dilim/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-06-24 08:48:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,095 Commits 7 Branches 82 Tags
main
Commit Graph

380 Commits

Author SHA1 Message Date
Aleksa Sarai
d47bf88349 deps: update to libpathrs v0.2.5 
This update includes a few breaking API changes that I needed to get in
before an actual runc release depends on it, so that we don't need to
deal with compatibility shims for them (or bumping the SOVERSION).

From a Go API perspective, there were no major changes -- though this
bump did also require a bump to github.com/cyphar/filepath-securejoin
because one of the wrapped APIs changed from int to uint64 as a flag
argument type. Again, better to get this done before we really depend on
this in a public way.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2026-06-18 11:57:38 +02:00
Kir Kolyshkin
f66ace4cfa deps: bump to go-criu v8.3.0 
go-criu v8.3.0 switches to protobuf-go-lite, which helps to remove
google.golang.org/protobuf dependency from here, reducing the runc
binary size from ~16M to ~14M.

The only missing piece is proto.String, proto.Bool, proto.Int32 etc.
helpers that return a pointer to a given variable. Those are replaced
by a generic mkPtr, which in turn is to be replaced by the new builtin
once Go < 1.26 is no longer supported.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2026-06-15 12:09:36 -07:00
dependabot[bot]
8c112e2f63 build(deps): bump github.com/urfave/cli/v3 from 3.9.1 to 3.10.0 
Bumps [github.com/urfave/cli/v3](https://github.com/urfave/cli) from 3.9.1 to 3.10.0.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v3.9.1...v3.10.0)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli/v3
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-15 04:52:27 +00:00
dependabot[bot]
7e988a0279 build(deps): bump github.com/urfave/cli/v3 from 3.9.0 to 3.9.1 
Bumps [github.com/urfave/cli/v3](https://github.com/urfave/cli) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/urfave/cli/compare/v3.9.0...v3.9.1)

---
updated-dependencies:
- dependency-name: github.com/urfave/cli/v3
  dependency-version: 3.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-11 10:16:36 +00:00
dependabot[bot]
e6e4767529 build(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.55.0 to 0.56.0.
- [Commits](https://github.com/golang/net/compare/v0.55.0...v0.56.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-11 04:52:27 +00:00
dependabot[bot]
5198de1cfb build(deps): bump golang.org/x/sys from 0.45.0 to 0.46.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/sys/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-09 04:52:30 +00:00
Rodrigo Campos Catelin
a7e766484c Merge pull request #5311 from opencontainers/dependabot/go_modules/github.com/opencontainers/selinux-1.15.1 
build(deps): bump github.com/opencontainers/selinux from 1.14.1 to 1.15.1
 2026-06-05 11:27:59 +02:00
Kir Kolyshkin
269405107f deps: bump go-criu to v8.2.0 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2026-06-04 10:48:15 -07:00
dependabot[bot]
9ffc42622a build(deps): bump github.com/opencontainers/selinux 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.14.1 to 1.15.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-03 22:17:11 +00:00
dependabot[bot]
3003d0163c build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.54.0 to 0.55.0.
- [Commits](https://github.com/golang/net/compare/v0.54.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-22 04:52:43 +00:00
lifubang
57fad01d52 chore(deps): upgrade urfave/cli from v1 to v3 
Migrate from urfave/cli v1 (maintenance mode) to v3 to benefit from
active development, improved features, and long-term support.

Signed-off-by: lifubang <lifubang@acmcoder.com>
 2026-05-20 05:26:51 +00:00
Kir Kolyshkin
95998b8a7f Merge pull request #5278 from opencontainers/dependabot/go_modules/github.com/opencontainers/selinux-1.14.1 
build(deps): bump github.com/opencontainers/selinux from 1.13.1 to 1.14.1
 2026-05-13 11:10:22 -07:00
dependabot[bot]
7fe4e42686 build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.53.0 to 0.54.0.
- [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 14:31:11 +00:00
dependabot[bot]
a8c5fcbc7e build(deps): bump github.com/opencontainers/selinux 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.13.1 to 1.14.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.13.1...v1.14.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 21:31:07 +08:00
dependabot[bot]
22986abb5f build(deps): bump golang.org/x/sys from 0.43.0 to 0.44.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/sys/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 21:29:34 +08:00
dependabot[bot]
727fae3012 build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.52.0 to 0.53.0.
- [Commits](https://github.com/golang/net/compare/v0.52.0...v0.53.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-10 18:19:02 +00:00
dependabot[bot]
ebc6fd6ad1 build(deps): bump golang.org/x/sys from 0.42.0 to 0.43.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.42.0 to 0.43.0.
- [Commits](https://github.com/golang/sys/compare/v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 04:52:33 +00:00
Aleksa Sarai
b345c78dca libct/devices: deprecate in favour of moby/sys/devices 
The libcontainer/devices package has been moved to moby/sys/devices, so
we can just point users to that and keep some compatibility shims around
until runc 1.6. We don't use it at all so there are no other changes
needed.

