diff --git a/go.mod b/go.mod index 4128393b5d..fb521f0ff8 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/onsi/gomega v1.35.1 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0 - github.com/opencontainers/runc v1.2.0 + github.com/opencontainers/runc v1.2.1 github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/runtime-tools v0.9.1-0.20241001195557-6c9570a1678f github.com/opencontainers/selinux v1.11.1 diff --git a/go.sum b/go.sum index 11e0ba937e..366ff52338 100644 --- a/go.sum +++ b/go.sum @@ -398,8 +398,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opencontainers/runc v1.2.0 h1:qke7ZVCmJcKrJVY2iHJVC+0kql9uYdkusOPsQOOeBw4= -github.com/opencontainers/runc v1.2.0/go.mod h1:/PXzF0h531HTMsYQnmxXkBD7YaGShm/2zcRB79dksUc= +github.com/opencontainers/runc v1.2.1 h1:mQkmeFSUxqFaVmvIn1VQPeQIKpHFya5R07aJw0DKQa8= +github.com/opencontainers/runc v1.2.1/go.mod h1:/PXzF0h531HTMsYQnmxXkBD7YaGShm/2zcRB79dksUc= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.9.1-0.20241001195557-6c9570a1678f h1:tGGVO3yF9p5s/mPi3kO1AdoUDK49z0dgQqV0jeT1kik= diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index 67341e690d..a05945cba6 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -415,26 +415,29 @@ func ConvertCPUSharesToCgroupV2Value(cpuShares uint64) uint64 { // ConvertMemorySwapToCgroupV2Value converts MemorySwap value from OCI spec // for use by cgroup v2 drivers. A conversion is needed since Resources.MemorySwap -// is defined as memory+swap combined, while in cgroup v2 swap is a separate value. +// is defined as memory+swap combined, while in cgroup v2 swap is a separate value, +// so we need to subtract memory from it where it makes sense. func ConvertMemorySwapToCgroupV2Value(memorySwap, memory int64) (int64, error) { - // for compatibility with cgroup1 controller, set swap to unlimited in - // case the memory is set to unlimited, and swap is not explicitly set, - // treating the request as "set both memory and swap to unlimited". - if memory == -1 && memorySwap == 0 { + switch { + case memory == -1 && memorySwap == 0: + // For compatibility with cgroup1 controller, set swap to unlimited in + // case the memory is set to unlimited and the swap is not explicitly set, + // treating the request as "set both memory and swap to unlimited". return -1, nil - } - if memorySwap == -1 || memorySwap == 0 { - // -1 is "max", 0 is "unset", so treat as is + case memorySwap == -1, memorySwap == 0: + // Treat -1 ("max") and 0 ("unset") swap as is. return memorySwap, nil - } - // sanity checks - if memory == 0 || memory == -1 { + case memory == -1: + // Unlimited memory, so treat swap as is. + return memorySwap, nil + case memory == 0: + // Unset or unknown memory, can't calculate swap. return 0, errors.New("unable to set swap limit without memory limit") - } - if memory < 0 { + case memory < 0: + // Does not make sense to subtract a negative value. return 0, fmt.Errorf("invalid memory value: %d", memory) - } - if memorySwap < memory { + case memorySwap < memory: + // Sanity check. return 0, errors.New("memory+swap limit should be >= memory limit") } diff --git a/vendor/modules.txt b/vendor/modules.txt index 197bfbf4fc..5d015bb6f2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -896,7 +896,7 @@ github.com/opencontainers/go-digest ## explicit; go 1.18 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/opencontainers/runc v1.2.0 +# github.com/opencontainers/runc v1.2.1 ## explicit; go 1.22 github.com/opencontainers/runc/libcontainer/apparmor github.com/opencontainers/runc/libcontainer/cgroups