go.mod: runtime-spec v1.1.0-rc.2

See https://github.com/opencontainers/runtime-spec/releases/tag/v1.1.0-rc.2
for the spec changes.

The `runc features` json is now defined in
https://github.com/opencontainers/runtime-spec/blob/v1.1.0-rc.2/specs-go/features/features.go

Replaces PR 3829

Signed-off-by: Akihiro Suda <[email protected]>

Author: AkihiroSuda

docs/spec-conformance.md

@@ -1,6 +1,6 @@
 # Spec conformance
 
-This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.1](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.1)
+This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.2](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.2)
 for the `linux` platform.
 
 The following features are not implemented yet:
@@ -10,8 +10,9 @@ Spec version | Feature                                  | PR
 v1.0.0       | `SCMP_ARCH_PARISC`                       | Unplanned, due to lack of users
 v1.0.0       | `SCMP_ARCH_PARISC64`                     | Unplanned, due to lack of users
 v1.0.2       | `.linux.personality`                     | [#3126](https://github.com/opencontainers/runc/pull/3126)
-v1.1.0-rc.1  | `.linux.resources.cpu.burst`             | [#3205](https://github.com/opencontainers/runc/pull/3205)
-v1.1.0-rc.1  | `.domainname`                            | [#3600](https://github.com/opencontainers/runc/pull/3600)
+v1.1.0-rc.1  | `.linux.resources.cpu.burst`             | [#3749](https://github.com/opencontainers/runc/pull/3749)
 v1.1.0-rc.1  | `.[]mounts.uidMappings`                  | [#3717](https://github.com/opencontainers/runc/pull/3717)
 v1.1.0-rc.1  | `.[]mounts.gidMappings`                  | [#3717](https://github.com/opencontainers/runc/pull/3717)
-v1.1.0-rc.1  | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO
+v1.1.0-rc.1  | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO ([#3860](https://github.com/opencontainers/runc/issues/3860))
+v1.1.0-rc.2  | time namespaces                          | TODO ([#2345](https://github.com/opencontainers/runc/issues/2345))
+v1.1.0-rc.2  | rsvd hugetlb cgroup                      | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859))

features.go

@@ -8,8 +8,9 @@ import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	"github.com/opencontainers/runc/libcontainer/specconv"
-	"github.com/opencontainers/runc/types/features"
+	runcfeatures "github.com/opencontainers/runc/types/features"
 	"github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go/features"
 	"github.com/urfave/cli"
 )
 
@@ -33,9 +34,9 @@ var featuresCommand = cli.Command{
 			OCIVersionMin: "1.0.0",
 			OCIVersionMax: specs.Version,
 			Annotations: map[string]string{
-				features.AnnotationRuncVersion:           version,
-				features.AnnotationRuncCommit:            gitCommit,
-				features.AnnotationRuncCheckpointEnabled: "true",
+				runcfeatures.AnnotationRuncVersion:           version,
+				runcfeatures.AnnotationRuncCommit:            gitCommit,
+				runcfeatures.AnnotationRuncCheckpointEnabled: "true",
 			},
 			Hooks:        configs.KnownHookNames(),
 			MountOptions: specconv.KnownMountOptions(),
@@ -47,13 +48,17 @@ var featuresCommand = cli.Command{
 					V2:          &tru,
 					Systemd:     &tru,
 					SystemdUser: &tru,
+					Rdma:        &tru,
 				},
 				Apparmor: &features.Apparmor{
 					Enabled: &tru,
 				},
 				Selinux: &features.Selinux{
 					Enabled: &tru,
 				},
+				IntelRdt: &features.IntelRdt{
+					Enabled: &tru,
+				},
 			},
 		}
 
@@ -67,7 +72,7 @@ var featuresCommand = cli.Command{
 				SupportedFlags: seccomp.SupportedFlags(),
 			}
 			major, minor, patch := seccomp.Version()
-			feat.Annotations[features.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch)
+			feat.Annotations[runcfeatures.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch)
 		}
 
 		enc := json.NewEncoder(context.App.Writer)

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/moby/sys/mountinfo v0.6.2
 	github.com/mrunalp/fileutils v0.5.0
-	github.com/opencontainers/runtime-spec v1.1.0-rc.1
+	github.com/opencontainers/runtime-spec v1.1.0-rc.2
 	github.com/opencontainers/selinux v1.11.0
 	github.com/seccomp/libseccomp-golang v0.10.0
 	github.com/sirupsen/logrus v1.9.0

go.sum

@@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w=
-github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8=
+github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

types/features/features.go

@@ -1,122 +1,6 @@
-// Package features provides the JSON structure that is printed by `runc features` (since runc v1.1.0).
-// The types in this package are experimental and subject to change.
+// Package features provides the annotations for [github.com/opencontainers/runtime-spec/specs-go/features].
 package features
 
