deps: update to github.com/cyphar/[email protected]

This release includes a minor breaking API change that requires us to rework the types of our wrappers, but there is no practical behaviour change. Signed-off-by: Aleksa Sarai <[email protected]>
kolyshkin · Jan 28, 2025 · 70e500e · 70e500e
1 parent 8702864
commit 70e500e
Show file tree

Hide file tree

Showing 8 changed files with 136 additions and 30 deletions.
diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/cilium/ebpf v0.17.1
 	github.com/containerd/console v1.0.4
 	github.com/coreos/go-systemd/v22 v22.5.0
-	github.com/cyphar/filepath-securejoin v0.3.6
+	github.com/cyphar/filepath-securejoin v0.4.1
 	github.com/docker/go-units v0.5.0
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/moby/sys/capability v0.4.0

diff --git a/go.sum b/go.sum
@@ -10,8 +10,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
-github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
+github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go
@@ -287,9 +287,6 @@ func IsLexicallyInRoot(root, path string) bool {
 // try to detect any symlink components in the path while we are doing the
 // MkdirAll.
 //
-// NOTE: Unlike os.MkdirAll, mode is not Go's os.FileMode, it is the unix mode
-// (the suid/sgid/sticky bits are not the same as for os.FileMode).
-//
 // NOTE: If unsafePath is a subpath of root, we assume that you have already
 // called SecureJoin and so we use the provided path verbatim without resolving
 // any symlinks (this is done in a way that avoids symlink-exchange races).
@@ -300,7 +297,7 @@ func IsLexicallyInRoot(root, path string) bool {
 // handling if unsafePath has already been scoped within the rootfs (this is
 // needed for a lot of runc callers and fixing this would require reworking a
 // lot of path logic).
-func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err error) {
+func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (_ *os.File, Err error) {
 	// If the path is already "within" the root, get the path relative to the
 	// root and use that as the unsafe path. This is necessary because a lot of
 	// MkdirAllInRootOpen callers have already done SecureJoin, and refactoring
@@ -334,12 +331,12 @@ func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err e
 	}
 	defer rootDir.Close()
 
-	return securejoin.MkdirAllHandle(rootDir, unsafePath, int(mode))
+	return securejoin.MkdirAllHandle(rootDir, unsafePath, mode)
 }
 
 // MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the
 // returned handle, for callers that don't need to use it.
-func MkdirAllInRoot(root, unsafePath string, mode uint32) error {
+func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error {
 	f, err := MkdirAllInRootOpen(root, unsafePath, mode)
 	if err == nil {
 		_ = f.Close()

diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md
diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION
diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go
diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -27,7 +27,7 @@ github.com/coreos/go-systemd/v22/dbus
 # github.com/cpuguy83/go-md2man/v2 v2.0.5
 ## explicit; go 1.11
 github.com/cpuguy83/go-md2man/v2/md2man
-# github.com/cyphar/filepath-securejoin v0.3.6
+# github.com/cyphar/filepath-securejoin v0.4.1
 ## explicit; go 1.18
 github.com/cyphar/filepath-securejoin
 # github.com/docker/go-units v0.5.0