Commit Graph

231 Commits

Author SHA1 Message Date
Kir Kolyshkin a75076b4a4 Switch to opencontainers/cgroups
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.

Mostly generated by:

  git rm -f libcontainer/cgroups

  find . -type f -name "*.go" -exec sed -i \
    's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
    {} +

  go get github.com/opencontainers/cgroups@v0.0.1
  make vendor
  gofumpt -w .

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-28 15:20:33 -08:00
dependabot[bot] 537a2276bb build(deps): bump github.com/opencontainers/runtime-spec
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases)
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog)
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-28 04:52:38 +00:00
lfbzhm 885f8f6dff Merge pull request #4628 from kolyshkin/ebpf0173
deps: bump cilium/ebpf to v0.17.3
2025-02-14 09:45:23 +08:00
Kir Kolyshkin 79a4ac0553 deps: bump cilium/ebpf to v0.17.3
It has a fix for runc issue 4594.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-13 00:07:01 -08:00
Kir Kolyshkin 16d7336791 Require Go 1.23.x, drop Go 1.22 support
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:03:06 -08:00
dependabot[bot] 13277b2017 build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.34.0 to 0.35.0.
- [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-11 04:09:22 +00:00
dependabot[bot] 8529591ccb build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
Bumps google.golang.org/protobuf from 1.36.4 to 1.36.5.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-07 04:09:32 +00:00
dependabot[bot] a274d27598 build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-05 04:18:02 +00:00
Kir Kolyshkin 8e5bb0d8c4 deps: roll back to cilium/ebpf v0.16.0
Also, exclude v0.17.x until there is a fix for runc issue 4594.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-01-31 16:59:54 -08:00
Akihiro Suda f1c0e63252 Merge pull request #4590 from cyphar/securejoin-0.4.0
deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
2025-01-29 16:56:12 +09:00
Aleksa Sarai 70e500e7d1 deps: update to github.com/cyphar/filepath-securejoin@v0.4.1
This release includes a minor breaking API change that requires us to
rework the types of our wrappers, but there is no practical behaviour
change.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-01-28 22:33:16 +11:00
dependabot[bot] 24ec764a09 build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
Bumps google.golang.org/protobuf from 1.36.3 to 1.36.4.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-27 04:55:54 +00:00
dependabot[bot] 9af7952249 build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
Bumps google.golang.org/protobuf from 1.36.2 to 1.36.3.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-16 04:05:13 +00:00
dependabot[bot] a69d289ffd build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
Bumps google.golang.org/protobuf from 1.36.1 to 1.36.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-08 04:16:24 +00:00
dependabot[bot] 061483b62a build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-07 04:35:23 +00:00
dependabot[bot] 48ad17f4c6 build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-06 04:55:38 +00:00
dependabot[bot] f848304994 build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
Bumps google.golang.org/protobuf from 1.36.0 to 1.36.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-25 23:29:14 +08:00
dependabot[bot] 5855ba5303 build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.17.0...v0.17.1)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-20 04:10:23 +00:00
dependabot[bot] e809db842f build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-20 00:07:03 +00:00
Kir Kolyshkin 5239b05129 Merge pull request #4564 from opencontainers/dependabot/go_modules/golang.org/x/net-0.33.0
build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
2024-12-19 16:05:57 -08:00
dependabot[bot] c2b11a6353 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-19 04:09:48 +00:00
dependabot[bot] 71327d7fcd build(deps): bump github.com/cyphar/filepath-securejoin
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.5 to 0.3.6.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-19 01:42:44 +00:00
dependabot[bot] 705382ac66 build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0
Bumps google.golang.org/protobuf from 1.35.2 to 1.36.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-17 04:53:16 +00:00
Aleksa Sarai 2f1b6626f3 deps: update to github.com/cyphar/filepath-securejoin@v0.3.5
This fixes a regression in use of securejoin.MkdirAll, where multiple
runc processes racing to create the same mountpoint in a shared rootfs
would result in spurious EEXIST errors. In particular, this regression
caused issues with BuildKit.

