fix(deps): update module github.com/opencontainers/cgroups to v0.0.2

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-07-04 10:10:32 +08:00 · 2025-04-28 18:19:46 +00:00
parent a2d542df37
commit 6c9f378a9b
15 changed files with 141 additions and 78 deletions
--- a/go.mod
+++ b/go.mod
@ -52,7 +52,7 @@ require (
 	github.com/nxadm/tail v1.4.11
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
-	github.com/opencontainers/cgroups v0.0.1
+	github.com/opencontainers/cgroups v0.0.2
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/opencontainers/runtime-spec v1.2.1
--- a/go.sum
+++ b/go.sum
@ -357,8 +357,8 @@ github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus
 github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
-github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA=
+github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o=
-github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs=
+github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
--- a/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml
+++ b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml
@ -0,0 +1,21 @@
 # This is golangci-lint config file which is used to check NEW code in
 # github PRs only (see lint-extra in .github/workflows/validate.yml).
 #
 # For the default linter config, see .golangci.yml. This config should
 # only enable additional linters and/or linter settings not enabled
 # in the default config.
 version: "2"
 linters:
  default: none
  enable:
    - godot
    - revive
    - staticcheck
  settings:
    staticcheck:
      checks:
        - all
        - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression.
  exclusions:
    generated: strict
--- a/vendor/github.com/opencontainers/cgroups/.golangci.yml
+++ b/vendor/github.com/opencontainers/cgroups/.golangci.yml
@ -0,0 +1,31 @@
 # For documentation, see https://golangci-lint.run/usage/configuration/
 version: "2"
 formatters:
  enable:
    - gofumpt
  exclusions:
    generated: strict
 linters:
  enable:
    - errorlint
    - nolintlint
    - unconvert
    - unparam
  settings:
    govet:
      enable:
        - nilness
    staticcheck:
      checks:
        - all
        - -ST1000 # https://staticcheck.dev/docs/checks/#ST1000 Incorrect or missing package comment.
        - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier.
        - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string.
        - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression.
  exclusions:
    generated: strict
    presets:
      - comments
      - std-error-handling
--- a/vendor/github.com/opencontainers/cgroups/RELEASES.md
+++ b/vendor/github.com/opencontainers/cgroups/RELEASES.md
@ -23,7 +23,7 @@ However, specification releases have special restrictions in the [OCI charter][c
 * They are the target of backwards compatibility (§7.g), and
 * They are subject to the OFWa patent grant (§8.d and e).
-To avoid unfortunate side effects (onerous backwards compatibity requirements or Member resignations), the following additional procedures apply to specification releases:
+To avoid unfortunate side effects (onerous backwards compatibility requirements or Member resignations), the following additional procedures apply to specification releases:
 ### Planning a release
--- a/vendor/github.com/opencontainers/cgroups/config_linux.go
+++ b/vendor/github.com/opencontainers/cgroups/config_linux.go
@ -23,16 +23,16 @@ type Cgroup struct {
 	// Path specifies the path to cgroups that are created and/or joined by the container.
 	// The path is assumed to be relative to the host system cgroup mountpoint.
-	Path string `json:"path"`
+	Path string `json:"path,omitempty"`
-	// ScopePrefix describes prefix for the scope name
+	// ScopePrefix describes prefix for the scope name.
-	ScopePrefix string `json:"scope_prefix"`
+	ScopePrefix string `json:"scope_prefix,omitempty"`
-	// Resources contains various cgroups settings to apply
+	// Resources contains various cgroups settings to apply.
-	*Resources
+	*Resources `json:"Resources,omitempty"`
 	// Systemd tells if systemd should be used to manage cgroups.
-	Systemd bool
+	Systemd bool `json:"Systemd,omitempty"`
 	// SystemdProps are any additional properties for systemd,
 	// derived from org.systemd.property.xxx annotations.
@ -40,7 +40,7 @@ type Cgroup struct {
 	SystemdProps []systemdDbus.Property `json:"-"`
 	// Rootless tells if rootless cgroups should be used.
-	Rootless bool
+	Rootless bool `json:"Rootless,omitempty"`
 	// The host UID that should own the cgroup, or nil to accept
 	// the default ownership.  This should only be set when the
@ -52,96 +52,96 @@ type Cgroup struct {
 type Resources struct {
 	// Devices is the set of access rules for devices in the container.
