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@@ -754,7 +754,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=

vendor/github.com/docker/docker/AUTHORS

@@ -45,6 +45,7 @@ AJ Bowen <aj@soulshake.net>
 Ajey Charantimath <ajey.charantimath@gmail.com>
 ajneu <ajneu@users.noreply.github.com>
 Akash Gupta <akagup@microsoft.com>
+Akhil Mohan <akhil.mohan@mayadata.io>
 Akihiro Matsushima <amatsusbit@gmail.com>
 Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
@@ -52,10 +53,12 @@ Akira Koyasu <mail@akirakoyasu.net>
 Akshay Karle <akshay.a.karle@gmail.com>
 Al Tobey <al@ooyala.com>
 alambike <alambike@gmail.com>
+Alan Hoyle <alan@alanhoyle.com>
 Alan Scherger <flyinprogrammer@gmail.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
 Albert Zhang <zhgwenming@gmail.com>
+Albin Kerouanton <albin@akerouanton.name>
 Alejandro González Hevia <alejandrgh11@gmail.com>
 Aleksa Sarai <asarai@suse.de>
 Aleksandrs Fadins <aleks@s-ko.net>
@@ -109,6 +112,7 @@ Amy Lindburg <amy.lindburg@docker.com>
 Anand Patil <anand.prabhakar.patil@gmail.com>
 AnandkumarPatel <anandkumarpatel@gmail.com>
 Anatoly Borodin <anatoly.borodin@gmail.com>
+Anca Iordache <anca.iordache@docker.com>
 Anchal Agrawal <aagrawa4@illinois.edu>
 Anda Xu <anda.xu@docker.com>
 Anders Janmyr <anders@janmyr.com>
@@ -215,10 +219,12 @@ Benjamin Atkin <ben@benatkin.com>
 Benjamin Baker <Benjamin.baker@utexas.edu>
 Benjamin Boudreau <boudreau.benjamin@gmail.com>
 Benjamin Yolken <yolken@stripe.com>
+Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
 Bernerd Schaefer <bj.schaefer@gmail.com>
 Bernhard M. Wiedemann <bwiedemann@suse.de>
 Bert Goethals <bert@bertg.be>
+Bertrand Roussel <broussel@sierrawireless.com>
 Bevisy Zhang <binbin36520@gmail.com>
 Bharath Thiruveedula <bharath_ves@hotmail.com>
 Bhiraj Butala <abhiraj.butala@gmail.com>
@@ -231,6 +237,7 @@ Bingshen Wang <bingshen.wbs@alibaba-inc.com>
 Blake Geno <blakegeno@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 bobby abbott <ttobbaybbob@gmail.com>
+Boqin Qin <bobbqqin@gmail.com>
 Boris Pruessmann <boris@pruessmann.org>
 Boshi Lian <farmer1992@gmail.com>
 Bouke Haarsma <bouke@webatoom.nl>
@@ -334,7 +341,7 @@ Chris Gibson <chris@chrisg.io>
 Chris Khoo <chris.khoo@gmail.com>
 Chris McKinnel <chris.mckinnel@tangentlabs.co.uk>
 Chris McKinnel <chrismckinnel@gmail.com>
-Chris Price <chris.price@docker.com>
+Chris Price <cprice@mirantis.com>
 Chris Seto <chriskseto@gmail.com>
 Chris Snow <chsnow123@gmail.com>
 Chris St. Pierre <chris.a.st.pierre@gmail.com>
@@ -361,7 +368,7 @@ Christopher Currie <codemonkey+github@gmail.com>
 Christopher Jones <tophj@linux.vnet.ibm.com>
 Christopher Latham <sudosurootdev@gmail.com>
 Christopher Rigor <crigor@gmail.com>
-Christy Perez <christy@linux.vnet.ibm.com>
+Christy Norman <christy@linux.vnet.ibm.com>
 Chun Chen <ramichen@tencent.com>
 Ciro S. Costa <ciro.costa@usp.br>
 Clayton Coleman <ccoleman@redhat.com>
@@ -381,8 +388,10 @@ Corey Farrell <git@cfware.com>
 Cory Forsyth <cory.forsyth@gmail.com>
 cressie176 <github@stephen-cresswell.net>
 CrimsonGlory <CrimsonGlory@users.noreply.github.com>
+Cristian Ariza <dev@cristianrz.com>
 Cristian Staretu <cristian.staretu@gmail.com>
 cristiano balducci <cristiano.balducci@gmail.com>
+Cristina Yenyxe Gonzalez Garcia <cristina.yenyxe@gmail.com>
 Cruceru Calin-Cristian <crucerucalincristian@gmail.com>
 CUI Wei <ghostplant@qq.com>
 Cyprian Gracz <cyprian.gracz@micro-jumbo.eu>
@@ -409,12 +418,14 @@ Dan Williams <me@deedubs.com>
 Dani Hodovic <dani.hodovic@gmail.com>
 Dani Louca <dani.louca@docker.com>
 Daniel Antlinger <d.antlinger@gmx.at>
+Daniel Black <daniel@linux.ibm.com>
 Daniel Dao <dqminh@cloudflare.com>
 Daniel Exner <dex@dragonslave.de>
 Daniel Farrell <dfarrell@redhat.com>
 Daniel Garcia <daniel@danielgarcia.info>
 Daniel Gasienica <daniel@gasienica.ch>
 Daniel Grunwell <mwgrunny@gmail.com>
+Daniel Helfand <helfand.4@gmail.com>
 Daniel Hiltgen <daniel.hiltgen@docker.com>
 Daniel J Walsh <dwalsh@redhat.com>
 Daniel Menet <membership@sontags.ch>
@@ -496,6 +507,7 @@ Derek McGowan <derek@mcgstyle.net>
 Deric Crago <deric.crago@gmail.com>
 Deshi Xiao <dxiao@redhat.com>
 devmeyster <arthurfbi@yahoo.com>
+Devon Estes <devon.estes@klarna.com>
 Devvyn Murphy <devvyn@devvyn.com>
 Dharmit Shah <shahdharmit@gmail.com>
 Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
@@ -545,7 +557,7 @@ Douglas Curtis <dougcurtis1@gmail.com>
 Dr Nic Williams <drnicwilliams@gmail.com>
 dragon788 <dragon788@users.noreply.github.com>
 Dražen Lučanin <kermit666@gmail.com>
-Drew Erny <drew.erny@docker.com>
+Drew Erny <derny@mirantis.com>
 Drew Hubl <drew.hubl@gmail.com>
 Dustin Sallings <dustin@spy.net>
 Ed Costello <epc@epcostello.com>
@@ -607,6 +619,7 @@ Evan Phoenix <evan@fallingsnow.net>
 Evan Wies <evan@neomantra.net>
 Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
+Evgeniy Makhrov <e.makhrov@corp.badoo.com>
 Evgeny Shmarnev <shmarnev@gmail.com>
 Evgeny Vereshchagin <evvers@ya.ru>
 Ewa Czechowska <ewa@ai-traders.com>
@@ -653,6 +666,7 @@ Florian <FWirtz@users.noreply.github.com>
 Florian Klein <florian.klein@free.fr>
 Florian Maier <marsmensch@users.noreply.github.com>
 Florian Noeding <noeding@adobe.com>
+Florian Schmaus <flo@geekplace.eu>
 Florian Weingarten <flo@hackvalue.de>
 Florin Asavoaie <florin.asavoaie@gmail.com>
 Florin Patan <florinpatan@gmail.com>
@@ -689,7 +703,7 @@ Gareth Rushgrove <gareth@morethanseven.net>
 Garrett Barboza <garrett@garrettbarboza.com>
 Gary Schaetz <gary@schaetzkc.com>
 Gaurav <gaurav.gosec@gmail.com>
-gautam, prasanna <prasannagautam@gmail.com>
+Gaurav Singh <gaurav1086@gmail.com>
 Gaël PORTAY <gael.portay@savoirfairelinux.com>
 Genki Takiuchi <genki@s21g.com>
 GennadySpb <lipenkov@gmail.com>
@@ -720,7 +734,7 @@ Gopikannan Venugopalsamy <gopikannan.venugopalsamy@gmail.com>
 Gosuke Miyashita <gosukenator@gmail.com>
 Gou Rao <gou@portworx.com>
 Govinda Fichtner <govinda.fichtner@googlemail.com>
-Grant Millar <grant@cylo.io>
+Grant Millar <rid@cylo.io>
 Grant Reaber <grant.reaber@gmail.com>
 Graydon Hoare <graydon@pobox.com>
 Greg Fausak <greg@tacodata.com>
@@ -743,6 +757,7 @@ Haichao Yang <yang.haichao@zte.com.cn>
 haikuoliu <haikuo@amazon.com>
 Hakan Özler <hakan.ozler@kodcu.com>
 Hamish Hutchings <moredhel@aoeu.me>
+Hannes Ljungberg <hannes@5monkeys.se>
 Hans Kristian Flaatten <hans@starefossen.com>
 Hans Rødtang <hansrodtang@gmail.com>
 Hao Shu Wei <haosw@cn.ibm.com>
@@ -769,6 +784,8 @@ Hollie Teal <hollie@docker.com>
 Hong Xu <hong@topbug.net>
 Hongbin Lu <hongbin034@gmail.com>
 Hongxu Jia <hongxu.jia@windriver.com>
+Honza Pokorny <me@honza.ca>
+Hsing-Hui Hsu <hsinghui@amazon.com>
 hsinko <21551195@zju.edu.cn>
 Hu Keping <hukeping@huawei.com>
 Hu Tao <hutao@cn.fujitsu.com>
@@ -809,6 +826,7 @@ Ingo Gottwald <in.gottwald@gmail.com>
 Innovimax <innovimax@gmail.com>
 Isaac Dupree <antispam@idupree.com>
 Isabel Jimenez <contact.isabeljimenez@gmail.com>
+Isaiah Grace <irgkenya4@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
 Iskander Sharipov <quasilyte@gmail.com>
 Ivan Babrou <ibobrik@gmail.com>
@@ -824,6 +842,7 @@ Jacob Edelman <edelman.jd@gmail.com>
 Jacob Tomlinson <jacob@tom.linson.uk>
 Jacob Vallejo <jakeev@amazon.com>
 Jacob Wen <jian.w.wen@oracle.com>
+Jaime Cepeda <jcepedavillamayor@gmail.com>
 Jaivish Kothari <janonymous.codevulture@gmail.com>
 Jake Champlin <jake.champlin.27@gmail.com>
 Jake Moshenko <jake@devtable.com>
@@ -838,12 +857,13 @@ James Kyburz <james.kyburz@gmail.com>
 James Kyle <james@jameskyle.org>
 James Lal <james@lightsofapollo.com>
 James Mills <prologic@shortcircuit.net.au>
-James Nesbitt <james.nesbitt@wunderkraut.com>
+James Nesbitt <jnesbitt@mirantis.com>
 James Nugent <james@jen20.com>
 James Turnbull <james@lovedthanlost.net>
 James Watkins-Harvey <jwatkins@progi-media.com>
 Jamie Hannaford <jamie@limetree.org>
 Jamshid Afshar <jafshar@yahoo.com>
+Jan Chren <dev.rindeal@gmail.com>
 Jan Keromnes <janx@linux.com>
 Jan Koprowski <jan.koprowski@gmail.com>
 Jan Pazdziora <jpazdziora@redhat.com>
@@ -858,6 +878,7 @@ Jared Hocutt <jaredh@netapp.com>
 Jaroslaw Zabiello <hipertracker@gmail.com>
 jaseg <jaseg@jaseg.net>
