*: fix codespell lint errors

For some reason, codespell started flagging older spelling issues in CI
despite being locked to a particular version. In any case, this fixes
them (as well as ones picked up by codespell v2.4, just in case).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
Aleksa Sarai
2026-06-19 15:55:53 +02:00
parent fca1905e8d
commit 5a9a5f2bb8
4 changed files with 6 additions and 6 deletions
+3 -3
View File
@@ -35,7 +35,7 @@ This release includes a fix for the following low-severity security issue:
#5253, #5269, #5288) #5253, #5269, #5288)
### Added ### ### Added ###
- When masking directories with `maskPaths`, runc will now re-use a single - When masking directories with `maskPaths`, runc will now reuse a single
`tmpfs` instance (which is not writeable) to reduce the number `tmpfs` `tmpfs` instance (which is not writeable) to reduce the number `tmpfs`
superblocks that need to be reaped when containers die (in particular, superblocks that need to be reaped when containers die (in particular,
Kubernetes applies masks to per-CPU sysfs directories which get expensive Kubernetes applies masks to per-CPU sysfs directories which get expensive
@@ -172,7 +172,7 @@ This release includes fixes for the following high-severity security issues:
> Mr. President, we must not allow a mine shaft gap! > Mr. President, we must not allow a mine shaft gap!
### Fixed ### Fixed
* Removed pre-emptive "full access to cgroups" warning when calling `runc * Removed preemptive "full access to cgroups" warning when calling `runc
pause` or `runc unpause` as an unprivileged user without pause` or `runc unpause` as an unprivileged user without
`--systemd-cgroups`. Now the warning is only emitted if an actual permission `--systemd-cgroups`. Now the warning is only emitted if an actual permission
error was encountered. (#4709) error was encountered. (#4709)
@@ -588,7 +588,7 @@ This release includes fixes for the following high-severity security issues:
`github.com/checkpoint-restore/go-criu`. (#3652) `github.com/checkpoint-restore/go-criu`. (#3652)
* Add `--pidfd-socket` to `runc run` and `runc exec` to allow for management * Add `--pidfd-socket` to `runc run` and `runc exec` to allow for management
processes to receive a pidfd for the new process, allowing them to avoid pid processes to receive a pidfd for the new process, allowing them to avoid pid
re-use attacks. (#4045) reuse attacks. (#4045)
[mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html [mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html
[cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh [cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh
@@ -61,7 +61,7 @@ type Handles struct {
// Release all resources associated with this Handle. All existing files // Release all resources associated with this Handle. All existing files
// returned from Get() will continue to work even after calling Release(). The // returned from Get() will continue to work even after calling Release(). The
// same Handles can be re-used after calling Release(). // same Handles can be reused after calling Release().
func (hs *Handles) Release() { func (hs *Handles) Release() {
hs.m.Lock() hs.m.Lock()
defer hs.m.Unlock() defer hs.m.Unlock()
+1 -1
View File
@@ -113,7 +113,7 @@ func runtime_IsPollDescriptor(fd uintptr) bool //nolint:revive
// //
// NOTE: That this function is incredibly dangerous to use in most Go code, as // NOTE: That this function is incredibly dangerous to use in most Go code, as
// closing file descriptors from underneath *os.File handles can lead to very // closing file descriptors from underneath *os.File handles can lead to very
// bad behaviour (the closed file descriptor can be re-used and then any // bad behaviour (the closed file descriptor can be reused and then any
// *os.File operations would apply to the wrong file). This function is only // *os.File operations would apply to the wrong file). This function is only
// intended to be called from the last stage of runc init. // intended to be called from the last stage of runc init.
func UnsafeCloseFrom(minFd int) error { func UnsafeCloseFrom(minFd int) error {
+1 -1
View File
@@ -217,7 +217,7 @@ function teardown() {
# Also create a network namespace that *is not owned* by the above userns. # Also create a network namespace that *is not owned* by the above userns.
# NOTE: Having no permissions in a namespaces makes it necessary to modify # NOTE: Having no permissions in a namespaces makes it necessary to modify
# the config so that we don't get mount errors (for reference: no netns # the config so that we don't get mount errors (for reference: no netns
# permissions == no sysfs mounts, no pidns permissoins == no procfs mounts, # permissions == no sysfs mounts, no pidns permissions == no procfs mounts,
# no utsns permissions == no sethostname(2), no ipc permissions == no # no utsns permissions == no sethostname(2), no ipc permissions == no
# mqueue mounts, etc). # mqueue mounts, etc).
netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")" netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")"