Commit Graph

7839 Commits

Author SHA1 Message Date
dependabot[bot] b650eda423 build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.49.0.
- [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-13 06:33:37 +00:00
lfbzhm 3a4ffe8068 Merge pull request #5083 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.40.0 2026-01-09 21:51:38 +08:00
dependabot[bot] 9e6a4cc36d build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-09 05:02:06 +00:00
Akihiro Suda 6dfec8bab1 Merge pull request #5081 from kolyshkin/sim
internal/sys: simplify WriteSysctls
2026-01-08 10:07:11 +09:00
Kir Kolyshkin c84a878cac internal/sys: simplify WriteSysctls
Apparently Write (and WriteString) must return an error (apparently
io.ErrShortWrite) on short writes (see [1], [2]), so no explicit check
for a short write is needed.

While at it, use (*os.File).WriteString directly rather than
io.WriteString.

[1]: https://pkg.go.dev/os#File.Write
[2]: https://pkg.go.dev/io#Writer
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2026-01-07 13:27:44 -08:00
Rodrigo Campos 7b39322a5d Merge pull request #5080 from lifubang/followup-5079
integration: quote shell value to prevent word splitting
2026-01-06 16:42:47 -03:00
lifubang 9632f1e198 integration: quote shell value to prevent word splitting
Signed-off-by: lifubang <lifubang@acmcoder.com>
2026-01-06 10:02:03 +00:00
Kir Kolyshkin ed01e20ee3 Merge pull request #5079 from ricardobranco777/no_new_privs
integration: Skip test for new privileges if NoNewPrivs is set
2026-01-05 16:53:46 -08:00
Ricardo Branco c1ba275d88 integration: Skip test for new privileges if NoNewPrivs is set
Signed-off-by: Ricardo Branco <rbranco@suse.de>
2026-01-06 00:55:15 +01:00
lfbzhm 561c95f7cf Merge pull request #5078 from opencontainers/dependabot/go_modules/github.com/godbus/dbus/v5-5.2.2
build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2
2026-01-05 14:44:20 +08:00
dependabot[bot] 9d0d5ea411 build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-30 04:02:43 +00:00
lfbzhm 4246d6a078 Merge pull request #5076 from rata/main
Update rata's email address
2025-12-21 13:05:05 +08:00
Rodrigo Campos a4b2adc566 Merge pull request #5075 from kolyshkin/fix-modernize-url
ci: fix modernize URL
2025-12-20 01:23:04 -03:00
Rodrigo Campos cf9076db56 Update rata's email address
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2025-12-19 15:01:45 -03:00
Kir Kolyshkin 0d788db46d Merge pull request #5068 from opencontainers/dependabot/github_actions/actions/upload-artifact-6
build(deps): bump actions/upload-artifact from 5 to 6
2025-12-17 19:33:19 -08:00
Kir Kolyshkin a431b11529 Merge pull request #5069 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.36.11
build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11
2025-12-17 19:32:27 -08:00
Kir Kolyshkin 428043bcf2 ci: fix modernize URL
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-17 11:57:00 -08:00
dependabot[bot] b4887cec32 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11
Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-17 01:30:19 +00:00
Kir Kolyshkin ef5e8a5505 Merge pull request #5064 from opencontainers/dependabot/go_modules/golang.org/x/net-0.48.0
build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0
2025-12-16 17:29:13 -08:00
dependabot[bot] 65fe59d01d build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.48.0.
- [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-17 00:54:36 +00:00
Kir Kolyshkin 7658403efc Merge pull request #5050 from cyphar/release-policy-finalised
RELEASES: finalise policy
2025-12-16 16:54:27 -08:00
dependabot[bot] 3be9a054e7 build(deps): bump actions/upload-artifact from 5 to 6
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-17 00:53:57 +00:00
Rodrigo Campos 58c2e4aca7 Merge pull request #5072 from kolyshkin/ci-125
CI: fix modernize job failure
2025-12-17 01:40:56 +01:00
Kir Kolyshkin 20bdd0b537 ci: use Go 1.25 for validate jobs
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-16 15:05:01 -08:00
Kir Kolyshkin dbc4234607 ci: drop -test from modernize run
The modernize documentation used to suggest -test flag but it's not
needed as it is enabled by default. Drop it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-16 15:05:01 -08:00
Kir Kolyshkin 16ee2bbf4c ci: use latest Go for modernize job
Since we use modernize@latest, it may require latest Go as well (and now it does),
so use "go-version: stable" explicitly (which resolves to latest Go).