 Jasmine Hegman <jasmine@jhegman.com>
+Jason A. Donenfeld <Jason@zx2c4.com>
 Jason Divock <jdivock@gmail.com>
 Jason Giedymin <jasong@apache.org>
 Jason Green <Jason.Green@AverInformatics.Com>
@@ -905,7 +926,7 @@ Jeroen Franse <jeroenfranse@gmail.com>
 Jeroen Jacobs <github@jeroenj.be>
 Jesse Dearing <jesse.dearing@gmail.com>
 Jesse Dubay <jesse@thefortytwo.net>
-Jessica Frazelle <acidburn@microsoft.com>
+Jessica Frazelle <jess@oxide.computer>
 Jezeniel Zapanta <jpzapanta22@gmail.com>
 Jhon Honce <jhonce@redhat.com>
 Ji.Zhilong <zhilongji@gmail.com>
@@ -913,6 +934,7 @@ Jian Liao <jliao@alauda.io>
 Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
 Jiang Jinyang <jjyruby@gmail.com>
 Jie Luo <luo612@zju.edu.cn>
+Jie Ma <jienius@outlook.com>
 Jihyun Hwang <jhhwang@telcoware.com>
 Jilles Oldenbeuving <ojilles@gmail.com>
 Jim Alateras <jima@comware.com.au>
@@ -969,6 +991,7 @@ Jon Johnson <jonjohnson@google.com>
 Jon Surrell <jon.surrell@gmail.com>
 Jon Wedaman <jweede@gmail.com>
 Jonas Dohse <jonas@dohse.ch>
+Jonas Heinrich <Jonas@JonasHeinrich.com>
 Jonas Pfenniger <jonas@pfenniger.name>
 Jonathan A. Schweder <jonathanschweder@gmail.com>
 Jonathan A. Sternberg <jonathansternberg@gmail.com>
@@ -1018,6 +1041,8 @@ Julien Dubois <julien.dubois@gmail.com>
 Julien Kassar <github@kassisol.com>
 Julien Maitrehenry <julien.maitrehenry@me.com>
 Julien Pervillé <julien.perville@perfect-memory.com>
+Julien Pivotto <roidelapluie@inuits.eu>
+Julio Guerra <julio@sqreen.com>
 Julio Montes <imc.coder@gmail.com>
 Jun-Ru Chang <jrjang@gmail.com>
 Jussi Nummelin <jussi.nummelin@gmail.com>
@@ -1191,7 +1216,6 @@ Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
 Luke Marsden <me@lukemarsden.net>
 Lyn <energylyn@zju.edu.cn>
 Lynda O'Leary <lyndaoleary29@gmail.com>
-lzhfromutsc <lzhfromustc@gmail.com>
 Lénaïc Huard <lhuard@amadeus.com>
 Ma Müller <mueller-ma@users.noreply.github.com>
 Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
@@ -1285,6 +1309,7 @@ Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
 Mattias Jernberg <nostrad@gmail.com>
 Mauricio Garavaglia <mauricio@medallia.com>
 mauriyouth <mauriyouth@gmail.com>
+Max Harmathy <max.harmathy@web.de>
 Max Shytikov <mshytikov@gmail.com>
 Maxim Fedchyshyn <sevmax@gmail.com>
 Maxim Ivanov <ivanov.maxim@gmail.com>
@@ -1342,6 +1367,7 @@ Miguel Morales <mimoralea@gmail.com>
 Mihai Borobocea <MihaiBorob@gmail.com>
 Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
 Mike Brown <brownwm@us.ibm.com>
+Mike Bush <mpbush@gmail.com>
 Mike Casas <mkcsas0@gmail.com>
 Mike Chelen <michael.chelen@gmail.com>
 Mike Danese <mikedanese@google.com>
@@ -1434,6 +1460,7 @@ Nik Nyby <nikolas@gnu.org>
 Nikhil Chawla <chawlanikhil24@gmail.com>
 NikolaMandic <mn080202@gmail.com>
 Nikolas Garofil <nikolas.garofil@uantwerpen.be>
+Nikolay Edigaryev <edigaryev@gmail.com>
 Nikolay Milovanov <nmil@itransformers.net>
 Nirmal Mehta <nirmalkmehta@gmail.com>
 Nishant Totla <nishanttotla@gmail.com>
@@ -1637,6 +1664,7 @@ Roland Kammerer <roland.kammerer@linbit.com>
 Roland Moriz <rmoriz@users.noreply.github.com>
 Roma Sokolov <sokolov.r.v@gmail.com>
 Roman Dudin <katrmr@gmail.com>
+Roman Mazur <roman@balena.io>
 Roman Strashkin <roman.strashkin@gmail.com>
 Ron Smits <ron.smits@gmail.com>
 Ron Williams <ron.a.williams@gmail.com>
@@ -1793,6 +1821,7 @@ Srini Brahmaroutu <srbrahma@us.ibm.com>
 Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com>
 Staf Wagemakers <staf@wagemakers.be>
 Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
+Stanislav Levin <slev@altlinux.org>
 Steeve Morin <steeve.morin@gmail.com>
 Stefan Berger <stefanb@linux.vnet.ibm.com>
 Stefan J. Wernli <swernli@microsoft.com>
@@ -1804,7 +1833,7 @@ Stefan Weil <sw@weilnetz.de>
 Stephan Spindler <shutefan@gmail.com>
 Stephen Benjamin <stephen@redhat.com>
 Stephen Crosby <stevecrozz@gmail.com>
-Stephen Day <stephen.day@docker.com>
+Stephen Day <stevvooe@gmail.com>
 Stephen Drake <stephen@xenolith.net>
 Stephen Rust <srust@blockbridge.com>
 Steve Desmond <steve@vtsv.ca>
@@ -1875,6 +1904,7 @@ Tianyi Wang <capkurmagati@gmail.com>
 Tibor Vass <teabee89@gmail.com>
 Tiffany Jernigan <tiffany.f.j@gmail.com>
 Tiffany Low <tiffany@box.com>
+Till Wegmüller <toasterson@gmail.com>
 Tim <elatllat@gmail.com>
 Tim Bart <tim@fewagainstmany.com>
 Tim Bosse <taim@bosboot.org>
@@ -1927,7 +1957,7 @@ Tony Miller <mcfiredrill@gmail.com>
 toogley <toogley@mailbox.org>
 Torstein Husebø <torstein@huseboe.net>
 Tõnis Tiigi <tonistiigi@gmail.com>
-tpng <benny.tpng@gmail.com>
+Trace Andreason <tandreason@gmail.com>
 tracylihui <793912329@qq.com>
 Trapier Marshall <trapier.marshall@docker.com>
 Travis Cline <travis.cline@gmail.com>
@@ -1950,6 +1980,7 @@ Utz Bacher <utz.bacher@de.ibm.com>
 vagrant <vagrant@ubuntu-14.04-amd64-vbox>
 Vaidas Jablonskis <jablonskis@gmail.com>
 vanderliang <lansheng@meili-inc.com>
+Velko Ivanov <vivanov@deeperplane.com>
 Veres Lajos <vlajos@gmail.com>
 Victor Algaze <valgaze@gmail.com>
 Victor Coisne <victor.coisne@dotcloud.com>
@@ -1961,12 +1992,13 @@ Victor Palma <palma.victor@gmail.com>
 Victor Vieux <victor.vieux@docker.com>
 Victoria Bialas <victoria.bialas@docker.com>
 Vijaya Kumar K <vijayak@caviumnetworks.com>
-Vikram bir Singh <vikrambir.singh@docker.com>
+Vikram bir Singh <vsingh@mirantis.com>
 Viktor Stanchev <me@viktorstanchev.com>
 Viktor Vojnovski <viktor.vojnovski@amadeus.com>
 VinayRaghavanKS <raghavan.vinay@gmail.com>
 Vincent Batts <vbatts@redhat.com>
 Vincent Bernat <Vincent.Bernat@exoscale.ch>
+Vincent Boulineau <vincent.boulineau@datadoghq.com>
 Vincent Demeester <vincent.demeester@docker.com>
 Vincent Giersch <vincent.giersch@ovh.net>
 Vincent Mayers <vincent.mayers@inbloom.org>
@@ -1997,6 +2029,8 @@ Wang Long <long.wanglong@huawei.com>
 Wang Ping <present.wp@icloud.com>
 Wang Xing <hzwangxing@corp.netease.com>
 Wang Yuexiao <wang.yuexiao@zte.com.cn>
+Wang Yumu <37442693@qq.com>
+wanghuaiqing <wanghuaiqing@loongson.cn>
 Ward Vandewege <ward@jhvc.com>
 WarheadsSE <max@warheads.net>
 Wassim Dhif <wassimdhif@gmail.com>
@@ -2013,6 +2047,7 @@ Wen Cheng Ma <wenchma@cn.ibm.com>
 Wendel Fleming <wfleming@usc.edu>
 Wenjun Tang <tangwj2@lenovo.com>
 Wenkai Yin <yinw@vmware.com>
+wenlxie <wenlxie@ebay.com>
 Wentao Zhang <zhangwentao234@huawei.com>
 Wenxuan Zhao <viz@linux.com>
 Wenyu You <21551128@zju.edu.cn>
@@ -2030,6 +2065,8 @@ William Hubbs <w.d.hubbs@gmail.com>
 William Martin <wmartin@pivotal.io>
 William Riancho <wr.wllm@gmail.com>
 William Thurston <thurstw@amazon.com>
+Wilson Júnior <wilsonpjunior@gmail.com>
+Wing-Kam Wong <wingkwong.code@gmail.com>
 WiseTrem <shepelyov.g@gmail.com>
 Wolfgang Powisch <powo@powo.priv.at>
 Wonjun Kim <wonjun.kim@navercorp.com>
@@ -2039,6 +2076,7 @@ Xianglin Gao <xlgao@zju.edu.cn>
 Xianlu Bird <xianlubird@gmail.com>
 Xiao YongBiao <xyb4638@gmail.com>
 XiaoBing Jiang <s7v7nislands@gmail.com>
+Xiaodong Liu <liuxiaodong@loongson.cn>
 Xiaodong Zhang <a4012017@sina.com>
 Xiaoxi He <xxhe@alauda.io>
 Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
@@ -2109,6 +2147,7 @@ Zhenan Ye <21551168@zju.edu.cn>
 zhenghenghuo <zhenghenghuo@zju.edu.cn>
 Zhenhai Gao <gaozh1988@live.com>
 Zhenkun Bi <bi.zhenkun@zte.com.cn>
+zhipengzuo <zuozhipeng@baidu.com>
 Zhou Hao <zhouhao@cn.fujitsu.com>
 Zhoulin Xie <zhoulin.xie@daocloud.io>
 Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
@@ -2129,6 +2168,7 @@ Zunayed Ali <zunayed@gmail.com>
 Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
 Átila Camurça Alves <camurca.home@gmail.com>
 尹吉峰 <jifeng.yin@gmail.com>
+屈骏 <qujun@tiduyun.com>
 徐俊杰 <paco.xu@daocloud.io>
 慕陶 <jihui.xjh@alibaba-inc.com>
 搏通 <yufeng.pyf@alibaba-inc.com>

vendor/github.com/docker/docker/api/swagger.yaml

@@ -528,7 +528,13 @@ definitions:
         items:
           $ref: "#/definitions/DeviceRequest"
       KernelMemory:
-        description: "Kernel memory limit in bytes."
+        description: |
+          Kernel memory limit in bytes.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
         type: "integer"
         format: "int64"
         example: 209715200
@@ -625,6 +631,27 @@ definitions:
         type: "integer"
         format: "int64"
 
