From ba78fffbe516c35eb9833486d92fb1f31cc686fb Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 3 Feb 2026 00:15:10 +0100 Subject: [PATCH 1/6] [1.4] dockerfile: switch to Debian 13 Debian 13 (trixie) was released a few months ago and it's probably prudent to just upgrade. This is also necessary to get access to riscv64 repositories when we build libpathrs for inclusion in our runc binaries. Signed-off-by: Aleksa Sarai (cherry picked from commit 6b757b6aa0dc2f4c0160c5cccd0909caee4c68e8) Signed-off-by: Aleksa Sarai --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e4f3df3545b..f97f3036bf2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,9 @@ ARG GO_VERSION=1.25 ARG BATS_VERSION=v1.12.0 ARG LIBSECCOMP_VERSION=2.6.0 -FROM golang:${GO_VERSION}-bookworm +FROM golang:${GO_VERSION}-trixie ARG DEBIAN_FRONTEND=noninteractive -ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12 +ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_13 RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ wget -nv $CRIU_REPO/Release.key -O- | gpg --dearmor > "$KEYFILE" \ From 8cdb38cd4e76740ac955d2e93d3e0fb808f8dae1 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Feb 2026 18:32:33 +1100 Subject: [PATCH 2/6] [1.4] build: treat armhf as ARMv7 The intention of commit 531e29e19211 ("script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf") was to properly support older ARM platforms with our release builds. However, we have never been able to support ARMv6 for our builds because we use the Debian compiler to build the libseccomp we statically compile into our binaries and (as per the now-deleted comment itself) Debian treats armhf as being ARMv7 so the final binaries we produced were always only ever compatible with ARMv7+. This was a bit of an oddity before but when building libpathrs for releases we will need to use Rust which makes the target more explicit (and while it does support armhf, we are using the Debian-packaged Rust cross-compiler and thus are in the same dilemma with what Debian considers "armhf" to be). All-in-all, it's better to just bite the bullet and just follow Debian here properly. Fixes: 531e29e19211 ("script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf") Signed-off-by: Aleksa Sarai (cherry picked from commit 51ae8de054eb3068c4e4901ba9a6af7f5807d5e4) Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 10 ++++++++++ script/lib.sh | 11 +---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79cc3784b5f..3b77754ab74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased 1.4.z] +### Changed ### +- Previously we made an attempt to make our `runc.armhf` release binaries work + with ARMv6 (which would allow runc to work on the original Raspberry Pi). + Unfortunately, this has effectively always been broken (because we + cross-compile `libseccomp` within a Debian container and statically link to + it) and so we are now officially matching [the Debian definition of `armhf`][debian-armhf] + (that is, ARMv7). (#5103) + +[debian-armhf]: https://wiki.debian.org/ArmHardFloatPort + ## [1.4.0] - 2025-11-27 > 路漫漫其修远兮,吾将上下而求索! diff --git a/script/lib.sh b/script/lib.sh index 9e4139756a3..89ce8c6c34e 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -48,16 +48,7 @@ function set_cross_vars() { armhf) HOST=arm-${PLATFORM}eabihf GOARCH=arm - # "armhf" means ARMv7 for Debian, ARMv6 for Raspbian. - # ARMv6 is chosen here for compatibility. - # - # https://wiki.debian.org/RaspberryPi - # - # > Raspberry Pi OS builds a single image for all of the Raspberry families, - # > so you will get an armhf 32-bit, hard floating-point system, but built - # > for the ARMv6 ISA (with VFP2), unlike Debian's ARMv7 ISA (with VFP3) - # > port. - GOARM=6 + GOARM=7 ;; ppc64le) HOST=powerpc64le-${PLATFORM} From ac7909922ed52820e3c4e2c53b05b41e218a50f3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 2 Feb 2026 13:04:50 +0100 Subject: [PATCH 3/6] [1.4] build: rename /opt/libseccomp cdylib directory In a future patch this will contain other cdylibs so it deserves a slightly more general name. Signed-off-by: Aleksa Sarai (cherry picked from commit 8292574e7ab4cf78246ccbe1eaf64c2eb883fefe) Signed-off-by: Aleksa Sarai --- Dockerfile | 10 ++++++---- script/release_build.sh | 23 +++++++++-------------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index f97f3036bf2..9f5bbc09642 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,14 +54,16 @@ RUN cd /tmp \ && ./install.sh /usr/local \ && rm -rf /tmp/bats-core +ENV DYLIB_DIR=/opt/runc-dylibs + # install libseccomp ARG LIBSECCOMP_VERSION COPY script/seccomp.sh script/lib.sh /tmp/script/ -RUN mkdir -p /opt/libseccomp \ - && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp 386 amd64 arm64 armel armhf ppc64le riscv64 s390x +RUN mkdir -p $DYLIB_DIR \ + && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" $DYLIB_DIR 386 amd64 arm64 armel armhf ppc64le riscv64 s390x ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION -ENV LD_LIBRARY_PATH=/opt/libseccomp/lib -ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig +ENV LD_LIBRARY_PATH=$DYLIB_DIR/lib +ENV PKG_CONFIG_PATH=$DYLIB_DIR/lib/pkgconfig # Prevent the "fatal: detected dubious ownership in repository" git complain during build. RUN git config --global --add safe.directory /go/src/github.com/opencontainers/runc diff --git a/script/release_build.sh b/script/release_build.sh index 5e0b90773e2..8e0b6c66145 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -40,14 +40,14 @@ function build_project() { shift local arches=("$@") - # Assume that if /opt/libseccomp exists, then we are run - # via Dockerfile, and seccomp is already built. - local seccompdir=/opt/libseccomp temp_dir - if [ ! -d "$seccompdir" ]; then - temp_dir="$(mktemp -d)" - seccompdir="$temp_dir" + # Assume that if /opt/runc-dylibs exists, then we are running via + # Dockerfile, and thus seccomp is already built. Otherwise, build it now. + local dylibdir=/opt/runc-dylibs + if ! [ -d "$dylibdir" ]; then + trap 'rm -rf "$dylibdir"' EXIT + dylibdir="$(mktemp -d)" # Download and build libseccomp. - "$root/script/seccomp.sh" "$LIBSECCOMP_VERSION" "$seccompdir" "${arches[@]}" + "$root/script/seccomp.sh" "$LIBSECCOMP_VERSION" "$dylibdir" "${arches[@]}" fi # For reproducible builds, add these to EXTRA_LDFLAGS: @@ -70,7 +70,7 @@ function build_project() { CFLAGS="$original_cflags" set_cross_vars "$arch" make -C "$root" \ - PKG_CONFIG_PATH="$seccompdir/$arch/lib/pkgconfig" \ + PKG_CONFIG_PATH="$dylibdir/$arch/lib/pkgconfig" \ "${make_args[@]}" "$STRIP" "$root/$project" mv "$root/$project" "$builddir/$project.$arch" @@ -85,12 +85,7 @@ function build_project() { fi # Copy libseccomp source tarball. - cp "$seccompdir"/src/* "$builddir" - - # Clean up. - if [ -n "$tempdir" ]; then - rm -rf "$tempdir" - fi + cp "$dylibdir"/src/* "$builddir" } # End of the easy-to-configure portion. From 5424ac4ddbb6992c0c75142467369742464fe077 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 3 Feb 2026 19:52:35 +0100 Subject: [PATCH 4/6] [1.4] script: seccomp.sh -> build-seccomp.sh This name is far more descriptive. Signed-off-by: Aleksa Sarai (cherry picked from commit b1a9047c7a493acc540166abb0033d2fd1ae642d) Signed-off-by: Aleksa Sarai --- Dockerfile | 6 ++++-- script/{seccomp.sh => build-seccomp.sh} | 2 +- script/release_build.sh | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) rename script/{seccomp.sh => build-seccomp.sh} (96%) diff --git a/Dockerfile b/Dockerfile index 9f5bbc09642..829acc42c51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,14 +54,16 @@ RUN cd /tmp \ && ./install.sh /usr/local \ && rm -rf /tmp/bats-core +ARG RELEASE_ARCHES="386 amd64 arm64 armel armhf ppc64le riscv64 s390x" ENV DYLIB_DIR=/opt/runc-dylibs # install libseccomp ARG LIBSECCOMP_VERSION -COPY script/seccomp.sh script/lib.sh /tmp/script/ +COPY script/build-seccomp.sh script/lib.sh /tmp/script/ RUN mkdir -p $DYLIB_DIR \ - && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" $DYLIB_DIR 386 amd64 arm64 armel armhf ppc64le riscv64 s390x + && /tmp/script/build-seccomp.sh "$LIBSECCOMP_VERSION" $DYLIB_DIR $RELEASE_ARCHES ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION + ENV