Fixes: dd827f7b71 ("utils: switch to securejoin.MkdirAllHandle")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-12-06 19:38:46 +11:00
dependabot[bot] d5694eed7c build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/net/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-05 09:28:56 +00:00
dependabot[bot] ec7e90b308 build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/sys/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-05 04:47:30 +00:00
Kir Kolyshkin 66969827c0 Switch to github.com/moby/sys/capability v0.4.0
This removes the last unversioned package in runc's direct dependencies.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-12-02 13:18:10 -08:00
dependabot[bot] b7da16731c build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-18 12:11:47 +08:00
dependabot[bot] ca4a7a86f8 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.30.0 to 0.31.0.
- [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 04:11:55 +00:00
dependabot[bot] ec5e7eb70a build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-08 04:29:56 +00:00
dependabot[bot] 80c46d31c4 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.30.0.
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-02 00:36:10 +00:00
dependabot[bot] 4df7b1b199 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.26.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-23 07:56:22 +00:00
dependabot[bot] 69b3be763a build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-23 06:49:47 +00:00
Kir Kolyshkin d123e56739 Merge pull request #4467 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.35.1
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
2024-10-22 23:49:04 -07:00
dependabot[bot] f20f273aff build(deps): bump github.com/opencontainers/selinux
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-23 04:20:54 +00:00
dependabot[bot] 139789f1bd build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1
Bumps google.golang.org/protobuf from 1.33.0 to 1.35.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-23 04:20:52 +00:00
Akihiro Suda e98851de36 Merge pull request #4464 from opencontainers/dependabot/go_modules/github.com/urfave/cli-1.22.16
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
2024-10-23 10:46:42 +09:00
dependabot[bot] 93db63ab52 build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.14 to 1.22.16.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v1.22.14...v1.22.16)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-22 13:23:32 +00:00
dependabot[bot] af024b6c2b build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-22 13:23:25 +00:00
Sebastiaan van Stijn 9b60a93cf3 libcontainer/userns: migrate to github.com/moby/sys/userns
The userns package was moved to the moby/sys/userns module
at commit 3778ae603c.

This patch deprecates the old location, and adds it as an alias
for the moby/sys/userns package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-09 22:20:25 +08:00
Aleksa Sarai 1623cde125 go: update github.com/cyphar/filepath-securejoin to v0.3.4
This includes a fix to avoid doing import "testing" in non-_test.go
code.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-10-09 15:13:28 +11:00
Aleksa Sarai b096459a07 vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
This fixes issues we had with spurious MkdirAll failures.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-30 16:26:42 +02:00
Rodrigo Campos 319e133c3c go.mod: Use toolchain 1.22.4
Go since 1.21 allows to set a "toolchain" that specifies the minimum Go
toolchain to use when working in runc. In contrast to the go line,
toolchain does not impose a requirement on other modules[1][2].

As documented in the 1.2.0-rc.1 release notes, 1.22.4 is needed for the
nsenter package. Let's suggest this with the toolchain version.

[1]: https://go.dev/doc/toolchain
[2]: https://go.dev/blog/toolchain

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2024-09-23 11:47:01 +02:00
Kir Kolyshkin 15904913c2 Merge pull request #4397 from rafaelroquetto/main
Upgrade Cilium's eBPF library version to 0.16
2024-09-13 18:22:49 -07:00
Aleksa Sarai 066b109e99 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
This includes a fix for the handling of S_ISGID directories.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-13 23:34:33 +10:00
Rafael Roquetto 216175a9ca Upgrade Cilium's eBPF library version to 0.16
Signed-off-by: Rafael Roquetto <rafael.roquetto@grafana.com>
2024-09-12 11:13:21 -06:00
Aleksa Sarai 1d308c7da4 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
This includes the MkdirAll and OpenInRoot implementations which are
actually secure against races.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-03 23:05:59 +10:00
Aleksa Sarai 5ab5ef3dc3 deps: update to golang.org/x/sys@v0.22
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-03 23:03:39 +10:00
Kir Kolyshkin adedeb993a ci/gha: add Go 1.23, drop 1.21
- drop Go 1.21;
- add Go 1.23;
- for a few jobs that were using Go 1.21, switch to 1.22;

Also, bump go to 1.22 in go.mod.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-14 20:39:15 +08:00
Kir Kolyshkin 6b2eb52fb0 go.mod,README: require Go 1.21
Go 1.20 was released in February 2023 and is no longer supported since
February 2024. Time to move on.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 10:18:59 -07:00