opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-02-07 06:46:26 +01:00
Code Issues Wiki Activity
7,852 Commits 6 Branches 73 Tags
main
Commit Graph

215 Commits

Author SHA1 Message Date
dependabot[bot]
9abc1824f2 build(deps): bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 
Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.6.0 to 22.7.0.
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-systemd/v22
  dependency-version: 22.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-28 04:52:18 +00:00
dependabot[bot]
833e15e078 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 04:52:25 +00:00
dependabot[bot]
9d0d5ea411 build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2 
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-30 04:02:43 +00:00
Kir Kolyshkin
ba9e60f7a8 Remove crypto/tls dependency 
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.

Let's copy the code of function we use from go-systemd/activation
to avoid that.

The space savings are:

$ size runc.before runc.after
   text	   data	    bss	    dec	    hex	filename
7101084	5049593	 271560	12422237	 bd8c5d	runc.before
6508796	4623281	 229128	11361205	 ad5bb5	runc.after

Reported-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-12-08 15:31:42 -08:00
lifubang
75188fab73 bump github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1 
Signed-off-by: lifubang <lifubang@acmcoder.com>
 2025-11-20 19:43:22 +08:00
dependabot[bot]
8f2a85dc94 build(deps): bump github.com/godbus/dbus/v5 from 5.1.0 to 5.2.0 
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 01:15:03 +00:00
Aleksa Sarai
3b75374cc7 runtime-spec: update pids.limit handling to match new guidance 
The main update is actually in github.com/opencontainers/cgroups, but we
need to also update runtime-spec to a newer pre-release version to get
the updates from there as well.

In short, the behaviour change is now that "0" is treated as a valid
value to set in "pids.max", "-1" means "max" and unset/nil means "do
nothing". As described in the opencontainers/cgroups PR, this change is
actually backwards compatible because our internal state.json stores
PidsLimit, and that entry is marked as "omitempty". So, an old runc
would omit PidsLimit=0 in state.json, and this will be parsed by a new
runc as being "nil" -- and both would treat this case as "do not set
anything".

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-11 15:15:27 +11:00
Aleksa Sarai
96f1962f91 deps: update to github.com/opencontainers/selinux@v0.13.0 
This new version includes the fixes for CVE-2025-52881, so we can remove
the internal/third_party copy of the library we added in commit
ed6b1693b8 ("selinux: use safe procfs API for labels") as well as the
"replace" directive in go.mod (which is problematic for "go get"
installs).

Fixes: ed6b1693b8 ("selinux: use safe procfs API for labels")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-08 02:14:38 +11:00
Aleksa Sarai
a41366e740 openat2: improve resilience on busy systems 
Previously, we would see a ~3% failure rate when starting containers
with mounts that contain ".." (which can trigger -EAGAIN). To counteract
this, filepath-securejoin v0.5.1 includes a bump of the internal retry
limit from 32 to 128, which lowers the failure rate to 0.12%.

However, there is still a risk of spurious failure on regular systems.
In order to try to provide more resilience (while avoiding DoS attacks),
this patch also includes an additional retry loop that terminates based
on a deadline rather than retry count. The deadline is 2ms, as my
testing found that ~800us for a single pathrs operation was the longest
latency due to -EAGAIN retries, and that was an outlier compared to the
more common ~400us latencies -- so 2ms should be more than enough for
any real system.

The failure rates above were based on more 50k runs of runc with an
attack script (from libpathrs) running a rename attack on all cores of a
16-core system, which is arguably a worst-case but heavily utilised
servers could likely approach similar results.

Tested-by: Phil Estes <estesp@gmail.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-05 18:57:51 +11:00
Aleksa Sarai
ed6b1693b8 selinux: use safe procfs API for labels 
Due to the sensitive nature of these fixes, it was not possible to
submit these upstream and vendor the upstream library. Instead, this
patch uses a fork of github.com/opencontainers/selinux, branched at
commit opencontainers/selinux@879a755db5.

In order to permit downstreams to build with this patched version, a
snapshot of the forked version has been included in
internal/third_party/selinux. Note that since we use "go mod vendor",
the patched code is usable even without being "go get"-able. Once the
embargo for this issue is lifted we can submit the patches upstream and
switch back to a proper upstream go.mod entry.

Also, this requires us to temporarily disable the CI job we have that
disallows "replace" directives.

Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-01 21:24:06 +11:00
Aleksa Sarai
44a0fcf685 go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0 
In order to avoid lint errors due to the deprecation of the top-level
securejoin methods ported from libpathrs, we need to adjust
internal/pathrs to use the new pathrs-lite subpackage instead.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-01 21:24:03 +11:00
Kir Kolyshkin
37b5acc2d7 libct: use manager.AddPid to add exec to cgroup 
The main benefit here is when we are using a systemd cgroup driver,
we actually ask systemd to add a PID, rather than doing it ourselves.
This way, we can add rootless exec PID to a cgroup.

This requires newer opencontainers/cgroups and coreos/go-systemd.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-09-16 13:31:16 -07:00
Markus Lehtonen
74c5436b7d Update runtime-spec 
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
 2025-08-26 19:55:01 +03:00
dependabot[bot]
a876347d08 build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0 
Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.5.0 to 22.6.0.
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](https://github.com/coreos/go-systemd/compare/v22.5.0...v22.6.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-systemd/v22
  dependency-version: 22.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 04:38:46 +00:00
dependabot[bot]
f6a52d7f5f build(deps): bump github.com/seccomp/libseccomp-golang 
Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/seccomp/libseccomp-golang/releases)
- [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG)
- [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.11.0...v0.11.1)

---
updated-dependencies:
- dependency-name: github.com/seccomp/libseccomp-golang
  dependency-version: 0.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-06 03:34:49 +00:00
dependabot[bot]
fc8162e60e build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4 
Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/opencontainers/cgroups/releases)
- [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/cgroups
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-15 06:35:26 +00:00
Kir Kolyshkin
da90947848 deps: bump cgroups to v0.0.3, fix tests 
For changelog, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.3

This fixes two runc issues:

1. JSON incompatibility introduced in cgroups v0.0.2 (see
   https://github.com/opencontainers/cgroups/pull/22).

2. Bad CPU shares to CPU weight conversion (see
   https://github.com/opencontainers/runc/issues/4772).

Due to item 2, modify some tests accordingly.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-06-19 10:25:22 -07:00
Antonio Ojea
889c7b272f update runtime-spec 
Signed-off-by: Antonio Ojea <aojea@google.com>
 2025-06-18 15:52:30 +01:00
dependabot[bot]
99a4f1983d build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17 
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.16 to 1.22.17.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v1.22.16...v1.22.17)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli
  dependency-version: 1.22.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-16 04:36:33 +00:00
Akihiro Suda
9a0145a001 Merge pull request #4751 from kolyshkin/cgroups-002 
deps: bump opencontainers/cgroups to v0.0.2, fix tests
 2025-06-03 00:39:47 +09:00
dependabot[bot]
8b0e7511cf build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5 
Bumps [github.com/containerd/console](https://github.com/containerd/console) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/containerd/console/releases)
- [Commits](https://github.com/containerd/console/compare/v1.0.4...v1.0.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/console
  dependency-version: 1.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-21 04:22:38 +00:00
Kir Kolyshkin
b206a015b3 deps: bump opencontainers/cgroups to v0.0.2 
For changes, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.2

Fix integration tests according to changes in [1] (now the CPU quota value set
is rounded the same way systemd does it).

[1]: https://github.com/opencontainers/cgroups/pull/4
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-05-13 13:28:36 -07:00
dependabot[bot]
fbf1a320d8 build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1 
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-12 04:47:59 +00:00
dependabot[bot]
d920a72202 build(deps): bump github.com/seccomp/libseccomp-golang 
Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/seccomp/libseccomp-golang/releases)
- [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG)
- [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/seccomp/libseccomp-golang
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-24 04:50:34 +00:00
dependabot[bot]
bb5aa11622 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0 
Bumps [github.com/moby/sys/user](https://github.com/moby/sys) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/user/v0.3.0...user/v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/user
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-04 04:34:30 +00:00
dependabot[bot]
bac338256c build(deps): bump github.com/opencontainers/selinux 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.1 to 1.12.0.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.1...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 04:56:16 +00:00
Prajwal S N
05e83fc600 deps: bump go-criu to v7 
Signed-off-by: Prajwal S N <prajwalnadig21@gmail.com>
 2025-03-05 01:02:53 +05:30
Kir Kolyshkin
a75076b4a4 Switch to opencontainers/cgroups 
This removes libcontainer/cgroups packages and starts
using those from github.com/opencontainers/cgroups repo.

Mostly generated by:

  git rm -f libcontainer/cgroups

  find . -type f -name "*.go" -exec sed -i \
    's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \
    {} +

  go get github.com/opencontainers/cgroups@v0.0.1
  make vendor
  gofumpt -w .