-	Devices []*devices.Rule `json:"devices"`
+	Devices []*devices.Rule `json:"devices,omitempty"`
-	// Memory limit (in bytes)
+	// Memory limit (in bytes).
-	Memory int64 `json:"memory"`
+	Memory int64 `json:"memory,omitempty"`
-	// Memory reservation or soft_limit (in bytes)
+	// Memory reservation or soft_limit (in bytes).
-	MemoryReservation int64 `json:"memory_reservation"`
+	MemoryReservation int64 `json:"memory_reservation,omitempty"`
-	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
+	// Total memory usage (memory+swap); use -1 for unlimited swap.
-	MemorySwap int64 `json:"memory_swap"`
+	MemorySwap int64 `json:"memory_swap,omitempty"`
-	// CPU shares (relative weight vs. other containers)
+	// CPU shares (relative weight vs. other containers).
-	CpuShares uint64 `json:"cpu_shares"`
+	CpuShares uint64 `json:"cpu_shares,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuShares should be CPUShares".
 	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
-	CpuQuota int64 `json:"cpu_quota"`
+	CpuQuota int64 `json:"cpu_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota".
 	// CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period.
-	CpuBurst *uint64 `json:"cpu_burst"` //nolint:revive
+	CpuBurst *uint64 `json:"cpu_burst,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuBurst should be CPUBurst".
 	// CPU period to be used for hardcapping (in usecs). 0 to use system default.
-	CpuPeriod uint64 `json:"cpu_period"`
+	CpuPeriod uint64 `json:"cpu_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuPeriod should be CPUPeriod".
 	// How many time CPU will use in realtime scheduling (in usecs).
-	CpuRtRuntime int64 `json:"cpu_rt_quota"`
+	CpuRtRuntime int64 `json:"cpu_rt_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuRtRuntime should be CPURtRuntime".
 	// CPU period to be used for realtime scheduling (in usecs).
-	CpuRtPeriod uint64 `json:"cpu_rt_period"`
+	CpuRtPeriod uint64 `json:"cpu_rt_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota".
-	// CPU to use
+	// Cpuset CPUs to use.
-	CpusetCpus string `json:"cpuset_cpus"`
+	CpusetCpus string `json:"cpuset_cpus,omitempty"`
-	// MEM to use
+	// Cpuset memory nodes to use.
-	CpusetMems string `json:"cpuset_mems"`
+	CpusetMems string `json:"cpuset_mems,omitempty"`
-	// cgroup SCHED_IDLE
+	// Cgroup's SCHED_IDLE value.
 	CPUIdle *int64 `json:"cpu_idle,omitempty"`
 	// Process limit; set <= `0' to disable limit.
-	PidsLimit int64 `json:"pids_limit"`
+	PidsLimit int64 `json:"pids_limit,omitempty"`
 	// Specifies per cgroup weight, range is from 10 to 1000.
-	BlkioWeight uint16 `json:"blkio_weight"`
+	BlkioWeight uint16 `json:"blkio_weight,omitempty"`
-	// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only
+	// Tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only.
-	BlkioLeafWeight uint16 `json:"blkio_leaf_weight"`
+	BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitempty"`
 	// Weight per cgroup per device, can override BlkioWeight.
-	BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"`
+	BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitempty"`
 	// IO read rate limit per cgroup per device, bytes per second.
-	BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"`
+	BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitempty"`
 	// IO write rate limit per cgroup per device, bytes per second.
-	BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"`
+	BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitempty"`
 	// IO read rate limit per cgroup per device, IO per second.
-	BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"`
+	BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitempty"`
 	// IO write rate limit per cgroup per device, IO per second.
-	BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"`
+	BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitempty"`
-	// set the freeze value for the process
+	// Freeze value for the process.
-	Freezer FreezerState `json:"freezer"`
+	Freezer FreezerState `json:"freezer,omitempty"`
-	// Hugetlb limit (in bytes)
+	// Hugetlb limit (in bytes).
-	HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"`
+	HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitempty"`
-	// Whether to disable OOM Killer
+	// Whether to disable OOM killer.
