vendor: update c/common

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

go.mod

@@ -10,10 +10,10 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/buger/goterm v1.0.4
 	github.com/checkpoint-restore/checkpointctl v1.2.1
-	github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c
+	github.com/checkpoint-restore/go-criu/v7 v7.2.0
 	github.com/containernetworking/plugins v1.5.1
 	github.com/containers/buildah v1.37.0
-	github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd
+	github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/gvisor-tap-vsock v0.7.5
 	github.com/containers/image/v5 v5.32.1-0.20240806084436-e3e9287ca8e6

go.sum

@@ -41,8 +41,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/checkpoint-restore/checkpointctl v1.2.1 h1:aYFl2CEk95bPLDvNDgif4ZLx3pjCZMJm6td+A0X1+xs=
 github.com/checkpoint-restore/checkpointctl v1.2.1/go.mod h1:8oF+AtNUFJAI13ETcbB3clnjiwvviX0QzVBhYzQ8yBA=
-github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c h1:/LNWuEZICKO96wvlLRam53lp7inbzwR1zE/YuoUUV/k=
-github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c/go.mod h1:FTB8VSlcpwignNNaAXXzNlKBIf+DcZw8urnXKCkpeB4=
+github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo=
+github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
@@ -81,8 +81,8 @@ github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+
 github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
 github.com/containers/buildah v1.37.0 h1:jvHwu1vIwIqnHyOSg9eef9Apdpry+5oWLrm43gdf8Rk=
 github.com/containers/buildah v1.37.0/go.mod h1:MKd79tkluMf6vtH06SedhBQK5OB7E0pFVIuiTTw3dJk=
-github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd h1:eUzsKokkxMAxqBwCD1agfKf6lIZEQ/ayPru7Tb/oW9Y=
-github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd/go.mod h1:f/n9w0F2lW52S3ppXjQlSVazsyNdilFZ80AyrFl4zn4=
+github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59 h1:X9km1EYMFpx80DZEy32/vKuadtYCJ/KJZuLamVbJX98=
+github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59/go.mod h1:I+AnVQDPUP6E9tWFOx1PngtVP6U6OIA4dcNGqFqjoQU=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/gvisor-tap-vsock v0.7.5 h1:bTy4u3DOmmUPwurL6me2rsgfypAFDhyeJleUcQmBR/E=

vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml

@@ -16,3 +16,7 @@ linters:
 linters-settings:
   exhaustive:
     default-signifies-exhaustive: true
+  gosec:
+    excludes:
+      # https://github.com/securego/gosec/issues/1185
+      - G115

vendor/github.com/checkpoint-restore/go-criu/v7/README.md

@@ -62,7 +62,8 @@ The following table shows the relation between go-criu and criu versions:
 
 | Major version  | Latest release | CRIU version |
 | -------------- | -------------- | ------------ |
-| v7             | 7.1.0          | 3.18         |
+| v7             | 7.2.0          | 3.19         |
+| v7             | 7.0.0          | 3.18         |
 | v6             | 6.3.0          | 3.17         |
 | v5             | 5.3.0          | 3.16         |
 | v5             | 5.0.0          | 3.15         |

vendor/github.com/containers/common/pkg/cgroups/cgroups_linux.go

@@ -95,7 +95,8 @@ func init() {
 func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]controller, error) {
 	if cgroup2 {
 		controllers := []controller{}
-		controllersFile := cgroupRoot + "/cgroup.controllers"
+		controllersFile := filepath.Join(cgroupRoot, "cgroup.controllers")
+
 		// rootless cgroupv2: check available controllers for current user, systemd or servicescope will inherit
 		if unshare.IsRootless() {
 			userSlice, err := getCgroupPathForCurrentProcess()
@@ -104,7 +105,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool)
 			}
 			// userSlice already contains '/' so not adding here
 			basePath := cgroupRoot + userSlice
-			controllersFile = basePath + "/cgroup.controllers"
+			controllersFile = filepath.Join(basePath, "cgroup.controllers")
 		}
 		controllersFileBytes, err := os.ReadFile(controllersFile)
 		if err != nil {
@@ -597,7 +598,7 @@ func createCgroupv2Path(path string) (deferredError error) {
 	if !strings.HasPrefix(path, cgroupRoot+"/") {
 		return fmt.Errorf("invalid cgroup path %s", path)
 	}
-	content, err := os.ReadFile(cgroupRoot + "/cgroup.controllers")
+	content, err := os.ReadFile(filepath.Join(cgroupRoot, "cgroup.controllers"))
 	if err != nil {
 		return err
 	}
@@ -625,8 +626,43 @@ func createCgroupv2Path(path string) (deferredError error) {
 		// We enable the controllers for all the path components except the last one.  It is not allowed to add
 		// PIDs if there are already enabled controllers.
 		if i < len(elements[3:])-1 {
-			if err := os.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0o755); err != nil {
-				return err
+			subtreeControl := filepath.Join(current, "cgroup.subtree_control")
+			if err := os.WriteFile(subtreeControl, res, 0o755); err != nil {
+				// The kernel returns ENOENT either if the file itself is missing, or a controller
+				if errors.Is(err, os.ErrNotExist) {
+					if err2 := fileutils.Exists(subtreeControl); err2 != nil {
+						// If the file itself is missing, return the original error.
+						return err
+					}
+					repeatAttempts := 1000
+					for repeatAttempts > 0 {
+						// store the controllers that failed to be enabled, so we can retry them
+						newCtrs := [][]byte{}
+						for _, ctr := range ctrs {
+							// Try to enable each controller individually, at least we can give a better error message if any fails.
+							if err := os.WriteFile(subtreeControl, []byte(fmt.Sprintf("+%s\n", ctr)), 0o755); err != nil {
+								// The kernel can return EBUSY when a process was moved to a sub-cgroup
+								// and the controllers are enabled in its parent cgroup.  Retry a few times when
+								// it happens.
+								if errors.Is(err, unix.EBUSY) {
+									newCtrs = append(newCtrs, ctr)
+								} else {
+									return fmt.Errorf("enabling controller %s: %w", ctr, err)
+								}
+							}
+						}
+						if len(newCtrs) == 0 {
+							err = nil
+							break
+						}
+						ctrs = newCtrs
+						repeatAttempts--
+						time.Sleep(time.Millisecond)
+					}
+					if err != nil {
+						return err
+					}
+				}
 			}
 		}
 	}

vendor/modules.txt

@@ -89,7 +89,7 @@ github.com/bytedance/sonic/utf8
 # github.com/checkpoint-restore/checkpointctl v1.2.1
 ## explicit; go 1.21
 github.com/checkpoint-restore/checkpointctl/lib
-# github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c
+# github.com/checkpoint-restore/go-criu/v7 v7.2.0
 ## explicit; go 1.20
 github.com/checkpoint-restore/go-criu/v7
 github.com/checkpoint-restore/go-criu/v7/rpc
@@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/pkg/volumes
 github.com/containers/buildah/util
-# github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd
+# github.com/containers/common v0.60.1-0.20240911102244-e2c949db8a59
 ## explicit; go 1.22.0
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring