vendor c/psgo@v1.7.1

psgo added support for listing supplementary groups via
two new descriptors:

* `groups` for supplementary groups inside the container
* `hgroups` for the counterpart on the host

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

vendor/github.com/containers/psgo/internal/proc/ns.go

@@ -59,7 +59,7 @@ func ReadMappings(path string) ([]IDMap, error) {
 	for {
 		line, _, err := buf.ReadLine()
 		if err != nil {
-			if err == io.EOF {
+			if err == io.EOF { //nolint:errorlint // False positive, see https://github.com/polyfloyd/go-errorlint/pull/12
 				return mappings, nil
 			}
 			return nil, fmt.Errorf("cannot read line from %s: %w", path, err)

vendor/github.com/containers/psgo/internal/proc/pids.go

@@ -52,7 +52,7 @@ func GetPIDs() ([]string, error) {
 	return pids, nil
 }
 
-// GetPIDsFromCgroup returns a strings slice of all pids listesd in pid's pids
+// GetPIDsFromCgroup returns a strings slice of all pids listed in pid's pids
 // cgroup.  It automatically detects if we're running in unified mode or not.
 func GetPIDsFromCgroup(pid string) ([]string, error) {
 	unified, err := cgroups.IsCgroup2UnifiedMode()
@@ -65,11 +65,12 @@ func GetPIDsFromCgroup(pid string) ([]string, error) {
 	return getPIDsFromCgroupV1(pid)
 }
 
-// getPIDsFromCgroupV1 returns a strings slice of all pids listesd in pid's pids
+// getPIDsFromCgroupV1 returns a strings slice of all pids listed in pid's pids
 // cgroup.
 func getPIDsFromCgroupV1(pid string) ([]string, error) {
 	// First, find the corresponding path to the PID cgroup.
-	f, err := os.Open(fmt.Sprintf("/proc/%s/cgroup", pid))
+	pidPath := fmt.Sprintf("/proc/%s/cgroup", pid)
+	f, err := os.Open(pidPath)
 	if err != nil {
 		return nil, err
 	}
@@ -83,7 +84,8 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) {
 			continue
 		}
 		if fields[1] == "pids" {
-			cgroupPath = fmt.Sprintf("/sys/fs/cgroup/pids/%s/cgroup.procs", fields[2])
+			cgroupPath = filepath.Join(cgroups.CgroupRoot, "pids", fields[2], "cgroup.procs")
+			break
 		}
 	}
 
@@ -94,7 +96,18 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) {
 	// Second, extract the PIDs inside the cgroup.
 	f, err = os.Open(cgroupPath)
 	if err != nil {
-		return nil, err
+		if os.IsNotExist(err) {
+			// OCI runtimes might mount the container cgroup at the root, breaking what it showed
+			// in /proc/$PID/cgroup and the path.
+			// Check if the PID still exists to make sure the process is still alive.
+			if _, errStat := os.Stat(pidPath); errStat == nil {
+				cgroupPath = filepath.Join(cgroups.CgroupRoot, "pids", "cgroup.procs")
+				f, err = os.Open(cgroupPath)
+			}
+		}
+		if err != nil {
+			return nil, err
+		}
 	}
 	defer f.Close()
 
@@ -107,7 +120,7 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) {
 	return pids, nil
 }
 
-// getPIDsFromCgroupV2 returns a strings slice of all pids listesd in pid's pids
+// getPIDsFromCgroupV2 returns a strings slice of all pids listed in pid's pids
 // cgroup.
 func getPIDsFromCgroupV2(pid string) ([]string, error) {
 	// First, find the corresponding path to the PID cgroup.
@@ -124,8 +137,10 @@ func getPIDsFromCgroupV2(pid string) ([]string, error) {
 		if len(fields) != 3 {
 			continue
 		}
-		cgroupSlice = fields[2]
-		break
+		if fields[1] == "" {
+			cgroupSlice = fields[2]
+			break
+		}
 	}
 
 	if cgroupSlice == "" {

vendor/github.com/containers/psgo/internal/proc/status.go

@@ -182,7 +182,7 @@ func readStatusUserNS(pid string) ([]string, error) {
 	c := exec.Command(args[0], args[1:]...)
 	output, err := c.CombinedOutput()
 	if err != nil {
-		return nil, fmt.Errorf("error executing %q: %v", strings.Join(args, " "), err)
+		return nil, fmt.Errorf("error executing %q: %w", strings.Join(args, " "), err)
 	}
 
 	return strings.Split(string(output), "\n"), nil