Merge pull request #25070 from containers/renovate/github.com-rootless-containers-rootlesskit-v2-2.x

fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2

go.mod

@@ -62,7 +62,7 @@ require (
 	github.com/opencontainers/runtime-tools v0.9.1-0.20241108202711-f7e3563b0271
 	github.com/opencontainers/selinux v1.11.1
 	github.com/openshift/imagebuilder v1.2.15
-	github.com/rootless-containers/rootlesskit/v2 v2.3.1
+	github.com/rootless-containers/rootlesskit/v2 v2.3.2
 	github.com/shirou/gopsutil/v4 v4.24.12
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1

go.sum

@@ -291,8 +291,8 @@ github.com/hugelgupf/vmtest v0.0.0-20230810222836-f8c8e381617c h1:4A+BVHylCBQPxl
 github.com/hugelgupf/vmtest v0.0.0-20230810222836-f8c8e381617c/go.mod h1:d2FMzS0rIF+3Daufcw660EZfTJihdNPeEwBBJgO4Ap0=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5 h1:GkMacU5ftc+IEg1449N3UEy2XLDz58W4fkrRu2fibb8=
-github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
+github.com/insomniacslk/dhcp v0.0.0-20250109001534-8abf58130905 h1:q3OEI9RaN/wwcx+qgGo6ZaoJkCiDYe/gjDLfq7lQQF4=
+github.com/insomniacslk/dhcp v0.0.0-20250109001534-8abf58130905/go.mod h1:VvGYjkZoJyKqlmT1yzakUs4mfKMNB0XdODP0+rdml6k=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
@@ -440,8 +440,8 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rootless-containers/rootlesskit/v2 v2.3.1 h1:wdYtdKxWFvVLby9ThMP6O6/v2q/GmOXbkRi+4m9nPW0=
-github.com/rootless-containers/rootlesskit/v2 v2.3.1/go.mod h1:tdtfS9ak4bGmwJRmcjsAzcHN5rJ3c5dB7yhSV10KTbk=
+github.com/rootless-containers/rootlesskit/v2 v2.3.2 h1:QZk7sKU3+B8UHretEeIg6NSTTpj0o4iHGNhNbJBnHOU=
+github.com/rootless-containers/rootlesskit/v2 v2.3.2/go.mod h1:RL7YzL02nA2d8HAzt5d1nZnuiAeudQ4oym+HF/7sk7U=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sebdah/goldie/v2 v2.5.5 h1:rx1mwF95RxZ3/83sdS4Yp7t2C5TCokvWP4TBRbAyEWY=
 github.com/sebdah/goldie/v2 v2.5.5/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=

vendor/github.com/rootless-containers/rootlesskit/v2/pkg/port/builtin/child/child.go

@@ -123,6 +123,11 @@ func (d *childDriver) handleConnectRequest(c *net.UnixConn, req *msg.Request) er
 	ip := req.IP
 	if ip == "" {
 		ip = "127.0.0.1"
+		if req.ParentIP != "" {
+			if req.ParentIP != req.HostGatewayIP && req.ParentIP != "0.0.0.0" {
+				ip = req.ParentIP
+			}
+		}
 	} else {
 		p := net.ParseIP(ip)
 		if p == nil {

vendor/github.com/rootless-containers/rootlesskit/v2/pkg/port/builtin/msg/msg.go

@@ -19,10 +19,12 @@ const (
 
 // Request and Response are encoded as JSON with uint32le length header.
 type Request struct {
-	Type  string // "init" or "connect"
-	Proto string // "tcp", "tcp4", "tcp6", "udp", "udp4", "udp6"
-	IP    string
-	Port  int
+	Type          string // "init" or "connect"
+	Proto         string // "tcp", "tcp4", "tcp6", "udp", "udp4", "udp6"
+	IP            string
+	Port          int
+	ParentIP      string
+	HostGatewayIP string
 }
 
 // Reply may contain FD as OOB
@@ -48,14 +50,33 @@ func Initiate(c *net.UnixConn) error {
 	return c.CloseRead()
 }
 
+func hostGatewayIP() string {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return ""
+	}
+
+	for _, addr := range addrs {
+		if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
+			if ipnet.IP.To4() != nil {
+				return ipnet.IP.String()
+			}
+		}
+	}
+
+	return ""
+}
+
 // ConnectToChild connects to the child UNIX socket, and obtains TCP or UDP socket FD
 // that corresponds to the port spec.
 func ConnectToChild(c *net.UnixConn, spec port.Spec) (int, error) {
 	req := Request{
-		Type:  RequestTypeConnect,
-		Proto: spec.Proto,
-		Port:  spec.ChildPort,
-		IP:    spec.ChildIP,
+		Type:          RequestTypeConnect,
+		Proto:         spec.Proto,
+		Port:          spec.ChildPort,
+		IP:            spec.ChildIP,
+		ParentIP:      spec.ParentIP,
+		HostGatewayIP: hostGatewayIP(),
 	}
 	if _, err := lowlevelmsgutil.MarshalToWriter(c, &req); err != nil {
 		return 0, err

vendor/github.com/rootless-containers/rootlesskit/v2/pkg/port/builtin/parent/parent.go

@@ -159,8 +159,7 @@ func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, err
 	case "udp", "udp4", "udp6":
 		err = udp.Run(d.socketPath, spec, routineStopCh, routineStoppedCh, d.logWriter)
 	default:
-		// NOTREACHED
-		return nil, errors.New("spec was not validated?")
+		return nil, fmt.Errorf("unsupported port protocol %s", spec.Proto)
 	}
 	if err != nil {
 		if isEPERM(err) {

vendor/modules.txt

@@ -974,7 +974,7 @@ github.com/proglottis/gpgme
 # github.com/rivo/uniseg v0.4.7
 ## explicit; go 1.18
 github.com/rivo/uniseg
-# github.com/rootless-containers/rootlesskit/v2 v2.3.1
+# github.com/rootless-containers/rootlesskit/v2 v2.3.2
 ## explicit; go 1.21.0
 github.com/rootless-containers/rootlesskit/v2/pkg/api
 github.com/rootless-containers/rootlesskit/v2/pkg/lowlevelmsgutil