+  Limit:
+    description: |
+      An object describing a limit on resources which can be requested by a task.
+    type: "object"
+    properties:
+      NanoCPUs:
+        type: "integer"
+        format: "int64"
+        example: 4000000000
+      MemoryBytes:
+        type: "integer"
+        format: "int64"
+        example: 8272408576
+      Pids:
+        description: |
+          Limits the maximum number of PIDs in the container. Set `0` for unlimited.
+        type: "integer"
+        format: "int64"
+        default: 0
+        example: 100
+
   ResourceObject:
     description: |
       An object describing the resources which can be advertised by a node and
@@ -885,15 +912,6 @@ definitions:
               $ref: "#/definitions/Mount"
 
           # Applicable to UNIX platforms
-          Capabilities:
-            type: "array"
-            description: |
-              A list of kernel capabilities to be available for container (this
-              overrides the default set).
-
-              Conflicts with options 'CapAdd' and 'CapDrop'"
-            items:
-              type: "string"
           CapAdd:
             type: "array"
             description: |
@@ -1215,6 +1233,42 @@ definitions:
         items:
           type: "string"
 
+  NetworkingConfig:
+    description: |
+      NetworkingConfig represents the container's networking configuration for
+      each of its interfaces.
+      It is used for the networking configs specified in the `docker create`
+      and `docker network connect` commands.
+    type: "object"
+    properties:
+      EndpointsConfig:
+        description: |
+          A mapping of network name to endpoint configuration for that network.
+        type: "object"
+        additionalProperties:
+          $ref: "#/definitions/EndpointSettings"
+    example:
+      # putting an example here, instead of using the example values from
+      # /definitions/EndpointSettings, because containers/create currently
+      # does not support attaching to multiple networks, so the example request
+      # would be confusing if it showed that multiple networks can be contained
+      # in the EndpointsConfig.
+      # TODO remove once we support multiple networks on container create (see https://github.com/moby/moby/blob/07e6b843594e061f82baa5fa23c2ff7d536c2a05/daemon/create.go#L323)
+      EndpointsConfig:
+        isolated_nw:
+          IPAMConfig:
+            IPv4Address: "172.20.30.33"
+            IPv6Address: "2001:db8:abcd::3033"
+            LinkLocalIPs:
+              - "169.254.34.68"
+              - "fe80::3468"
+          Links:
+            - "container_1"
+            - "container_2"
+          Aliases:
+            - "server_x"
+            - "server_y"
+
   NetworkSettings:
     description: "NetworkSettings exposes the network settings in the API"
     type: "object"
@@ -1851,12 +1905,24 @@ definitions:
       Shared:
         type: "boolean"
       Size:
+        description: |
+          Amount of disk space used by the build cache (in bytes).
         type: "integer"
       CreatedAt:
-        type: "integer"
+        description: |
+          Date and time at which the build cache was created in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
+        example: "2016-08-18T10:44:24.496525531Z"
       LastUsedAt:
-        type: "integer"
+        description: |
+          Date and time at which the build cache was last used in
+          [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+        type: "string"
+        format: "dateTime"
         x-nullable: true
+        example: "2017-08-09T07:09:37.632105588Z"
       UsageCount:
         type: "integer"
 
@@ -3206,13 +3272,6 @@ definitions:
               configured on the daemon) is used.
             type: "boolean"
             x-nullable: true
-          PidsLimit:
-            description: |
-              Tune a container's PIDs limit. Set `0` for unlimited.
-            type: "integer"
-            format: "int64"
-            default: 0
-            example: 100
           Sysctls:
             description: |
               Set kernel namedspaced parameters (sysctls) in the container.
@@ -3226,11 +3285,11 @@ definitions:
             additionalProperties:
               type: "string"
           # This option is not used by Windows containers
-          Capabilities:
+          CapabilityAdd:
             type: "array"
             description: |
-              A list of kernel capabilities to be available for container (this
+              A list of kernel capabilities to add to the default set
-              overrides the default set).
+              for the container.
             items:
               type: "string"
             example:
@@ -3238,6 +3297,31 @@ definitions:
               - "CAP_SYS_ADMIN"
               - "CAP_SYS_CHROOT"
               - "CAP_SYSLOG"
+          CapabilityDrop:
+            type: "array"
+            description: |
+              A list of kernel capabilities to drop from the default set
+              for the container.
+            items:
+              type: "string"
+            example:
+              - "CAP_NET_RAW"
+          Ulimits:
+            description: |
+              A list of resource limits to set in the container. For example: `{"Name": "nofile", "Soft": 1024, "Hard": 2048}`"
+            type: "array"
+            items:
+              type: "object"
+              properties:
+                Name:
+                  description: "Name of ulimit"
+                  type: "string"
+                Soft:
+                  description: "Soft limit"
+                  type: "integer"
+                Hard:
+                  description: "Hard limit"
+                  type: "integer"
       NetworkAttachmentSpec:
         description: |
           Read-only spec type for non-swarm containers attached to swarm overlay
@@ -3262,7 +3346,7 @@ definitions:
         properties:
           Limits:
             description: "Define resources limits."
-            $ref: "#/definitions/ResourceObject"
+            $ref: "#/definitions/Limit"
           Reservation:
             description: "Define resources reservation."
             $ref: "#/definitions/ResourceObject"
@@ -4186,6 +4270,103 @@ definitions:
         x-nullable: true
         $ref: "#/definitions/Health"
 
+  SystemVersion:
+    type: "object"
+    description: |
+      Response of Engine API: GET "/version"
+    properties:
+      Platform:
+        type: "object"
+        required: [Name]
+        properties:
+          Name:
+            type: "string"
+      Components:
+        type: "array"
+        description: |
+          Information about system components
+        items:
+          type: "object"
+          x-go-name: ComponentVersion
+          required: [Name, Version]
+          properties:
+            Name:
+              description: |
+                Name of the component
+              type: "string"
+              example: "Engine"
+            Version:
+              description: |
+                Version of the component
+              type: "string"
+              x-nullable: false
+              example: "19.03.12"
+            Details:
+              description: |
+                Key/value pairs of strings with additional information about the
+                component. These values are intended for informational purposes
+                only, and their content is not defined, and not part of the API
+                specification.
+
+                These messages can be printed by the client as information to the user.
+              type: "object"
+              x-nullable: true
+      Version:
+        description: "The version of the daemon"
+        type: "string"
+        example: "19.03.12"
+      ApiVersion:
+        description: |
+          The default (and highest) API version that is supported by the daemon
+        type: "string"
+        example: "1.40"
+      MinAPIVersion:
+        description: |
+          The minimum API version that is supported by the daemon
+        type: "string"
+        example: "1.12"
+      GitCommit:
+        description: |
+          The Git commit of the source code that was used to build the daemon
+        type: "string"
+        example: "48a66213fe"
+      GoVersion:
+        description: |
+          The version Go used to compile the daemon, and the version of the Go
+          runtime in use.
+        type: "string"
+        example: "go1.13.14"
+      Os:
+        description: |
+          The operating system that the daemon is running on ("linux" or "windows")
+        type: "string"
+        example: "linux"
+      Arch:
+        description: |
+          The architecture that the daemon is running on
+        type: "string"
+        example: "amd64"
+      KernelVersion:
+        description: |
+          The kernel version (`uname -r`) that the daemon is running on.
+
+          This field is omitted when empty.
+        type: "string"
+        example: "4.19.76-linuxkit"
+      Experimental:
+        description: |
+          Indicates if the daemon is started with experimental features enabled.
+
+          This field is omitted when empty / false.
+        type: "boolean"
+        example: true
+      BuildTime:
+        description: |
+          The date and time that the daemon was compiled.
+        type: "string"
+        example: "2020-06-22T15:49:27.000000000+00:00"
+
+
   SystemInfo:
     type: "object"
     properties:
@@ -4271,7 +4452,13 @@ definitions:
         type: "boolean"
         example: true
       KernelMemory:
-        description: "Indicates if the host has kernel memory limit support enabled."
+        description: |
+          Indicates if the host has kernel memory limit support enabled.
+
+          <p><br /></p>
+
+          > **Deprecated**: This field is deprecated as the kernel 5.4 deprecated
+          > `kmem.limit_in_bytes`.
         type: "boolean"
         example: true
       CpuCfsPeriod:
@@ -4419,7 +4606,7 @@ definitions:
         example: 4
       MemTotal:
         description: |
-          Total amount of physical memory available on the host, in kilobytes (kB).
+          Total amount of physical memory available on the host, in bytes.
         type: "integer"
         format: "int64"
         example: 2095882240
@@ -4626,6 +4813,25 @@ definitions:
           such as number of nodes, and expiration are included.
         type: "string"
         example: "Community Engine"
+      DefaultAddressPools:
+        description: |
+          List of custom default address pools for local networks, which can be
+          specified in the daemon.json file or dockerd option.
+
+          Example: a Base "10.10.0.0/16" with Size 24 will define the set of 256
+          10.10.[0-255].0/24 address pools.
+        type: "array"
+        items:
+          type: "object"
+          properties:
+            Base:
+              description: "The network address in CIDR format"
+              type: "string"
+              example: "10.10.0.0/16"
+            Size:
+              description: "The network pool size"
+              type: "integer"
+              example: "24"
       Warnings:
         description: |
           List of warnings / informational messages about missing features, or
@@ -5220,16 +5426,7 @@ paths:
                   HostConfig:
                     $ref: "#/definitions/HostConfig"
                   NetworkingConfig:
-                    description: "This container's networking configuration."
+                    $ref: "#/definitions/NetworkingConfig"
-                    type: "object"
-                    properties:
-                      EndpointsConfig:
-                        description: |
-                          A mapping of network name to endpoint configuration
-                          for that network.
-                        type: "object"
-                        additionalProperties:
-                          $ref: "#/definitions/EndpointSettings"
             example:
               Hostname: ""
               Domainname: ""
@@ -5291,6 +5488,14 @@ paths:
                   - {}
                 BlkioDeviceWriteIOps:
                   - {}
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
                 MemorySwappiness: 60
                 OomKillDisable: false
                 OomScoreAdj: 500
@@ -5541,6 +5746,14 @@ paths:
                 CpuRealtimePeriod: 1000000
                 CpuRealtimeRuntime: 10000
                 Devices: []
+                DeviceRequests:
+                  - Driver: "nvidia"
+                    Count: -1
+                    DeviceIDs": ["0", "1", "GPU-fef8089b-4820-abfc-e83e-94318197576e"]
+                    Capabilities: [["gpu", "nvidia", "compute"]]
+                    Options:
+                      property1: "string"
+                      property2: "string"
                 IpcMode: ""
                 LxcConf: []
                 Memory: 0
@@ -5918,6 +6131,16 @@ paths:
         * `cpu_stats`: `cpu_usage.percpu_usage`
         * `memory_stats`: `max_usage` and `failcnt`
         Also, `memory_stats.stats` fields are incompatible with cgroup v1.
+
+        To calculate the values shown by the `stats` command of the docker cli tool
+        the following formulas can be used:
+        * used_memory = `memory_stats.usage - memory_stats.stats.cache`
+        * available_memory = `memory_stats.limit`
+        * Memory usage % = `(used_memory / available_memory) * 100.0`
+        * cpu_delta = `cpu_stats.cpu_usage.total_usage - precpu_stats.cpu_usage.total_usage`
+        * system_cpu_delta = `cpu_stats.system_cpu_usage - precpu_stats.system_cpu_usage`
+        * number_cpus = `lenght(cpu_stats.cpu_usage.percpu_usage)` or `cpu_stats.online_cpus`
+        * CPU usage % = `(cpu_delta / system_cpu_delta) * number_cpus * 100.0`
       operationId: "ContainerStats"
       produces: ["application/json"]
       responses:
@@ -6700,7 +6923,7 @@ paths:
           type: "string"
         - name: "v"
           in: "query"
-          description: "Remove the volumes associated with the container."
+          description: "Remove anonymous volumes associated with the container."
           type: "boolean"
           default: false
         - name: "force"
@@ -7778,63 +8001,7 @@ paths:
         200:
           description: "no error"
           schema:
-            type: "object"
+            $ref: "#/definitions/SystemVersion"
-            title: "SystemVersionResponse"
-            properties:
-              Platform:
-                type: "object"
-                required: [Name]
-                properties:
-                  Name:
-                    type: "string"
-              Components:
-                type: "array"
-                items:
-                  type: "object"
-                  x-go-name: ComponentVersion
-                  required: [Name, Version]
-                  properties:
-                    Name:
-                      type: "string"
-                    Version:
-                      type: "string"
-                      x-nullable: false
-                    Details:
-                      type: "object"
-                      x-nullable: true
-
-              Version:
-                type: "string"
-              ApiVersion:
-                type: "string"
-              MinAPIVersion:
-                type: "string"
-              GitCommit:
-                type: "string"
-              GoVersion:
-                type: "string"
-              Os:
-                type: "string"
-              Arch:
-                type: "string"
-              KernelVersion:
-                type: "string"
-              Experimental:
-                type: "boolean"
-              BuildTime:
-                type: "string"
-          examples:
-            application/json:
-              Version: "17.04.0"
-              Os: "linux"
-              KernelVersion: "3.19.0-23-generic"
-              GoVersion: "go1.7.5"
-              GitCommit: "deadbee"
-              Arch: "amd64"
-              ApiVersion: "1.27"
-              MinAPIVersion: "1.12"
-              BuildTime: "2016-06-14T07:09:13.444803460+00:00"
-              Experimental: true
         500:
           description: "server error"
           schema:
@@ -7856,7 +8023,7 @@ paths:
             API-Version:
               type: "string"
               description: "Max API Version the server supports"
-            BuildKit-Version:
+            Builder-Version:
               type: "string"
               description: "Default version of docker image builder"
             Docker-Experimental:
@@ -7895,7 +8062,7 @@ paths:
             API-Version:
               type: "string"
               description: "Max API Version the server supports"
-            BuildKit-Version:
+            Builder-Version:
               type: "string"
               description: "Default version of docker image builder"
             Docker-Experimental:
@@ -7980,13 +8147,13 @@ paths:
 
