Merge pull request #4459 from AkihiroSuda/runc-rc92

update runc to v1.0.0-rc92

cmd/containerd/command/oci-hook.go

@@ -129,7 +129,7 @@ func (t *templateContext) annotation(k string) string {
 }
 
 func (t *templateContext) status() string {
-	return t.state.Status
+	return string(t.state.Status)
 }
 
 func render(ctx *templateContext, source string, out io.Writer) error {

vendor.conf

@@ -31,8 +31,8 @@ github.com/Microsoft/go-winio                       v0.4.14
 github.com/Microsoft/hcsshim                        v0.8.9
 github.com/opencontainers/go-digest                 v1.0.0
 github.com/opencontainers/image-spec                v1.0.1
-github.com/opencontainers/runc                      67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d
+github.com/opencontainers/runc                      v1.0.0-rc92
-github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.3-0.20200520003142-237cc4f519e2
+github.com/opencontainers/runtime-spec              4d89ac9fbff6c455f46a5bb59c6b1bb7184a5e43 # v1.0.3-0.20200728170252-4d89ac9fbff6
 github.com/pkg/errors                               v0.9.1
 github.com/prometheus/client_golang                 v1.6.0
 github.com/prometheus/client_model                  v0.2.0

vendor/github.com/opencontainers/runc/go.mod

@@ -3,18 +3,18 @@ module github.com/opencontainers/runc
 go 1.14
 
 require (
-	github.com/checkpoint-restore/go-criu/v4 v4.0.2
+	github.com/checkpoint-restore/go-criu/v4 v4.1.0
 	github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775
 	github.com/containerd/console v1.0.0
-	github.com/coreos/go-systemd/v22 v22.0.0
+	github.com/coreos/go-systemd/v22 v22.1.0
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/docker/go-units v0.4.0
 	github.com/godbus/dbus/v5 v5.0.3
-	github.com/golang/protobuf v1.3.5
+	github.com/golang/protobuf v1.4.2
 	github.com/moby/sys/mountinfo v0.1.3
-	github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618
+	github.com/mrunalp/fileutils v0.0.0-20200520151820-abd8a0e76976
-	github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
-	github.com/opencontainers/selinux v1.5.1
+	github.com/opencontainers/selinux v1.6.0
 	github.com/pkg/errors v0.9.1
 	github.com/seccomp/libseccomp-golang v0.9.1
 	github.com/sirupsen/logrus v1.6.0
@@ -22,5 +22,5 @@ require (
 	// NOTE: urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092
 	github.com/urfave/cli v1.22.1
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775
+	golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
 )

vendor/github.com/opencontainers/runc/libcontainer/configs/config.go

@@ -239,15 +239,6 @@ const (
 	Poststop = "poststop"
 )
 
-// TODO move this to runtime-spec
-// See: https://github.com/opencontainers/runtime-spec/pull/1046
-const (
-	Creating = "creating"
-	Created  = "created"
-	Running  = "running"
-	Stopped  = "stopped"
-)
-
 type Capabilities struct {
 	// Bounding is the set of capabilities checked by the kernel.
 	Bounding []string

vendor/github.com/opencontainers/runtime-spec/specs-go/config.go

@@ -90,7 +90,7 @@ type User struct {
 	// GID is the group id.
 	GID uint32 `json:"gid" platform:"linux,solaris"`
 	// Umask is the umask for the init process.
-	Umask uint32 `json:"umask,omitempty" platform:"linux,solaris"`
+	Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris"`
 	// AdditionalGids are additional group ids set for the container's process.
 	AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
 	// Username is the user name.
@@ -635,12 +635,13 @@ type LinuxSeccompAction string
 
 // Define actions for Seccomp rules
 const (
-	ActKill  LinuxSeccompAction = "SCMP_ACT_KILL"
+	ActKill        LinuxSeccompAction = "SCMP_ACT_KILL"
-	ActTrap  LinuxSeccompAction = "SCMP_ACT_TRAP"
+	ActKillProcess LinuxSeccompAction = "SCMP_ACT_KILL_PROCESS"
-	ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO"
+	ActTrap        LinuxSeccompAction = "SCMP_ACT_TRAP"
-	ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
+	ActErrno       LinuxSeccompAction = "SCMP_ACT_ERRNO"
-	ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
+	ActTrace       LinuxSeccompAction = "SCMP_ACT_TRACE"
-	ActLog   LinuxSeccompAction = "SCMP_ACT_LOG"
+	ActAllow       LinuxSeccompAction = "SCMP_ACT_ALLOW"
+	ActLog         LinuxSeccompAction = "SCMP_ACT_LOG"
 )
 
 // LinuxSeccompOperator used to match syscall arguments in Seccomp

vendor/github.com/opencontainers/runtime-spec/specs-go/state.go

@@ -1,5 +1,23 @@
 package specs
 
+// ContainerState represents the state of a container.
+type ContainerState string
+
+const (
+	// StateCreating indicates that the container is being created
+	StateCreating ContainerState  = "creating"
+
+	// StateCreated indicates that the runtime has finished the create operation
+	StateCreated ContainerState  = "created"
+
+	// StateRunning indicates that the container process has executed the
+	// user-specified program but has not exited
+	StateRunning ContainerState  = "running"
+
+	// StateStopped indicates that the container process has exited
+	StateStopped ContainerState  = "stopped"
+)
+
 // State holds information about the runtime state of the container.
 type State struct {
 	// Version is the version of the specification that is supported.
@@ -7,7 +25,7 @@ type State struct {
 	// ID is the container ID
 	ID string `json:"id"`
 	// Status is the runtime status of the container.
-	Status string `json:"status"`
+	Status ContainerState `json:"status"`
 	// Pid is the process ID for the container process.
 	Pid int `json:"pid,omitempty"`
 	// Bundle is the path to the container's bundle directory.