Merge pull request #51707 from thaJeztah/bump_runtime_tools

vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754
2026-01-11 18:51:37 +00:00 · 2025-12-12 17:10:01 +01:00
parent 4384364748 52f33797f3
commit 70aa2e2981
7 changed files with 13 additions and 16 deletions
--- a/go.mod
+++ b/go.mod
@@ -201,7 +201,7 @@ require (
 	github.com/moby/sys/capability v0.4.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 // indirect
+	github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754 // indirect
 	github.com/package-url/packageurl-go v0.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect
--- a/go.sum
+++ b/go.sum
@@ -494,8 +494,8 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww=
 github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 h1:2xZEHOdeQBV6PW8ZtimN863bIOl7OCW/X10K0cnxKeA=
-github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2/go.mod h1:MXdPzqAA8pHC58USHqNCSjyLnRQ6D+NjbpP+02Z1U/0=
+github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754 h1:4Mrk65ZaCobj22KCQJhUB/l09g6tF6f2PtREEYbG3cc=
+github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754/go.mod h1:MXdPzqAA8pHC58USHqNCSjyLnRQ6D+NjbpP+02Z1U/0=
 github.com/opencontainers/selinux v1.13.1 h1:A8nNeceYngH9Ow++M+VVEwJVpdFmrlxsN22F+ISDCJE=
 github.com/opencontainers/selinux v1.13.1/go.mod h1:S10WXZ/osk2kWOYKy1x2f/eXF5ZHJoUs8UU/2caNRbg=
 github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU=
--- a/vendor/github.com/opencontainers/runtime-tools/generate/generate.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/generate.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"slices"
 	"strings"

 	"github.com/moby/sys/capability"
@@ -88,7 +89,8 @@ func New(os string) (generator Generator, err error) {
 		}
 	}

-	if os == "linux" {
+	switch os {
+	case "linux":
 		config.Process.Capabilities = &rspec.LinuxCapabilities{
 			Bounding: []string{
 				"CAP_CHOWN",
@@ -237,7 +239,7 @@ func New(os string) (generator Generator, err error) {
 			},
 			Seccomp: seccomp.DefaultProfile(&config),
 		}
-	} else if os == "freebsd" {
+	case "freebsd":
 		config.Mounts = []rspec.Mount{
 			{
 				Destination: "/dev",
@@ -593,12 +595,10 @@ func (g *Generator) ClearProcessAdditionalGids() {
 }

 // AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids.
-func (g *Generator) AddProcessAdditionalGid(gid uint32) {
+func (g *Generator) AddProcessAdditionalGid(gid uint32) { //nolint:staticcheck // Ignore ST1003: method AddProcessAdditionalGid should be AddProcessAdditionalGID
 	g.initConfigProcess()
-	for _, group := range g.Config.Process.User.AdditionalGids {
-		if group == gid {
-			return
-		}
+	if slices.Contains(g.Config.Process.User.AdditionalGids, gid) {
+		return
 	}
 	g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid)
 }
@@ -868,7 +868,7 @@ func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) {
 	}
 }

-// AddLinuxResourcesUnified sets the g.Config.Linux.Resources.Unified
+// SetLinuxResourcesUnified sets the g.Config.Linux.Resources.Unified.
 func (g *Generator) SetLinuxResourcesUnified(unified map[string]string) {
 	g.initConfigLinuxResourcesUnified()
 	for k, v := range unified {
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
@@ -3,7 +3,6 @@ package seccomp
 import (
 	"runtime"

-	"github.com/opencontainers/runtime-spec/specs-go"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 )

@@ -31,7 +30,7 @@ func arches() []rspec.Arch {
 }

 // DefaultProfile defines the whitelist for the default seccomp profile.
-func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
+func DefaultProfile(rs *rspec.Spec) *rspec.LinuxSeccomp {
 	syscalls := []rspec.LinuxSyscall{
 		{
 			Names: []string{
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 package seccomp

--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
@@ -1,5 +1,4 @@
 //go:build !linux
-// +build !linux

 package seccomp

--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1220,7 +1220,7 @@ github.com/opencontainers/image-spec/specs-go/v1
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
 github.com/opencontainers/runtime-spec/specs-go/features
-# github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2
+# github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754
 ## explicit; go 1.21
 github.com/opencontainers/runtime-tools/generate
 github.com/opencontainers/runtime-tools/generate/seccomp