Description

PR #10906 unconditionally adds pipe ownership options to runtimes, but these only work with runc as the option format is extensible and other runtimes like gVisor use a different one. This is also a breaking change for people using the 2.0 branch.

Steps to reproduce the issue

1. Use Kubernetes 1.31, gVisor 20241119 and containerd 2.0 with the cherry-pick of the referenced PR.
2. Use the following configuration snippet in containerd:

        [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc]
          runtime_type = "io.containerd.runsc.v1"
          privileged_without_host_devices = false
          privileged_without_host_devices_all_devices_allowed = false

          [plugins."io.containerd.cri.v1.runtime".containerd.runtimes.runsc.options]
            ConfigPath = "/containerd/conf/runsc.toml"
            TypeUrl = "io.containerd.runsc.v1.options"

3. Use the following K8s runtimeclass:

apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
  name: gvisor 
handler: runsc 

4. Start a pod with that runtimeclass

Describe the results you received and expected

Error: failed to create containerd task: failed to create shim task: unsupported option type "containerd.runc.v1.Options"

This works with the 2.0 tag only.

What version of containerd are you using?

2.0 tag with that PR cherry-picked

Any other relevant information

runc 1.2.2, fairly default CRI config, Linux 6.6 LTS, K8s 1.31.3 all integrated into https://github.com/monogon-dev/monogon.

Show configuration if it is related to CRI plugin.

No response