From 606251ab335482957f6f90fc30d39daad5ce0afb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 04:14:03 +0000 Subject: [PATCH] build(deps): bump github.com/opencontainers/runtime-spec Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.1.1-0.20230823135140-4fec88fd00a4 to 1.2.0. - [Release notes](https://github.com/opencontainers/runtime-spec/releases) - [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog) - [Commits](https://github.com/opencontainers/runtime-spec/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/runtime-spec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 11 ++++++----- go.mod | 2 +- go.sum | 4 ++-- libcontainer/specconv/spec_linux.go | 4 ++-- update.go | 4 ++-- .../opencontainers/runtime-spec/specs-go/config.go | 10 ++++++++++ .../runtime-spec/specs-go/features/features.go | 6 ++++++ .../opencontainers/runtime-spec/specs-go/version.go | 4 ++-- vendor/modules.txt | 2 +- 9 files changed, 32 insertions(+), 15 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 7ef21d6f948..91c12aea8ac 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,14 +1,15 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.1.0](https://github.com/opencontainers/runtime-spec/tree/v1.1.0) +This branch of runc implements the [OCI Runtime Spec v1.2.0](https://github.com/opencontainers/runtime-spec/tree/v1.2.0) for the `linux` platform. The following features are not implemented yet: -Spec version | Feature | PR --------------|------------------------------------------|---------------------------------------------------------- -v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) +Spec version | Feature | PR +-------------|------------------------------------------------|---------------------------------------------------------- +v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) +v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) +v1.2.0 | Features: `potentiallyUnsafeConfigAnnotations` | TODO ## Architectures diff --git a/go.mod b/go.mod index 383c55dc09c..c1873925663 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/user v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 + github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 6c7a5eac8f2..29e8089313a 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 h1:EctkgBjZ1y4q+sibyuuIgiKpa0QSd2elFtSSdNvBVow= -github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index fbb68c24d5d..25ef7227f54 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -791,7 +791,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.Memory.Swap != nil { c.Resources.MemorySwap = *r.Memory.Swap } - if r.Memory.Kernel != nil || r.Memory.KernelTCP != nil { + if r.Memory.Kernel != nil || r.Memory.KernelTCP != nil { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. logrus.Warn("Kernel memory settings are ignored and will be removed") } if r.Memory.Swappiness != nil { @@ -1207,7 +1207,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { func createHooks(rspec *specs.Spec, config *configs.Config) { config.Hooks = configs.Hooks{} if rspec.Hooks != nil { - for _, h := range rspec.Hooks.Prestart { + for _, h := range rspec.Hooks.Prestart { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. cmd := createCommandHook(h) config.Hooks[configs.Prestart] = append(config.Hooks[configs.Prestart], configs.NewCommandHook(cmd)) } diff --git a/update.go b/update.go index fc2d656abbf..5bcc441a173 100644 --- a/update.go +++ b/update.go @@ -250,7 +250,7 @@ other options are ignored. }{ {"memory", r.Memory.Limit}, {"memory-swap", r.Memory.Swap}, - {"kernel-memory", r.Memory.Kernel}, + {"kernel-memory", r.Memory.Kernel}, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. {"kernel-memory-tcp", r.Memory.KernelTCP}, {"memory-reservation", r.Memory.Reservation}, } { @@ -272,7 +272,7 @@ other options are ignored. r.Pids.Limit = int64(context.Int("pids-limit")) } - if *r.Memory.Kernel != 0 || *r.Memory.KernelTCP != 0 { + if *r.Memory.Kernel != 0 || *r.Memory.KernelTCP != 0 { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. logrus.Warn("Kernel memory settings are ignored and will be removed") } diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 4e7717d53f1..d1236ba7213 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -187,6 +187,10 @@ type Hook struct { type Hooks struct { // Prestart is Deprecated. Prestart is a list of hooks to be run before the container process is executed. // It is called in the Runtime Namespace + // + // Deprecated: use [Hooks.CreateRuntime], [Hooks.CreateContainer], and + // [Hooks.StartContainer] instead, which allow more granular hook control + // during the create and start phase. Prestart []Hook `json:"prestart,omitempty"` // CreateRuntime is a list of hooks to be run after the container has been created but before pivot_root or any equivalent operation has been called // It is called in the Runtime Namespace @@ -371,6 +375,12 @@ type LinuxMemory struct { // Total memory limit (memory + swap). Swap *int64 `json:"swap,omitempty"` // Kernel memory limit (in bytes). + // + // Deprecated: kernel-memory limits are not supported in cgroups v2, and + // were obsoleted in [kernel v5.4]. This field should no longer be used, + // as it may be ignored by runtimes. + // + // [kernel v5.4]: https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0 Kernel *int64 `json:"kernel,omitempty"` // Kernel memory limit for tcp (in bytes) KernelTCP *int64 `json:"kernelTCP,omitempty"` diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go index 39009c79d2c..949f532b65a 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -24,6 +24,12 @@ type Features struct { // Annotations contains implementation-specific annotation strings, // such as the implementation version, and third-party extensions. Annotations map[string]string `json:"annotations,omitempty"` + + // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations + // that may appear in `config.json`. + // + // A value that ends with "." is interpreted as a prefix of annotations. + PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"` } // Linux is specific to Linux. diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 35358c2c5b2..503971e058b 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 1 + VersionMinor = 2 // VersionPatch is for backwards-compatible bug fixes VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "+dev" + VersionDev = "" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 146cceeb3e3..3de1e684a57 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,7 +42,7 @@ github.com/moby/sys/user # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 +# github.com/opencontainers/runtime-spec v1.2.0 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features