Update CDI package

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2025-06-26 18:18:24 +00:00 · 2023-01-19 11:44:02 +01:00
parent 94b7add334
commit bc4bfb94a2
114 changed files with 839 additions and 14878 deletions
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
@@ -151,6 +151,9 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				"io_submit",
 				"ipc",
 				"kill",
+				"landlock_add_rule",
+				"landlock_create_ruleset",
+				"landlock_restrict_self",
 				"lchown",
 				"lchown32",
 				"lgetxattr",
@@ -303,6 +306,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				"stat64",
 				"statfs",
 				"statfs64",
+				"statx",
 				"symlink",
 				"symlinkat",
 				"sync",
@@ -353,11 +357,23 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 					Value: 0x0,
 					Op:    rspec.OpEqualTo,
 				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: rspec.ActAllow,
+			Args: []rspec.LinuxSeccompArg{
 				{
 					Index: 0,
 					Value: 0x0008,
 					Op:    rspec.OpEqualTo,
 				},
+			},
+		},
+		{
+			Names:  []string{"personality"},
+			Action: rspec.ActAllow,
+			Args: []rspec.LinuxSeccompArg{
 				{
 					Index: 0,
 					Value: 0xffffffff,
@@ -512,7 +528,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				Args: []rspec.LinuxSeccompArg{
 					{
 						Index:    sysCloneFlagsIndex,
-						Value:    CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet,
+						Value:    CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet | CloneNewCgroup,
 						ValueTwo: 0,
 						Op:       rspec.OpMaskedEqual,
 					},
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
@@ -3,14 +3,15 @@

 package seccomp

-import "syscall"
+import "golang.org/x/sys/unix"

 // System values passed through on linux
 const (
-	CloneNewIPC  = syscall.CLONE_NEWIPC
-	CloneNewNet  = syscall.CLONE_NEWNET
-	CloneNewNS   = syscall.CLONE_NEWNS
-	CloneNewPID  = syscall.CLONE_NEWPID
-	CloneNewUser = syscall.CLONE_NEWUSER
-	CloneNewUTS  = syscall.CLONE_NEWUTS
+	CloneNewIPC    = unix.CLONE_NEWIPC
+	CloneNewNet    = unix.CLONE_NEWNET
+	CloneNewNS     = unix.CLONE_NEWNS
+	CloneNewPID    = unix.CLONE_NEWPID
+	CloneNewUser   = unix.CLONE_NEWUSER
+	CloneNewUTS    = unix.CLONE_NEWUTS
+	CloneNewCgroup = unix.CLONE_NEWCGROUP
 )