Signed-off-by: Aleksa Sarai <aleksa@amutable.com>
 2026-04-02 22:54:14 +11:00
dependabot[bot]
d033312a74 build(deps): bump golang.org/x/net from 0.50.0 to 0.52.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.50.0 to 0.52.0.
- [Commits](https://github.com/golang/net/compare/v0.50.0...v0.52.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-01 18:11:21 +00:00
Aleksa Sarai
b58e342758 deps: update to cyphar.com/go-pathrs@v0.2.4 
This includes a few fixes for 32-bit builds.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2026-03-12 17:58:10 +09:00
dependabot[bot]
d9879698a3 build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0.
- [Commits](https://github.com/golang/net/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 04:52:25 +00:00
dependabot[bot]
06c7d3375e build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/sys/compare/v0.40.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-09 04:53:03 +00:00
dependabot[bot]
9abc1824f2 build(deps): bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 
Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.6.0 to 22.7.0.
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-systemd/v22
  dependency-version: 22.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-28 04:52:18 +00:00
dependabot[bot]
833e15e078 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 04:52:25 +00:00
dependabot[bot]
b650eda423 build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.49.0.
- [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-13 06:33:37 +00:00
dependabot[bot]
9e6a4cc36d build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-09 05:02:06 +00:00
dependabot[bot]
9d0d5ea411 build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2 
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-30 04:02:43 +00:00
dependabot[bot]
b4887cec32 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 
Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 01:30:19 +00:00
dependabot[bot]
65fe59d01d build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.48.0.
- [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 00:54:36 +00:00
Kir Kolyshkin
ba9e60f7a8 Remove crypto/tls dependency 
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.

Let's copy the code of function we use from go-systemd/activation
to avoid that.

The space savings are:

$ size runc.before runc.after
   text	   data	    bss	    dec	    hex	filename
7101084	5049593	 271560	12422237	 bd8c5d	runc.before
6508796	4623281	 229128	11361205	 ad5bb5	runc.after

Reported-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-12-08 15:31:42 -08:00
lifubang
75188fab73 bump github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1 
Signed-off-by: lifubang <lifubang@acmcoder.com>
 2025-11-20 19:43:22 +08:00
dependabot[bot]
da4ec2375c build(deps): bump golang.org/x/net from 0.46.0 to 0.47.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.46.0 to 0.47.0.
- [Commits](https://github.com/golang/net/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 09:52:34 +08:00
lfbzhm
db1b9368e1 Merge pull request #5018 from opencontainers/dependabot/go_modules/github.com/godbus/dbus/v5-5.2.0 
build(deps): bump github.com/godbus/dbus/v5 from 5.1.0 to 5.2.0
 2025-11-20 09:51:28 +08:00
dependabot[bot]
95baf621b4 build(deps): bump github.com/opencontainers/selinux 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 01:15:13 +00:00
dependabot[bot]
8f2a85dc94 build(deps): bump github.com/godbus/dbus/v5 from 5.1.0 to 5.2.0 
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 01:15:03 +00:00
Aleksa Sarai
3b75374cc7 runtime-spec: update pids.limit handling to match new guidance 
The main update is actually in github.com/opencontainers/cgroups, but we
need to also update runtime-spec to a newer pre-release version to get
the updates from there as well.

In short, the behaviour change is now that "0" is treated as a valid
value to set in "pids.max", "-1" means "max" and unset/nil means "do
nothing". As described in the opencontainers/cgroups PR, this change is
actually backwards compatible because our internal state.json stores
PidsLimit, and that entry is marked as "omitempty". So, an old runc
would omit PidsLimit=0 in state.json, and this will be parsed by a new
runc as being "nil" -- and both would treat this case as "do not set
anything".

