libct/nsenter: stop blacklisting go 1.22+

Go 1.23 includes a fix (https://go.dev/cl/587919) so go1.23.x can be used. This fix is also backported to 1.22.4, so go1.22.x can also be used (when x >= 4). Finally, for glibc >= 2.32 it doesn't really matter. Add a note about Go 1.22.x > 1.22.4 to README as well. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-09-26 19:41:35 +08:00 · 2024-06-07 09:04:16 -07:00
parent a4b0857529
commit e660ef61a5
2 changed files with 4 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -29,6 +29,10 @@ A third party security audit was performed by Cure53, you can see the full repor

 `runc` only supports Linux. It must be built with Go version 1.19 or higher.

+NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version
+(see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for
+more details).
+
 In order to enable seccomp support you will need to install `libseccomp` on your platform.
 > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu

--- a/libcontainer/nsenter/nsenter_go122.go
+++ b/libcontainer/nsenter/nsenter_go122.go
@@ -1,15 +0,0 @@
-//go:build go1.22
-
-package nsenter
-
-/*
-// We know for sure that glibc has issues with pthread_self() when called from
-// Go after nsenter has run. This is likely a more general problem with how we
-// ignore the rules in signal-safety(7), and so it's possible musl will also
-// have issues, but as this is just a hotfix let's only block glibc builds.
-#include <features.h>
-#ifdef __GLIBC__
-#  error "runc does not currently work properly with Go >=1.22. See <https://github.com/opencontainers/runc/issues/4233>."
-#endif
-*/
-import "C"