         Various objects within Docker report events when something happens to them.
 
-        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, and `update`
+        Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
 
-        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, and `untag`
+        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
 
-        Volumes report these events: `create`, `mount`, `unmount`, and `destroy`
+        Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
 
-        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, and `remove`
+        Networks report these events: `create`, `connect`, `disconnect`, `destroy`, `update`, `remove`, and `prune`
 
         The Docker daemon reports these events: `reload`
 
@@ -7998,6 +8165,8 @@ paths:
 
         Configs report these events: `create`, `update`, and `remove`
 
+        The Builder reports `prune` events
+
       operationId: "SystemEvents"
       produces:
         - "application/json"

vendor/github.com/docker/docker/api/types/container/host_config.go

@@ -361,7 +361,7 @@ type Resources struct {
 	Devices              []DeviceMapping // List of devices to map inside the container
 	DeviceCgroupRules    []string        // List of rule to be added to the device cgroup
 	DeviceRequests       []DeviceRequest // List of device requests for device drivers
-	KernelMemory         int64           // Kernel memory limit (in bytes)
+	KernelMemory         int64           // Kernel memory limit (in bytes), Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
 	KernelMemoryTCP      int64           // Hard limit for kernel TCP buffer memory (in bytes)
 	MemoryReservation    int64           // Memory soft limit (in bytes)
 	MemorySwap           int64           // Total memory usage (memory + swap); set `-1` to enable unlimited swap
@@ -403,7 +403,6 @@ type HostConfig struct {
 	// Applicable to UNIX platforms
 	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
 	CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
-	Capabilities    []string          `json:"Capabilities"` // List of kernel capabilities to be available for container (this overrides the default set)
 	CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
 	DNS             []string          `json:"Dns"`        // List of DNS server to lookup
 	DNSOptions      []string          `json:"DnsOptions"` // List of DNSOption to look for

vendor/github.com/docker/docker/api/types/events/events.go

@@ -1,6 +1,8 @@
 package events // import "github.com/docker/docker/api/types/events"
 
 const (
+	// BuilderEventType is the event type that the builder generates
+	BuilderEventType = "builder"
 	// ContainerEventType is the event type that containers generate
 	ContainerEventType = "container"
 	// DaemonEventType is the event type that daemon generate

vendor/github.com/docker/docker/api/types/mount/mount.go

@@ -113,7 +113,7 @@ type TmpfsOptions struct {
 	// TODO(stevvooe): There are several more tmpfs flags, specified in the
 	// daemon, that are accepted. Only the most basic are added for now.
 	//
-	// From docker/docker/pkg/mount/flags.go:
+	// From https://github.com/moby/sys/blob/mount/v0.1.1/mount/flags.go#L47-L56
 	//
 	// var validFlags = map[string]bool{
 	// 	"":          true,

vendor/github.com/docker/docker/api/types/network/network.go

@@ -1,7 +1,6 @@
 package network // import "github.com/docker/docker/api/types/network"
 import (
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/errdefs"
 )
 
 // Address represents an IP address
@@ -123,5 +122,5 @@ var acceptedFilters = map[string]bool{
 
 // ValidateFilters validates the list of filter args with the available filters.
 func ValidateFilters(filter filters.Args) error {
-	return errdefs.InvalidParameter(filter.Validate(acceptedFilters))
+	return filter.Validate(acceptedFilters)
 }

vendor/github.com/docker/docker/api/types/seccomp.go

@@ -1,94 +0,0 @@
-package types // import "github.com/docker/docker/api/types"
-
-// Seccomp represents the config for a seccomp profile for syscall restriction.
-type Seccomp struct {
-	DefaultAction Action `json:"defaultAction"`
-	// Architectures is kept to maintain backward compatibility with the old
-	// seccomp profile.
-	Architectures []Arch         `json:"architectures,omitempty"`
-	ArchMap       []Architecture `json:"archMap,omitempty"`
-	Syscalls      []*Syscall     `json:"syscalls"`
-}
-
-// Architecture is used to represent a specific architecture
-// and its sub-architectures
-type Architecture struct {
-	Arch      Arch   `json:"architecture"`
-	SubArches []Arch `json:"subArchitectures"`
-}
-
-// Arch used for architectures
-type Arch string
-
-// Additional architectures permitted to be used for system calls
-// By default only the native architecture of the kernel is permitted
-const (
-	ArchX86         Arch = "SCMP_ARCH_X86"
-	ArchX86_64      Arch = "SCMP_ARCH_X86_64"
-	ArchX32         Arch = "SCMP_ARCH_X32"
-	ArchARM         Arch = "SCMP_ARCH_ARM"
-	ArchAARCH64     Arch = "SCMP_ARCH_AARCH64"
-	ArchMIPS        Arch = "SCMP_ARCH_MIPS"
-	ArchMIPS64      Arch = "SCMP_ARCH_MIPS64"
-	ArchMIPS64N32   Arch = "SCMP_ARCH_MIPS64N32"
-	ArchMIPSEL      Arch = "SCMP_ARCH_MIPSEL"
-	ArchMIPSEL64    Arch = "SCMP_ARCH_MIPSEL64"
-	ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
-	ArchPPC         Arch = "SCMP_ARCH_PPC"
-	ArchPPC64       Arch = "SCMP_ARCH_PPC64"
-	ArchPPC64LE     Arch = "SCMP_ARCH_PPC64LE"
-	ArchS390        Arch = "SCMP_ARCH_S390"
-	ArchS390X       Arch = "SCMP_ARCH_S390X"
-)
-
-// Action taken upon Seccomp rule match
-type Action string
-
-// Define actions for Seccomp rules
-const (
-	ActKill  Action = "SCMP_ACT_KILL"
-	ActTrap  Action = "SCMP_ACT_TRAP"
-	ActErrno Action = "SCMP_ACT_ERRNO"
-	ActTrace Action = "SCMP_ACT_TRACE"
-	ActAllow Action = "SCMP_ACT_ALLOW"
-)
-
-// Operator used to match syscall arguments in Seccomp
-type Operator string
-
-// Define operators for syscall arguments in Seccomp
-const (
-	OpNotEqual     Operator = "SCMP_CMP_NE"
-	OpLessThan     Operator = "SCMP_CMP_LT"
-	OpLessEqual    Operator = "SCMP_CMP_LE"
-	OpEqualTo      Operator = "SCMP_CMP_EQ"
-	OpGreaterEqual Operator = "SCMP_CMP_GE"
-	OpGreaterThan  Operator = "SCMP_CMP_GT"
-	OpMaskedEqual  Operator = "SCMP_CMP_MASKED_EQ"
-)
-
-// Arg used for matching specific syscall arguments in Seccomp
-type Arg struct {
-	Index    uint     `json:"index"`
-	Value    uint64   `json:"value"`
-	ValueTwo uint64   `json:"valueTwo"`
-	Op       Operator `json:"op"`
-}
-
-// Filter is used to conditionally apply Seccomp rules
-type Filter struct {
-	Caps      []string `json:"caps,omitempty"`
-	Arches    []string `json:"arches,omitempty"`
-	MinKernel string   `json:"minKernel,omitempty"`
-}
-
-// Syscall is used to match a group of syscalls in Seccomp
-type Syscall struct {
-	Name     string   `json:"name,omitempty"`
-	Names    []string `json:"names,omitempty"`
-	Action   Action   `json:"action"`
-	Args     []*Arg   `json:"args"`
-	Comment  string   `json:"comment"`
-	Includes Filter   `json:"includes"`
-	Excludes Filter   `json:"excludes"`
-}

vendor/github.com/docker/docker/api/types/swarm/container.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/go-units"
 )
 
 // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
@@ -67,12 +68,13 @@ type ContainerSpec struct {
 	// The format of extra hosts on swarmkit is specified in:
 	// http://man7.org/linux/man-pages/man5/hosts.5.html
 	//    IP_address canonical_hostname [aliases...]
-	Hosts        []string            `json:",omitempty"`
+	Hosts          []string            `json:",omitempty"`
-	DNSConfig    *DNSConfig          `json:",omitempty"`
+	DNSConfig      *DNSConfig          `json:",omitempty"`
-	Secrets      []*SecretReference  `json:",omitempty"`
+	Secrets        []*SecretReference  `json:",omitempty"`
-	Configs      []*ConfigReference  `json:",omitempty"`
+	Configs        []*ConfigReference  `json:",omitempty"`
-	Isolation    container.Isolation `json:",omitempty"`
+	Isolation      container.Isolation `json:",omitempty"`
-	PidsLimit    int64               `json:",omitempty"`
+	Sysctls        map[string]string   `json:",omitempty"`
-	Sysctls      map[string]string   `json:",omitempty"`
+	CapabilityAdd  []string            `json:",omitempty"`
-	Capabilities []string            `json:",omitempty"`
+	CapabilityDrop []string            `json:",omitempty"`
+	Ulimits        []*units.Ulimit     `json:",omitempty"`
 }

vendor/github.com/docker/docker/api/types/swarm/task.go

@@ -91,13 +91,21 @@ type TaskSpec struct {
 	Runtime RuntimeType `json:",omitempty"`
 }
 
-// Resources represents resources (CPU/Memory).
+// Resources represents resources (CPU/Memory) which can be advertised by a
+// node and requested to be reserved for a task.
 type Resources struct {
 	NanoCPUs         int64             `json:",omitempty"`
 	MemoryBytes      int64             `json:",omitempty"`
 	GenericResources []GenericResource `json:",omitempty"`
 }
 
+// Limit describes limits on resources which can be requested by a task.
+type Limit struct {
+	NanoCPUs    int64 `json:",omitempty"`
+	MemoryBytes int64 `json:",omitempty"`
+	Pids        int64 `json:",omitempty"`
+}
+
 // GenericResource represents a "user defined" resource which can
 // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1)
 type GenericResource struct {
@@ -125,7 +133,7 @@ type DiscreteGenericResource struct {
 
 // ResourceRequirements represents resources requirements.
 type ResourceRequirements struct {
-	Limits       *Resources `json:",omitempty"`
+	Limits       *Limit     `json:",omitempty"`
 	Reservations *Resources `json:",omitempty"`
 }
 

vendor/github.com/docker/docker/api/types/types.go

@@ -158,7 +158,7 @@ type Info struct {
 	Plugins            PluginsInfo
 	MemoryLimit        bool
 	SwapLimit          bool
-	KernelMemory       bool
+	KernelMemory       bool // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes
 	KernelMemoryTCP    bool
 	CPUCfsPeriod       bool `json:"CpuCfsPeriod"`
 	CPUCfsQuota        bool `json:"CpuCfsQuota"`
@@ -203,15 +203,16 @@ type Info struct {
 	// LiveRestoreEnabled determines whether containers should be kept
 	// running when the daemon is shutdown or upon daemon start if
 	// running containers are detected
-	LiveRestoreEnabled bool
+	LiveRestoreEnabled  bool
-	Isolation          container.Isolation
+	Isolation           container.Isolation
-	InitBinary         string
+	InitBinary          string
-	ContainerdCommit   Commit
+	ContainerdCommit    Commit
-	RuncCommit         Commit
+	RuncCommit          Commit
-	InitCommit         Commit
+	InitCommit          Commit
-	SecurityOptions    []string
+	SecurityOptions     []string
-	ProductLicense     string `json:",omitempty"`
+	ProductLicense      string               `json:",omitempty"`
-	Warnings           []string
+	DefaultAddressPools []NetworkAddressPool `json:",omitempty"`
+	Warnings            []string
 }
 
 // KeyValue holds a key/value pair
@@ -219,6 +220,12 @@ type KeyValue struct {
 	Key, Value string
 }
 
+// NetworkAddressPool is a temp struct used by Info struct
+type NetworkAddressPool struct {
+	Base string
+	Size int
+}
+
 // SecurityOpt contains the name and options of a security option
 type SecurityOpt struct {
 	Name    string
@@ -511,6 +518,16 @@ type Checkpoint struct {
 type Runtime struct {
 	Path string   `json:"path"`
 	Args []string `json:"runtimeArgs,omitempty"`
+
+	// This is exposed here only for internal use
+	// It is not currently supported to specify custom shim configs
+	Shim *ShimConfig `json:"-"`
+}
+
+// ShimConfig is used by runtime to configure containerd shims
+type ShimConfig struct {
+	Binary string
+	Opts   interface{}
 }
 
 // DiskUsage contains response of Engine API:

vendor/github.com/docker/docker/client/client.go

@@ -7,8 +7,8 @@ https://docs.docker.com/engine/reference/api/
 Usage
 
 You use the library by creating a client object and calling methods on it. The
-client can be created either from environment variables with NewEnvClient, or
+client can be created either from environment variables with NewClientWithOpts(client.FromEnv),
-configured manually with NewClient.
+or configured manually with NewClient().
 
 For example, to list running containers (the equivalent of "docker ps"):
 

vendor/github.com/docker/docker/client/client_unix.go

@@ -1,4 +1,4 @@
-// +build linux freebsd openbsd darwin solaris illumos
+// +build linux freebsd openbsd netbsd darwin solaris illumos dragonfly
 
 package client // import "github.com/docker/docker/client"
 

vendor/github.com/docker/docker/client/request.go

@@ -134,8 +134,7 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp
 
 		// Don't decorate context sentinel errors; users may be comparing to
 		// them directly.
-		switch err {
+		if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
-		case context.Canceled, context.DeadlineExceeded:
 			return serverResp, err
 		}
 

vendor/github.com/docker/docker/client/service_create.go

@@ -15,8 +15,7 @@ import (
 
 // ServiceCreate creates a new Service.
 func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
-	var distErr error
+	var response types.ServiceCreateResponse
-
 	headers := map[string][]string{
 		"version": {cli.version},
 	}
@@ -31,46 +30,28 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 
 	if err := validateServiceSpec(service); err != nil {
-		return types.ServiceCreateResponse{}, err
+		return response, err
 	}
 
 	// ensure that the image is tagged
-	var imgPlatforms []swarm.Platform
+	var resolveWarning string
-	if service.TaskTemplate.ContainerSpec != nil {
+	switch {
+	case service.TaskTemplate.ContainerSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
 			service.TaskTemplate.ContainerSpec.Image = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
+			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.ContainerSpec.Image = img
-			}
 		}
-	}
+	case service.TaskTemplate.PluginSpec != nil:
-
-	// ensure that the image is tagged
-	if service.TaskTemplate.PluginSpec != nil {
 		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
 			service.TaskTemplate.PluginSpec.Remote = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
+			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.PluginSpec.Remote = img
-			}
 		}
 	}
 
-	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement = &swarm.Placement{}
-	}
-	if len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement.Platforms = imgPlatforms
-	}
-
-	var response types.ServiceCreateResponse
 	resp, err := cli.post(ctx, "/services/create", nil, service, headers)
 	defer ensureReaderClosed(resp)
 	if err != nil {
@@ -78,14 +59,45 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-
+	if resolveWarning != "" {
-	if distErr != nil {
+		response.Warnings = append(response.Warnings, resolveWarning)
-		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
 	}
 
 	return response, err
 }
 
+func resolveContainerSpecImage(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
+	var warning string
+	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.ContainerSpec.Image, encodedAuth); err != nil {
+		warning = digestWarning(taskSpec.ContainerSpec.Image)
+	} else {
+		taskSpec.ContainerSpec.Image = img
+		if len(imgPlatforms) > 0 {
+			if taskSpec.Placement == nil {
+				taskSpec.Placement = &swarm.Placement{}
+			}
+			taskSpec.Placement.Platforms = imgPlatforms
+		}
+	}
+	return warning
+}
+
+func resolvePluginSpecRemote(ctx context.Context, cli DistributionAPIClient, taskSpec *swarm.TaskSpec, encodedAuth string) string {
+	var warning string
+	if img, imgPlatforms, err := imageDigestAndPlatforms(ctx, cli, taskSpec.PluginSpec.Remote, encodedAuth); err != nil {
+		warning = digestWarning(taskSpec.PluginSpec.Remote)
+	} else {
+		taskSpec.PluginSpec.Remote = img
+		if len(imgPlatforms) > 0 {
+			if taskSpec.Placement == nil {
+				taskSpec.Placement = &swarm.Placement{}
+			}
+			taskSpec.Placement.Platforms = imgPlatforms
+		}
+	}
+	return warning
+}
+
 func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, image, encodedAuth string) (string, []swarm.Platform, error) {
 	distributionInspect, err := cli.DistributionInspect(ctx, image, encodedAuth)
 	var platforms []swarm.Platform
@@ -119,7 +131,7 @@ func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, ima
 
 // imageWithDigestString takes an image string and a digest, and updates
 // the image string if it didn't originally contain a digest. It returns
-// an empty string if there are no updates.
+// image unmodified in other situations.
 func imageWithDigestString(image string, dgst digest.Digest) string {
 	namedRef, err := reference.ParseNormalizedNamed(image)
 	if err == nil {
@@ -131,7 +143,7 @@ func imageWithDigestString(image string, dgst digest.Digest) string {
 			}
 		}
 	}
-	return ""
+	return image
 }
 
 // imageWithTagString takes an image string, and returns a tagged image

vendor/github.com/docker/docker/client/service_update.go

@@ -15,8 +15,8 @@ import (
 // of swarm.Service, which can be found using ServiceInspectWithRaw.
 func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version swarm.Version, service swarm.ServiceSpec, options types.ServiceUpdateOptions) (types.ServiceUpdateResponse, error) {
 	var (
-		query   = url.Values{}
+		query    = url.Values{}
-		distErr error
+		response = types.ServiceUpdateResponse{}
 	)
 
 	headers := map[string][]string{
@@ -38,46 +38,28 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	query.Set("version", strconv.FormatUint(version.Index, 10))
 
 	if err := validateServiceSpec(service); err != nil {
-		return types.ServiceUpdateResponse{}, err
+		return response, err
 	}
 