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-11 15:15:27 +11:00
dependabot[bot]
071beab281 build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 04:03:04 +00:00
Aleksa Sarai
96f1962f91 deps: update to github.com/opencontainers/selinux@v0.13.0 
This new version includes the fixes for CVE-2025-52881, so we can remove
the internal/third_party copy of the library we added in commit
ed6b1693b8 ("selinux: use safe procfs API for labels") as well as the
"replace" directive in go.mod (which is problematic for "go get"
installs).

Fixes: ed6b1693b8 ("selinux: use safe procfs API for labels")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-08 02:14:38 +11:00
Aleksa Sarai
a41366e740 openat2: improve resilience on busy systems 
Previously, we would see a ~3% failure rate when starting containers
with mounts that contain ".." (which can trigger -EAGAIN). To counteract
this, filepath-securejoin v0.5.1 includes a bump of the internal retry
limit from 32 to 128, which lowers the failure rate to 0.12%.

However, there is still a risk of spurious failure on regular systems.
In order to try to provide more resilience (while avoiding DoS attacks),
this patch also includes an additional retry loop that terminates based
on a deadline rather than retry count. The deadline is 2ms, as my
testing found that ~800us for a single pathrs operation was the longest
latency due to -EAGAIN retries, and that was an outlier compared to the
more common ~400us latencies -- so 2ms should be more than enough for
any real system.

The failure rates above were based on more 50k runs of runc with an
attack script (from libpathrs) running a rename attack on all cores of a
16-core system, which is arguably a worst-case but heavily utilised
servers could likely approach similar results.

Tested-by: Phil Estes <estesp@gmail.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-05 18:57:51 +11:00
Aleksa Sarai
ed6b1693b8 selinux: use safe procfs API for labels 
Due to the sensitive nature of these fixes, it was not possible to
submit these upstream and vendor the upstream library. Instead, this
patch uses a fork of github.com/opencontainers/selinux, branched at
commit opencontainers/selinux@879a755db5.

In order to permit downstreams to build with this patched version, a
snapshot of the forked version has been included in
internal/third_party/selinux. Note that since we use "go mod vendor",
the patched code is usable even without being "go get"-able. Once the
embargo for this issue is lifted we can submit the patches upstream and
switch back to a proper upstream go.mod entry.

Also, this requires us to temporarily disable the CI job we have that
disallows "replace" directives.

Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-01 21:24:06 +11:00
Aleksa Sarai
44a0fcf685 go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0 
In order to avoid lint errors due to the deprecation of the top-level
securejoin methods ported from libpathrs, we need to adjust
internal/pathrs to use the new pathrs-lite subpackage instead.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-01 21:24:03 +11:00
dependabot[bot]
e59062cec9 build(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 04:02:50 +00:00
dependabot[bot]
a35a0e0276 build(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.44.0 to 0.45.0.
- [Commits](https://github.com/golang/net/compare/v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-08 04:02:33 +00:00
dependabot[bot]
dbffd5cd08 build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 
Bumps google.golang.org/protobuf from 1.36.9 to 1.36.10.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 04:02:51 +00:00
Kir Kolyshkin
37b5acc2d7 libct: use manager.AddPid to add exec to cgroup 
The main benefit here is when we are using a systemd cgroup driver,
we actually ask systemd to add a PID, rather than doing it ourselves.
This way, we can add rootless exec PID to a cgroup.

This requires newer opencontainers/cgroups and coreos/go-systemd.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2025-09-16 13:31:16 -07:00
Kir Kolyshkin
b5cb56413c Merge pull request #4830 from marquiz/devel/rdt-schemata-field 
libcontainer/intelrdt: add support for Schemata field
 2025-09-16 13:23:43 -07:00
dependabot[bot]
ffe6d3a3c8 build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/net/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-10 06:50:38 +00:00
dependabot[bot]
cbf8a4d933 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 
Bumps google.golang.org/protobuf from 1.36.8 to 1.36.9.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-10 04:02:44 +00:00
dependabot[bot]
527d2e668f build(deps): bump golang.org/x/sys from 0.35.0 to 0.36.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/sys/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 04:02:59 +00:00
Markus Lehtonen
74c5436b7d Update runtime-spec 
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
 2025-08-26 19:55:01 +03:00