From 534b0ce1833462b22f3761258e0e95813a355fb2 Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Date: Tue, 22 Oct 2024 14:45:49 +0400
Subject: [PATCH] feat: update runc to 1.2.0 final

Via pks.

See https://github.com/opencontainers/runc/releases/tag/v1.2.0

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
---
 Makefile                            |  2 +-
 hack/release.toml                   |  1 +
 internal/integration/api/cgroups.go | 27 +-------------
 internal/integration/api/process.go | 56 ++++++++++++++++++++---------
 internal/integration/base/api.go    | 20 +++++++++++
 pkg/machinery/gendata/data/pkgs     |  2 +-
 6 files changed, 64 insertions(+), 44 deletions(-)

diff --git a/Makefile b/Makefile
index 0d32ad3492..f13907ce1d 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ TOOLS ?= ghcr.io/siderolabs/tools:v1.9.0-alpha.0-4-g2058296
 DEBUG_TOOLS_SOURCE := scratch
 
 PKGS_PREFIX ?= ghcr.io/siderolabs
-PKGS ?= v1.9.0-alpha.0-24-gbe92da0
+PKGS ?= v1.9.0-alpha.0-26-gc9282c8
 EXTRAS ?= v1.9.0-alpha.0-1-geab6e58
 
 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
diff --git a/hack/release.toml b/hack/release.toml
index 8da2454ccf..7dd5db127e 100644
--- a/hack/release.toml
+++ b/hack/release.toml
@@ -22,6 +22,7 @@ Linux: 6.6.57
 containerd: 2.0.0-rc.5
 Flannel: 0.25.7
 Kubernetes: 1.32.0-alpha.2
+runc: 1.2.0
 
 Talos is built with Go 1.23.2.
 """
diff --git a/internal/integration/api/cgroups.go b/internal/integration/api/cgroups.go
index cb97f6aa26..9ba651d412 100644
--- a/internal/integration/api/cgroups.go
+++ b/internal/integration/api/cgroups.go
@@ -10,7 +10,6 @@ import (
 	"context"
 	"io"
 	"path/filepath"
-	"strings"
 	"time"
 
 	"github.com/siderolabs/go-procfs/procfs"
@@ -52,8 +51,7 @@ func (suite *CGroupsSuite) TestCGroupsVersion() {
 	node := suite.RandomDiscoveredNodeInternalIP()
 	ctx := client.WithNode(suite.ctx, node)
 
-	cmdline, err := suite.readCmdline(ctx)
-	suite.Require().NoError(err)
+	cmdline := suite.ReadCmdline(ctx)
 
 	unified := procfs.NewCmdline(cmdline).Get(constants.KernelParamCGroups).First()
 	cgroupsV1 := false
@@ -126,29 +124,6 @@ func (suite *CGroupsSuite) TestCGroupsVersion() {
 	}
 }
 
-func (suite *CGroupsSuite) readCmdline(ctx context.Context) (string, error) {
-	reader, err := suite.Client.Read(ctx, "/proc/cmdline")
-	if err != nil {
-		return "", err
-	}
-
-	defer reader.Close() //nolint:errcheck
-
-	body, err := io.ReadAll(reader)
-	if err != nil {
-		return "", err
-	}
-
-	bootID := strings.TrimSpace(string(body))
-
-	_, err = io.Copy(io.Discard, reader)
-	if err != nil {
-		return "", err
-	}
-
-	return bootID, reader.Close()
-}
-
 func init() {
 	allSuites = append(allSuites, new(CGroupsSuite))
 }
diff --git a/internal/integration/api/process.go b/internal/integration/api/process.go
index 4f09a69887..411beb5d8a 100644
--- a/internal/integration/api/process.go
+++ b/internal/integration/api/process.go
@@ -15,8 +15,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/siderolabs/go-pointer"
+	"github.com/siderolabs/go-procfs/procfs"
+
 	"github.com/siderolabs/talos/internal/integration/base"
 	"github.com/siderolabs/talos/pkg/machinery/client"
+	"github.com/siderolabs/talos/pkg/machinery/constants"
 )
 
 // ProcessSuite ...
@@ -63,12 +67,18 @@ func (suite *ProcessSuite) readProcfs(nodeCtx context.Context, pid int32, proper
 
