From d47bf88349de01e444be8f78ab8c96dae7020b75 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 18 Jun 2026 10:49:48 +0200 Subject: [PATCH 1/2] deps: update to libpathrs v0.2.5 This update includes a few breaking API changes that I needed to get in before an actual runc release depends on it, so that we don't need to deal with compatibility shims for them (or bumping the SOVERSION). From a Go API perspective, there were no major changes -- though this bump did also require a bump to github.com/cyphar/filepath-securejoin because one of the wrapped APIs changed from int to uint64 as a flag argument type. Again, better to get this done before we really depend on this in a public way. Signed-off-by: Aleksa Sarai --- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 2 +- CHANGELOG.md | 6 ++ Dockerfile | 2 +- README.md | 6 +- go.mod | 4 +- go.sum | 8 +- script/build-libpathrs.sh | 2 +- script/release_build.sh | 2 +- script/setup_host.sh | 2 +- vendor/cyphar.com/go-pathrs/handle_linux.go | 8 +- .../internal/libpathrs/libpathrs_linux.go | 76 +++++++++++++------ .../go-pathrs/procfs/procfs_linux.go | 10 +-- vendor/cyphar.com/go-pathrs/root_linux.go | 54 ++++++------- vendor/cyphar.com/go-pathrs/version_linux.go | 27 +++++++ .../cyphar/filepath-securejoin/CHANGELOG.md | 11 +++ .../cyphar/filepath-securejoin/VERSION | 2 +- .../pathrs-lite/open_libpathrs.go | 2 +- vendor/modules.txt | 4 +- 19 files changed, 153 insertions(+), 77 deletions(-) create mode 100644 vendor/cyphar.com/go-pathrs/version_linux.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b91093b9d..12804e446 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,7 +15,7 @@ permissions: contents: read env: - LIBPATHRS_VERSION: "0.2.4" + LIBPATHRS_VERSION: "0.2.5" # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror # Allow potentially unsafe tests. diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f056d563d..845909d3f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -14,7 +14,7 @@ permissions: env: GO_VERSION: 1.25 - LIBPATHRS_VERSION: "0.2.4" + LIBPATHRS_VERSION: "0.2.5" jobs: keyring: diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ab6ef7c0..f2b72ef94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - The poststart hooks are now executed after starting the user-specified process, fixing a runtime-spec conformance issue. (#4347, #5186) +### Changed ### +- runc now depends on [libpathrs v0.2.5] or later, and attempting to build with + older versions will cause compilation errors. (#5291) + +[libpathrs v0.2.5]: https://github.com/cyphar/libpathrs/releases/tag/v0.2.5 + ## [1.5.0-rc.3] - 2026-06-13 > The best way to get a drink out of a Vogon is to stick your finger down his diff --git a/Dockerfile b/Dockerfile index 079a0eb13..fc680d5e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG GO_VERSION=1.25 ARG BATS_VERSION=v1.12.0 ARG LIBSECCOMP_VERSION=2.6.0 -ARG LIBPATHRS_VERSION=0.2.4 +ARG LIBPATHRS_VERSION=0.2.5 FROM golang:${GO_VERSION}-trixie ARG DEBIAN_FRONTEND=noninteractive diff --git a/README.md b/README.md index e87c7d78b..50520c586 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,8 @@ The following dependencies are optional: [libpathrs][] is a Rust library runc can optionally use for path safety. As mentioned in [the build tag section](#build-tags), its use is controlled with -the `libpathrs` build tag. runc currently requires at least libpathrs 0.2.4 in -order to function properly. +the `libpathrs` build tag. runc currently requires *at least libpathrs 0.2.5* +in order to function properly. At time of writing, very few distributions have libpathrs packages and so it is usually necessary to build and install it locally. For detailed installation @@ -76,7 +76,7 @@ dependencies like `clang` and `lld`), the following steps are all that are really necessary to install libpathrs: ```sh -LIBPATHRS_VERSION=0.2.4 +LIBPATHRS_VERSION=0.2.5 curl -o - -sSL https://github.com/cyphar/libpathrs/releases/download/v${LIBPATHRS_VERSION}/libpathrs-${LIBPATHRS_VERSION}.tar.xz | tar xvfJ - cd libpathrs-${LIBPATHRS_VERSION}/ make release diff --git a/go.mod b/go.mod index 671766809..9c214f867 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v8 v8.3.