This fixes the issue with CI:

> go: golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest: golang.org/x/tools/gopls@v0.21.0 requires go >= 1.25 (running go 1.24.11; GOTOOLCHAIN=local)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-16 15:04:58 -08:00
Kir Kolyshkin 652269729d libc/int: use strings.Builder
Generated by modernize@latest (v0.21.0).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-16 15:04:04 -08:00
Akihiro Suda 4dcda051da Merge pull request #5055 from kolyshkin/mpol-2
libct/configs: mark MPOL_* constants as deprecated
2025-12-16 10:39:09 +09:00
Akihiro Suda f38b1cef24 Merge pull request #5061 from curdbecker/fix/missing-error-unwrapping-in-init-container
Handle os.Is* wrapped errors correctly
2025-12-16 10:26:56 +09:00
Kir Kolyshkin d978dd2f14 Merge pull request #5057 from kolyshkin/sd-act
Copy go-systemd/activation.Files code to avoid bringing in crypto/tls
2025-12-15 13:36:42 -08:00
Akihiro Suda f29c4df140 Merge pull request #5067 from opencontainers/dependabot/github_actions/actions/cache-5
build(deps): bump actions/cache from 4 to 5
2025-12-15 15:01:18 +09:00
dependabot[bot] 18c3adb8dc build(deps): bump actions/cache from 4 to 5
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-12 04:02:43 +00:00
Curd Becker 58d24d2dfb Add linter rule to guard against use of os.Is* error functions
Signed-off-by: Curd Becker <me@curd-becker.de>
2025-12-11 03:16:11 +01:00
Curd Becker 536e183451 Replace os.Is* error checking functions with their errors.Is counterpart
Signed-off-by: Curd Becker <me@curd-becker.de>
2025-12-11 03:16:02 +01:00
Kir Kolyshkin 3741f9186d libct/configs: mark MPOL_* constants as deprecated
Alas, these new constants are already in v1.4.0 release so we can't
remove those right away, but we can mark them as deprecated now
and target removal for v1.5.0.

So,
 - mark them as deprecated;
 - redefine via unix.MPOL_* counterparts;
 - fix the validator code to use unix.MPOL_* directly.

This amends commit a0e809a8.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-08 15:36:29 -08:00
Kir Kolyshkin 6ede591761 internal/systemd: simplify
Remove unused code and argument from the ActivationFiles,
and simplify its usage.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-08 15:34:58 -08:00
Kir Kolyshkin ba9e60f7a8 Remove crypto/tls dependency
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.

Let's copy the code of function we use from go-systemd/activation
to avoid that.

The space savings are:

$ size runc.before runc.after
   text	   data	    bss	    dec	    hex	filename
7101084	5049593	 271560	12422237	 bd8c5d	runc.before
6508796	4623281	 229128	11361205	 ad5bb5	runc.after

Reported-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-08 15:31:42 -08:00
lfbzhm e0adafb4ca Merge pull request #5054 from kolyshkin/alma10
Add EL10 to CI
2025-12-05 11:43:58 +08:00
Rodrigo Campos ee8f6b61be Merge pull request #5012 from kolyshkin/criu-dev-ignore-fails
ci: don't fail CI if criu-dev test fails
2025-12-05 04:15:31 +01:00
Kir Kolyshkin 5407cfe4a1 ci: don't fail CI if criu-dev test fails
In view of recent criu-dev failure, let's not fail the
required "all-done" job when criu-dev tests fail.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-05 10:54:00 +08:00
Kir Kolyshkin 4f93f06fb7 ci: add centos-cloud-10 run
Alas there's no almalinux-10 so we use centos-stream-10.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 23:16:29 -08:00
Kir Kolyshkin 94167dae29 .cirrus.yml: use dnf not yum
Since we dropped EL7, we can use dnf everywhere.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 23:16:29 -08:00
Akihiro Suda 14cc644c33 Merge pull request #5053 from kolyshkin/misc-bumps
Various version bumps (mostly CI)
2025-12-04 08:19:30 +09:00
Kir Kolyshkin 68771cfe51 ci: bump shellcheck to v0.11.0
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 10:22:14 -08:00
Kir Kolyshkin 79b97d4642 Use Go 1.25 for official builds
(as well as for testing on Cirrus CI)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 10:22:14 -08:00
Kir Kolyshkin f4710e5023 Bump seccomp to v2.6.0
This version was released almost a year ago.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 10:22:14 -08:00
Kir Kolyshkin f128234354 ci: bump bats to 1.12.0
This which is already using in CI on Fedora.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-03 10:22:14 -08:00
Kir Kolyshkin 54d8257ec1 Merge pull request #5052 from cyphar/release-tarball
release: use runc-$version.tar.xz as archive name
2025-12-03 09:13:15 -08:00
Kir Kolyshkin fd185882e5 Merge pull request #5009 from kolyshkin/defer-close-init
Close fds on error
2025-12-02 17:35:12 -08:00
Kir Kolyshkin 93792e6c13 notify_socket: close fds on error
Reported in issue 5008.

Reported-by: Arina Cherednik <arinacherednik034@gmail.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-12-02 15:15:23 -08:00