From e660ef61a5f8677e22fb50e51cd4368d8f24d319 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 7 Jun 2024 09:04:16 -0700 Subject: [PATCH] libct/nsenter: stop blacklisting go 1.22+ Go 1.23 includes a fix (https://go.dev/cl/587919) so go1.23.x can be used. This fix is also backported to 1.22.4, so go1.22.x can also be used (when x >= 4). Finally, for glibc >= 2.32 it doesn't really matter. Add a note about Go 1.22.x > 1.22.4 to README as well. Signed-off-by: Kir Kolyshkin --- README.md | 4 ++++ libcontainer/nsenter/nsenter_go122.go | 15 --------------- 2 files changed, 4 insertions(+), 15 deletions(-) delete mode 100644 libcontainer/nsenter/nsenter_go122.go diff --git a/README.md b/README.md index 6d8ac4d47..2cb8ed9f9 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,10 @@ A third party security audit was performed by Cure53, you can see the full repor `runc` only supports Linux. It must be built with Go version 1.19 or higher. +NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version +(see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for +more details). + In order to enable seccomp support you will need to install `libseccomp` on your platform. > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu diff --git a/libcontainer/nsenter/nsenter_go122.go b/libcontainer/nsenter/nsenter_go122.go deleted file mode 100644 index 2b9ece0ad..000000000 --- a/libcontainer/nsenter/nsenter_go122.go +++ /dev/null @@ -1,15 +0,0 @@ -//go:build go1.22 - -package nsenter - -/* -// We know for sure that glibc has issues with pthread_self() when called from -// Go after nsenter has run. This is likely a more general problem with how we -// ignore the rules in signal-safety(7), and so it's possible musl will also -// have issues, but as this is just a hotfix let's only block glibc builds. -#include -#ifdef __GLIBC__ -# error "runc does not currently work properly with Go >=1.22. See ." -#endif -*/ -import "C"