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.7.0 - github.com/cyphar/filepath-securejoin v0.6.1 + github.com/cyphar/filepath-securejoin v0.7.0 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.2.2 github.com/moby/sys/capability v0.4.0 @@ -28,7 +28,7 @@ require ( ) require ( - cyphar.com/go-pathrs v0.2.4 // indirect + cyphar.com/go-pathrs v0.2.5 // indirect github.com/aperturerobotics/protobuf-go-lite v0.14.0 // indirect github.com/cilium/ebpf v0.17.3 // indirect ) diff --git a/go.sum b/go.sum index 9cb25e4e5..a550e0cf3 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cyphar.com/go-pathrs v0.2.4 h1:iD/mge36swa1UFKdINkr1Frkpp6wZsy3YYEildj9cLY= -cyphar.com/go-pathrs v0.2.4/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= +cyphar.com/go-pathrs v0.2.5 h1:SnX9FBvnoyn3lUs1dkMgZ52bAETpirNu3FTRh5HlRik= +cyphar.com/go-pathrs v0.2.5/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= github.com/aperturerobotics/protobuf-go-lite v0.14.0 h1:6YhovtoUZtXgXLHZ2VV2GCYUzFfi8UN6172Vl2flNlE= github.com/aperturerobotics/protobuf-go-lite v0.14.0/go.mod h1:lGH3s5ArCTXKI4wJdlNpaybUtwSjfAG0vdWjxOfMcF8= github.com/checkpoint-restore/go-criu/v8 v8.3.0 h1:UC3Ioay1OMN2Wg33U53enRoG2701vJ9Y2Ex4APmC52w= @@ -10,8 +10,8 @@ github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/q github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA= github.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w= -github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= -github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/cyphar/filepath-securejoin v0.7.0 h1:s0Y3ITPy6sQn5xt54DuYvTF8hu134ooYLUb58DX/HjE= +github.com/cyphar/filepath-securejoin v0.7.0/go.mod h1:ymLGms/u3BYaviIiuKFnUx8EkQEZeK6cInNoAPJA3o4= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= diff --git a/script/build-libpathrs.sh b/script/build-libpathrs.sh index 721e611f7..94b6c34e5 100755 --- a/script/build-libpathrs.sh +++ b/script/build-libpathrs.sh @@ -44,7 +44,7 @@ declare -A RUST_TARGET_TO_CC=( # sha256 checksums for libpathrs release tarballs. declare -A LIBPATHRS_SHA256=( - ["0.2.4"]=45aca68e698b844fae0cf7c459bc441519b0e7b48397caa7d3936cfc68d73f77 + ["0.2.5"]=f8f4a9419eb839cd5decbd120b65f0495bf6eac07155477fe39a8c2a23da589d ) function generate_cargo_config() { diff --git a/script/release_build.sh b/script/release_build.sh index e6d3e64a3..ba749787a 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -20,7 +20,7 @@ set -e # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. : "${LIBSECCOMP_VERSION:=2.6.0}" -: "${LIBPATHRS_VERSION:=0.2.4}" +: "${LIBPATHRS_VERSION:=0.2.5}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" diff --git a/script/setup_host.sh b/script/setup_host.sh index e42426263..64226d4c2 100755 --- a/script/setup_host.sh +++ b/script/setup_host.sh @@ -3,7 +3,7 @@ # Supports Fedora and EL-based distributions. set -eux -o pipefail -: "${LIBPATHRS_VERSION:=0.2.4}" +: "${LIBPATHRS_VERSION:=0.2.5}" # BATS_VERSION is only consumed for the EL8 platform as its bats package is too old. : "${BATS_VERSION:=v1.12.0}" diff --git a/vendor/cyphar.com/go-pathrs/handle_linux.go b/vendor/cyphar.com/go-pathrs/handle_linux.go index 6ed0b7af7..78225e006 100644 --- a/vendor/cyphar.com/go-pathrs/handle_linux.go +++ b/vendor/cyphar.com/go-pathrs/handle_linux.go @@ -17,6 +17,8 @@ import ( "fmt" "os" + "golang.org/x/sys/unix" + "cyphar.com/go-pathrs/internal/fdutils" "cyphar.com/go-pathrs/internal/libpathrs" ) @@ -56,11 +58,11 @@ func HandleFromFile(file *os.File) (*Handle, error) { // and can be opened multiple times. // // The handle returned is only usable for reading, and this is method is -// shorthand for [Handle.OpenFile] with os.O_RDONLY. +// shorthand for [Handle.OpenFile] with [unix.O_RDONLY]. // // TODO: Rename these to "Reopen" or something. func (h *Handle) Open() (*os.File, error) { - return h.OpenFile(os.O_RDONLY) + return h.OpenFile(unix.O_RDONLY) } // OpenFile creates an "upgraded" file handle to the file referenced by the @@ -71,7 +73,7 @@ func (h *Handle) Open() (*os.File, error) { // handle. // // TODO: Rename these to "Reopen" or something. -func (h *Handle) OpenFile(flags int) (*os.File, error) { +func (h *Handle) OpenFile(flags uint64) (*os.File, error) { return fdutils.WithFileFd(h.inner, func(fd uintptr) (*os.File, error) { newFd, err := libpathrs.Reopen(fd, flags) if err != nil { diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go index d54497a5b..d610a3be4 100644 --- a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go @@ -60,8 +60,8 @@ func OpenRoot(path string) (uintptr, error) { } // Reopen wraps pathrs_reopen. -func Reopen(fd uintptr, flags int) (uintptr, error) { - newFd := C.pathrs_reopen(C.int(fd), C.int(flags)) +func Reopen(fd uintptr, flags uint64) (uintptr, error) { + newFd := C.pathrs_reopen(C.int(fd), C.uint64_t(flags)) return uintptr(newFd), fetchError(newFd) } @@ -84,11 +84,11 @@ func InRootResolveNoFollow(rootFd uintptr, path string) (uintptr, error) { } // InRootOpen wraps pathrs_inroot_open. -func InRootOpen(rootFd uintptr, path string, flags int) (uintptr, error) { +func InRootOpen(rootFd uintptr, path string, flags uint64) (uintptr, error) { cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_inroot_open(C.int(rootFd), cPath, C.int(flags)) + fd := C.pathrs_inroot_open(C.int(rootFd), cPath, C.uint64_t(flags)) return uintptr(fd), fetchError(fd) } @@ -145,23 +145,23 @@ func InRootRemoveAll(rootFd uintptr, path string) error { } // InRootCreat wraps pathrs_inroot_creat. -func InRootCreat(rootFd uintptr, path string, flags int, mode uint32) (uintptr, error) { +func InRootCreat(rootFd uintptr, path string, flags uint64, mode uint32) (uintptr, error) { cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_inroot_creat(C.int(rootFd), cPath, C.int(flags), C.uint(mode)) + fd := C.pathrs_inroot_creat(C.int(rootFd), cPath, C.uint64_t(flags), C.uint(mode)) return uintptr(fd), fetchError(fd) } // InRootRename wraps pathrs_inroot_rename. -func InRootRename(rootFd uintptr, src, dst string, flags uint) error { - cSrc := C.CString(src) - defer C.free(unsafe.Pointer(cSrc)) +func InRootRename(oldRootFd uintptr, oldPath string, newRootFd uintptr, newPath string, flags uint64) error { + cOldPath := C.CString(oldPath) + defer C.free(unsafe.Pointer(cOldPath)) - cDst := C.CString(dst) - defer C.free(unsafe.Pointer(cDst)) + cNewPath := C.CString(newPath) + defer C.free(unsafe.Pointer(cNewPath)) - err := C.pathrs_inroot_rename(C.int(rootFd), cSrc, cDst, C.uint(flags)) + err := C.pathrs_inroot_rename(C.int(oldRootFd), cOldPath, C.int(newRootFd), cNewPath, C.uint64_t(flags)) return fetchError(err) } @@ -193,26 +193,26 @@ func InRootMknod(rootFd uintptr, path string, mode uint32, dev uint64) error { } // InRootSymlink wraps pathrs_inroot_symlink. -func InRootSymlink(rootFd uintptr, path, target string) error { - cPath := C.CString(path) - defer C.free(unsafe.Pointer(cPath)) +func InRootSymlink(target string, rootFd uintptr, linkpath string) error { + cLinkpath := C.CString(linkpath) + defer C.free(unsafe.Pointer(cLinkpath)) cTarget := C.CString(target) defer C.free(unsafe.Pointer(cTarget)) - err := C.pathrs_inroot_symlink(C.int(rootFd), cPath, cTarget) + err := C.pathrs_inroot_symlink(cTarget, C.int(rootFd), cLinkpath) return fetchError(err) } // InRootHardlink wraps pathrs_inroot_hardlink. -func InRootHardlink(rootFd uintptr, path, target string) error { - cPath := C.CString(path) - defer C.free(unsafe.Pointer(cPath)) +func InRootHardlink(oldRootFd uintptr, oldPath string, newRootFd uintptr, newPath string, flags uint64) error { + cNewPath := C.CString(newPath) + defer C.free(unsafe.Pointer(cNewPath)) - cTarget := C.CString(target) - defer C.free(unsafe.Pointer(cTarget)) + cOldPath := C.CString(oldPath) + defer C.free(unsafe.Pointer(cOldPath)) - err := C.pathrs_inroot_hardlink(C.int(rootFd), cPath, cTarget) + err := C.pathrs_inroot_hardlink(C.int(oldRootFd), cOldPath, C.int(newRootFd), cNewPath, C.uint64_t(flags)) return fetchError(err) } @@ -277,13 +277,13 @@ func init() { func ProcPid(pid uint32) ProcBase { return ProcBaseTypePid | ProcBase(pid) } // ProcOpenat wraps pathrs_proc_openat. -func ProcOpenat(procRootFd int, base ProcBase, path string, flags int) (uintptr, error) { +func ProcOpenat(procRootFd int, base ProcBase, path string, flags uint64) (uintptr, error) { cBase := C.pathrs_proc_base_t(base) cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_proc_openat(C.int(procRootFd), cBase, cPath, C.int(flags)) + fd := C.pathrs_proc_openat(C.int(procRootFd), cBase, cPath, C.uint64_t(flags)) return uintptr(fd), fetchError(fd) } @@ -335,3 +335,31 @@ func ProcfsOpen(how *ProcfsOpenHow) (uintptr, error) { fd := C.pathrs_procfs_open((*C.pathrs_procfs_open_how)(how), C.size_t(unsafe.Sizeof(*how))) return uintptr(fd), fetchError(fd) } + +// VersionInfo is a Go-friendly form of pathrs_version_info_t (struct). +type VersionInfo struct { + VersionString string +} + +// versionInfo is pathrs_version_info_t (struct). +type versionInfo C.pathrs_version_info_t + +// Version is pathrs_version_info_t (sizeof(version) is passed automatically). +func Version() (*VersionInfo, error) { + var rawVersion versionInfo + size := C.pathrs_version((*C.pathrs_version_info_t)(&rawVersion), C.size_t(unsafe.Sizeof(rawVersion))) + switch { + case size < 0: + return nil, fetchError(size) + case size > 0: + // TODO(log): Logging? + fallthrough + default: + // TODO(log): Add a log statement if sizeof(rawVersion) is bigger than + // the number of fields we store in VersionInfo. Otherwise a rebuild + // will mask that Go callers cannot see any new fields. + return &VersionInfo{ + VersionString: C.GoString(rawVersion.version_string), + }, nil + } +} diff --git a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go index 915e9ccdb..6a3142646 100644 --- a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go +++ b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go @@ -127,7 +127,7 @@ func (proc *Handle) fd() int { } // TODO: Should we expose open? -func (proc *Handle) open(base ProcBase, path string, flags int) (_ *os.File, Closer ThreadCloser, Err error) { +func (proc *Handle) open(base ProcBase, path string, flags uint64) (_ *os.File, Closer ThreadCloser, Err error) { var closer ThreadCloser if base == ProcThreadSelf { runtime.LockOSThread() @@ -154,7 +154,7 @@ func (proc *Handle) open(base ProcBase, path string, flags int) (_ *os.File, Clo // (such as /proc/cpuinfo) or information about other processes (such as // /proc/1). Accessing your own process information should be done using // [Handle.OpenSelf] or [Handle.OpenThreadSelf]. -func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { +func (proc *Handle) OpenRoot(path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcRoot, path, flags) if closer != nil { // should not happen @@ -180,7 +180,7 @@ func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { // Unlike [Handle.OpenThreadSelf], this method does not involve locking // the goroutine to the current OS thread and so is simpler to use and // theoretically has slightly less overhead. -func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { +func (proc *Handle) OpenSelf(path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcSelf, path, flags) if closer != nil { // should not happen @@ -198,7 +198,7 @@ func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { // Be aware that due to PID recycling, using this is generally not safe except // in certain circumstances. See the documentation of [ProcPid] for more // details. -func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { +func (proc *Handle) OpenPid(pid int, path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcPid(pid), path, flags) if closer != nil { // should not happen @@ -225,7 +225,7 @@ func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { // callback MUST be called AFTER you have finished using the returned // [os.File]. This callback is completely separate to [os.File.Close], so it // must be called regardless of how you close the handle. -func (proc *Handle) OpenThreadSelf(path string, flags int) (*os.File, ThreadCloser, error) { +func (proc *Handle) OpenThreadSelf(path string, flags uint64) (*os.File, ThreadCloser, error) { return proc.open(ProcThreadSelf, path, flags) } diff --git a/vendor/cyphar.com/go-pathrs/root_linux.go b/vendor/cyphar.com/go-pathrs/root_linux.go index 5bc2e9071..4741a24a4 100644 --- a/vendor/cyphar.com/go-pathrs/root_linux.go +++ b/vendor/cyphar.com/go-pathrs/root_linux.go @@ -19,6 +19,8 @@ import ( "os" "syscall" + "golang.org/x/sys/unix" + "cyphar.com/go-pathrs/internal/fdutils" "cyphar.com/go-pathrs/internal/libpathrs" ) @@ -27,7 +29,7 @@ import ( // purpose of this "root handle" is to perform operations within the directory // tree, or to get a [Handle] to inodes within the directory tree. // -// At time of writing, it is considered a *VERY BAD IDEA* to open a [Root] +// At time of writing, it is considered a *VERY BAD IDEA* to open a Root // inside a possibly-attacker-controlled directory tree. While we do have // protections that should defend against it, it's far more dangerous than just // opening a directory tree which is not inside a potentially-untrusted @@ -68,7 +70,7 @@ func RootFromFile(file *os.File) (*Root, error) { // // All symlinks (including trailing symlinks) are followed, but they are // resolved within the rootfs. If you wish to open a handle to the symlink -// itself, use [ResolveNoFollow]. +// itself, use [Root.ResolveNoFollow]. func (r *Root) Resolve(path string) (*Handle, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { handleFd, err := libpathrs.InRootResolve(rootFd, path) @@ -83,10 +85,10 @@ func (r *Root) Resolve(path string) (*Handle, error) { }) } -// ResolveNoFollow is effectively an O_NOFOLLOW version of [Resolve]. Their -// behaviour is identical, except that *trailing* symlinks will not be -// followed. If the final component is a trailing symlink, an O_PATH|O_NOFOLLOW -// handle to the symlink itself is returned. +// ResolveNoFollow is effectively an [unix.O_NOFOLLOW] version of +// [Root.Resolve]. Their behaviour is identical, except that *trailing* +// symlinks will not be followed. If the final component is a trailing symlink, +// an [unix.O_PATH]|[unix.O_NOFOLLOW] handle to the symlink itself is returned. func (r *Root) ResolveNoFollow(path string) (*Handle, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { handleFd, err := libpathrs.InRootResolveNoFollow(rootFd, path) @@ -101,29 +103,29 @@ func (r *Root) ResolveNoFollow(path string) (*Handle, error) { }) } -// Open is effectively shorthand for [Resolve] followed by [Handle.Open], but -// can be slightly more efficient (it reduces CGo overhead and the number of -// syscalls used when using the openat2-based resolver) and is arguably more +// Open is effectively shorthand for [Root.Resolve] followed by [Handle.Open], +// but can be slightly more efficient (it reduces CGo overhead and the number +// of syscalls used when using the openat2-based resolver) and is arguably more // ergonomic to use. // // This is effectively equivalent to [os.Open]. func (r *Root) Open(path string) (*os.File, error) { - return r.OpenFile(path, os.O_RDONLY) + return r.OpenFile(path, unix.O_RDONLY) } -// OpenFile is effectively shorthand for [Resolve] followed by +// OpenFile is effectively shorthand for [Root.Resolve] followed by // [Handle.OpenFile], but can be slightly more efficient (it reduces CGo // overhead and the number of syscalls used when using the openat2-based // resolver) and is arguably more ergonomic to use. // -// However, if flags contains os.O_NOFOLLOW and the path is a symlink, then +// However, if flags contains [unix.O_NOFOLLOW] and the path is a symlink, then // OpenFile's behaviour will match that of openat2. In most cases an error will -// be returned, but if os.O_PATH is provided along with os.O_NOFOLLOW then a -// file equivalent to [ResolveNoFollow] will be returned instead. +// be returned, but if [unix.O_PATH] is provided along with [unix.O_NOFOLLOW] +// then a file equivalent to [Root.ResolveNoFollow] will be returned instead. // -// This is effectively equivalent to [os.OpenFile], except that os.O_CREAT is -// not supported. -func (r *Root) OpenFile(path string, flags int) (*os.File, error) { +// This is effectively equivalent to [os.OpenFile], except that [unix.O_CREAT] +// is not supported. +func (r *Root) OpenFile(path string, flags uint64) (*os.File, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*os.File, error) { fd, err := libpathrs.InRootOpen(rootFd, path, flags) if err != nil { @@ -139,7 +141,7 @@ func (r *Root) OpenFile(path string, flags int) (*os.File, error) { // // Unlike [os.Create], if the file