app-containers/runc: Sync with Gentoo

It's from Gentoo commit 4a51c9e629cb69f6b56dfe2d846b76de438061d2.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -19,7 +19,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.5.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.6.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.8.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.0.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.1.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -9,8 +9,6 @@ inherit go-module linux-info
 # https://github.com/opencontainers/runc
 RUNC_COMMIT=d842d7719497cc3b774fd71620278ac9e17710e0
 
-CONFIG_CHECK="~USER_NS"
-
 DESCRIPTION="runc container cli tools"
 HOMEPAGE="https://github.com/opencontainers/runc/"
 MY_PV="${PV/_/-}"
@@ -20,7 +18,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="amd64 ~arm ~arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )
@@ -38,6 +36,89 @@ BDEPEND="
 # majority of tests pass
 RESTRICT+=" test"
 
+# Please refer:
+# https://github.com/opencontainers/runc/blob/main/script/check-config.sh
+pkg_setup() {
+	CONFIG_CHECK="
+		~NAMESPACES
+		~NET_NS
+		~PID_NS
+		~IPC_NS
+		~UTS_NS
+		~CGROUPS
+		~CGROUP_CPUACCT
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~CGROUP_SCHED
+		~CPUSETS
+		~MEMCG
+		~KEYS
+		~VETH
+		~BRIDGE
+		~BRIDGE_NETFILTER
+		~IP_NF_FILTER
+		~IP_NF_TARGET_MASQUERADE
+		~NETFILTER_XT_MATCH_ADDRTYPE
+		~NETFILTER_XT_MATCH_COMMENT
+		~NETFILTER_XT_MATCH_CONNTRACK
+		~NETFILTER_XT_MATCH_IPVS
+		~IP_NF_NAT
+		~NF_NAT
+		~POSIX_MQUEUE
+		~OVERLAY_FS
+	"
+
+	CONFIG_CHECK+="
+		~USER_NS
+	"
+
+	use seccomp && CONFIG_CHECK+="
+		~SECCOMP
+		~SECCOMP_FILTER
+	"
+	WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature"
+
+	CONFIG_CHECK+="
+		~CGROUP_PIDS
+	"
+	WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature"
+
+	if kernel_is lt 6 1; then
+		CONFIG_CHECK+="
+			~MEMCG_SWAP
+		"
+	fi
+
+	CONFIG_CHECK+="
+		~BLK_CGROUP
+		~BLK_DEV_THROTTLING
+		~CGROUP_PERF
+		~CGROUP_HUGETLB
+		~NET_CLS_CGROUP
+		~CFS_BANDWIDTH
+		~FAIR_GROUP_SCHED
+		~RT_GROUP_SCHED
+		~IP_NF_TARGET_REDIRECT
+		~IP_VS
+		~IP_VS_NFCT
+		~IP_VS_PROTO_TCP
+		~IP_VS_PROTO_UDP
+		~IP_VS_RR
+		~CHECKPOINT_RESTORE
+		~CGROUP_NET_PRIO
+	"
+
+	use selinux && CONFIG_CHECK+="
+		~SECURITY_SELINUX"
+
+	use apparmor && CONFIG_CHECK+="
+		~SECURITY_APPARMOR"
+
+	if [[ -n ${CONFIG_CHECK} ]]; then
+		linux-info_pkg_setup
+	fi
+}
+
 src_compile() {
 	# build up optional flags
 	local options=(

sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
+IUSE="apparmor +kmem +seccomp selinux test"
 
 COMMON_DEPEND="
 	apparmor? ( sys-libs/libapparmor )
@@ -38,6 +38,89 @@ BDEPEND="
 # majority of tests pass
 RESTRICT+=" test"
 
+# Please refer:
+# https://github.com/opencontainers/runc/blob/main/script/check-config.sh
+pkg_setup() {
+	CONFIG_CHECK="
+		~NAMESPACES
+		~NET_NS
+		~PID_NS
+		~IPC_NS
+		~UTS_NS
+		~CGROUPS
+		~CGROUP_CPUACCT
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~CGROUP_SCHED
+		~CPUSETS
+		~MEMCG
+		~KEYS
+		~VETH
+		~BRIDGE
+		~BRIDGE_NETFILTER
+		~IP_NF_FILTER
+		~IP_NF_TARGET_MASQUERADE
+		~NETFILTER_XT_MATCH_ADDRTYPE
+		~NETFILTER_XT_MATCH_COMMENT
+		~NETFILTER_XT_MATCH_CONNTRACK
+		~NETFILTER_XT_MATCH_IPVS
+		~IP_NF_NAT
+		~NF_NAT
+		~POSIX_MQUEUE
+		~OVERLAY_FS
+	"
+
+	CONFIG_CHECK+="
+		~USER_NS
+	"
+
+	use seccomp && CONFIG_CHECK+="
+		~SECCOMP
+		~SECCOMP_FILTER
+	"
+	WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature"
+
+	CONFIG_CHECK+="
+		~CGROUP_PIDS
+	"
+	WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature"
+
+	if kernel_is lt 6 1; then
+		CONFIG_CHECK+="
+			~MEMCG_SWAP
+		"
+	fi
+
+	CONFIG_CHECK+="
+		~BLK_CGROUP
+		~BLK_DEV_THROTTLING
+		~CGROUP_PERF
+		~CGROUP_HUGETLB
+		~NET_CLS_CGROUP
+		~CFS_BANDWIDTH
+		~FAIR_GROUP_SCHED
+		~RT_GROUP_SCHED
+		~IP_NF_TARGET_REDIRECT
+		~IP_VS
+		~IP_VS_NFCT
+		~IP_VS_PROTO_TCP
+		~IP_VS_PROTO_UDP
+		~IP_VS_RR
+		~CHECKPOINT_RESTORE
+		~CGROUP_NET_PRIO
+	"
+
+	use selinux && CONFIG_CHECK+="
+		~SECURITY_SELINUX"
+
+	use apparmor && CONFIG_CHECK+="
+		~SECURITY_APPARMOR"
+
+	if [[ -n ${CONFIG_CHECK} ]]; then
+		linux-info_pkg_setup
+	fi
+}
+
 src_compile() {
 	# build up optional flags
 	local options=(