Commit Graph

47 Commits

Author SHA1 Message Date
dependabot[bot] e1e3ca02d9 build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-05 04:27:10 +00:00
dependabot[bot] b278296513 build(deps): bump golang.org/x/sys
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.14.1-0.20231108175955-e4099bfacb8c to 0.15.0.
- [Commits](https://github.com/golang/sys/commits/v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-28 04:47:32 +00:00
lfbzhm b2f7614afc bump github.com/cilium/ebpf from 0.12.2 to 0.12.3
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
2023-11-10 13:48:36 +00:00
dependabot[bot] 0ab58aa208 build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/sys/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-06 04:21:54 +00:00
dependabot[bot] 5f05b96ead build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/sys/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 04:09:40 +00:00
dependabot[bot] 61a454cc08 build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 04:19:31 +00:00
dependabot[bot] 83418f8878 build(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-11 01:40:04 +00:00
dependabot[bot] 45c75ac7ed build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-05 04:35:31 +00:00
dependabot[bot] bc390b2e67 build(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/sys/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-13 04:58:49 +00:00
dependabot[bot] 02afa9f142 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-05 04:58:43 +00:00
dependabot[bot] a6e95c53f4 build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-05 04:59:43 +00:00
dependabot[bot] 6faef164f5 build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 05:03:16 +00:00
dependabot[bot] 14e3ce9edb build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 04:03:31 +00:00
dependabot[bot] eacada7630 build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-05 04:08:48 +00:00
dependabot[bot] 4f2af60520 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.4.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-08 04:04:47 +00:00
dependabot[bot] 467dd23402 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-09 04:04:06 +00:00
Akihiro Suda 79aedac186 go.mod: golang.org/x/*: use tagged versions
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-11-03 11:11:19 +09:00
dependabot[bot] 1be5d45df9 build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.9.1 to 0.9.3.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.9.1...v0.9.3)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 04:15:32 +00:00
dependabot[bot] 6d00bf6cc3 build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 14:49:27 +00:00
dependabot[bot] 5ed3fdff8f build(deps): bump github.com/moby/sys/mountinfo from 0.6.1 to 0.6.2
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/mountinfo/v0.6.1...mountinfo/v0.6.2)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 04:14:12 +00:00
wineway cab3888575 go.mod: golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5
to include https://go-review.googlesource.com/c/sys/+/387194 which ensured unix::Getwd returned path is absolute

Signed-off-by: wineway <wangyuweihx@gmail.com>
2022-05-11 17:25:34 -07:00
Kir Kolyshkin 9258eac072 libct/start: use execabs for newuidmap lookup
Since we are looking up the path to newuidmap/newgidmap in one context,
and executing those in another (libct/nsenter), it might make sense to
use a stricter rules for looking up path to those binaries.

Practically it means that if someone wants to use custom newuidmap and
newgidmap binaries from $PATH, it would be impossible to use these from
the current directory by means of PATH=.:$PATH; instead one would have
to do something like PATH=$(pwd):$PATH.

See https://go.dev/blog/path-security for background.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-02-03 17:33:00 -08:00
Akihiro Suda f8c48e4617 go.mod: golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-12-07 17:33:46 +09:00
Sebastiaan van Stijn 0e21d56ed8 go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
full diff: https://github.com/golang/sys/compare/6f6e22806c34...69cdffdb9359

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 17:09:21 +01:00
dependabot[bot] dc473cad80 build(deps): bump github.com/cilium/ebpf from 0.6.2 to 0.7.0
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.6.2 to 0.7.0.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.6.2...v0.7.0)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 17:50:42 +00:00
Ben Hutchings 91b01682ae Update golang.org/x/sys to add linux/ppc support
This package was recently updated to add support for Linux on
32-bit PowerPC (ppc), implemented by gccgo.

Signed-off-by: Ben Hutchings <ben.hutchings@essensium.com>
2021-05-03 00:38:11 +02:00
Kir Kolyshkin 97f2e351a8 go.mod, libct: bump go-criu to v5, use google.golang.org/protobuf
Switch from github.com/golang/protobuf (which appears to be obsoleted)
to google.golang.org/protobuf (which appears to be a replacement).

This needs a bump to go-criu v5.