-	OomKillDisable bool `json:"oom_kill_disable"`
+	OomKillDisable bool `json:"oom_kill_disable,omitempty"`
-	// Tuning swappiness behaviour per cgroup
+	// Tuning swappiness behaviour per cgroup.
-	MemorySwappiness *uint64 `json:"memory_swappiness"`
+	MemorySwappiness *uint64 `json:"memory_swappiness,omitempty"`
-	// Set priority of network traffic for container
+	// Set priority of network traffic for container.
-	NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"`
+	NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitempty"`
-	// Set class identifier for container's network packets
+	// Set class identifier for container's network packets.
-	NetClsClassid uint32 `json:"net_cls_classid_u"`
+	NetClsClassid uint32 `json:"net_cls_classid_u,omitempty"`
-	// Rdma resource restriction configuration
+	// Rdma resource restriction configuration.
-	Rdma map[string]LinuxRdma `json:"rdma"`
+	Rdma map[string]LinuxRdma `json:"rdma,omitempty"`
 	// Used on cgroups v2:
 	// CpuWeight sets a proportional bandwidth limit.
-	CpuWeight uint64 `json:"cpu_weight"`
+	CpuWeight uint64 `json:"cpu_weight,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuWeight should be CPUWeight".
 	// Unified is cgroupv2-only key-value map.
-	Unified map[string]string `json:"unified"`
+	Unified map[string]string `json:"unified,omitempty"`
 	// SkipDevices allows to skip configuring device permissions.
 	// Used by e.g. kubelet while creating a parent cgroup (kubepods)
@ -165,5 +165,5 @@ type Resources struct {
 	// MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check
 	// if the new memory limits (Memory and MemorySwap) being set are lower
 	// than the current memory usage, and reject if so.
-	MemoryCheckBeforeUpdate bool `json:"memory_check_before_update"`
+	MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitempty"`
 }
--- a/vendor/github.com/opencontainers/cgroups/devices/config/device.go
+++ b/vendor/github.com/opencontainers/cgroups/devices/config/device.go
@ -20,10 +20,10 @@ type Device struct {
 	FileMode os.FileMode `json:"file_mode"`
 	// Uid of the device.
-	Uid uint32 `json:"uid"`
+	Uid uint32 `json:"uid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Uid should be UID".
 	// Gid of the device.
-	Gid uint32 `json:"gid"`
+	Gid uint32 `json:"gid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Gid should be GID".
 }
 // Permissions is a cgroupv1-style string to represent device access. It
--- a/vendor/github.com/opencontainers/cgroups/fs/freezer.go
+++ b/vendor/github.com/opencontainers/cgroups/fs/freezer.go
@ -57,7 +57,7 @@ func (s *FreezerGroup) Set(path string, r *cgroups.Resources) (Err error) {
 		// Alas, this is still a game of chances, since the real fix
 		// belong to the kernel (cgroup v2 do not have this bug).
-		for i := 0; i < 1000; i++ {
+		for i := range 1000 {
 			if i%50 == 49 {
 				// Occasional thaw and sleep improves
 				// the chances to succeed in freezing
--- a/vendor/github.com/opencontainers/cgroups/fs2/cpu.go
+++ b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go
@ -108,6 +108,12 @@ func statCpu(dirPath string, stats *cgroups.Stats) error {
 		case "throttled_usec":
 			stats.CpuStats.ThrottlingData.ThrottledTime = v * 1000
 		case "nr_bursts":
 			stats.CpuStats.BurstData.BurstsPeriods = v
 		case "burst_usec":
 			stats.CpuStats.BurstData.BurstTime = v * 1000
 		}
 	}
 	if err := sc.Err(); err != nil {
--- a/vendor/github.com/opencontainers/cgroups/fs2/memory.go
+++ b/vendor/github.com/opencontainers/cgroups/fs2/memory.go
@ -18,17 +18,14 @@ import (
 // cgroupv2 files with .min, .max, .low, or .high suffix.
 // The value of -1 is converted to "max" for cgroupv1 compatibility
 // (which used to write -1 to remove the limit).
