summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go16
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf22
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go22
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/default_linux.go3
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/seccomp.json3
-rw-r--r--vendor/github.com/containers/common/version/version.go2
-rw-r--r--vendor/modules.txt2
7 files changed, 47 insertions, 23 deletions
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 320d5e0e5..ea08ab6ad 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -586,6 +586,22 @@ func (c *Config) Validate() error {
return nil
}
+func (c *EngineConfig) findRuntime() string {
+ // Search for crun first followed by runc and kata
+ for _, name := range []string{"crun", "runc", "kata"} {
+ for _, v := range c.OCIRuntimes[name] {
+ if _, err := os.Stat(v); err == nil {
+ return name
+ }
+ }
+ if path, err := exec.LookPath(name); err == nil {
+ logrus.Warningf("Found default OCIruntime %s path which is missing from [engine.runtimes] in containers.conf", path)
+ return name
+ }
+ }
+ return ""
+}
+
// Validate is the main entry point for Engine configuration validation
// It returns an `error` on validation failure, otherwise
// `nil`.
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 12fbecc22..483727da0 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -425,18 +425,8 @@ default_sysctls = [
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
-# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
+# Paths to look for a valid OCI runtime (crun, runc, kata, etc)
[engine.runtimes]
-# runc = [
-# "/usr/bin/runc",
-# "/usr/sbin/runc",
-# "/usr/local/bin/runc",
-# "/usr/local/sbin/runc",
-# "/sbin/runc",
-# "/bin/runc",
-# "/usr/lib/cri-o-runc/sbin/runc",
-# ]
-
# crun = [
# "/usr/bin/crun",
# "/usr/sbin/crun",
@@ -447,6 +437,16 @@ default_sysctls = [
# "/run/current-system/sw/bin/crun",
# ]
+# runc = [
+# "/usr/bin/runc",
+# "/usr/sbin/runc",
+# "/usr/local/bin/runc",
+# "/usr/local/sbin/runc",
+# "/sbin/runc",
+# "/bin/runc",
+# "/usr/lib/cri-o-runc/sbin/runc",
+# ]
+
# kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 2b3a098a7..e3a7a8e76 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -242,7 +242,6 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.ImageDefaultTransport = _defaultTransport
c.StateType = BoltDBStateStore
- c.OCIRuntime = "crun"
c.ImageBuildFormat = "oci"
c.CgroupManager = defaultCgroupManager()
@@ -250,6 +249,15 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.Remote = isRemote()
c.OCIRuntimes = map[string][]string{
+ "crun": {
+ "/usr/bin/crun",
+ "/usr/sbin/crun",
+ "/usr/local/bin/crun",
+ "/usr/local/sbin/crun",
+ "/sbin/crun",
+ "/bin/crun",
+ "/run/current-system/sw/bin/crun",
+ },
"runc": {
"/usr/bin/runc",
"/usr/sbin/runc",
@@ -260,15 +268,6 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
"/usr/lib/cri-o-runc/sbin/runc",
"/run/current-system/sw/bin/runc",
},
- "crun": {
- "/usr/bin/crun",
- "/usr/sbin/crun",
- "/usr/local/bin/crun",
- "/usr/local/sbin/crun",
- "/sbin/crun",
- "/bin/crun",
- "/run/current-system/sw/bin/crun",
- },
"kata": {
"/usr/bin/kata-runtime",
"/usr/sbin/kata-runtime",
@@ -280,6 +279,9 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
"/usr/bin/kata-fc",
},
}
+ // Needs to be called after populating c.OCIRuntimes
+ c.OCIRuntime = c.findRuntime()
+
c.ConmonEnvVars = []string{
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
index 09629724d..a127571b5 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
@@ -75,6 +75,7 @@ func DefaultProfile() *Seccomp {
"clock_nanosleep_time64",
"clone",
"close",
+ "close_range",
"connect",
"copy_file_range",
"creat",
@@ -226,6 +227,8 @@ func DefaultProfile() *Seccomp {
"openat2",
"pause",
"pidfd_getfd",
+ "pidfd_open",
+ "pidfd_send_signal",
"pipe",
"pipe2",
"pivot_root",
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
index bb5956418..8fb509345 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
@@ -77,6 +77,7 @@
"clock_nanosleep_time64",
"clone",
"close",
+ "close_range",
"connect",
"copy_file_range",
"creat",
@@ -227,6 +228,8 @@
"openat2",
"pause",
"pidfd_getfd",
+ "pidfd_open",
+ "pidfd_send_signal",
"pipe",
"pipe2",
"pivot_root",
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 8df453484..3d671171f 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.31.0"
+const Version = "0.31.2-dev"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d15c6d766..26b782b85 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -86,7 +86,7 @@ github.com/containers/buildah/pkg/parse
github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/util
-# github.com/containers/common v0.31.0
+# github.com/containers/common v0.31.1
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/apparmor/internal/supported
github.com/containers/common/pkg/auth