Skip to content

libct: remove deprecated APIs#5141

Merged
kolyshkin merged 6 commits intoopencontainers:mainfrom
cyphar:remove-deprecated-apis
Mar 4, 2026
Merged

libct: remove deprecated APIs#5141
kolyshkin merged 6 commits intoopencontainers:mainfrom
cyphar:remove-deprecated-apis

Conversation

@cyphar
Copy link
Member

@cyphar cyphar commented Mar 4, 2026

  • libcontainer/configs/cgroup_deprecated.go
  • libcontainer/devices/device_deprecated.go
  • configs.HooksList.RunHooks
  • configs.MPOL_*

Fixes #5120
Signed-off-by: Aleksa Sarai [email protected]

@cyphar
Copy link
Member Author

cyphar commented Mar 4, 2026

The only remaining deprecation marked with Deprecate is for contrib/cmd/memfd-bind/memfd-bind.go -- I guess we should get rid of it too? It stopped being particularly useful by runc 1.2.

@rata
Copy link
Member

rata commented Mar 4, 2026

All CI is failing with: FAIL github.com/opencontainers/runc/libcontainer/devices [build failed]. Other than that, looks fine to remove that, I think we can also remove the memfd thing in this PR :)

@cyphar
Copy link
Member Author

cyphar commented Mar 4, 2026

Yeah I need to fix that, but I just realised that a better solution would be to just go ahead with @kolyshkin's suggestion and move libcontainer/devices to moby/sys. That way we can deprecate all of the remaining functions and just make them wrappers around moby/sys/devices. See moby/sys#212.

@rata
Copy link
Member

rata commented Mar 4, 2026

Makes sense. But IMHO I wouldn't block 1.5.0-rc.1 on that being merged.

@cyphar cyphar force-pushed the remove-deprecated-apis branch from 0a002b2 to c3eac91 Compare March 4, 2026 11:29
@cyphar
Copy link
Member Author

cyphar commented Mar 4, 2026

I've split that bit out to a separate commit, let me move it to another PR...

@cyphar cyphar force-pushed the remove-deprecated-apis branch from c3eac91 to 8c6f52b Compare March 4, 2026 11:30
@cyphar cyphar mentioned this pull request Mar 4, 2026
Draft
@cyphar
CHANGELOG: add notice for removed libct/utils APIs
f0ea41a 
Ref: a412bd9 ("libct/utils: remove Deprecated functions")
Signed-off-by: Aleksa Sarai <[email protected]>
rata
rata approved these changes Mar 4, 2026
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

cyphar added 2 commits March 4, 2026 23:01
@cyphar
libct: config: remove deprecated cgroup types
8fd8e43 
These were all marked deprecated in commit a75076b ("Switch to
opencontainers/cgroups") when we switched maintenance of our cgroup code
to opencontainers/cgroups.

Users have had ample time to switch to opencontainers/cgroups
themselves, so we can finally remove this.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
libct: remove deprecated HooksList.RunHooks
87b0804 
This was deprecated in commit e6a4870e4ac40 ("libct: better errors for
hooks"), and users have had ample time to migrate to Hooks.Run since.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar cyphar force-pushed the remove-deprecated-apis branch from 8c6f52b to 0bb11d8 Compare March 4, 2026 12:02
@cyphar cyphar added this to the 1.5.0 milestone Mar 4, 2026
cyphar added 3 commits March 5, 2026 00:04
@cyphar
libct: remove deprecated MPOL_* constants
6a77ee7 
These were inadvertently added to our exported APIs by commit
eeda7bdf80cca ("Add memory policy support"). We couldn't remove them
from runc 1.4.x, but we deprecated them in commit 3741f91
("libct/configs: mark MPOL_* constants as deprecated") and marked them
for removal in runc 1.5. Users should never have used these in the first
place.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
libct: devices: drop deprecated cgroup types
625ef53 
These were all marked deprecated in commit a75076b ("Switch to
opencontainers/cgroups") when we switched maintenance of our cgroup code
to opencontainers/cgroups.

Users have had ample time to switch to opencontainers/cgroups
themselves, so we can finally remove this.

Note that the whole libcontainer/devices package will be moved to
moby/sys in the near future, so this whole package will be marked
deprecated soon.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
contrib: remove deprecated memfd-bind binary
e67725c 
This was a really ugly hack to try to reduce the impact of our original
set of CVE-2019-5736 mitigations, but unfortunately had too many caveats
to its use to ever be really useful. In addition, it was completely
obsoleted by the migration to using an detached overlayfs mount in
commit 515f09f ("dmz: use overlayfs to write-protect /proc/self/exe
if possible").

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar

This comment was marked as resolved.

Sign in to view
@cyphar cyphar force-pushed the remove-deprecated-apis branch from 0bb11d8 to e67725c Compare March 4, 2026 13:06
kolyshkin
kolyshkin approved these changes Mar 4, 2026
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin kolyshkin merged commit ffe8b28 into opencontainers:main Mar 4, 2026
42 checks passed
@cyphar cyphar deleted the remove-deprecated-apis branch March 5, 2026 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rata rata rata approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.5.0

Development

Successfully merging this pull request may close these issues.

Remove IDs deprecated in v1.3 from 1.5

3 participants

@cyphar @rata @kolyshkin