-	var imgPlatforms []swarm.Platform
 	// ensure that the image is tagged
-	if service.TaskTemplate.ContainerSpec != nil {
+	var resolveWarning string
+	switch {
+	case service.TaskTemplate.ContainerSpec != nil:
 		if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" {
 			service.TaskTemplate.ContainerSpec.Image = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
+			resolveWarning = resolveContainerSpecImage(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.ContainerSpec.Image = img
-			}
 		}
-	}
+	case service.TaskTemplate.PluginSpec != nil:
-
-	// ensure that the image is tagged
-	if service.TaskTemplate.PluginSpec != nil {
 		if taggedImg := imageWithTagString(service.TaskTemplate.PluginSpec.Remote); taggedImg != "" {
 			service.TaskTemplate.PluginSpec.Remote = taggedImg
 		}
 		if options.QueryRegistry {
-			var img string
+			resolveWarning = resolvePluginSpecRemote(ctx, cli, &service.TaskTemplate, options.EncodedRegistryAuth)
-			img, imgPlatforms, distErr = imageDigestAndPlatforms(ctx, cli, service.TaskTemplate.PluginSpec.Remote, options.EncodedRegistryAuth)
-			if img != "" {
-				service.TaskTemplate.PluginSpec.Remote = img
-			}
 		}
 	}
 
-	if service.TaskTemplate.Placement == nil && len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement = &swarm.Placement{}
-	}
-	if len(imgPlatforms) > 0 {
-		service.TaskTemplate.Placement.Platforms = imgPlatforms
-	}
-
-	var response types.ServiceUpdateResponse
 	resp, err := cli.post(ctx, "/services/"+serviceID+"/update", query, service, headers)
 	defer ensureReaderClosed(resp)
 	if err != nil {
@@ -85,9 +67,8 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	}
 
 	err = json.NewDecoder(resp.body).Decode(&response)
-
+	if resolveWarning != "" {
-	if distErr != nil {
+		response.Warnings = append(response.Warnings, resolveWarning)
-		response.Warnings = append(response.Warnings, digestWarning(service.TaskTemplate.ContainerSpec.Image))
 	}
 
 	return response, err

vendor/github.com/docker/docker/errdefs/helpers.go

@@ -10,6 +10,10 @@ func (e errNotFound) Cause() error {
 	return e.error
 }
 
+func (e errNotFound) Unwrap() error {
+	return e.error
+}
+
 // NotFound is a helper to create an error of the class with the same name from any error type
 func NotFound(err error) error {
 	if err == nil || IsNotFound(err) {
@@ -26,6 +30,10 @@ func (e errInvalidParameter) Cause() error {
 	return e.error
 }
 
+func (e errInvalidParameter) Unwrap() error {
+	return e.error
+}
+
 // InvalidParameter is a helper to create an error of the class with the same name from any error type
 func InvalidParameter(err error) error {
 	if err == nil || IsInvalidParameter(err) {
@@ -42,6 +50,10 @@ func (e errConflict) Cause() error {
 	return e.error
 }
 
+func (e errConflict) Unwrap() error {
+	return e.error
+}
+
 // Conflict is a helper to create an error of the class with the same name from any error type
 func Conflict(err error) error {
 	if err == nil || IsConflict(err) {
@@ -58,6 +70,10 @@ func (e errUnauthorized) Cause() error {
 	return e.error
 }
 
+func (e errUnauthorized) Unwrap() error {
+	return e.error
+}
+
 // Unauthorized is a helper to create an error of the class with the same name from any error type
 func Unauthorized(err error) error {
 	if err == nil || IsUnauthorized(err) {
@@ -74,6 +90,10 @@ func (e errUnavailable) Cause() error {
 	return e.error
 }
 
+func (e errUnavailable) Unwrap() error {
+	return e.error
+}
+
 // Unavailable is a helper to create an error of the class with the same name from any error type
 func Unavailable(err error) error {
 	if err == nil || IsUnavailable(err) {
@@ -90,6 +110,10 @@ func (e errForbidden) Cause() error {
 	return e.error
 }
 
+func (e errForbidden) Unwrap() error {
+	return e.error
+}
+
 // Forbidden is a helper to create an error of the class with the same name from any error type
 func Forbidden(err error) error {
 	if err == nil || IsForbidden(err) {
@@ -106,6 +130,10 @@ func (e errSystem) Cause() error {
 	return e.error
 }
 
+func (e errSystem) Unwrap() error {
+	return e.error
+}
+
 // System is a helper to create an error of the class with the same name from any error type
 func System(err error) error {
 	if err == nil || IsSystem(err) {
@@ -122,6 +150,10 @@ func (e errNotModified) Cause() error {
 	return e.error
 }
 
+func (e errNotModified) Unwrap() error {
+	return e.error
+}
+
 // NotModified is a helper to create an error of the class with the same name from any error type
 func NotModified(err error) error {
 	if err == nil || IsNotModified(err) {
@@ -138,6 +170,10 @@ func (e errNotImplemented) Cause() error {
 	return e.error
 }
 
+func (e errNotImplemented) Unwrap() error {
+	return e.error
+}
+
 // NotImplemented is a helper to create an error of the class with the same name from any error type
 func NotImplemented(err error) error {
 	if err == nil || IsNotImplemented(err) {
@@ -154,6 +190,10 @@ func (e errUnknown) Cause() error {
 	return e.error
 }
 
+func (e errUnknown) Unwrap() error {
+	return e.error
+}
+
 // Unknown is a helper to create an error of the class with the same name from any error type
 func Unknown(err error) error {
 	if err == nil || IsUnknown(err) {
@@ -170,6 +210,10 @@ func (e errCancelled) Cause() error {
 	return e.error
 }
 
+func (e errCancelled) Unwrap() error {
+	return e.error
+}
+
 // Cancelled is a helper to create an error of the class with the same name from any error type
 func Cancelled(err error) error {
 	if err == nil || IsCancelled(err) {
@@ -186,6 +230,10 @@ func (e errDeadline) Cause() error {
 	return e.error
 }
 
+func (e errDeadline) Unwrap() error {
+	return e.error
+}
+
 // Deadline is a helper to create an error of the class with the same name from any error type
 func Deadline(err error) error {
 	if err == nil || IsDeadline(err) {
@@ -202,6 +250,10 @@ func (e errDataLoss) Cause() error {
 	return e.error
 }
 
+func (e errDataLoss) Unwrap() error {
+	return e.error
+}
+
 // DataLoss is a helper to create an error of the class with the same name from any error type
 func DataLoss(err error) error {
 	if err == nil || IsDataLoss(err) {

vendor/github.com/docker/docker/pkg/archive/archive.go

@@ -27,17 +27,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-var unpigzPath string
-
-func init() {
-	if path, err := exec.LookPath("unpigz"); err != nil {
-		logrus.Debug("unpigz binary not found in PATH, falling back to go gzip library")
-	} else {
-		logrus.Debugf("Using unpigz binary found at path %s", path)
-		unpigzPath = path
-	}
-}
-
 type (
 	// Compression is the state represents if compressed or not.
 	Compression int
@@ -158,19 +147,30 @@ func xzDecompress(ctx context.Context, archive io.Reader) (io.ReadCloser, error)
 }
 
 func gzDecompress(ctx context.Context, buf io.Reader) (io.ReadCloser, error) {
-	if unpigzPath == "" {
+	noPigzEnv := os.Getenv("MOBY_DISABLE_PIGZ")
+	var noPigz bool
+
+	if noPigzEnv != "" {
+		var err error
+		noPigz, err = strconv.ParseBool(noPigzEnv)
+		if err != nil {
+			logrus.WithError(err).Warn("invalid value in MOBY_DISABLE_PIGZ env var")
+		}
+	}
+
+	if noPigz {
+		logrus.Debugf("Use of pigz is disabled due to MOBY_DISABLE_PIGZ=%s", noPigzEnv)
 		return gzip.NewReader(buf)
 	}
 
-	disablePigzEnv := os.Getenv("MOBY_DISABLE_PIGZ")
+	unpigzPath, err := exec.LookPath("unpigz")
-	if disablePigzEnv != "" {
+	if err != nil {
-		if disablePigz, err := strconv.ParseBool(disablePigzEnv); err != nil {
+		logrus.Debugf("unpigz binary not found, falling back to go gzip library")
-			return nil, err
+		return gzip.NewReader(buf)
-		} else if disablePigz {
-			return gzip.NewReader(buf)
-		}
 	}
 
+	logrus.Debugf("Using %s to decompress", unpigzPath)
+
 	return cmdStream(exec.CommandContext(ctx, unpigzPath, "-d", "-c"), buf)
 }
 

vendor/github.com/docker/docker/pkg/archive/archive_unix.go

@@ -10,9 +10,9 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/containerd/containerd/sys"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/system"
-	rsystem "github.com/opencontainers/runc/libcontainer/system"
 	"golang.org/x/sys/unix"
 )
 
@@ -81,7 +81,7 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
 // createTarFile to handle the following types of header: Block; Char; Fifo
 func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
-	if rsystem.RunningInUserNS() {
+	if sys.RunningInUserNS() {
 		// cannot create a device if running in user namespace
 		return nil
 	}

vendor/github.com/docker/docker/pkg/idtools/idtools.go

@@ -114,31 +114,6 @@ type IdentityMapping struct {
 	gids []IDMap
 }
 
-// NewIdentityMapping takes a requested user and group name and
-// using the data from /etc/sub{uid,gid} ranges, creates the
-// proper uid and gid remapping ranges for that user/group pair
-func NewIdentityMapping(username, groupname string) (*IdentityMapping, error) {
-	subuidRanges, err := parseSubuid(username)
-	if err != nil {
-		return nil, err
-	}
-	subgidRanges, err := parseSubgid(groupname)
-	if err != nil {
-		return nil, err
-	}
-	if len(subuidRanges) == 0 {
-		return nil, fmt.Errorf("No subuid ranges found for user %q", username)
-	}
-	if len(subgidRanges) == 0 {
-		return nil, fmt.Errorf("No subgid ranges found for group %q", groupname)
-	}
-
-	return &IdentityMapping{
-		uids: createIDMap(subuidRanges),
-		gids: createIDMap(subgidRanges),
-	}, nil
-}
-
 // NewIDMappingsFromMaps creates a new mapping from two slices
 // Deprecated: this is a temporary shim while transitioning to IDMapping
 func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping {

vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go

@@ -8,12 +8,13 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"strings"
+	"strconv"
 	"sync"
 	"syscall"
 
 	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/runc/libcontainer/user"
+	"github.com/pkg/errors"
 )
 
 var (
@@ -105,14 +106,14 @@ func accessible(isOwner, isGroup bool, perms os.FileMode) bool {
 
