Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc91

[dependabot-preview]

Bumps github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc91.

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.0-rc91 -- "Just Hook a Right Over Here"

This is intended to be the second-last RC release, with -rc92 having very few large changes so that we can release runc 1.0 (at long last).

• The long-awaited hooks changes have been merged into runc. This was one of the few remaining spec-related issues which were blocking us from releasing runc 1.0. Existing hook users will not be affected by this change, but runc now supports additional hooks that we expect users to migrate to eventually. The new hooks are:

  • createRuntime (replacement for the now-deprecated prestart)
  • createContainer
  • startContainer

• A large amount of effort has been undertaken to support cgroupv2 within runc. The support is still considered experimental, but it is mostly functional at this point. Please report any bugs you find when running under cgroupv2-only systems.

• A [minor-severity security bug][1] was fixed. The devices list would be in allow-by-default mode from the outset, meaning that users would have to explicitly specify they wish to deny all device access at the beginning of the configuration. While this would normally be considered a high-severity vulnerability, all known users of runc had worked around this issue several years ago (hence why this fairly obvious bug was masked).

  In addition, the devices list code has been massively improved such that it will attempt to avoid causing spurrious errors in the container (such as while writing to /dev/null) when doing devices cgroup updates.

• A security audit of runc was conducted in 2019, and the report PDF is now included in the runc repository. The previous release of runc has already addressed the security issues found in that report.

Thanks to the following people who made this release possible:

• Adrian Reber areber@redhat.com
• Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
• Alban Crequy alban@kinvolk.io
• Aleksa Sarai asarai@suse.de
• Alice Frosi afrosi@de.ibm.com
• Amye Scavarda Perrin amye@linuxfoundation.org
• Andrei Vagin avagin@gmail.com
• Boris Popovschi zyqsempai@mail.ru
• Brian Goff cpuguy83@gmail.com
• Chris Aniszczyk caniszczyk@gmail.com
• Danail Branekov danailster@gmail.com
• Giuseppe Scrivano gscrivan@redhat.com

Commits

• 24a3cf8 VERSION: release 1.0.0-rc91
• 1b94395 Merge pull request #2476 from kolyshkin/cpt-err-log
• 834c457 Merge pull request #2482 from kinvolk/alban/integration-tests
• 327284e integration tests: fix typo in README.md
• 0fa097f merge branch 'pr-2481'
• dff7685 Merge pull request #2459 from tedyu/linux-cont-set-cfg
• e643db6 Merge pull request #2479 from haircommander/fix-systemd-version
• 04806ab nsenter: fix repeat close() operations
• 9748b48 Merge pull request #2229 from RenaudWasTaken/create-container
• 861afa7 Add integration tests for the new runc hooks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/173624170

The labels on this github issue will be updated when the story is started.

[linux-foundation-easycla]

• ❌ dependabot-preview[bot] The commit (80ae36e) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[dependabot-preview]

Superseded by #96.