lifubang
f52ffd18d1
bump github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1
...
Signed-off-by: lifubang <lifubang@acmcoder.com >
(cherry picked from commit 0127cc650928156cb1fb43a02705926c445ed0c1)
Signed-off-by: lifubang <lifubang@acmcoder.com >
2025-11-20 11:53:03 +00:00
Aleksa Sarai
24dff91a09
runtime-spec: update pids.limit handling to match new guidance
...
The main update is actually in github.com/opencontainers/cgroups, but we
need to also update runtime-spec to a newer pre-release version to get
the updates from there as well.
In short, the behaviour change is now that "0" is treated as a valid
value to set in "pids.max", "-1" means "max" and unset/nil means "do
nothing". As described in the opencontainers/cgroups PR, this change is
actually backwards compatible because our internal state.json stores
PidsLimit, and that entry is marked as "omitempty". So, an old runc
would omit PidsLimit=0 in state.json, and this will be parsed by a new
runc as being "nil" -- and both would treat this case as "do not set
anything".
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
(cherry picked from commit 3b75374cc7 )
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-12 20:07:00 +11:00
Aleksa Sarai
58afaa3fe6
deps: update to github.com/opencontainers/selinux@v0.13.0
...
This new version includes the fixes for CVE-2025-52881, so we can remove
the internal/third_party copy of the library we added in commit
ed6b1693b8 ("selinux: use safe procfs API for labels") as well as the
"replace" directive in go.mod (which is problematic for "go get"
installs).
Fixes: ed6b1693b8 ("selinux: use safe procfs API for labels")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
(cherry picked from commit 96f1962f91 )
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-08 02:20:20 +11:00
Aleksa Sarai
12d8457f73
merge private security patches into ghsa-release-1.4.0-rc.3
...
Aleksa Sarai (22):
rootfs: re-allow dangling symlinks in mount targets
openat2: improve resilience on busy systems
selinux: use safe procfs API for labels
rootfs: switch to fd-based handling of mountpoint targets
libct/system: use securejoin for /proc/$pid/stat
init: use securejoin for /proc/self/setgroups
init: write sysctls using safe procfs API
utils: remove unneeded EnsureProcHandle
utils: use safe procfs for /proc/self/fd loop code
apparmor: use safe procfs API for labels
ci: add lint to forbid the usage of os.Create
rootfs: avoid using os.Create for new device inodes
internal: add wrappers for securejoin.Proc*
go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0
console: verify /dev/pts/ptmx before use
console: avoid trivial symlink attacks for /dev/console
console: add fallback for pre-TIOCGPTPEER kernels
console: use TIOCGPTPEER when allocating peer PTY
*: switch to safer securejoin.Reopen
internal: move utils.MkdirAllInRoot to internal/pathrs
internal/sys: add VerifyInode helper
internal: linux: add package doc-comment
Li Fubang (1):
libct: align param type for mountCgroupV1/V2 functions
Kir Kolyshkin (3):
libct: maskPaths: don't rely on ENOTDIR for mount
libct: maskPaths: only ignore ENOENT on mount dest
libct: add/use isDevNull, verifyDevNull
Fixes: CVE-2025-31133 GHSA-9493-h29p-rfm2
Fixes: CVE-2025-52565 GHSA-qw9x-cqr3-wc7r
Fixes: CVE-2025-52881 GHSA-cgrx-mc8f-2prm
Reported-by: Lei Wang <ssst0n3@gmail.com >
Reported-by: Li Fubang <lifubang@acmcoder.com >
Reported-by: Tõnis Tiigi <tonistiigi@gmail.com >
Reported-by: Aleksa Sarai <cyphar@cyphar.com >
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-05 20:07:36 +11:00
Aleksa Sarai
753884a0ff
openat2: improve resilience on busy systems
...
Previously, we would see a ~3% failure rate when starting containers
with mounts that contain ".." (which can trigger -EAGAIN). To counteract
this, filepath-securejoin v0.5.1 includes a bump of the internal retry
limit from 32 to 128, which lowers the failure rate to 0.12%.
However, there is still a risk of spurious failure on regular systems.
In order to try to provide more resilience (while avoiding DoS attacks),
this patch also includes an additional retry loop that terminates based
on a deadline rather than retry count. The deadline is 2ms, as my
testing found that ~800us for a single pathrs operation was the longest
latency due to -EAGAIN retries, and that was an outlier compared to the
more common ~400us latencies -- so 2ms should be more than enough for
any real system.
The failure rates above were based on more 50k runs of runc with an
attack script (from libpathrs) running a rename attack on all cores of a
16-core system, which is arguably a worst-case but heavily utilised
servers could likely approach similar results.
Tested-by: Phil Estes <estesp@gmail.com >
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-05 19:12:42 +11:00
Aleksa Sarai
d2c174c67f
selinux: use safe procfs API for labels
...
Due to the sensitive nature of these fixes, it was not possible to
submit these upstream and vendor the upstream library. Instead, this
patch uses a fork of github.com/opencontainers/selinux, branched at
commit opencontainers/selinux@879a755db5 .