already exists an error is created rather // than the file being opened and truncated. -func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error) { +func (r *Root) Create(path string, flags uint64, mode os.FileMode) (*os.File, error) { unixMode, err := toUnixMode(mode, false) if err != nil { return nil, err @@ -155,9 +157,9 @@ func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error // Rename two paths within a [Root]'s directory tree. The flags argument is // identical to the RENAME_* flags to the renameat2(2) system call. -func (r *Root) Rename(src, dst string, flags uint) error { +func (r *Root) Rename(src, dst string, flags uint64) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootRename(rootFd, src, dst, flags) + err := libpathrs.InRootRename(rootFd, src, rootFd, dst, flags) return struct{}{}, err }) return err @@ -277,26 +279,26 @@ func (r *Root) Mknod(path string, mode os.FileMode, dev uint64) error { } // Symlink creates a symlink within a [Root]'s directory tree. The symlink is -// created at path and is a link to target. +// created at newname and is a link to oldname. // // This is effectively equivalent to [os.Symlink]. -func (r *Root) Symlink(path, target string) error { +func (r *Root) Symlink(oldname, newname string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootSymlink(rootFd, path, target) + err := libpathrs.InRootSymlink(oldname, rootFd, newname) return struct{}{}, err }) return err } // Hardlink creates a hardlink within a [Root]'s directory tree. The hardlink -// is created at path and is a link to target. Both paths are within the +// is created at newname and is a link to oldname. Both paths are within the // [Root]'s directory tree (you cannot hardlink to a different [Root] or the // host). // // This is effectively equivalent to [os.Link]. -func (r *Root) Hardlink(path, target string) error { +func (r *Root) Hardlink(oldname, newname string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootHardlink(rootFd, path, target) + err := libpathrs.InRootHardlink(rootFd, oldname, rootFd, newname, 0) return struct{}{}, err }) return err diff --git a/vendor/cyphar.com/go-pathrs/version_linux.go b/vendor/cyphar.com/go-pathrs/version_linux.go new file mode 100644 index 000000000..9ed2d74ec --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/version_linux.go @@ -0,0 +1,27 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2026 Aleksa Sarai + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package pathrs + +import ( + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// LibraryVersionInfo contains information about the version and features +// supported by the underlying libpathrs.so library at runtime. +type LibraryVersionInfo = libpathrs.VersionInfo + +// LibraryVersion returns information about the version and features supported +// by the underlying libpathrs.so library at runtime. +func LibraryVersion() (*LibraryVersionInfo, error) { + return libpathrs.Version() +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 6d016d05c..f8fbb6b62 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.7.0] - 2025-06-17 ## + +> You talk of times of peace for all, and then prepare for war. + +### Changed ### +- Update to `cyphar.com/go-pathrs@0.2.5`, which included a build-time API + breakage that we needed to work around. The API of this library is unchanged + by this, but users should make sure to update to `v0.7.0` of + `filepath-securejoin` if they use the `libpathrs` built tag and have update + to `libpathrs` `v0.2.5`. + ## [0.6.1] - 2025-11-19 ## > At last up jumped the cunning spider, and fiercely held her fast. diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index ee6cdce3c..faef31a43 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.6.1 +0.7.