LD_LIBRARY_PATH=$DYLIB_DIR/lib ENV PKG_CONFIG_PATH=$DYLIB_DIR/lib/pkgconfig diff --git a/script/seccomp.sh b/script/build-seccomp.sh similarity index 96% rename from script/seccomp.sh rename to script/build-seccomp.sh index c4bbfac1f92..d8a3f9a0e42 100755 --- a/script/seccomp.sh +++ b/script/build-seccomp.sh @@ -65,7 +65,7 @@ function build_libseccomp() { } if [ $# -lt 2 ]; then - echo "Usage: seccomp.sh [ ...]" >&2 + echo "Usage: $0 [ ...]" >&2 exit 1 fi diff --git a/script/release_build.sh b/script/release_build.sh index 8e0b6c66145..db843ccf20e 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -47,7 +47,7 @@ function build_project() { trap 'rm -rf "$dylibdir"' EXIT dylibdir="$(mktemp -d)" # Download and build libseccomp. - "$root/script/seccomp.sh" "$LIBSECCOMP_VERSION" "$dylibdir" "${arches[@]}" + "$root/script/build-seccomp.sh" "$LIBSECCOMP_VERSION" "$dylibdir" "${arches[@]}" fi # For reproducible builds, add these to EXTRA_LDFLAGS: From 97f79dbf591cc9c6d3a516bf4eb566ea65517be3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 26 Feb 2026 17:43:50 +1100 Subject: [PATCH 5/6] [1.4] README: document libpathrs build tag Ever since v0.6.0 of github.com/cyphar/filepath-securejoin, pathrs-lite has been able to transparently switch to using libpathrs as the backend for safe path resolution (at compile-time, using a build tag). Note that because build-tags apply globally, this allows for us to easily opt pure-Go dependencies into all using libpathrs as well for our binaries. In a future patch this will likely be enabled by default, but document that this is an option for downstreams that want to opt-in to using libpathrs. Signed-off-by: Aleksa Sarai (cherry picked from commit ab6f75dd25571cbf89ebe05fe4100a24f53ce864) Signed-off-by: Aleksa Sarai --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index bca08c2d284..cf1df2369d1 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,7 @@ make EXTRA_BUILDTAGS="runc_nocriu" | Build Tag | Feature | Enabled by Default | Dependencies | |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | +| `libpathrs` | Use [`libpathrs`][] for path safety. | no | [`libpathrs`][] | | `runc_nocriu` | **Disables** runc checkpoint/restore. | no | `criu` | The following build tags were used earlier, but are now obsoleted: @@ -120,6 +121,8 @@ The following build tags were used earlier, but are now obsoleted: - **apparmor** (since runc v1.0.0-rc93 the feature is always enabled) - **selinux** (since runc v1.0.0-rc93 the feature is always enabled) +[`libpathrs`]: https://github.com/cyphar/libpathrs + ### Running the test suite `runc` currently supports running its test suite via Docker. From 4fb2e1ceba23aadf7f3207205ec3c5a043c9cb7b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Feb 2026 17:45:47 +1100 Subject: [PATCH 6/6] [1.4] deps: update to cyphar.com/go-pathrs@v0.2.4 This includes a few fixes for 32-bit builds. Signed-off-by: Aleksa Sarai (cherry picked from commit b58e3427581e8e6f34172be5ce93053c4cd839fa) Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +-- vendor/cyphar.com/go-pathrs/.golangci.yml | 2 +- vendor/cyphar.com/go-pathrs/doc.go | 2 +- vendor/cyphar.com/go-pathrs/handle_linux.go | 10 ++----- .../go-pathrs/internal/fdutils/fd_linux.go | 2 +- .../internal/libpathrs/error_unix.go | 2 +- .../internal/libpathrs/libpathrs_linux.go | 6 ++-- .../go-pathrs/procfs/procfs_linux.go | 15 +++------- vendor/cyphar.com/go-pathrs/root_linux.go | 30 ++----------------- vendor/cyphar.com/go-pathrs/utils_linux.go | 2 +- vendor/modules.txt | 2 +- 12 files changed, 21 insertions(+), 58 deletions(-) diff --git a/go.mod b/go.mod index 3187936f35a..de5748b695c 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( ) require ( - cyphar.com/go-pathrs v0.2.1 // indirect + cyphar.com/go-pathrs v0.2.4 // indirect github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 99a236fe691..2bafeafbfa1 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cyphar.com/go-pathrs v0.2.1 h1:9nx1vOgwVvX1mNBWDu93+vaceedpbsDqo+XuBGL40b8= -cyphar.com/go-pathrs v0.2.1/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= +cyphar.com/go-pathrs