Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0-rc93 to 1.0.0-rc94.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Commits](https://github.com/opencontainers/runc/compare/v1.0.0-rc93...v1.0.0-rc94)

Signed-off-by: dependabot[bot] <support@github.com>

vendor/github.com/opencontainers/runc/libcontainer/apparmor/apparmor_linux.go

@@ -1,27 +1,41 @@
 package apparmor
 
 import (
-	"bytes"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
+	"sync"
 
 	"github.com/opencontainers/runc/libcontainer/utils"
 )
 
+var (
+	appArmorEnabled bool
+	checkAppArmor   sync.Once
+)
+
 // IsEnabled returns true if apparmor is enabled for the host.
 func IsEnabled() bool {
-	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
-		buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
-		return err == nil && bytes.HasPrefix(buf, []byte("Y"))
-	}
-	return false
+	checkAppArmor.Do(func() {
+		if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil {
+			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
+			appArmorEnabled = err == nil && len(buf) > 1 && buf[0] == 'Y'
+		}
+	})
+	return appArmorEnabled
 }
 
 func setProcAttr(attr, value string) error {
 	// Under AppArmor you can only change your own attr, so use /proc/self/
 	// instead of /proc/<tid>/ like libapparmor does
-	f, err := os.OpenFile("/proc/self/attr/"+attr, os.O_WRONLY, 0)
+	attrPath := "/proc/self/attr/apparmor/" + attr
+	if _, err := os.Stat(attrPath); errors.Is(err, os.ErrNotExist) {
+		// fall back to the old convention
+		attrPath = "/proc/self/attr/" + attr
+	}
+
+	f, err := os.OpenFile(attrPath, os.O_WRONLY, 0)
 	if err != nil {
 		return err
 	}