 // LookupUser uses traditional local system files lookup (from libcontainer/user) on a username,
 // followed by a call to `getent` for supporting host configured non-files passwd and group dbs
-func LookupUser(username string) (user.User, error) {
+func LookupUser(name string) (user.User, error) {
 	// first try a local system files lookup using existing capabilities
-	usr, err := user.LookupUser(username)
+	usr, err := user.LookupUser(name)
 	if err == nil {
 		return usr, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
-	usr, err = getentUser(fmt.Sprintf("%s %s", "passwd", username))
+	usr, err = getentUser(name)
 	if err != nil {
 		return user.User{}, err
 	}
@@ -128,11 +129,11 @@ func LookupUID(uid int) (user.User, error) {
 		return usr, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured passwd dbs
-	return getentUser(fmt.Sprintf("%s %d", "passwd", uid))
+	return getentUser(strconv.Itoa(uid))
 }
 
-func getentUser(args string) (user.User, error) {
+func getentUser(name string) (user.User, error) {
-	reader, err := callGetent(args)
+	reader, err := callGetent("passwd", name)
 	if err != nil {
 		return user.User{}, err
 	}
@@ -141,21 +142,21 @@ func getentUser(args string) (user.User, error) {
 		return user.User{}, err
 	}
 	if len(users) == 0 {
-		return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", strings.Split(args, " ")[1])
+		return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", name)
 	}
 	return users[0], nil
 }
 
 // LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name,
 // followed by a call to `getent` for supporting host configured non-files passwd and group dbs
-func LookupGroup(groupname string) (user.Group, error) {
+func LookupGroup(name string) (user.Group, error) {
 	// first try a local system files lookup using existing capabilities
-	group, err := user.LookupGroup(groupname)
+	group, err := user.LookupGroup(name)
 	if err == nil {
 		return group, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured group dbs
-	return getentGroup(fmt.Sprintf("%s %s", "group", groupname))
+	return getentGroup(name)
 }
 
 // LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID,
@@ -167,11 +168,11 @@ func LookupGID(gid int) (user.Group, error) {
 		return group, nil
 	}
 	// local files lookup failed; attempt to call `getent` to query configured group dbs
-	return getentGroup(fmt.Sprintf("%s %d", "group", gid))
+	return getentGroup(strconv.Itoa(gid))
 }
 
-func getentGroup(args string) (user.Group, error) {
+func getentGroup(name string) (user.Group, error) {
-	reader, err := callGetent(args)
+	reader, err := callGetent("group", name)
 	if err != nil {
 		return user.Group{}, err
 	}
@@ -180,18 +181,18 @@ func getentGroup(args string) (user.Group, error) {
 		return user.Group{}, err
 	}
 	if len(groups) == 0 {
-		return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", strings.Split(args, " ")[1])
+		return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", name)
 	}
 	return groups[0], nil
 }
 
-func callGetent(args string) (io.Reader, error) {
+func callGetent(database, key string) (io.Reader, error) {
 	entOnce.Do(func() { getentCmd, _ = resolveBinary("getent") })
 	// if no `getent` command on host, can't do anything else
 	if getentCmd == "" {
-		return nil, fmt.Errorf("")
+		return nil, fmt.Errorf("unable to find getent command")
 	}
-	out, err := execCmd(getentCmd, args)
+	out, err := execCmd(getentCmd, database, key)
 	if err != nil {
 		exitCode, errC := system.GetExitCode(err)
 		if errC != nil {
@@ -201,8 +202,7 @@ func callGetent(args string) (io.Reader, error) {
 		case 1:
 			return nil, fmt.Errorf("getent reported invalid parameters/database unknown")
 		case 2:
-			terms := strings.Split(args, " ")
+			return nil, fmt.Errorf("getent unable to find entry %q in %s database", key, database)
-			return nil, fmt.Errorf("getent unable to find entry %q in %s database", terms[1], terms[0])
 		case 3:
 			return nil, fmt.Errorf("getent database doesn't support enumeration")
 		default:
@@ -229,3 +229,48 @@ func lazyChown(p string, uid, gid int, stat *system.StatT) error {
 	}
 	return os.Chown(p, uid, gid)
 }
+
+// NewIdentityMapping takes a requested username and
+// using the data from /etc/sub{uid,gid} ranges, creates the
+// proper uid and gid remapping ranges for that user/group pair
+func NewIdentityMapping(name string) (*IdentityMapping, error) {
+	usr, err := LookupUser(name)
+	if err != nil {
+		return nil, fmt.Errorf("Could not get user for username %s: %v", name, err)
+	}
+
+	uid := strconv.Itoa(usr.Uid)
+
+	subuidRangesWithUserName, err := parseSubuid(name)
+	if err != nil {
+		return nil, err
+	}
+	subgidRangesWithUserName, err := parseSubgid(name)
+	if err != nil {
+		return nil, err
+	}
+
+	subuidRangesWithUID, err := parseSubuid(uid)
+	if err != nil {
+		return nil, err
+	}
+	subgidRangesWithUID, err := parseSubgid(uid)
+	if err != nil {
+		return nil, err
+	}
+
+	subuidRanges := append(subuidRangesWithUserName, subuidRangesWithUID...)
+	subgidRanges := append(subgidRangesWithUserName, subgidRangesWithUID...)
+
+	if len(subuidRanges) == 0 {
+		return nil, errors.Errorf("no subuid ranges found for user %q", name)
+	}
+	if len(subgidRanges) == 0 {
+		return nil, errors.Errorf("no subgid ranges found for user %q", name)
+	}
+
+	return &IdentityMapping{
+		uids: createIDMap(subuidRanges),
+		gids: createIDMap(subgidRanges),
+	}, nil
+}

vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go

@@ -17,18 +17,13 @@ import (
 var (
 	once        sync.Once
 	userCommand string
-
-	cmdTemplates = map[string]string{
-		"adduser": "--system --shell /bin/false --no-create-home --disabled-login --disabled-password --group %s",
-		"useradd": "-r -s /bin/false %s",
-		"usermod": "-%s %d-%d %s",
-	}
-
 	idOutRegexp = regexp.MustCompile(`uid=([0-9]+).*gid=([0-9]+)`)
+)
+
+const (
 	// default length for a UID/GID subordinate range
 	defaultRangeLen   = 65536
 	defaultRangeStart = 100000
-	userMod           = "usermod"
 )
 
 // AddNamespaceRangesUser takes a username and uses the standard system
@@ -67,7 +62,7 @@ func AddNamespaceRangesUser(name string) (int, int, error) {
 	return uid, gid, nil
 }
 
-func addUser(userName string) error {
+func addUser(name string) error {
 	once.Do(func() {
 		// set up which commands are used for adding users/groups dependent on distro
 		if _, err := resolveBinary("adduser"); err == nil {
@@ -76,13 +71,18 @@ func addUser(userName string) error {
 			userCommand = "useradd"
 		}
 	})
-	if userCommand == "" {
+	var args []string
-		return fmt.Errorf("Cannot add user; no useradd/adduser binary found")
+	switch userCommand {
+	case "adduser":
+		args = []string{"--system", "--shell", "/bin/false", "--no-create-home", "--disabled-login", "--disabled-password", "--group", name}
+	case "useradd":
+		args = []string{"-r", "-s", "/bin/false", name}
+	default:
+		return fmt.Errorf("cannot add user; no useradd/adduser binary found")
 	}
-	args := fmt.Sprintf(cmdTemplates[userCommand], userName)
+
-	out, err := execCmd(userCommand, args)
+	if out, err := execCmd(userCommand, args...); err != nil {
-	if err != nil {
+		return fmt.Errorf("failed to add user with error: %v; output: %q", err, string(out))
-		return fmt.Errorf("Failed to add user with error: %v; output: %q", err, string(out))
 	}
 	return nil
 }
@@ -101,7 +101,7 @@ func createSubordinateRanges(name string) error {
 		if err != nil {
 			return fmt.Errorf("Can't find available subuid range: %v", err)
 		}
-		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "v", startID, startID+defaultRangeLen-1, name))
+		out, err := execCmd("usermod", "-v", fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1), name)
 		if err != nil {
 			return fmt.Errorf("Unable to add subuid range to user: %q; output: %s, err: %v", name, out, err)
 		}
@@ -117,7 +117,7 @@ func createSubordinateRanges(name string) error {
 		if err != nil {
 			return fmt.Errorf("Can't find available subgid range: %v", err)
 		}
-		out, err := execCmd(userMod, fmt.Sprintf(cmdTemplates[userMod], "w", startID, startID+defaultRangeLen-1, name))
+		out, err := execCmd("usermod", "-w", fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1), name)
 		if err != nil {
 			return fmt.Errorf("Unable to add subgid range to user: %q; output: %s, err: %v", name, out, err)
 		}

vendor/github.com/docker/docker/pkg/idtools/utils_unix.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"os/exec"
 	"path/filepath"
-	"strings"
 )
 
 func resolveBinary(binname string) (string, error) {
@@ -26,7 +25,7 @@ func resolveBinary(binname string) (string, error) {
 	return "", fmt.Errorf("Binary %q does not resolve to a binary of that name in $PATH (%q)", binname, resolvedPath)
 }
 
-func execCmd(cmd, args string) ([]byte, error) {
+func execCmd(cmd string, arg ...string) ([]byte, error) {
-	execCmd := exec.Command(cmd, strings.Split(args, " ")...)
+	execCmd := exec.Command(cmd, arg...)
 	return execCmd.CombinedOutput()
 }

vendor/github.com/docker/docker/pkg/system/rm.go

@@ -1,3 +1,5 @@
+// +build !darwin,!windows
+
 package system // import "github.com/docker/docker/pkg/system"
 
 import (

vendor/github.com/docker/docker/pkg/system/rm_windows.go

@@ -0,0 +1,6 @@
+package system
+
+import "os"
+
+// EnsureRemoveAll is an alias to os.RemoveAll on Windows
+var EnsureRemoveAll = os.RemoveAll

vendor/github.com/docker/docker/pkg/system/stat_bsd.go

@@ -1,3 +1,5 @@
+// +build freebsd netbsd
+
 package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"

vendor/github.com/docker/docker/pkg/system/stat_solaris.go

@@ -0,0 +1,13 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import "syscall"
+
+// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
+func fromStatT(s *syscall.Stat_t) (*StatT, error) {
+	return &StatT{size: s.Size,
+		mode: s.Mode,
+		uid:  s.Uid,
+		gid:  s.Gid,
+		rdev: s.Rdev,
+		mtim: s.Mtim}, nil
+}