v0.2.4 h1:iD/mge36swa1UFKdINkr1Frkpp6wZsy3YYEildj9cLY= +cyphar.com/go-pathrs v0.2.4/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo= github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= diff --git a/vendor/cyphar.com/go-pathrs/.golangci.yml b/vendor/cyphar.com/go-pathrs/.golangci.yml index 2778a3268ef..a28cbd2a4fd 100644 --- a/vendor/cyphar.com/go-pathrs/.golangci.yml +++ b/vendor/cyphar.com/go-pathrs/.golangci.yml @@ -1,8 +1,8 @@ # SPDX-License-Identifier: MPL-2.0 # # libpathrs: safe path resolution on Linux -# Copyright (C) 2019-2025 Aleksa Sarai # Copyright (C) 2019-2025 SUSE LLC +# Copyright (C) 2026 Aleksa Sarai # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/vendor/cyphar.com/go-pathrs/doc.go b/vendor/cyphar.com/go-pathrs/doc.go index a7ee4bc487f..c3b4eedd0f8 100644 --- a/vendor/cyphar.com/go-pathrs/doc.go +++ b/vendor/cyphar.com/go-pathrs/doc.go @@ -1,8 +1,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/vendor/cyphar.com/go-pathrs/handle_linux.go b/vendor/cyphar.com/go-pathrs/handle_linux.go index 3221ef67389..6ed0b7af7ad 100644 --- a/vendor/cyphar.com/go-pathrs/handle_linux.go +++ b/vendor/cyphar.com/go-pathrs/handle_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -30,11 +30,9 @@ import ( // you can try to use [Root.Open] or [Root.OpenFile]. // // It is critical that perform all relevant operations through this [Handle] -// (rather than fetching the file descriptor yourself with [Handle.IntoRaw]), +// (rather than fetching the underlying [os.File] yourself with [Handle.IntoFile]), // because the security properties of libpathrs depend on users doing all // relevant filesystem operations through libpathrs. -// -// [os.File]: https://pkg.go.dev/os#File type Handle struct { inner *os.File } @@ -43,7 +41,7 @@ type Handle struct { // handle will be copied by this method, so the original handle should still be // freed by the caller. // -// This is effectively the inverse operation of [Handle.IntoRaw], and is used +// This is effectively the inverse operation of [Handle.IntoFile], and is used // for "deserialising" pathrs root handles. func HandleFromFile(file *os.File) (*Handle, error) { newFile, err := fdutils.DupFile(file) @@ -92,8 +90,6 @@ func (h *Handle) OpenFile(flags int) (*os.File, error) { // calling [Handle.Close] will also close any copies of the returned [os.File]. // If you want to get an independent copy, use [Handle.Clone] followed by // [Handle.IntoFile] on the cloned [Handle]. -// -// [os.File]: https://pkg.go.dev/os#File func (h *Handle) IntoFile() *os.File { // TODO: Figure out if we really don't want to make a copy. // TODO: We almost certainly want to clear r.inner here, but we can't do diff --git a/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go b/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go index 41aea3e4b3d..418b298149e 100644 --- a/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go +++ b/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go index c9f416de01f..8f610ca564e 100644 --- a/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go @@ -5,8 +5,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go index c07b80e3071..d54497a5b70 100644 --- a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -100,7 +100,7 @@ func InRootReadlink(rootFd uintptr, path string) (string, error) { size := 128 for { linkBuf := make([]byte, size) - n := C.pathrs_inroot_readlink(C.int(rootFd), cPath, C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.ulong(len(linkBuf))) + n := C.pathrs_inroot_readlink(C.int(rootFd), cPath, C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.size_t(len(linkBuf))) switch { case int(n) < C.__PATHRS_MAX_ERR_VALUE: return "", fetchError(n) @@ -301,7 +301,7 @@ func ProcReadlinkat(procRootFd int, base ProcBase, path string) (string, error) linkBuf := make([]byte, size) n := C.pathrs_proc_readlinkat( C.int(procRootFd), cBase, cPath, - C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.ulong(len(linkBuf))) + C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.size_t(len(linkBuf))) switch { case int(n) < C.