-func numToStr(value int64) (ret string) {
+func numToStr(value int64) string {
-	switch {
+	switch value {
-	case value == 0:
+	case 0:
-		ret = ""
+		return ""
-	case value == -1:
+	case -1:
-		ret = "max"
+		return "max"
 	default:
 		ret = strconv.FormatInt(value, 10)
 	}
-
+	return strconv.FormatInt(value, 10)
 	return ret
 }
 func isMemorySet(r *cgroups.Resources) bool {
@ -57,7 +54,7 @@ func setMemory(dirPath string, r *cgroups.Resources) error {
 	if swapStr != "" {
 		if err := cgroups.WriteFile(dirPath, "memory.swap.max", swapStr); err != nil {
 			// If swap is not enabled, silently ignore setting to max or disabling it.
-			if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) {
+			if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { //nolint:staticcheck // Ignore "QF1001: could apply De Morgan's law".
 				return err
 			}
 		}
--- a/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go
+++ b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go
@ -50,7 +50,7 @@ func readRdmaEntries(dir, file string) ([]cgroups.RdmaEntry, error) {
 	if err != nil {
 		return nil, err
 	}
-	defer fd.Close() //nolint:errorlint
+	defer fd.Close()
 	scanner := bufio.NewScanner(fd)
 	for scanner.Scan() {
 		parts := strings.SplitN(scanner.Text(), " ", 4)
--- a/vendor/github.com/opencontainers/cgroups/stats.go
+++ b/vendor/github.com/opencontainers/cgroups/stats.go
@ -9,6 +9,14 @@ type ThrottlingData struct {
 	ThrottledTime uint64 `json:"throttled_time,omitempty"`
 }
 type BurstData struct {
 	// Number of periods bandwidth burst occurs
 	BurstsPeriods uint64 `json:"bursts_periods,omitempty"`
 	// Cumulative wall-time that any cpus has used above quota in respective periods
 	// Units: nanoseconds.
 	BurstTime uint64 `json:"burst_time,omitempty"`
 }
 // CpuUsage denotes the usage of a CPU.
 // All CPU stats are aggregate since container inception.
 type CpuUsage struct {
@ -48,6 +56,7 @@ type CpuStats struct {
 	CpuUsage       CpuUsage       `json:"cpu_usage,omitempty"`
 	ThrottlingData ThrottlingData `json:"throttling_data,omitempty"`
 	PSI            *PSIStats      `json:"psi,omitempty"`
 	BurstData      BurstData      `json:"burst_data,omitempty"`
 }
 type CPUSetStats struct {
--- a/vendor/github.com/opencontainers/cgroups/utils.go
+++ b/vendor/github.com/opencontainers/cgroups/utils.go
@ -231,7 +231,7 @@ func rmdir(path string, retry bool) error {
 again:
 	err := unix.Rmdir(path)
-	switch err { // nolint:errorlint // unix errors are bare
+	switch err {
 	case nil, unix.ENOENT:
 		return nil
 	case unix.EINTR:
@ -395,7 +395,7 @@ func WriteCgroupProc(dir string, pid int) error {
 	}
 	defer file.Close()
-	for i := 0; i < 5; i++ {
+	for range 5 {
 		_, err = file.WriteString(strconv.Itoa(pid))
 		if err == nil {
 			return nil
--- a/vendor/github.com/opencontainers/cgroups/v1_utils.go
+++ b/vendor/github.com/opencontainers/cgroups/v1_utils.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"slices"
 	"strings"
 	"sync"
 	"syscall"
@ -144,13 +145,11 @@ func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string,
 func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) {
 	for _, mi := range mounts {
 		if strings.HasPrefix(mi.Mountpoint, cgroupPath) {
-			for _, opt := range strings.Split(mi.VFSOptions, ",") {
+			if slices.Contains(strings.Split(mi.VFSOptions, ","), subsystem) {
 				if opt == subsystem {
 				return mi.Mountpoint, mi.Root, nil
 			}
 		}
 	}
 	}
 	return "", "", NewNotFoundError(subsystem)
 }
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -800,7 +800,7 @@ github.com/onsi/gomega/matchers/support/goraph/edge
 github.com/onsi/gomega/matchers/support/goraph/node
 github.com/onsi/gomega/matchers/support/goraph/util
 github.com/onsi/gomega/types
-# github.com/opencontainers/cgroups v0.0.1
+# github.com/opencontainers/cgroups v0.0.2
 ## explicit; go 1.23.0
 github.com/opencontainers/cgroups
 github.com/opencontainers/cgroups/devices/config