dependabot[bot]
b650eda423
build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.48.0 to 0.49.0.
- [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.49.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-13 06:33:37 +00:00
lfbzhm
3a4ffe8068
Merge pull request #5083 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.40.0
2026-01-09 21:51:38 +08:00
dependabot[bot]
9e6a4cc36d
build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0
...
Bumps [golang.org/x/sys](https://github.com/golang/sys ) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sys
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-09 05:02:06 +00:00
Akihiro Suda
6dfec8bab1
Merge pull request #5081 from kolyshkin/sim
...
internal/sys: simplify WriteSysctls
2026-01-08 10:07:11 +09:00
Kir Kolyshkin
c84a878cac
internal/sys: simplify WriteSysctls
...
Apparently Write (and WriteString) must return an error (apparently
io.ErrShortWrite) on short writes (see [1], [2]), so no explicit check
for a short write is needed.
While at it, use (*os.File).WriteString directly rather than
io.WriteString.
[1]: https://pkg.go.dev/os#File.Write
[2]: https://pkg.go.dev/io#Writer
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2026-01-07 13:27:44 -08:00
Rodrigo Campos
7b39322a5d
Merge pull request #5080 from lifubang/followup-5079
...
integration: quote shell value to prevent word splitting
2026-01-06 16:42:47 -03:00
lifubang
9632f1e198
integration: quote shell value to prevent word splitting
...
Signed-off-by: lifubang <lifubang@acmcoder.com >
2026-01-06 10:02:03 +00:00
Kir Kolyshkin
ed01e20ee3
Merge pull request #5079 from ricardobranco777/no_new_privs
...
integration: Skip test for new privileges if NoNewPrivs is set
2026-01-05 16:53:46 -08:00
Ricardo Branco
c1ba275d88
integration: Skip test for new privileges if NoNewPrivs is set
...
Signed-off-by: Ricardo Branco <rbranco@suse.de >
2026-01-06 00:55:15 +01:00
lfbzhm
561c95f7cf
Merge pull request #5078 from opencontainers/dependabot/go_modules/github.com/godbus/dbus/v5-5.2.2
...
build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2
2026-01-05 14:44:20 +08:00
dependabot[bot]
9d0d5ea411
build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2
...
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus ) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/godbus/dbus/releases )
- [Commits](https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2 )
---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
dependency-version: 5.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-30 04:02:43 +00:00
lfbzhm
4246d6a078
Merge pull request #5076 from rata/main
...
Update rata's email address
2025-12-21 13:05:05 +08:00
Rodrigo Campos
a4b2adc566
Merge pull request #5075 from kolyshkin/fix-modernize-url
...
ci: fix modernize URL
2025-12-20 01:23:04 -03:00
Rodrigo Campos
cf9076db56
Update rata's email address
...
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com >
2025-12-19 15:01:45 -03:00
Kir Kolyshkin
0d788db46d
Merge pull request #5068 from opencontainers/dependabot/github_actions/actions/upload-artifact-6
...
build(deps): bump actions/upload-artifact from 5 to 6
2025-12-17 19:33:19 -08:00
Kir Kolyshkin
a431b11529
Merge pull request #5069 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.36.11
...
build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11
2025-12-17 19:32:27 -08:00
Kir Kolyshkin
428043bcf2
ci: fix modernize URL
...
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-17 11:57:00 -08:00
dependabot[bot]
b4887cec32
build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11
...
Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-version: 1.36.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-17 01:30:19 +00:00
Kir Kolyshkin
ef5e8a5505
Merge pull request #5064 from opencontainers/dependabot/go_modules/golang.org/x/net-0.48.0
...
build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0
2025-12-16 17:29:13 -08:00
dependabot[bot]
65fe59d01d
build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.47.0 to 0.48.0.
- [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.48.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-17 00:54:36 +00:00
Kir Kolyshkin
7658403efc
Merge pull request #5050 from cyphar/release-policy-finalised
...
RELEASES: finalise policy
2025-12-16 16:54:27 -08:00
dependabot[bot]
3be9a054e7
build(deps): bump actions/upload-artifact from 5 to 6
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-17 00:53:57 +00:00
Rodrigo Campos
58c2e4aca7
Merge pull request #5072 from kolyshkin/ci-125
...
CI: fix modernize job failure
2025-12-17 01:40:56 +01:00
Kir Kolyshkin
20bdd0b537
ci: use Go 1.25 for validate jobs
...
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-16 15:05:01 -08:00
Kir Kolyshkin
dbc4234607
ci: drop -test from modernize run
...
The modernize documentation used to suggest -test flag but it's not
needed as it is enabled by default. Drop it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-16 15:05:01 -08:00
Kir Kolyshkin
16ee2bbf4c
ci: use latest Go for modernize job
...
Since we use modernize@latest, it may require latest Go as well (and now it does),
so use "go-version: stable" explicitly (which resolves to latest Go).
This fixes the issue with CI:
> go: golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest: golang.org/x/tools/gopls@v0.21 .0 requires go >= 1.25 (running go 1.24.11; GOTOOLCHAIN=local)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-16 15:04:58 -08:00
Kir Kolyshkin
652269729d
libc/int: use strings.Builder
...