__PATHRS_MAX_ERR_VALUE: return "", fetchError(n) diff --git a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go index 5533c427cb7..915e9ccdb58 100644 --- a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go +++ b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -56,16 +56,15 @@ var ( // *before* you call wait(2)or any equivalent method that could reap // zombies). func ProcPid(pid int) ProcBase { - if pid < 0 || pid >= 1<<31 { + if pid < 0 || uint64(pid) >= 1<<31 { panic("invalid ProcBasePid value") // TODO: should this be an error? } - return ProcBase{inner: libpathrs.ProcPid(uint32(pid))} + pid32 := uint32(pid) //nolint:gosec // G115 false positive + return ProcBase{inner: libpathrs.ProcPid(pid32)} } // ThreadCloser is a callback that needs to be called when you are done // operating on an [os.File] fetched using [Handle.OpenThreadSelf]. -// -// [os.File]: https://pkg.go.dev/os#File type ThreadCloser func() // Handle is a wrapper around an *os.File handle to "/proc", which can be @@ -181,8 +180,6 @@ func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { // Unlike [Handle.OpenThreadSelf], this method does not involve locking // the goroutine to the current OS thread and so is simpler to use and // theoretically has slightly less overhead. -// -// [runtime.LockOSThread]: https://pkg.go.dev/runtime#LockOSThread func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { file, closer, err := proc.open(ProcSelf, path, flags) if closer != nil { @@ -228,10 +225,6 @@ func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { // callback MUST be called AFTER you have finished using the returned // [os.File]. This callback is completely separate to [os.File.Close], so it // must be called regardless of how you close the handle. -// -// [runtime.LockOSThread]: https://pkg.go.dev/runtime#LockOSThread -// [os.File]: https://pkg.go.dev/os#File -// [os.File.Close]: https://pkg.go.dev/os#File.Close func (proc *Handle) OpenThreadSelf(path string, flags int) (*os.File, ThreadCloser, error) { return proc.open(ProcThreadSelf, path, flags) } diff --git a/vendor/cyphar.com/go-pathrs/root_linux.go b/vendor/cyphar.com/go-pathrs/root_linux.go index edc9e4c87f9..5bc2e907170 100644 --- a/vendor/cyphar.com/go-pathrs/root_linux.go +++ b/vendor/cyphar.com/go-pathrs/root_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -54,8 +54,6 @@ func OpenRoot(path string) (*Root, error) { // still be closed by the caller. // // This is effectively the inverse operation of [Root.IntoFile]. -// -// [os.File]: https://pkg.go.dev/os#File func RootFromFile(file *os.File) (*Root, error) { newFile, err := fdutils.DupFile(file) if err != nil { @@ -109,8 +107,6 @@ func (r *Root) ResolveNoFollow(path string) (*Handle, error) { // ergonomic to use. // // This is effectively equivalent to [os.Open]. -// -// [os.Open]: https://pkg.go.dev/os#Open func (r *Root) Open(path string) (*os.File, error) { return r.OpenFile(path, os.O_RDONLY) } @@ -127,8 +123,6 @@ func (r *Root) Open(path string) (*os.File, error) { // // This is effectively equivalent to [os.OpenFile], except that os.O_CREAT is // not supported. -// -// [os.OpenFile]: https://pkg.go.dev/os#OpenFile func (r *Root) OpenFile(path string, flags int) (*os.File, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*os.File, error) { fd, err := libpathrs.InRootOpen(rootFd, path, flags) @@ -145,8 +139,6 @@ func (r *Root) OpenFile(path string, flags int) (*os.File, error) { // // Unlike [os.Create], if the file already exists an error is created rather // than the file being opened and truncated. -// -// [os.Create]: https://pkg.go.dev/os#Create func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error) { unixMode, err := toUnixMode(mode, false) if err != nil { @@ -194,8 +186,6 @@ func (r *Root) RemoveFile(path string) error { // directory tree. // // This is effectively equivalent to [os.Remove]. -// -// [os.Remove]: https://pkg.go.dev/os#Remove func (r *Root) Remove(path string) error { // In order to match os.Remove's implementation we need to also do both // syscalls