deps: update runc to 1.1.0

This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).

Changes in vendor are generated by (roughly):

        ./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
        ./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
        ./hack/update-vendor.sh
        ./hack/lint-dependencies.sh # And follow all its recommendations.
        ./hack/update-vendor.sh
        ./hack/update-internal-modules.sh
        ./hack/lint-dependencies.sh # Re-check everything again.

Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>

vendor/github.com/opencontainers/runc/libcontainer/utils/cmsg.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package utils
 
 /*
@@ -88,6 +86,11 @@ func SendFd(socket *os.File, name string, fd uintptr) error {
 	if len(name) >= MaxNameLen {
 		return fmt.Errorf("sendfd: filename too long: %s", name)
 	}
-	oob := unix.UnixRights(int(fd))
-	return unix.Sendmsg(int(socket.Fd()), []byte(name), oob, nil, 0)
+	return SendFds(socket, []byte(name), int(fd))
+}
+
+// SendFds sends a list of files descriptor and msg over the given AF_UNIX socket.
+func SendFds(socket *os.File, msg []byte, fds ...int) error {
+	oob := unix.UnixRights(fds...)
+	return unix.Sendmsg(int(socket.Fd()), msg, oob, nil, 0)
 }

vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go

@@ -11,7 +11,7 @@ import (
 	"strings"
 	"unsafe"
 
-	"github.com/cyphar/filepath-securejoin"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"golang.org/x/sys/unix"
 )
 
@@ -33,16 +33,6 @@ func init() {
 	}
 }
 
-// ResolveRootfs ensures that the current working directory is
-// not a symlink and returns the absolute path to the rootfs
-func ResolveRootfs(uncleanRootfs string) (string, error) {
-	rootfs, err := filepath.Abs(uncleanRootfs)
-	if err != nil {
-		return "", err
-	}
-	return filepath.EvalSymlinks(rootfs)
-}
-
 // ExitStatus returns the correct exit status for a process based on if it
 // was signaled or exited cleanly
 func ExitStatus(status unix.WaitStatus) int {
@@ -120,7 +110,7 @@ func WithProcfd(root, unsafePath string, fn func(procfd string) error) error {
 	unsafePath = stripRoot(root, unsafePath)
 	path, err := securejoin.SecureJoin(root, unsafePath)
 	if err != nil {
-		return fmt.Errorf("resolving path inside rootfs failed: %v", err)
+		return fmt.Errorf("resolving path inside rootfs failed: %w", err)
 	}
 
 	// Open the target path.

vendor/github.com/opencontainers/runc/libcontainer/utils/utils_unix.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package utils
@@ -14,7 +15,7 @@ import (
 func EnsureProcHandle(fh *os.File) error {
 	var buf unix.Statfs_t
 	if err := unix.Fstatfs(int(fh.Fd()), &buf); err != nil {
-		return fmt.Errorf("ensure %s is on procfs: %v", fh.Name(), err)
+		return fmt.Errorf("ensure %s is on procfs: %w", fh.Name(), err)
 	}
 	if buf.Type != unix.PROC_SUPER_MAGIC {
 		return fmt.Errorf("%s is not on procfs", fh.Name())
@@ -52,7 +53,7 @@ func CloseExecFrom(minFd int) error {
 		// Intentionally ignore errors from unix.CloseOnExec -- the cases where
 		// this might fail are basically file descriptors that have already
 		// been closed (including and especially the one that was created when
-		// ioutil.ReadDir did the "opendir" syscall).
+		// os.ReadDir did the "opendir" syscall).
 		unix.CloseOnExec(fd)
 	}
 	return nil