mirror of
https://github.com/opencontainers/runc.git
synced 2025-12-24 11:50:58 +08:00
ed6b1693b8
Due to the sensitive nature of these fixes, it was not possible to submit these upstream and vendor the upstream library. Instead, this patch uses a fork of github.com/opencontainers/selinux, branched at commit opencontainers/selinux@879a755db5. In order to permit downstreams to build with this patched version, a snapshot of the forked version has been included in internal/third_party/selinux. Note that since we use "go mod vendor", the patched code is usable even without being "go get"-able. Once the embargo for this issue is lifted we can submit the patches upstream and switch back to a proper upstream go.mod entry. Also, this requires us to temporarily disable the CI job we have that disallows "replace" directives. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>