[v2: fix debug print in criuSwrk]
[v3: switch to go-criu v5]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-03-04 08:59:55 -08:00
Aleksa Sarai 7a8d7162f9 seccomp: prepend -ENOSYS stub to all filters
Having -EPERM is the default was a fairly significant mistake from a
future-proofing standpoint in that it makes any new syscall return a
non-ignorable error (from glibc's point of view). We need to correct
this now because faccessat2(2) is something glibc critically needs to
have support for, but they're blocked on container runtimes because we
return -EPERM unconditionally (leading to confusion in glibc). This is
also a problem we're probably going to keep running into in the future.

Unfortunately there are several issues which stop us from having a clean
solution to this problem:

 1. libseccomp has several limitations which require us to emulate
    behaviour we want:

    a. We cannot do logic based on syscall number, meaning we cannot
       specify a "largest known syscall number";
    b. libseccomp doesn't know in which kernel version a syscall was
       added, and has no API for "minimum kernel version" so we cannot
       simply ask libseccomp to generate sane -ENOSYS rules for us.
    c. Additional seccomp rules for the same syscall are not treated as
       distinct rules -- if rules overlap, seccomp will merge them. This
       means we cannot add per-syscall -EPERM fallbacks;
    d. There is no inverse operation for SCMP_CMP_MASKED_EQ;
    e. libseccomp does not allow you to specify multiple rules for a
       single argument, making it impossible to invert OR rules for
       arguments.

 2. The runtime-spec does not have any way of specifying:

    a. The errno for the default action;
    b. The minimum kernel version or "newest syscall at time of profile
       creation"; nor
    c. Which syscalls were intentionally excluded from the allow list
       (weird syscalls that are no longer used were excluded entirely,
       but Docker et al expect those syscalls to get EPERM not ENOSYS).

 3. Certain syscalls should not return -ENOSYS (especially only for
    certain argument combinations) because this could also trigger glibc
    confusion. This means we have to return -EPERM for certain syscalls
    but not as a global default.

 4. There is not an obvious (and reasonable) upper limit to syscall
    numbers, so we cannot create a set of rules for each syscall above
    the largest syscall number in libseccomp. This means we must handle
    inverse rules as described below.

 5. Any syscall can be specified multiple times, which can make
    generation of hotfix rules much harder.

As a result, we have to work around all of these things by coming up
with a heuristic to stop the bleeding. In the future we could hopefully
improve the situation in the runtime-spec and libseccomp.

The solution applied here is to prepend a "stub" filter which returns
-ENOSYS if the requested syscall has a larger syscall number than any
syscall mentioned in the filter. The reason for this specific rule is
that syscall numbers are (roughly) allocated sequentially and thus newer
syscalls will (usually) have a larger syscall number -- thus causing our
filters to produce -ENOSYS if the filter was written before the syscall
existed.

Sadly this is not a perfect solution because syscalls can be added
out-of-order and the syscall table can contain holes for several
releases. Unfortuntely we do not have a nicer solution at the moment
because there is no library which provides information about which Linux
version a syscall was introduced in. Until that exists, this workaround
will have to be good enough.

The above behaviour only happens if the default action is a blocking
action (in other words it is not SCMP_ACT_LOG or SCMP_ACT_ALLOW). If the
default action is permissive then we don't do any patching.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2021-01-28 23:11:22 +11:00
Akihiro Suda 4690064f05 update vendor
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-09 15:14:23 +09:00
Sebastiaan van Stijn 0eb66c955c go.mod: github.com/containerd/console v1.0.1
full diff: https://github.com/containerd/console/compare/v1.0.0...v1.0.1

Fixes compatibility with current versions of golang.org/x/sys

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-30 13:58:27 +02:00
Sebastiaan van Stijn 71c10e3c78 vendor: github.com/moby/sys/mountinfo v0.2.0
full diff: https://github.com/moby/sys/compare/mountinfo/v0.1.3...mountinfo/v0.2.0

Bug fixes:

- Fix path unescaping for paths with double quotes

Improvements:

- Mounted: speed up by adding fast paths using openat2 (Linux-only) and stat
- Mounted: relax path requirements (allow relative, non-cleaned paths, symlinks)
- Unescape fstype and source fields
- Documentation improvements

Testing/CI:

- Unit tests: exclude darwin
- CI: run tests under Fedora 32 to test openat2
- TestGetMounts: fix for Ubuntu build system
- Makefile: fix ignoring test failures
- CI: add cross build

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-16 22:52:26 +02:00
John Hwang 5935296367 Update go.mod
Signed-off-by: John Hwang <john.f.hwang@gmail.com>
2020-07-30 05:28:39 -07:00
Sebastiaan van Stijn f49adb5277 vendor: update cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775
full diff: https://github.com/cilium/ebpf/compare/a9f01edf17e3...1c8d4c9ef775

drops support for go1.12, and removes dependency on the golang.org/x/xerrors
transitional package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-02 14:48:23 +02:00
Akihiro Suda dfc1b0cd51 update vendor
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-28 04:22:06 +09:00
Odin Ugedal 69e8fb2a74 Add support for GO Modules
This removes vndr, and swiches to native Go Modules instead. All modules
are kept on the old version.

Keeps the vendor/ dir, so everything is backwards compatible.

Signed-off-by: Odin Ugedal <odin@ugedal.com>
2020-03-07 09:29:29 +01:00
Sebastiaan van Stijn 22e00ddc03 vendor: update golang.org/x/sys 52ab431487773bc9dd1b0766228b1cf3944126bf
full diff: https://github.com/golang/sys/compare/9eafafc0a87e0fd0aeeba439a4573537970c44c7...52ab431487773bc9dd1b0766228b1cf3944126bf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-02 12:41:05 +01:00
Carlos de Paula 4316e4d047 Bump x/sys and update syscall to start Risc-V support
Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-08-29 12:09:08 -03:00
Filipe Brandenburger 4a600c04ed Update vendored golang.org/x/sys to latest
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
2019-02-06 17:59:21 -08:00
Daniel Dao 93c5f70672 vendor: removed more build=ignore vendor
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2017-11-24 18:14:51 +00:00
Vincent Demeester 594501475e Use cyphar/filepath-securejoin instead of docker pkg/symlink
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-31 16:53:45 +01:00
Michael Crosby 9ba16b6d5a Update console and golang/sys deps
This bumps the console and golang/sys deps for runc.

The major change is that the console package does not clear ONLCR within
the package and leaves it up to the client to handle this if they
please.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-09-25 13:23:50 -04:00
Michael Crosby eb70c213ba Update runtime-spec to rc6
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-12 16:24:04 -07:00
Tobias Klauser 05ea5e47aa vendor: bump golang.org/x/sys to 0e0164865330
Update golang.org/x/sys to get newly added functions and constants which
will be used in successive commits.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-10 10:56:58 +02:00
Tobias Klauser 472ec6df72 vendor: bump golang.org/x/sys to fb4cac33e319
Update golang.org/x/sys to get the Eventfd syscall wrapper and the
corresponding EFD_* flags. These will be used in a successive commit to
simplify code in libcontainer/notify_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-21 09:49:17 +02:00
Tobias Klauser f0ae35b9e7 vendor: bump golang.org/x/sys to b90f89a1e7a9c1f6b918820b3daa7f08488c8594
Update golang.org/x/sys to get the Lgetxattr, Llistxattr, Lremovexattr
and Lsetxattr syscall wrappers. These will be used in a successive
commit to replace the wrappers in libcontainer/system/xattr_linux.go.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30 09:23:16 +02:00
W. Trevor King 75ed93de16 vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d
With:

  $ go get -u github.com/LK4D4/vndr
  $ sed -i 's/9a7256cb28ed514b4e1e5f68959914c4c28a92e0/a55a76086885b80f79961eacb876ebd8caf3868d/' vendor.conf
  $ vndr

I'm not sure why vndr is messing with github.com/golang/protobuf, but
I assume it knows what it's doing.

The x/sys bumps to master, but I need it for MS_LAZYTIME (added in
github.com/golang/sys@ea9bcade75, unix: generate all Linux go files
from source, 2017-03-08).

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-26 10:03:08 -07:00
Aleksa Sarai 85de7ec363 vendor: add golang.org/x/sys/unix@9a7256cb28ed514b4e1e5f68959914c4c28a92e0
It turns out that the standard "syscall" library is not recommended for
new programs. runC will need to eventually move to this, but for now
include it in vendor so we can use it for new features.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-03-29 22:39:38 +11:00