-// Features represents the supported features of the runtime.
-type Features struct {
-	// OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0".
-	OCIVersionMin string `json:"ociVersionMin,omitempty"`
-
-	// OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev".
-	OCIVersionMax string `json:"ociVersionMax,omitempty"`
-
-	// Hooks is the list of the recognized hook names, e.g., "createRuntime".
-	// Nil value means "unknown", not "no support for any hook".
-	Hooks []string `json:"hooks,omitempty"`
-
-	// MountOptions is the list of the recognized mount options, e.g., "ro".
-	// Nil value means "unknown", not "no support for any mount option".
-	// This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *).
-	MountOptions []string `json:"mountOptions,omitempty"`
-
-	// Linux is specific to Linux.
-	Linux *Linux `json:"linux,omitempty"`
-
-	// Annotations contains implementation-specific annotation strings,
-	// such as the implementation version, and third-party extensions.
-	Annotations map[string]string `json:"annotations,omitempty"`
-}
-
-// Linux is specific to Linux.
-type Linux struct {
-	// Namespaces is the list of the recognized namespaces, e.g., "mount".
-	// Nil value means "unknown", not "no support for any namespace".
-	Namespaces []string `json:"namespaces,omitempty"`
-
-	// Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN".
-	// Nil value means "unknown", not "no support for any capability".
-	Capabilities []string `json:"capabilities,omitempty"`
-
-	Cgroup   *Cgroup   `json:"cgroup,omitempty"`
-	Seccomp  *Seccomp  `json:"seccomp,omitempty"`
-	Apparmor *Apparmor `json:"apparmor,omitempty"`
-	Selinux  *Selinux  `json:"selinux,omitempty"`
-}
-
-// Seccomp represents the "seccomp" field.
-type Seccomp struct {
-	// Enabled is true if seccomp support is compiled in.
-	// Nil value means "unknown", not "false".
-	Enabled *bool `json:"enabled,omitempty"`
-
-	// Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY".
-	// Nil value means "unknown", not "no support for any action".
-	Actions []string `json:"actions,omitempty"`
-
-	// Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE".
-	// Nil value means "unknown", not "no support for any operator".
-	Operators []string `json:"operators,omitempty"`
-
-	// Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64".
-	// Nil value means "unknown", not "no support for any arch".
-	Archs []string `json:"archs,omitempty"`
-
-	// KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG".
-	// Nil value means "unknown", not "no flags are recognized".
-	KnownFlags []string `json:"knownFlags,omitempty"`
-
-	// SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG".
-	// This list may be a subset of KnownFlags due to some flags
-	// not supported by the current kernel and/or libseccomp.
-	// Nil value means "unknown", not "no flags are supported".
-	SupportedFlags []string `json:"supportedFlags,omitempty"`
-}
-
-// Apparmor represents the "apparmor" field.
-type Apparmor struct {
-	// Enabled is true if AppArmor support is compiled in.
-	// Unrelated to whether the host supports AppArmor or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-// Selinux represents the "selinux" field.
-type Selinux struct {
-	// Enabled is true if SELinux support is compiled in.
-	// Unrelated to whether the host supports SELinux or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-// Cgroup represents the "cgroup" field.
-type Cgroup struct {
-	// V1 represents whether Cgroup v1 support is compiled in.
-	// Unrelated to whether the host uses cgroup v1 or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	V1 *bool `json:"v1,omitempty"`
-
-	// V2 represents whether Cgroup v2 support is compiled in.
-	// Unrelated to whether the host uses cgroup v2 or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	V2 *bool `json:"v2,omitempty"`
-
-	// Systemd represents whether systemd-cgroup support is compiled in.
-	// Unrelated to whether the host uses systemd or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	Systemd *bool `json:"systemd,omitempty"`
-
-	// SystemdUser represents whether user-scoped systemd-cgroup support is compiled in.
-	// Unrelated to whether the host uses systemd or not.
-	// Nil value means "unknown", not "false".
-	// Always true in the current version of runc.
-	SystemdUser *bool `json:"systemdUser,omitempty"`
-}
-
 const (
 	// AnnotationRuncVersion represents the version of runc, e.g., "1.2.3", "1.2.3+dev", "1.2.3-rc.4.", "1.2.3-rc.4+dev".
 	// Third party implementations such as crun and runsc MAY use this annotation to report the most compatible runc version,