Vendor containerd 2386062 and runtime-tools e29f3ca.

Signed-off-by: Lantao Liu <lantaol@google.com>

vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go

@@ -43,19 +43,19 @@ type Resources struct {
 	Devices []*Device `json:"devices"`
 
 	// Memory limit (in bytes)
-	Memory uint64 `json:"memory"`
+	Memory int64 `json:"memory"`
 
 	// Memory reservation or soft_limit (in bytes)
-	MemoryReservation uint64 `json:"memory_reservation"`
+	MemoryReservation int64 `json:"memory_reservation"`
 
 	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
-	MemorySwap uint64 `json:"memory_swap"`
+	MemorySwap int64 `json:"memory_swap"`
 
 	// Kernel memory limit (in bytes)
-	KernelMemory uint64 `json:"kernel_memory"`
+	KernelMemory int64 `json:"kernel_memory"`
 
 	// Kernel memory limit for TCP use (in bytes)
-	KernelMemoryTCP uint64 `json:"kernel_memory_tcp"`
+	KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
 
 	// CPU shares (relative weight vs. other containers)
 	CpuShares uint64 `json:"cpu_shares"`

vendor/github.com/opencontainers/runc/libcontainer/configs/config.go

@@ -7,8 +7,9 @@ import (
 	"os/exec"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/opencontainers/runtime-spec/specs-go"
+
+	"github.com/sirupsen/logrus"
 )
 
 type Rlimit struct {

vendor/github.com/opencontainers/runc/libcontainer/configs/namespaces_syscall.go

@@ -2,19 +2,19 @@
 
 package configs
 
-import "syscall"
+import "golang.org/x/sys/unix"
 
 func (n *Namespace) Syscall() int {
 	return namespaceInfo[n.Type]
 }
 
 var namespaceInfo = map[NamespaceType]int{
-	NEWNET:  syscall.CLONE_NEWNET,
-	NEWNS:   syscall.CLONE_NEWNS,
-	NEWUSER: syscall.CLONE_NEWUSER,
-	NEWIPC:  syscall.CLONE_NEWIPC,
-	NEWUTS:  syscall.CLONE_NEWUTS,
-	NEWPID:  syscall.CLONE_NEWPID,
+	NEWNET:  unix.CLONE_NEWNET,
+	NEWNS:   unix.CLONE_NEWNS,
+	NEWUSER: unix.CLONE_NEWUSER,
+	NEWIPC:  unix.CLONE_NEWIPC,
+	NEWUTS:  unix.CLONE_NEWUTS,
+	NEWPID:  unix.CLONE_NEWPID,
 }
 
 // CloneFlags parses the container's Namespaces options to set the correct

vendor/github.com/opencontainers/runc/libcontainer/devices/devices_linux.go

@@ -2,13 +2,13 @@ package devices
 
 import (
 	"errors"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"syscall"
 
 	"github.com/opencontainers/runc/libcontainer/configs"
+
+	"golang.org/x/sys/unix"
 )
 
 var (
@@ -17,45 +17,41 @@ var (
 
 // Testing dependencies
 var (
-	osLstat       = os.Lstat
+	unixLstat     = unix.Lstat
 	ioutilReadDir = ioutil.ReadDir
 )
 
 // Given the path to a device and its cgroup_permissions(which cannot be easily queried) look up the information about a linux device and return that information as a Device struct.
 func DeviceFromPath(path, permissions string) (*configs.Device, error) {
-	fileInfo, err := osLstat(path)
+	var stat unix.Stat_t
+	err := unixLstat(path, &stat)
 	if err != nil {
 		return nil, err
 	}
 	var (
-		devType                rune
-		mode                   = fileInfo.Mode()
-		fileModePermissionBits = os.FileMode.Perm(mode)
+		devType rune
+		mode    = stat.Mode
 	)
 	switch {
-	case mode&os.ModeDevice == 0:
-		return nil, ErrNotADevice
-	case mode&os.ModeCharDevice != 0:
-		fileModePermissionBits |= syscall.S_IFCHR
+	case mode&unix.S_IFBLK != 0:
+		devType = 'b'
+	case mode&unix.S_IFCHR != 0:
 		devType = 'c'
 	default:
-		fileModePermissionBits |= syscall.S_IFBLK
-		devType = 'b'
+		return nil, ErrNotADevice
 	}
-	stat_t, ok := fileInfo.Sys().(*syscall.Stat_t)
-	if !ok {
-		return nil, fmt.Errorf("cannot determine the device number for device %s", path)
-	}
-	devNumber := int(stat_t.Rdev)
+	devNumber := int(stat.Rdev)
+	uid := stat.Uid
+	gid := stat.Gid
 	return &configs.Device{
 		Type:        devType,
 		Path:        path,
 		Major:       Major(devNumber),
 		Minor:       Minor(devNumber),
 		Permissions: permissions,
-		FileMode:    fileModePermissionBits,
-		Uid:         stat_t.Uid,
-		Gid:         stat_t.Gid,
+		FileMode:    os.FileMode(mode),
+		Uid:         uid,
+		Gid:         gid,
 	}, nil
 }