vendor: bump runc to rc95

runc rc95 contains a fix for CVE-2021-30465.

runc rc94 provides fixes and improvements.

One notable change is cgroup manager's Set now accept Resources rather
than Cgroup (see https://github.com/opencontainers/runc/pull/2906).
Modify the code accordingly.

Also update runc dependencies (as hinted by hack/lint-depdendencies.sh):

        github.com/cilium/ebpf v0.5.0
        github.com/containerd/console v1.0.2
        github.com/coreos/go-systemd/v22 v22.3.1
        github.com/godbus/dbus/v5 v5.0.4
        github.com/moby/sys/mountinfo v0.4.1
        golang.org/x/sys v0.0.0-20210426230700-d19ff857e887
        github.com/google/go-cmp v0.5.4
        github.com/kr/pretty v0.2.1
        github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

vendor/github.com/checkpoint-restore/go-criu/v4/.travis.yml

@@ -1,28 +0,0 @@
-language: go
-dist: bionic
-os:
-  - linux
-go:
-  - "1.14.x"
-  - "1.13.x"
-  - tip
-env:
-  # Run the tests with CRIU master and criu-dev
-  - CRIU_BRANCH="master"
-  - CRIU_BRANCH="criu-dev"
-install:
-  - sudo apt-get update
-  - sudo apt-get install -y libprotobuf-dev libprotobuf-c0-dev protobuf-c-compiler protobuf-compiler python-protobuf libnl-3-dev libnet-dev libcap-dev
-  - make install.tools
-  - go get github.com/checkpoint-restore/go-criu
-  - git clone --single-branch -b ${CRIU_BRANCH} https://github.com/checkpoint-restore/criu.git
-  - cd criu; make
-  - sudo install -D -m 755 criu/criu /usr/sbin/
-  - cd ..
-script:
-  # This builds the code without running the tests.
-  - make lint build phaul test/test test/phaul test/piggie
-  # Run actual test as root as it uses CRIU.
-  - sudo make test phaul-test
-  # This builds crit-go
-  - make -C crit-go/magic-gen lint build magicgen test

vendor/github.com/checkpoint-restore/go-criu/v4/Makefile

@@ -1,60 +0,0 @@
-GO ?= go
-CC ?= gcc
-ifeq ($(GOPATH),)
-export GOPATH := $(shell $(GO) env GOPATH)
-endif
-FIRST_GOPATH := $(firstword $(subst :, ,$(GOPATH)))
-GOBIN := $(shell $(GO) env GOBIN)
-ifeq ($(GOBIN),)
-	GOBIN := $(FIRST_GOPATH)/bin
-endif
-
-all: build test phaul phaul-test
-
-lint:
-	@golint -set_exit_status . test phaul
-build:
-	@$(GO) build -v
-
-test/piggie: test/piggie.c
-	@$(CC) $^ -o $@
-
-test/test: test/main.go
-	@$(GO) build -v -o test/test test/main.go
-
-test: test/test test/piggie
-	mkdir -p image
-	test/piggie
-	test/test dump `pidof piggie` image
-	test/test restore image
-	pkill -9 piggie || :
-
-phaul:
-	@cd phaul; go build -v
-
-test/phaul: test/phaul-main.go
-	@$(GO) build -v -o test/phaul test/phaul-main.go
-
-phaul-test: test/phaul test/piggie
-	rm -rf image
-	test/piggie
-	test/phaul `pidof piggie`
-	pkill -9 piggie || :
-
-clean:
-	@rm -f test/test test/piggie test/phaul
-	@rm -rf image
-	@rm -f rpc/rpc.proto
-
-install.tools:
-	if [ ! -x "$(GOBIN)/golint" ]; then \
-		$(GO) get -u golang.org/x/lint/golint; \
-	fi
-
-rpc/rpc.proto:
-	curl -s https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/rpc.proto -o $@
-
-rpc/rpc.pb.go: rpc/rpc.proto
-	protoc --go_out=. $^
-
-.PHONY: build test clean lint phaul

vendor/github.com/checkpoint-restore/go-criu/v4/go.mod

@@ -1,5 +0,0 @@
-module github.com/checkpoint-restore/go-criu/v4
-
-go 1.13
-
-require github.com/golang/protobuf v1.3.5

vendor/github.com/checkpoint-restore/go-criu/v4/go.sum

@@ -1,2 +0,0 @@
-github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=

vendor/github.com/checkpoint-restore/go-criu/v5/.gitignore

@@ -1,5 +1,6 @@
 test/test
-test/piggie
+test/piggie/piggie
 test/phaul
 image
 rpc/rpc.proto
+stats/stats.proto

vendor/github.com/checkpoint-restore/go-criu/v5/.golangci.yml

@@ -0,0 +1,12 @@
+run:
+  skip_dirs:
+    - rpc
+    - stats
+
+linters:
+  disable-all: false
+  presets:
+    - bugs
+    - performance
+    - unused
+    - format

vendor/github.com/checkpoint-restore/go-criu/v5/Makefile

@@ -0,0 +1,57 @@
+GO ?= go
+CC ?= gcc
+
+all: build test phaul-test
+
+lint:
+	golangci-lint run ./...
+
+build:
+	$(GO) build -v ./...
+
+TEST_BINARIES := test/test test/piggie/piggie test/phaul/phaul
+test-bin: $(TEST_BINARIES)
+
+test/piggie/piggie: test/piggie/piggie.c
+	$(CC) $^ -o $@
+
+test/test: test/*.go
+	$(GO) build -v -o $@ $^
+
+test: $(TEST_BINARIES)
+	mkdir -p image
+	PID=$$(test/piggie/piggie) && { \
+	test/test dump $$PID image && \
+	test/test restore image; \
+	pkill -9 piggie; \
+	}
+	rm -rf image
+
+test/phaul/phaul: test/phaul/*.go
+	$(GO) build -v -o $@ $^
+
+phaul-test: $(TEST_BINARIES)
+	rm -rf image
+	PID=$$(test/piggie/piggie) && { \
+	test/phaul/phaul $$PID; \
+	pkill -9 piggie; \
+	}
+
+clean:
+	@rm -f $(TEST_BINARIES)
+	@rm -rf image
+	@rm -f rpc/rpc.proto stats/stats.proto
+
+rpc/rpc.proto:
+	curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/rpc.proto -o $@
+
+stats/stats.proto:
+	curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/stats.proto -o $@
+
+rpc/rpc.pb.go: rpc/rpc.proto
+	protoc --go_out=. $^
+
+stats/stats.pb.go: stats/stats.proto
+	protoc --go_out=. $^
+
+.PHONY: build test phaul-test test-bin clean lint

vendor/github.com/checkpoint-restore/go-criu/v5/README.md

@@ -1,8 +1,10 @@
-[![master](https://travis-ci.org/checkpoint-restore/go-criu.svg?branch=master)](https://travis-ci.org/checkpoint-restore/go-criu)
+[![test](https://github.com/checkpoint-restore/go-criu/workflows/ci/badge.svg?branch=master)](https://github.com/checkpoint-restore/go-criu/actions?query=workflow%3Aci)
+[![verify](https://github.com/checkpoint-restore/go-criu/workflows/verify/badge.svg?branch=master)](https://github.com/checkpoint-restore/go-criu/actions?query=workflow%3Averify)
+[![Go Reference](https://pkg.go.dev/badge/github.com/checkpoint-restore/go-criu.svg)](https://pkg.go.dev/github.com/checkpoint-restore/go-criu)
 
-## go-criu -- Go bindings for [CRIU](https://criu.org/)
+## go-criu -- Go bindings for CRIU
 
-This repository provides Go bindings for CRIU. The code is based on the Go based PHaul
+This repository provides Go bindings for [CRIU](https://criu.org/). The code is based on the Go-based PHaul
 implementation from the CRIU repository. For easier inclusion into other Go projects the
 CRIU Go bindings have been moved to this repository.
 
@@ -10,13 +12,26 @@ The Go bindings provide an easy way to use the CRIU RPC calls from Go without th
 to set up all the infrastructure to make the actual RPC connection to CRIU.
 
 The following example would print the version of CRIU:
-```
+```go
+import (
+	"log"
+
+	"github.com/checkpoint/restore/go-criu/v5"
+)
+
+func main() {
 	c := criu.MakeCriu()
 	version, err := c.GetCriuVersion()
-	fmt.Println(version)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	log.Println(version)
+}
 ```
+
 or to just check if at least a certain CRIU version is installed:
-```
+
+```go
 	c := criu.MakeCriu()
 	result, err := c.IsCriuAtLeast(31100)
 ```
@@ -31,7 +46,12 @@ As go-criu is imported in other projects and as Go modules are expected
 to follow Semantic Versioning go-criu will also follow Semantic Versioning
 starting with the 4.0.0 release.
 