 // TestProcessCapabilities reads capabilities of processes from procfs
 // and validates system services get necessary capabilities dropped.
+//
+//nolint:gocyclo
 func (suite *ProcessSuite) TestProcessCapabilities() {
 	nodes := suite.DiscoverNodeInternalIPs(suite.ctx)
 
 	for _, node := range nodes {
 		nodeCtx := client.WithNode(suite.ctx, node)
 
+		cmdline := suite.ReadCmdline(nodeCtx)
+
+		cgroupsV1 := pointer.SafeDeref(procfs.NewCmdline(cmdline).Get(constants.KernelParamCGroups).First()) == "0"
+
 		r, err := suite.Client.Processes(nodeCtx)
 		suite.Require().NoError(err)
 
@@ -87,10 +97,14 @@ func (suite *ProcessSuite) TestProcessCapabilities() {
 						suite.readProcfs(nodeCtx, p.Pid, "status"),
 						"CapPrm:\t000001ffffbfffff\nCapEff:\t000001ffffbfffff\nCapBnd:\t000001ffffbfffff",
 					)
-					suite.Require().Equal(
-						suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
-						"0::/system/udevd",
-					)
+
+					if !cgroupsV1 {
+						suite.Require().Equal(
+							suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
+							"0::/system/udevd",
+						)
+					}
+
 					suite.Require().Contains(
 						suite.readProcfs(nodeCtx, p.Pid, "environ"),
 						"XDG_RUNTIME_DIR=/run",
@@ -107,10 +121,14 @@ func (suite *ProcessSuite) TestProcessCapabilities() {
 						suite.readProcfs(nodeCtx, p.Pid, "status"),
 						"CapPrm:\t0000000000000000\nCapEff:\t0000000000000000\nCapBnd:\t0000000000000000",
 					)
-					suite.Require().Equal(
-						suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
-						"0::/system/dashboard",
-					)
+
+					if !cgroupsV1 {
+						suite.Require().Equal(
+							suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
+							"0::/system/dashboard",
+						)
+					}
+
 					suite.Require().Equal(
 						suite.readProcfs(nodeCtx, p.Pid, "oom_score_adj"),
 						"-400",
@@ -133,19 +151,25 @@ func (suite *ProcessSuite) TestProcessCapabilities() {
 					)
 
 					if strings.Contains(p.Args, "/system/run/containerd") {
-						suite.Require().Equal(
-							suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
-							"0::/system/runtime",
-						)
+						if !cgroupsV1 {
+							suite.Require().Equal(
+								suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
+								"0::/system/runtime",
+							)
+						}
+
 						suite.Require().Equal(
 							suite.readProcfs(nodeCtx, p.Pid, "oom_score_adj"),
 							"-999",
 						)
 					} else {
-						suite.Require().Equal(
-							suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
-							"0::/podruntime/runtime",
-						)
+						if !cgroupsV1 {
+							suite.Require().Equal(
+								suite.readProcfs(nodeCtx, p.Pid, "cgroup"),
+								"0::/podruntime/runtime",
+							)
+						}
+
 						suite.Require().Equal(
 							suite.readProcfs(nodeCtx, p.Pid, "oom_score_adj"),
 							"-500",
diff --git a/internal/integration/base/api.go b/internal/integration/base/api.go
index 409f10c0fe..14f4ecf875 100644
--- a/internal/integration/base/api.go
+++ b/internal/integration/base/api.go
@@ -756,6 +756,26 @@ func (apiSuite *APISuite) DumpLogs(ctx context.Context, node string, service, pa
 	}
 }
 
+// ReadCmdline reads cmdline from the node.
+func (apiSuite *APISuite) ReadCmdline(nodeCtx context.Context) string {
+	reader, err := apiSuite.Client.Read(nodeCtx, "/proc/cmdline")
+	apiSuite.Require().NoError(err)
+
+	defer reader.Close() //nolint:errcheck
+
+	body, err := io.ReadAll(reader)
+	apiSuite.Require().NoError(err)
+
+	cmdline := strings.TrimSpace(string(body))
+
+	_, err = io.Copy(io.Discard, reader)
+	apiSuite.Require().NoError(err)
+
+	apiSuite.Require().NoError(reader.Close())
+
+	return cmdline
+}
+
 // TearDownSuite closes Talos API client.
 func (apiSuite *APISuite) TearDownSuite() {
 	if apiSuite.Client != nil {
diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
index 4a5ec8eae6..1d3d3e41b9 100644
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.9.0-alpha.0-24-gbe92da0
\ No newline at end of file
+v1.9.0-alpha.0-26-gc9282c8
\ No newline at end of file