diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild index 1ffae7fed8..c0dc02bfb1 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.4.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -19,7 +19,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.5.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.5.ebuild index 4310198535..624ed29e52 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.5.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.5.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.6.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.6.ebuild index 3de53bfbaf..343d761016 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.6.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.8.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.8.ebuild index d1254589b7..66d15d185c 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.8.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.2.8.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.0.ebuild index 28ebbb06b7..3d899e5e29 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.0.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.1.ebuild index 8f7c403b4b..e2f03ef2ff 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild index 19f660567b..947b72ca87 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,8 +9,6 @@ inherit go-module linux-info # https://github.com/opencontainers/runc RUNC_COMMIT=d842d7719497cc3b774fd71620278ac9e17710e0 -CONFIG_CHECK="~USER_NS" - DESCRIPTION="runc container cli tools" HOMEPAGE="https://github.com/opencontainers/runc/" MY_PV="${PV/_/-}" @@ -20,7 +18,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="amd64 ~arm ~arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) @@ -38,6 +36,89 @@ BDEPEND=" # majority of tests pass RESTRICT+=" test" +# Please refer: +# https://github.com/opencontainers/runc/blob/main/script/check-config.sh +pkg_setup() { + CONFIG_CHECK=" + ~NAMESPACES + ~NET_NS + ~PID_NS + ~IPC_NS + ~UTS_NS + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG + ~KEYS + ~VETH + ~BRIDGE + ~BRIDGE_NETFILTER + ~IP_NF_FILTER + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~IP_NF_NAT + ~NF_NAT + ~POSIX_MQUEUE + ~OVERLAY_FS + " + + CONFIG_CHECK+=" + ~USER_NS + " + + use seccomp && CONFIG_CHECK+=" + ~SECCOMP + ~SECCOMP_FILTER + " + WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature" + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature" + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP + ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH + ~FAIR_GROUP_SCHED + ~RT_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + ~CHECKPOINT_RESTORE + ~CGROUP_NET_PRIO + " + + use selinux && CONFIG_CHECK+=" + ~SECURITY_SELINUX" + + use apparmor && CONFIG_CHECK+=" + ~SECURITY_APPARMOR" + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + src_compile() { # build up optional flags local options=( diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild index 8fdc9de7d7..25e90b7d9b 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -20,7 +20,7 @@ S="${WORKDIR}/${PN}-${MY_PV}" LICENSE="Apache-2.0 BSD-2 BSD MIT" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" +IUSE="apparmor +kmem +seccomp selinux test" COMMON_DEPEND=" apparmor? ( sys-libs/libapparmor ) @@ -38,6 +38,89 @@ BDEPEND=" # majority of tests pass RESTRICT+=" test" +# Please refer: +# https://github.com/opencontainers/runc/blob/main/script/check-config.sh +pkg_setup() { + CONFIG_CHECK=" + ~NAMESPACES + ~NET_NS + ~PID_NS + ~IPC_NS + ~UTS_NS + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG + ~KEYS + ~VETH + ~BRIDGE + ~BRIDGE_NETFILTER + ~IP_NF_FILTER + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~IP_NF_NAT + ~NF_NAT + ~POSIX_MQUEUE + ~OVERLAY_FS + " + + CONFIG_CHECK+=" + ~USER_NS + " + + use seccomp && CONFIG_CHECK+=" + ~SECCOMP + ~SECCOMP_FILTER + " + WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature" + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature" + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP + ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH + ~FAIR_GROUP_SCHED + ~RT_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + ~CHECKPOINT_RESTORE + ~CGROUP_NET_PRIO + " + + use selinux && CONFIG_CHECK+=" + ~SECURITY_SELINUX" + + use apparmor && CONFIG_CHECK+=" + ~SECURITY_APPARMOR" + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + src_compile() { # build up optional flags local options=(