In order to permit downstreams to build with this patched version, a
snapshot of the forked version has been included in
internal/third_party/selinux. Note that since we use "go mod vendor",
the patched code is usable even without being "go get"-able. Once the
embargo for this issue is lifted we can submit the patches upstream and
switch back to a proper upstream go.mod entry.
Also, this requires us to temporarily disable the CI job we have that
disallows "replace" directives.
Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-05 19:12:41 +11:00
Aleksa Sarai
856848696e
go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0
...
In order to avoid lint errors due to the deprecation of the top-level
securejoin methods ported from libpathrs, we need to adjust
internal/pathrs to use the new pathrs-lite subpackage instead.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-11-05 19:12:39 +11:00
Aleksa Sarai
18fbdbe91c
[1.4] deps: update to golang.org/x/sys@v0.37.0
...
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-09 18:42:26 +11:00
Kir Kolyshkin
3338251984
[1.4] libct: use manager.AddPid to add exec to cgroup
...
The main benefit here is when we are using a systemd cgroup driver,
we actually ask systemd to add a PID, rather than doing it ourselves.
This way, we can add rootless exec PID to a cgroup.
This requires newer opencontainers/cgroups and coreos/go-systemd.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
(cherry picked from commit 37b5acc2d7 )
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-08 18:40:17 +11:00
Markus Lehtonen
a0858eaf3b
[1.4] Update runtime-spec
...
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com >
(cherry picked from commit 74c5436b7d )
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com >
2025-10-08 05:29:27 +11:00
Rodrigo Campos
835591bab6
Merge pull request #4860 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.36.8
...
build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8
2025-08-21 10:16:07 -03:00
dependabot[bot]
a876347d08
build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0
...
Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd ) from 22.5.0 to 22.6.0.
- [Release notes](https://github.com/coreos/go-systemd/releases )
- [Commits](https://github.com/coreos/go-systemd/compare/v22.5.0...v22.6.0 )
---
updated-dependencies:
- dependency-name: github.com/coreos/go-systemd/v22
dependency-version: 22.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-21 04:38:46 +00:00
dependabot[bot]
eedec9c5f0
build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8
...
Bumps google.golang.org/protobuf from 1.36.7 to 1.36.8.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-version: 1.36.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-21 04:38:43 +00:00
dependabot[bot]
db26a717b9
build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-09 07:19:22 +00:00
dependabot[bot]
8f0bb87748
build(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/sys/compare/v0.34.0...v0.35.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-09 06:55:58 +00:00
dependabot[bot]
bf33fe5fdb
build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7
...
Bumps google.golang.org/protobuf from 1.36.6 to 1.36.7.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-version: 1.36.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-08 04:33:24 +00:00
dependabot[bot]
f6a52d7f5f
build(deps): bump github.com/seccomp/libseccomp-golang
...
Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang ) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/seccomp/libseccomp-golang/releases )
- [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG )
- [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.11.0...v0.11.1 )
---
updated-dependencies:
- dependency-name: github.com/seccomp/libseccomp-golang
dependency-version: 0.11.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-06 03:34:49 +00:00
dependabot[bot]
6a0644df63
build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.41.0 to 0.42.0.
- [Commits](https://github.com/golang/net/compare/v0.41.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-16 10:31:31 +00:00
dependabot[bot]
fc8162e60e
build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4
...
Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups ) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/opencontainers/cgroups/releases )
- [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md )
- [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.3...v0.0.4 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/cgroups
dependency-version: 0.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-15 06:35:26 +00:00
dependabot[bot]
4a6ef6b9fa
build(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.33.0 to 0.34.0.
- [Commits](https://github.com/golang/sys/compare/v0.33.0...v0.34.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-version: 0.34.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-10 04:54:21 +00:00
Kir Kolyshkin
da90947848
deps: bump cgroups to v0.0.3, fix tests
...
For changelog, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.3
This fixes two runc issues:
1. JSON incompatibility introduced in cgroups v0.0.2 (see
https://github.com/opencontainers/cgroups/pull/22 ).
2. Bad CPU shares to CPU weight conversion (see
https://github.com/opencontainers/runc/issues/4772 ).
Due to item 2, modify some tests accordingly.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-06-19 10:25:22 -07:00
Antonio Ojea
889c7b272f
update runtime-spec
...
Signed-off-by: Antonio Ojea <aojea@google.com >
2025-06-18 15:52:30 +01:00
dependabot[bot]
99a4f1983d
build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17
...
Bumps [github.com/urfave/cli](https://github.com/urfave/cli ) from 1.22.16 to 1.22.17.
- [Release notes](https://github.com/urfave/cli/releases )
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md )
- [Commits](https://github.com/urfave/cli/compare/v1.22.16...v1.22.17 )
---
updated-dependencies:
- dependency-name: github.com/urfave/cli
dependency-version: 1.22.17
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-06-16 04:36:33 +00:00
dependabot[bot]
31d141e2e7
build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.41.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-06-06 04:56:47 +00:00
Akihiro Suda
9a0145a001
Merge pull request #4751 from kolyshkin/cgroups-002
...
deps: bump opencontainers/cgroups to v0.0.2, fix tests
2025-06-03 00:39:47 +09:00
dependabot[bot]
8b0e7511cf
build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5
...
