libct/devices: deprecate in favour of moby/sys/devices

CHANGELOG.md

@@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Deprecated ###
 - `EXTRA_BUILDTAGS` make variable is deprecated in favor of `RUNC_BUILDTAGS`
   and will be removed in runc 1.6. (#5171)
+- `libcontainer/devices` has been deprecated in favour of
+  `github.com/moby/sys/devices` (which is a carbon copy of the package). It
+  will be removed in runc 1.7.
 
 ## [1.5.0-rc.1] - 2026-03-12
 

go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/docker/go-units v0.5.0
 	github.com/godbus/dbus/v5 v5.2.2
 	github.com/moby/sys/capability v0.4.0
+	github.com/moby/sys/devices v0.1.0
 	github.com/moby/sys/mountinfo v0.7.2
 	github.com/moby/sys/user v0.4.0
 	github.com/moby/sys/userns v0.1.0

go.sum

@@ -38,6 +38,8 @@ github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U
 github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
 github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCndZoHk=
 github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I=
+github.com/moby/sys/devices v0.1.0 h1:uaMrDm1U3h0AwUDNWeT5lBV40v0eayt+VuukRbYn5K4=
+github.com/moby/sys/devices v0.1.0/go.mod h1:nIV6AO7t0DY2ObAm1GfL4AX9mBRqzxzHwGfvNCR9lfI=
 github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
 github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
 github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=

libcontainer/devices/device_unix.go

@@ -3,111 +3,39 @@
 package devices
 
 import (
-	"errors"
-	"os"
-	"path/filepath"
-
+	"github.com/moby/sys/devices"
 	"github.com/opencontainers/cgroups/devices/config"
-	"golang.org/x/sys/unix"
 )
 
 // ErrNotADevice denotes that a file is not a valid linux device.
-var ErrNotADevice = errors.New("not a device node")
-
-// Testing dependencies
-var (
-	unixLstat = unix.Lstat
-	osReadDir = os.ReadDir
-)
+//
+// Deprecated: This package will be removed in runc 1.7, use
+// [devices.ErrNotADevice] instead.
+var ErrNotADevice = devices.ErrNotADevice
 
 // DeviceFromPath takes the path to a device and its cgroup_permissions (which
 // cannot be easily queried) to look up the information about a linux device
 // and returns that information as a Device struct.
+//
+// Deprecated: This package will be removed in runc 1.7, use
+// [devices.DeviceFromPath] instead.
 func DeviceFromPath(path, permissions string) (*config.Device, error) {
-	var stat unix.Stat_t
-	err := unixLstat(path, &stat)
-	if err != nil {
-		return nil, err
-	}
-
-	var (
-		devType   config.Type
-		mode      = stat.Mode
-		devNumber = uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on e.g. MIPS.
-		major     = unix.Major(devNumber)
-		minor     = unix.Minor(devNumber)
-	)
-	switch mode & unix.S_IFMT {
-	case unix.S_IFBLK:
-		devType = config.BlockDevice
-	case unix.S_IFCHR:
-		devType = config.CharDevice
-	case unix.S_IFIFO:
-		devType = config.FifoDevice
-	default:
-		return nil, ErrNotADevice
-	}
-	return &config.Device{
-		Rule: config.Rule{
-			Type:        devType,
-			Major:       int64(major),
-			Minor:       int64(minor),
-			Permissions: config.Permissions(permissions),
-		},
-		Path:     path,
-		FileMode: os.FileMode(mode &^ unix.S_IFMT),
-		Uid:      stat.Uid,
-		Gid:      stat.Gid,
-	}, nil
+	return devices.DeviceFromPath(path, permissions)
 }
 
 // HostDevices returns all devices that can be found under /dev directory.
+//
+// Deprecated: This package will be removed in runc 1.7, use
+// [devices.HostDevices] instead.
 func HostDevices() ([]*config.Device, error) {
-	return GetDevices("/dev")
+	return devices.HostDevices()
 }
 
 // GetDevices recursively traverses a directory specified by path
 // and returns all devices found there.
+//
+// Deprecated: This package will be removed in runc 1.7, use
+// [devices.GetDevices] instead.
 func GetDevices(path string) ([]*config.Device, error) {
-	files, err := osReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-	var out []*config.Device
-	for _, f := range files {
-		switch {
-		case f.IsDir():
-			switch f.Name() {
-			// ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825
-			// ".udev" added to address https://github.com/opencontainers/runc/issues/2093
-			case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts", ".udev":
-				continue
-			default:
-				sub, err := GetDevices(filepath.Join(path, f.Name()))
-				if err != nil {
-					return nil, err
-				}
-
-				out = append(out, sub...)
-				continue
-			}
-		case f.Name() == "console":
-			continue
-		}
-		device, err := DeviceFromPath(filepath.Join(path, f.Name()), "rwm")
-		if err != nil {
-			if errors.Is(err, ErrNotADevice) {
-				continue
-			}
-			if errors.Is(err, os.ErrNotExist) {
-				continue
-			}
-			return nil, err
-		}
-		if device.Type == config.FifoDevice {
-			continue
-		}
-		out = append(out, device)
-	}
-	return out, nil
+	return devices.GetDevices(path)
 }

libcontainer/devices/doc.go

@@ -1,4 +1,7 @@
 // Package devices provides some helper functions for constructing device
 // configurations for runc. These are exclusively used by higher-level runtimes
 // that need to configure runc's device list based on existing devices.
+//
+// Deprecated: This package will be removed in runc 1.7, please migrate to
+// github.com/moby/sys/devices.
 package devices