unconditionally and adjust the error based on whether @@ -219,8 +209,6 @@ func (r *Root) Remove(path string) error { // RemoveAll recursively deletes a path and all of its children. // // This is effectively equivalent to [os.RemoveAll]. -// -// [os.RemoveAll]: https://pkg.go.dev/os#RemoveAll func (r *Root) RemoveAll(path string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { err := libpathrs.InRootRemoveAll(rootFd, path) @@ -233,8 +221,6 @@ func (r *Root) RemoveAll(path string) error { // mode is used for the new directory (the process's umask applies). // // This is effectively equivalent to [os.Mkdir]. -// -// [os.Mkdir]: https://pkg.go.dev/os#Mkdir func (r *Root) Mkdir(path string, mode os.FileMode) error { unixMode, err := toUnixMode(mode, false) if err != nil { @@ -253,8 +239,6 @@ func (r *Root) Mkdir(path string, mode os.FileMode) error { // directories created by this function (the process's umask applies). // // This is effectively equivalent to [os.MkdirAll]. -// -// [os.MkdirAll]: https://pkg.go.dev/os#MkdirAll func (r *Root) MkdirAll(path string, mode os.FileMode) (*Handle, error) { unixMode, err := toUnixMode(mode, false) if err != nil { @@ -278,9 +262,7 @@ func (r *Root) MkdirAll(path string, mode os.FileMode) (*Handle, error) { // directory tree. The provided mode is used for the new directory (the // process's umask applies). // -// This is effectively equivalent to [unix.Mknod]. -// -// [unix.Mknod]: https://pkg.go.dev/golang.org/x/sys/unix#Mknod +// This is effectively equivalent to [golang.org/x/sys/unix.Mknod]. func (r *Root) Mknod(path string, mode os.FileMode, dev uint64) error { unixMode, err := toUnixMode(mode, true) if err != nil { @@ -298,8 +280,6 @@ func (r *Root) Mknod(path string, mode os.FileMode, dev uint64) error { // created at path and is a link to target. // // This is effectively equivalent to [os.Symlink]. -// -// [os.Symlink]: https://pkg.go.dev/os#Symlink func (r *Root) Symlink(path, target string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { err := libpathrs.InRootSymlink(rootFd, path, target) @@ -314,8 +294,6 @@ func (r *Root) Symlink(path, target string) error { // host). // // This is effectively equivalent to [os.Link]. -// -// [os.Link]: https://pkg.go.dev/os#Link func (r *Root) Hardlink(path, target string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { err := libpathrs.InRootHardlink(rootFd, path, target) @@ -327,8 +305,6 @@ func (r *Root) Hardlink(path, target string) error { // Readlink returns the target of a symlink with a [Root]'s directory tree. // // This is effectively equivalent to [os.Readlink]. -// -// [os.Readlink]: https://pkg.go.dev/os#Readlink func (r *Root) Readlink(path string) (string, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (string, error) { return libpathrs.InRootReadlink(rootFd, path) @@ -345,8 +321,6 @@ func (r *Root) Readlink(path string) (string, error) { // calling [Root.Close] will also close any copies of the returned [os.File]. // If you want to get an independent copy, use [Root.Clone] followed by // [Root.IntoFile] on the cloned [Root]. -// -// [os.File]: https://pkg.go.dev/os#File func (r *Root) IntoFile() *os.File { // TODO: Figure out if we really don't want to make a copy. // TODO: We almost certainly want to clear r.inner here, but we can't do diff --git a/vendor/cyphar.com/go-pathrs/utils_linux.go b/vendor/cyphar.com/go-pathrs/utils_linux.go index 2208d608f8d..b4e7e08e7df 100644 --- a/vendor/cyphar.com/go-pathrs/utils_linux.go +++ b/vendor/cyphar.com/go-pathrs/utils_linux.go @@ -3,8 +3,8 @@ // SPDX-License-Identifier: MPL-2.0 /* * libpathrs: safe path resolution on Linux - * Copyright (C) 2019-2025 Aleksa Sarai * Copyright (C) 2019-2025 SUSE LLC + * Copyright (C) 2026 Aleksa Sarai * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/vendor/modules.txt b/vendor/modules.txt index 810b3dbac81..29c788a8b19 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# cyphar.com/go-pathrs v0.2.1 +# cyphar.com/go-pathrs v0.2.4 ## explicit; go 1.18 cyphar.com/go-pathrs cyphar.com/go-pathrs/internal/fdutils