Skip to content

common/pkg/parse: switch away from runc/libct/devices#781

Merged
mtrmac merged 1 commit intocontainers:mainfrom
kolyshkin:runc-lc-dev
Apr 23, 2026
Merged

common/pkg/parse: switch away from runc/libct/devices#781
mtrmac merged 1 commit intocontainers:mainfrom
kolyshkin:runc-lc-dev

Conversation

@kolyshkin
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin commented Apr 23, 2026

The github.com/opencontainers/runc/libcontainer/devices package was mostly moved to github.com/opencontainers/cgroups/devices/config for runc v1.3.

The rest of runc/libcontainer/devices now lives in moby/sys/devices (see moby/sys#212). The package is deprecated since runc v1.5 and will be removed from runc v1.6.

Let's switch now to not worry later.

@github-actions github-actions Bot added the common Related to "common" package label Apr 23, 2026
kolyshkin added a commit to kolyshkin/buildah that referenced this pull request Apr 23, 2026
@kolyshkin
Remove runc/libcontainer/devices dependency
c35b3ba 
The github.com/opencontainers/runc/libcontainer/devices package was
_mostly_ moved to github.com/opencontainers/cgroups/devices/config
(see e.g. commit commit 9ac03e6).

The rest of runc/libcontainer/devices now lives in moby/sys/devices
(see moby/sys#212). The package is deprecated
since runc v1.5 and will be removed from runc v1.6.

Let's switch now to not worry later.

PS vendor/github.com/opencontainers/runc/libcontainer/devices is not
removed because it is still being used by common/pkg/parse. This is
addressed by containers/container-libs#781

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin mentioned this pull request Apr 23, 2026
Merged
@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented Apr 23, 2026

Packit jobs failed. @containers/packit-build please check.

1 similar comment
@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented Apr 23, 2026

Packit jobs failed. @containers/packit-build please check.

mtrmac
mtrmac reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Please re-format.

@TomSweeneyRedHat After this PR, we import only ~7 lines of code from the runc repo in to c/common. Would it significantly help our CVE workload if we got rid of the dependency?

@Luap99
Copy link
Copy Markdown
Member

Luap99 commented Apr 23, 2026

@TomSweeneyRedHat After this PR, we import only ~7 lines of code from the runc repo in to c/common. Would it significantly help our CVE workload if we got rid of the dependency?

There is no direct dep in podman either, there are a few in buildah but I guess one could be able to remove them as well and then that would certainly help no having to audit each new runc CVE in the codebase.

@kolyshkin
common/pkg/parse: switch away from runc/libct/devices
0f59635 
The github.com/opencontainers/runc/libcontainer/devices package was
_mostly_ moved to github.com/opencontainers/cgroups/devices/config
for runc v1.3.

The rest of runc/libcontainer/devices now lives in moby/sys/devices
(see moby/sys#212). The package is deprecated
since runc v1.5 and will be removed from runc v1.6.

Let's switch now to not worry later.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@mtrmac
Copy link
Copy Markdown
Contributor

mtrmac commented Apr 23, 2026

Thanks!

@mtrmac mtrmac merged commit 0d5dbf7 into containers:main Apr 23, 2026
16 of 17 checks passed
@mtrmac mtrmac mentioned this pull request Apr 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrmac mtrmac mtrmac approved these changes

Assignees

No one assigned

Labels

common Related to "common" package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @Luap99 @mtrmac