The runc maintainers have indicated that the `libcontainer` package is not intended for external consumption, and because of that has an "unstable" API. We should reduce our use of this dependency. - [ ] `libcontainer/cgroups` Use the container/cgroups package (https://github.com/containerd/cgroups) instead of libcontainer/cgroups (where possible), e.g. see https://github.com/moby/moby/pull/42071#discussion_r585767248. - identify what functionality is provided by libcontainer/cgroups that is not provided by containerd/cgroups - [ ] `libcontainer/configs` - [x] device parts we need have moved into `libcontainer/devices`: https://github.com/moby/moby/pull/42143 - [ ] still used by `libcontainer/cgroups` - [ ] `libcontainer/devices` - [ ] still used by `libcontainer/configs` - [ ] `libcontainer/utils` - [ ] still used by `libcontainer/cgroups` - [x] `libcontainer/system` - [x] removed through https://github.com/moby/moby/pull/47668 - [x] `libcontainer/devices` used for `oci.Device`, `oci.DevicesFromPath()`. Need to look what's needed (and if this can be replaced with code from containerd; https://github.com/moby/moby/pull/43055 - [x] `libcontainer/userns` - [x] used by `libcontainer/cgroups` https://github.com/opencontainers/runc/pull/4350 - [x] partially addressed through; https://github.com/moby/moby/pull/48307, https://github.com/moby/moby/pull/48170 - [x] removed through https://github.com/moby/moby/pull/47668 - [x] `libcontainer/nsenter` is not used, but vendored because it has c code - [x] `libcontainer/user` Is still needed; perhaps this package should live elsewhere (also used by containerd); - [x] https://github.com/moby/moby/pull/46711 - [x] removed through https://github.com/moby/moby/pull/47668
The runc maintainers have indicated that the
libcontainerpackage is not intended for external consumption, and because of that has an "unstable" API.We should reduce our use of this dependency.
libcontainer/cgroupsUse the container/cgroups package (https://github.com/containerd/cgroups) instead of libcontainer/cgroups (where possible), e.g. see Fix setting swaplimit=true without checking memory.swap.max #42071 (comment).libcontainer/configslibcontainer/devices: vendor: github.com/opencontainers/runc v1.0.0-rc95 #42143libcontainer/cgroupslibcontainer/deviceslibcontainer/configslibcontainer/utilslibcontainer/cgroupslibcontainer/systemlibcontainer/devicesused foroci.Device,oci.DevicesFromPath(). Need to look what's needed (and if this can be replaced with code from containerd; oci.DeviceFromPath() switch to use containerd implementation #43055libcontainer/usernslibcontainer/cgroupslibcontainer/userns: migrate to github.com/moby/sys/userns opencontainers/runc#4350libcontainer/nsenteris not used, but vendored because it has c codelibcontainer/userIs still needed; perhaps this package should live elsewhere (also used by containerd);