[18.09] backport #38573 "bump up runc"

[AkihiroSuda]

moby#38573

---

Changes: opencontainers/runc@96ec217...12f6a99

Including critical security fix for runc run --no-pivot (DOCKER_RAMDISK=1): opencontainers/runc#1962

(NOTE: the vuln is attackable only when DOCKER_RAMDISK=1 is set && seccomp is disabled)

Signed-off-by: Akihiro Suda suda.akihiro@lab.ntt.co.jp
(cherry picked from commit 1ee33f4)

[AkihiroSuda]

CI failure is unrelated

07:57:26 The result of hack/generate-swagger-api.sh differs
07:57:26 
07:57:26 diff --git a/api/types/container/container_wait.go b/api/types/container/container_wait.go
07:57:26 index 9e3910a6b4..06b0f02077 100644
07:57:26 --- a/api/types/container/container_wait.go
07:57:26 +++ b/api/types/container/container_wait.go
07:57:26 @@ -7,14 +7,6 @@ package container
07:57:26  // See hack/generate-swagger-api.sh
07:57:26  // ----------------------------------------------------------------------------
07:57:26  
07:57:26 -// ContainerWaitOKBodyError container waiting error, if any
07:57:26 -// swagger:model ContainerWaitOKBodyError
07:57:26 -type ContainerWaitOKBodyError struct {
07:57:26 -
07:57:26 -	// Details of an error
07:57:26 -	Message string `json:"Message,omitempty"`
07:57:26 -}
07:57:26 -
07:57:26  // ContainerWaitOKBody OK response to ContainerWait operation
07:57:26  // swagger:model ContainerWaitOKBody
07:57:26  type ContainerWaitOKBody struct {
07:57:26 @@ -27,3 +19,11 @@ type ContainerWaitOKBody struct {
07:57:26  	// Required: true
07:57:26  	StatusCode int64 `json:"StatusCode"`
07:57:26  }
07:57:26 +
07:57:26 +// ContainerWaitOKBodyError container waiting error, if any
07:57:26 +// swagger:model ContainerWaitOKBodyError
07:57:26 +type ContainerWaitOKBodyError struct {
07:57:26 +
07:57:26 +	// Details of an error
07:57:26 +	Message string `json:"Message,omitempty"`
07:57:26 +}
07:57:26 
07:57:26 Please update api/swagger.yaml with any api changes, then 
07:57:26 run `hack/generate-swagger-api.sh`.