vendor/github.com/opencontainers/runc/libcontainer/system/linux.go

@@ -1,148 +0,0 @@
-// +build linux
-
-package system
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"os/exec"
-	"syscall"
-	"unsafe"
-)
-
-// If arg2 is nonzero, set the "child subreaper" attribute of the
-// calling process; if arg2 is zero, unset the attribute.  When a
-// process is marked as a child subreaper, all of the children
-// that it creates, and their descendants, will be marked as
-// having a subreaper.  In effect, a subreaper fulfills the role
-// of init(1) for its descendant processes.  Upon termination of
-// a process that is orphaned (i.e., its immediate parent has
-// already terminated) and marked as having a subreaper, the
-// nearest still living ancestor subreaper will receive a SIGCHLD
-// signal and be able to wait(2) on the process to discover its
-// termination status.
-const PR_SET_CHILD_SUBREAPER = 36
-
-type ParentDeathSignal int
-
-func (p ParentDeathSignal) Restore() error {
-	if p == 0 {
-		return nil
-	}
-	current, err := GetParentDeathSignal()
-	if err != nil {
-		return err
-	}
-	if p == current {
-		return nil
-	}
-	return p.Set()
-}
-
-func (p ParentDeathSignal) Set() error {
-	return SetParentDeathSignal(uintptr(p))
-}
-
-func Execv(cmd string, args []string, env []string) error {
-	name, err := exec.LookPath(cmd)
-	if err != nil {
-		return err
-	}
-
-	return syscall.Exec(name, args, env)
-}
-
-func Prlimit(pid, resource int, limit syscall.Rlimit) error {
-	_, _, err := syscall.RawSyscall6(syscall.SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(&limit)), uintptr(unsafe.Pointer(&limit)), 0, 0)
-	if err != 0 {
-		return err
-	}
-	return nil
-}
-
-func SetParentDeathSignal(sig uintptr) error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-func GetParentDeathSignal() (ParentDeathSignal, error) {
-	var sig int
-	_, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0)
-	if err != 0 {
-		return -1, err
-	}
-	return ParentDeathSignal(sig), nil
-}
-
-func SetKeepCaps() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 {
-		return err
-	}
-
-	return nil
-}
-
-func ClearKeepCaps() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 {
-		return err
-	}
-
-	return nil
-}
-
-func Setctty() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-/*
- * Detect whether we are currently running in a user namespace.
- * Copied from github.com/lxc/lxd/shared/util.go
- */
-func RunningInUserNS() bool {
-	file, err := os.Open("/proc/self/uid_map")
-	if err != nil {
-		/*
-		 * This kernel-provided file only exists if user namespaces are
-		 * supported
-		 */
-		return false
-	}
-	defer file.Close()
-
-	buf := bufio.NewReader(file)
-	l, _, err := buf.ReadLine()
-	if err != nil {
-		return false
-	}
-
-	line := string(l)
-	var a, b, c int64
-	fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
-	/*
-	 * We assume we are in the initial user namespace if we have a full
-	 * range - 4294967295 uids starting at uid 0.
-	 */
-	if a == 0 && b == 0 && c == 4294967295 {
-		return false
-	}
-	return true
-}
-
-// SetSubreaper sets the value i as the subreaper setting for the calling process
-func SetSubreaper(i int) error {
-	return Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
-}
-
-func Prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) {
-	_, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}

vendor/github.com/opencontainers/runc/libcontainer/system/proc.go

@@ -1,27 +0,0 @@
-package system
-
-import (
-	"io/ioutil"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-// look in /proc to find the process start time so that we can verify
-// that this pid has started after ourself
-func GetProcessStartTime(pid int) (string, error) {
-	data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
-	if err != nil {
-		return "", err
-	}
-
-	parts := strings.Split(string(data), " ")
-	// the starttime is located at pos 22
-	// from the man page
-	//
-	// starttime %llu (was %lu before Linux 2.6)
-	// (22)  The  time the process started after system boot.  In kernels before Linux 2.6, this
-	// value was expressed in jiffies.  Since Linux 2.6, the value is expressed in  clock  ticks
-	// (divide by sysconf(_SC_CLK_TCK)).
-	return parts[22-1], nil // starts at 1
-}

vendor/github.com/opencontainers/runc/libcontainer/system/setns_linux.go

@@ -1,40 +0,0 @@
-package system
-
-import (
-	"fmt"
-	"runtime"
-	"syscall"
-)
-
-// Via http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b21fddd087678a70ad64afc0f632e0f1071b092
-//
-// We need different setns values for the different platforms and arch
-// We are declaring the macro here because the SETNS syscall does not exist in th stdlib
-var setNsMap = map[string]uintptr{
-	"linux/386":     346,
-	"linux/arm64":   268,
-	"linux/amd64":   308,
-	"linux/arm":     375,
-	"linux/ppc":     350,
-	"linux/ppc64":   350,
-	"linux/ppc64le": 350,
-	"linux/s390x":   339,
-}
-
-var sysSetns = setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)]
-
-func SysSetns() uint32 {
-	return uint32(sysSetns)
-}
-
-func Setns(fd uintptr, flags uintptr) error {
-	ns, exists := setNsMap[fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)]
-	if !exists {
-		return fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH)
-	}
-	_, _, err := syscall.RawSyscall(ns, fd, flags, 0)
-	if err != 0 {
-		return err
-	}
-	return nil
-}

vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_386.go

@@ -1,25 +0,0 @@
-// +build linux,386
-
-package system
-
-import (
-	"syscall"
-)
-
-// Setuid sets the uid of the calling thread to the specified uid.
-func Setuid(uid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-// Setgid sets the gid of the calling thread to the specified gid.
-func Setgid(gid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID32, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}

vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go

@@ -1,25 +0,0 @@
-// +build linux,arm64 linux,amd64 linux,ppc linux,ppc64 linux,ppc64le linux,s390x
-
-package system
-
-import (
-	"syscall"
-)
-
-// Setuid sets the uid of the calling thread to the specified uid.
-func Setuid(uid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-// Setgid sets the gid of the calling thread to the specified gid.
-func Setgid(gid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}

vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_arm.go

@@ -1,25 +0,0 @@
-// +build linux,arm
-
-package system
-
-import (
-	"syscall"
-)
-
-// Setuid sets the uid of the calling thread to the specified uid.
-func Setuid(uid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID32, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}
-
-// Setgid sets the gid of the calling thread to the specified gid.
-func Setgid(gid int) (err error) {
-	_, _, e1 := syscall.RawSyscall(syscall.SYS_SETGID32, uintptr(gid), 0, 0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
-}

vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig.go

@@ -1,12 +0,0 @@
-// +build cgo,linux cgo,freebsd
-
-package system
-
-/*
-#include <unistd.h>
-*/
-import "C"
-
-func GetClockTicks() int {
-	return int(C.sysconf(C._SC_CLK_TCK))
-}

vendor/github.com/opencontainers/runc/libcontainer/system/sysconfig_notcgo.go

@@ -1,15 +0,0 @@
-// +build !cgo windows
-
-package system
-
-func GetClockTicks() int {
-	// TODO figure out a better alternative for platforms where we're missing cgo
-	//
-	// TODO Windows. This could be implemented using Win32 QueryPerformanceFrequency().
-	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms644905(v=vs.85).aspx
-	//
-	// An example of its usage can be found here.
-	// https://msdn.microsoft.com/en-us/library/windows/desktop/dn553408(v=vs.85).aspx
-
-	return 100
-}

vendor/github.com/opencontainers/runc/libcontainer/system/unsupported.go

@@ -1,9 +0,0 @@
-// +build !linux
-
-package system
-
-// RunningInUserNS is a stub for non-Linux systems
-// Always returns false
-func RunningInUserNS() bool {
-	return false
-}

vendor/github.com/opencontainers/runc/libcontainer/system/xattrs_linux.go

@@ -1,99 +0,0 @@
-package system
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var _zero uintptr
-
-// Returns the size of xattrs and nil error
-// Requires path, takes allocated []byte or nil as last argument
-func Llistxattr(path string, dest []byte) (size int, err error) {
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return -1, err
-	}
-	var newpathBytes unsafe.Pointer
-	if len(dest) > 0 {
-		newpathBytes = unsafe.Pointer(&dest[0])
-	} else {
-		newpathBytes = unsafe.Pointer(&_zero)
-	}
-
-	_size, _, errno := syscall.Syscall6(syscall.SYS_LLISTXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(newpathBytes), uintptr(len(dest)), 0, 0, 0)
-	size = int(_size)
-	if errno != 0 {
-		return -1, errno
-	}
-
-	return size, nil
-}
-
-// Returns a []byte slice if the xattr is set and nil otherwise
-// Requires path and its attribute as arguments
-func Lgetxattr(path string, attr string) ([]byte, error) {
-	var sz int
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return nil, err
-	}
-
-	// Start with a 128 length byte array
-	sz = 128
-	dest := make([]byte, sz)
-	destBytes := unsafe.Pointer(&dest[0])
-	_sz, _, errno := syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
-
-	switch {
-	case errno == syscall.ENODATA:
-		return nil, errno
-	case errno == syscall.ENOTSUP:
-		return nil, errno
-	case errno == syscall.ERANGE:
-		// 128 byte array might just not be good enough,
-		// A dummy buffer is used ``uintptr(0)`` to get real size
-		// of the xattrs on disk
-		_sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(unsafe.Pointer(nil)), uintptr(0), 0, 0)
-		sz = int(_sz)
-		if sz < 0 {
-			return nil, errno
-		}
-		dest = make([]byte, sz)
-		destBytes := unsafe.Pointer(&dest[0])
-		_sz, _, errno = syscall.Syscall6(syscall.SYS_LGETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(destBytes), uintptr(len(dest)), 0, 0)
-		if errno != 0 {
-			return nil, errno
-		}
-	case errno != 0:
-		return nil, errno
-	}
-	sz = int(_sz)
-	return dest[:sz], nil
-}
-
-func Lsetxattr(path string, attr string, data []byte, flags int) error {
-	pathBytes, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-	attrBytes, err := syscall.BytePtrFromString(attr)
-	if err != nil {
-		return err
-	}
-	var dataBytes unsafe.Pointer
-	if len(data) > 0 {
-		dataBytes = unsafe.Pointer(&data[0])
-	} else {
-		dataBytes = unsafe.Pointer(&_zero)
-	}
-	_, _, errno := syscall.Syscall6(syscall.SYS_LSETXATTR, uintptr(unsafe.Pointer(pathBytes)), uintptr(unsafe.Pointer(attrBytes)), uintptr(dataBytes), uintptr(len(data)), uintptr(flags), 0)
-	if errno != 0 {
-		return errno
-	}
-	return nil
-}

vendor/modules.txt

@@ -112,7 +112,7 @@ github.com/docker/distribution/manifest/schema1
 github.com/docker/distribution/manifest/schema2
 github.com/docker/distribution/reference
 github.com/docker/distribution/registry/api/errcode
-# github.com/docker/docker v17.12.0-ce-rc1.0.20200528204242-89382f2f2074+incompatible
+# github.com/docker/docker v20.10.0+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -237,7 +237,6 @@ github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1
 # github.com/opencontainers/runc v0.1.1
 ## explicit
-github.com/opencontainers/runc/libcontainer/system
 github.com/opencontainers/runc/libcontainer/user
 # github.com/opencontainers/runtime-spec v1.0.2
 github.com/opencontainers/runtime-spec/specs-go