Generated by modernize@latest (v0.21.0).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-16 15:04:04 -08:00
Akihiro Suda
4dcda051da
Merge pull request #5055 from kolyshkin/mpol-2
...
libct/configs: mark MPOL_* constants as deprecated
2025-12-16 10:39:09 +09:00
Akihiro Suda
f38b1cef24
Merge pull request #5061 from curdbecker/fix/missing-error-unwrapping-in-init-container
...
Handle os.Is* wrapped errors correctly
2025-12-16 10:26:56 +09:00
Kir Kolyshkin
d978dd2f14
Merge pull request #5057 from kolyshkin/sd-act
...
Copy go-systemd/activation.Files code to avoid bringing in crypto/tls
2025-12-15 13:36:42 -08:00
Akihiro Suda
f29c4df140
Merge pull request #5067 from opencontainers/dependabot/github_actions/actions/cache-5
...
build(deps): bump actions/cache from 4 to 5
2025-12-15 15:01:18 +09:00
dependabot[bot]
18c3adb8dc
build(deps): bump actions/cache from 4 to 5
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-12 04:02:43 +00:00
Curd Becker
58d24d2dfb
Add linter rule to guard against use of os.Is* error functions
...
Signed-off-by: Curd Becker <me@curd-becker.de >
2025-12-11 03:16:11 +01:00
Curd Becker
536e183451
Replace os.Is* error checking functions with their errors.Is counterpart
...
Signed-off-by: Curd Becker <me@curd-becker.de >
2025-12-11 03:16:02 +01:00
Kir Kolyshkin
3741f9186d
libct/configs: mark MPOL_* constants as deprecated
...
Alas, these new constants are already in v1.4.0 release so we can't
remove those right away, but we can mark them as deprecated now
and target removal for v1.5.0.
So,
- mark them as deprecated;
- redefine via unix.MPOL_* counterparts;
- fix the validator code to use unix.MPOL_* directly.
This amends commit a0e809a8 .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-08 15:36:29 -08:00
Kir Kolyshkin
6ede591761
internal/systemd: simplify
...
Remove unused code and argument from the ActivationFiles,
and simplify its usage.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-08 15:34:58 -08:00
Kir Kolyshkin
ba9e60f7a8
Remove crypto/tls dependency
...
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.
Let's copy the code of function we use from go-systemd/activation
to avoid that.
The space savings are:
$ size runc.before runc.after
text data bss dec hex filename
7101084 5049593 271560 12422237 bd8c5d runc.before
6508796 4623281 229128 11361205 ad5bb5 runc.after
Reported-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk >
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-08 15:31:42 -08:00
lfbzhm
e0adafb4ca
Merge pull request #5054 from kolyshkin/alma10
...
Add EL10 to CI
2025-12-05 11:43:58 +08:00
Rodrigo Campos
ee8f6b61be
Merge pull request #5012 from kolyshkin/criu-dev-ignore-fails
...
ci: don't fail CI if criu-dev test fails
2025-12-05 04:15:31 +01:00
Kir Kolyshkin
5407cfe4a1
ci: don't fail CI if criu-dev test fails
...
In view of recent criu-dev failure, let's not fail the
required "all-done" job when criu-dev tests fail.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-05 10:54:00 +08:00
Kir Kolyshkin
4f93f06fb7
ci: add centos-cloud-10 run
...
Alas there's no almalinux-10 so we use centos-stream-10.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 23:16:29 -08:00
Kir Kolyshkin
94167dae29
.cirrus.yml: use dnf not yum
...
Since we dropped EL7, we can use dnf everywhere.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 23:16:29 -08:00
Akihiro Suda
14cc644c33
Merge pull request #5053 from kolyshkin/misc-bumps
...
Various version bumps (mostly CI)
2025-12-04 08:19:30 +09:00
Kir Kolyshkin
68771cfe51
ci: bump shellcheck to v0.11.0
...
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 10:22:14 -08:00
Kir Kolyshkin
79b97d4642
Use Go 1.25 for official builds
...
(as well as for testing on Cirrus CI)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 10:22:14 -08:00
Kir Kolyshkin
f4710e5023
Bump seccomp to v2.6.0
...
This version was released almost a year ago.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 10:22:14 -08:00
Kir Kolyshkin
f128234354
ci: bump bats to 1.12.0
...
This which is already using in CI on Fedora.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-03 10:22:14 -08:00
Kir Kolyshkin
54d8257ec1
Merge pull request #5052 from cyphar/release-tarball
...
release: use runc-$version.tar.xz as archive name
2025-12-03 09:13:15 -08:00
Kir Kolyshkin
fd185882e5
Merge pull request #5009 from kolyshkin/defer-close-init
...
Close fds on error
2025-12-02 17:35:12 -08:00
Kir Kolyshkin
93792e6c13
notify_socket: close fds on error
...
Reported in issue 5008.
Reported-by: Arina Cherednik <arinacherednik034@gmail.com >
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com >
2025-12-02 15:15:23 -08:00