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go index 53352000e..15205d134 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go @@ -53,5 +53,5 @@ func Reopen(file *os.File, flags int) (*os.File, error) { } defer handle.Close() //nolint:errcheck // close failures aren't critical here - return handle.OpenFile(flags) + return handle.OpenFile(uint64(flags)) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 67ee40845..b2ae77b25 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# cyphar.com/go-pathrs v0.2.4 +# cyphar.com/go-pathrs v0.2.5 ## explicit; go 1.18 cyphar.com/go-pathrs cyphar.com/go-pathrs/internal/fdutils @@ -33,7 +33,7 @@ github.com/containerd/console # github.com/coreos/go-systemd/v22 v22.7.0 ## explicit; go 1.23 github.com/coreos/go-systemd/v22/dbus -# github.com/cyphar/filepath-securejoin v0.6.1 +# github.com/cyphar/filepath-securejoin v0.7.0 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin github.com/cyphar/filepath-securejoin/internal/consts From 1e20abef19ef87f3d4f96960f7e5aa0aa7a351c1 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 18 Jun 2026 10:49:35 +0200 Subject: [PATCH 2/2] runc: add libpathrs info to --version and features Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 4 ++++ features.go | 4 ++++ features_libpathrs.go | 15 +++++++++++++++ features_pathrslite.go | 7 +++++++ go.mod | 2 +- main.go | 4 ++++ types/features/features.go | 3 +++ 7 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 features_libpathrs.go create mode 100644 features_pathrslite.go diff --git a/CHANGELOG.md b/CHANGELOG.md index f2b72ef94..4929c9f7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - The poststart hooks are now executed after starting the user-specified process, fixing a runtime-spec conformance issue. (#4347, #5186) +### Added ### +- `runc version` and `runc features` now provide version information about + libpathrs when runc is built with the `libpathrs` build tag. (#5291) + ### Changed ### - runc now depends on [libpathrs v0.2.5] or later, and attempting to build with older versions will cause compilation errors. (#5291) diff --git a/features.go b/features.go index 46c0f202f..ebcff1f94 100644 --- a/features.go +++ b/features.go @@ -96,6 +96,10 @@ var featuresCommand = &cli.Command{ feat.Annotations[runcfeatures.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch) } + if v := pathrsVersionString(); v != "" { + feat.Annotations[runcfeatures.AnnotationLibpathrsVersion] = v + } + enc := json.NewEncoder(cmd.Writer) enc.SetIndent("", " ") return enc.Encode(feat) diff --git a/features_libpathrs.go b/features_libpathrs.go new file mode 100644 index 000000000..d4cd17c6d --- /dev/null +++ b/features_libpathrs.go @@ -0,0 +1,15 @@ +//go:build libpathrs + +package main + +import ( + "cyphar.com/go-pathrs" +) + +func pathrsVersionString() string { + info, err := pathrs.LibraryVersion() + if err != nil { + panic(err) // should never happen + } + return info.VersionString +} diff --git a/features_pathrslite.go b/features_pathrslite.go new file mode 100644 index 000000000..a28f17960 --- /dev/null +++ b/features_pathrslite.go @@ -0,0 +1,7 @@ +//go:build !libpathrs + +package main + +func pathrsVersionString() string { + return "" +} diff --git a/go.mod b/go.mod index 9c214f867..a006470fd 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/opencontainers/runc go 1.25.0 require ( + cyphar.com/go-pathrs v0.2.5 github.com/checkpoint-restore/go-criu/v8 v8.3.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.7.0 @@ -28,7 +29,6 @@ require ( ) require ( - cyphar.com/go-pathrs v0.2.5 // indirect github.com/aperturerobotics/protobuf-go-lite v0.14.0 // indirect github.com/cilium/ebpf v0.17.3 // indirect ) diff --git a/main.go b/main.go index 3ee1009ae..ad1a61092 100644 --- a/main.go +++ b/main.go @@ -52,6 +52,10 @@ func printVersion(c *cli.Command) { if major+minor+micro > 0 { fmt.Fprintf(w, "libseccomp: %d.%d.%d\n", major, minor, micro) } + + if v := pathrsVersionString(); v != "" { + fmt.Fprintf(w, "libpathrs: %s\n", v) + } } const ( diff --git a/types/features/features.go b/types/features/features.go index a81893c8d..a44b7353f 100644 --- a/types/features/features.go +++ b/types/features/features.go @@ -22,4 +22,7 @@ const ( // AnnotationLibseccompVersion is the version of libseccomp, e.g., "2.5.1". // Note that the runtime MAY support seccomp even when this annotation is not present. AnnotationLibseccompVersion = "io.github.seccomp.libseccomp.version" + + // AnnotationLibpathrsVersion is the runtime version of libpathrs. + AnnotationLibpathrsVersion = "com.cyphar.pathrs.libpathrs.version" )