-4.0.0 is based on CRIU 3.14
+The following table shows the relation between go-criu and criu versions:
+
+| Major version  | Latest release | CRIU version |
+| -------------- | -------------- | ------------ |
+| v5             | 5.0.0          | 3.15         |
+| v4             | 4.1.0          | 3.14         |
 
 ## How to contribute
 

vendor/github.com/checkpoint-restore/go-criu/v5/go.mod

@@ -0,0 +1,9 @@
+module github.com/checkpoint-restore/go-criu/v5
+
+go 1.13
+
+require (
+	github.com/golang/protobuf v1.4.3
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
+	google.golang.org/protobuf v1.23.0
+)

vendor/github.com/checkpoint-restore/go-criu/v5/go.sum

@@ -0,0 +1,22 @@
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=

vendor/github.com/checkpoint-restore/go-criu/v5/main.go

@@ -8,8 +8,8 @@ import (
 	"strconv"
 	"syscall"
 
-	"github.com/checkpoint-restore/go-criu/v4/rpc"
-	"github.com/golang/protobuf/proto"
+	"github.com/checkpoint-restore/go-criu/v5/rpc"
+	"google.golang.org/protobuf/proto"
 )
 
 // Criu struct
@@ -45,6 +45,7 @@ func (c *Criu) Prepare() error {
 	defer srv.Close()
 
 	args := []string{"swrk", strconv.Itoa(fds[1])}
+	// #nosec G204
 	cmd := exec.Command(c.swrkPath, args...)
 
 	err = cmd.Start()
@@ -64,7 +65,7 @@ func (c *Criu) Cleanup() {
 	if c.swrkCmd != nil {
 		c.swrkSk.Close()
 		c.swrkSk = nil
-		c.swrkCmd.Wait()
+		_ = c.swrkCmd.Wait()
 		c.swrkCmd = nil
 	}
 }
@@ -187,28 +188,28 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N
 }
 
 // Dump dumps a process
-func (c *Criu) Dump(opts rpc.CriuOpts, nfy Notify) error {
-	return c.doSwrk(rpc.CriuReqType_DUMP, &opts, nfy)
+func (c *Criu) Dump(opts *rpc.CriuOpts, nfy Notify) error {
+	return c.doSwrk(rpc.CriuReqType_DUMP, opts, nfy)
 }
 
 // Restore restores a process
-func (c *Criu) Restore(opts rpc.CriuOpts, nfy Notify) error {
-	return c.doSwrk(rpc.CriuReqType_RESTORE, &opts, nfy)
+func (c *Criu) Restore(opts *rpc.CriuOpts, nfy Notify) error {
+	return c.doSwrk(rpc.CriuReqType_RESTORE, opts, nfy)
 }
 
 // PreDump does a pre-dump
-func (c *Criu) PreDump(opts rpc.CriuOpts, nfy Notify) error {
-	return c.doSwrk(rpc.CriuReqType_PRE_DUMP, &opts, nfy)
+func (c *Criu) PreDump(opts *rpc.CriuOpts, nfy Notify) error {
+	return c.doSwrk(rpc.CriuReqType_PRE_DUMP, opts, nfy)
 }
 
 // StartPageServer starts the page server
-func (c *Criu) StartPageServer(opts rpc.CriuOpts) error {
-	return c.doSwrk(rpc.CriuReqType_PAGE_SERVER, &opts, nil)
+func (c *Criu) StartPageServer(opts *rpc.CriuOpts) error {
+	return c.doSwrk(rpc.CriuReqType_PAGE_SERVER, opts, nil)
 }
 
 // StartPageServerChld starts the page server and returns PID and port
-func (c *Criu) StartPageServerChld(opts rpc.CriuOpts) (int, int, error) {
-	resp, err := c.doSwrkWithResp(rpc.CriuReqType_PAGE_SERVER_CHLD, &opts, nil)
+func (c *Criu) StartPageServerChld(opts *rpc.CriuOpts) (int, int, error) {
+	resp, err := c.doSwrkWithResp(rpc.CriuReqType_PAGE_SERVER_CHLD, opts, nil)
 	if err != nil {
 		return 0, 0, err
 	}

vendor/github.com/checkpoint-restore/go-criu/v5/notify.go

@@ -1,6 +1,6 @@
 package criu
 
-//Notify interface
+// Notify interface
 type Notify interface {
 	PreDump() error
 	PostDump() error
@@ -14,8 +14,7 @@ type Notify interface {
 }
 
 // NoNotify struct
-type NoNotify struct {
-}
+type NoNotify struct{}
 
 // PreDump NoNotify
 func (c NoNotify) PreDump() error {