Bumps [github.com/containerd/console](https://github.com/containerd/console ) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/containerd/console/releases )
- [Commits](https://github.com/containerd/console/compare/v1.0.4...v1.0.5 )
---
updated-dependencies:
- dependency-name: github.com/containerd/console
dependency-version: 1.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-21 04:22:38 +00:00
Kir Kolyshkin
b206a015b3
deps: bump opencontainers/cgroups to v0.0.2
...
For changes, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.2
Fix integration tests according to changes in [1] (now the CPU quota value set
is rounded the same way systemd does it).
[1]: https://github.com/opencontainers/cgroups/pull/4
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-05-13 13:28:36 -07:00
dependabot[bot]
fbf1a320d8
build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1
...
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/vishvananda/netlink/releases )
- [Commits](https://github.com/vishvananda/netlink/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
dependency-version: 1.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-12 04:47:59 +00:00
dependabot[bot]
0623ea108a
build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/net/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-06 04:31:36 +00:00
dependabot[bot]
d920a72202
build(deps): bump github.com/seccomp/libseccomp-golang
...
Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang ) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/seccomp/libseccomp-golang/releases )
- [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG )
- [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.10.0...v0.11.0 )
---
updated-dependencies:
- dependency-name: github.com/seccomp/libseccomp-golang
dependency-version: 0.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-24 04:50:34 +00:00
dependabot[bot]
0a9639e380
build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.39.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-08 04:41:06 +00:00
Rodrigo Campos
bf9e609b3b
Merge pull request #4710 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.32.0
...
build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
2025-04-07 07:20:15 -03:00
dependabot[bot]
c5e0ece494
build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/sys/compare/v0.31.0...v0.32.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-version: 0.32.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-07 04:09:11 +00:00
dependabot[bot]
bb5aa11622
build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0
...
Bumps [github.com/moby/sys/user](https://github.com/moby/sys ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/moby/sys/releases )
- [Commits](https://github.com/moby/sys/compare/user/v0.3.0...user/v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/moby/sys/user
dependency-version: 0.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-04 04:34:30 +00:00
dependabot[bot]
0b5362651f
build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-28 13:00:18 +00:00
dependabot[bot]
4622bb87fd
build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6
...
Bumps google.golang.org/protobuf from 1.36.5 to 1.36.6.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-25 04:06:22 +00:00
dependabot[bot]
bac338256c
build(deps): bump github.com/opencontainers/selinux
...
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux ) from 1.11.1 to 1.12.0.
- [Release notes](https://github.com/opencontainers/selinux/releases )
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.1...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-24 04:56:16 +00:00
dependabot[bot]
d5fe53030b
build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/net/compare/v0.36.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-06 09:52:25 +00:00
dependabot[bot]
000cdef75d
build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/sys/compare/v0.30.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-06 04:49:01 +00:00
Akihiro Suda
25dcdc71ae
Merge pull request #4658 from snprajwal/deps
...
deps: bump go-criu to v7
2025-03-06 09:32:28 +09:00
dependabot[bot]
12c2e21f40
build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.35.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-05 04:26:18 +00:00
Prajwal S N
05e83fc600
deps: bump go-criu to v7
...
Signed-off-by: Prajwal S N <prajwalnadig21@gmail.com >
2025-03-05 01:02:53 +05:30
Kir Kolyshkin
a75076b4a4
Switch to opencontainers/cgroups
...
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.
Mostly generated by:
git rm -f libcontainer/cgroups
find . -type f -name "*.go" -exec sed -i \
's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
{} +
go get github.com/opencontainers/cgroups@v0.0.1
make vendor
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-02-28 15:20:33 -08:00
dependabot[bot]
537a2276bb
build(deps): bump github.com/opencontainers/runtime-spec
...
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases )
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog )
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-28 04:52:38 +00:00
Kir Kolyshkin
79a4ac0553
deps: bump cilium/ebpf to v0.17.3
...
It has a fix for runc issue 4594.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-02-13 00:07:01 -08:00
dependabot[bot]
13277b2017
build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-11 04:09:22 +00:00
dependabot[bot]
8529591ccb
build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
...
Bumps google.golang.org/protobuf from 1.36.4 to 1.36.5.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-07 04:09:32 +00:00
dependabot[bot]
a274d27598
build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-05 04:18:02 +00:00
Kir Kolyshkin
8e5bb0d8c4
deps: roll back to cilium/ebpf v0.16.0
...
Also, exclude v0.17.x until there is a fix for runc issue 4594.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-01-31 16:59:54 -08:00
Akihiro Suda
f1c0e63252
Merge pull request #4590 from cyphar/securejoin-0.4.0
...
deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
2025-01-29 16:56:12 +09:00