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-02-28 15:20:33 -08:00
dependabot[bot]
537a2276bb build(deps): bump github.com/opencontainers/runtime-spec 
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases)
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog)
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-28 04:52:38 +00:00
Kir Kolyshkin
79a4ac0553 deps: bump cilium/ebpf to v0.17.3 
It has a fix for runc issue 4594.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-02-13 00:07:01 -08:00
Kir Kolyshkin
8e5bb0d8c4 deps: roll back to cilium/ebpf v0.16.0 
Also, exclude v0.17.x until there is a fix for runc issue 4594.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-01-31 16:59:54 -08:00
Aleksa Sarai
70e500e7d1 deps: update to github.com/cyphar/filepath-securejoin@v0.4.1 
This release includes a minor breaking API change that requires us to
rework the types of our wrappers, but there is no practical behaviour
change.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-01-28 22:33:16 +11:00
dependabot[bot]
5855ba5303 build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1 
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.17.0...v0.17.1)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-20 04:10:23 +00:00
dependabot[bot]
e809db842f build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0 
Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](https://github.com/cilium/ebpf/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-20 00:07:03 +00:00
dependabot[bot]
71327d7fcd build(deps): bump github.com/cyphar/filepath-securejoin 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.5 to 0.3.6.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-19 01:42:44 +00:00
Aleksa Sarai
2f1b6626f3 deps: update to github.com/cyphar/filepath-securejoin@v0.3.5 
This fixes a regression in use of securejoin.MkdirAll, where multiple
runc processes racing to create the same mountpoint in a shared rootfs
would result in spurious EEXIST errors. In particular, this regression
caused issues with BuildKit.

Fixes: dd827f7b71 ("utils: switch to securejoin.MkdirAllHandle")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2024-12-06 19:38:46 +11:00
Kir Kolyshkin
66969827c0 Switch to github.com/moby/sys/capability v0.4.0 
This removes the last unversioned package in runc's direct dependencies.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2024-12-02 13:18:10 -08:00
dependabot[bot]
69b3be763a build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0 
Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-23 06:49:47 +00:00
dependabot[bot]
f20f273aff build(deps): bump github.com/opencontainers/selinux 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-23 04:20:54 +00:00
Akihiro Suda
e98851de36 Merge pull request #4464 from opencontainers/dependabot/go_modules/github.com/urfave/cli-1.22.16 
build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16
 2024-10-23 10:46:42 +09:00
dependabot[bot]
93db63ab52 build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16 
Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.14 to 1.22.16.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v1.22.14...v1.22.16)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-22 13:23:32 +00:00
dependabot[bot]
af024b6c2b build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 
Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/moby/sys/releases)
- [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/moby/sys/mountinfo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-22 13:23:25 +00:00
Sebastiaan van Stijn
9b60a93cf3 libcontainer/userns: migrate to github.com/moby/sys/userns 
The userns package was moved to the moby/sys/userns module
at commit 3778ae603c.

This patch deprecates the old location, and adds it as an alias
for the moby/sys/userns package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-10-09 22:20:25 +08:00
Aleksa Sarai
1623cde125 go: update github.com/cyphar/filepath-securejoin to v0.3.4 
This includes a fix to avoid doing import "testing" in non-_test.go
code.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2024-10-09 15:13:28 +11:00
Aleksa Sarai
b096459a07 vendor: update github.com/cyphar/filepath-securejoin to v0.3.3 
This fixes issues we had with spurious MkdirAll failures.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2024-09-30 16:26:42 +02:00
Kir Kolyshkin
15904913c2 Merge pull request #4397 from rafaelroquetto/main 
Upgrade Cilium's eBPF library version to 0.16
 2024-09-13 18:22:49 -07:00
Aleksa Sarai
066b109e99 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2 
This includes a fix for the handling of S_ISGID directories.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2024-09-13 23:34:33 +10:00
Rafael Roquetto
216175a9ca Upgrade Cilium's eBPF library version to 0.16 
Signed-off-by: Rafael Roquetto <rafael.roquetto@grafana.com>
 2024-09-12 11:13:21 -06:00
Aleksa Sarai
1d308c7da4 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1 
This includes the MkdirAll and OpenInRoot implementations which are
actually secure against races.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2024-09-03 23:05:59 +10:00
dependabot[bot]
606251ab33 build(deps): bump github.com/opencontainers/runtime-spec 
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.1.1-0.20230823135140-4fec88fd00a4 to 1.2.0.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases)
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog)
- [Commits](https://github.com/opencontainers/runtime-spec/commits/v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-07 14:43:33 +09:00