Bump github.com/seccomp/libseccomp-golang from 0.9.2-0.20220502022130-f33da4d89646 to 0.11.0

[dependabot]

Bumps github.com/seccomp/libseccomp-golang from 0.9.2-0.20220502022130-f33da4d89646 to 0.11.0.

Release notes

Sourced from github.com/seccomp/libseccomp-golang's releases.

v0.11.0

What's Changed

• Add new architectures (LOONGARCH64, M68K, SH, SHEB)
• Add support for SCMP_FLTATR_CTL_WAITKILL (GetWaitKill, SetWaitKill)
• Add support for filter precompute (Precompute)
• Add support for transactions (Transaction{Start,Commit,Reject})
• Add ExportBPFMem
• Improve documentation for struct fields
• Fix TestRuleAddAndLoad for ppc architecture
• Fix TestRuleAddAndLoad to not use magic number
• Remove unused get_*_version implementation
• Test against latest libseccomp and Go versions

Full Changelog: seccomp/libseccomp-golang@v0.10.0...v0.11.0

libseccomp-golang v0.10.0

Changelog

• Minimum supported version of libseccomp bumped to v2.3.1
• Add seccomp userspace notification API (ActNotify, filter.*Notif*)
• Add filter.{Get,Set}SSB (to support SCMP_FLTATR_CTL_SSB)
• Add filter.{Get,Set}Optimize (to support SCMP_FLTATR_CTL_OPTIMIZE)
• Add filter.{Get,Set}RawRC (to support SCMP_FLTATR_API_SYSRAWRC)
• Add ArchPARISC, ArchPARISC64, ArchRISCV64
• Add ActKillProcess and ActKillThread; deprecate ActKill
• Add go module support
• Return ErrSyscallDoesNotExist when unable to resolve a syscall
• Fix some functions to check for both kernel level API and libseccomp version
• Fix MakeCondition to use sanitizeCompareOp
• Fix AddRule to handle EACCES (from libseccomp >= 2.5.0)
• Updated the main docs and converted to README.md
• Added CONTRIBUTING.md, SECURITY.md, and administrative docs under doc/admin
• Add GitHub action CI, enable more linters
• test: test against various libseccomp versions
• test: fix and simplify execInSubprocess
• test: fix APILevelIsSupported
• Refactor the Errno(-1 * retCode) pattern
• Refactor/unify libseccomp version / API level checks
• Code cleanups (linter, formatting, spelling fixes)
• Cleanup: use errors.New instead of fmt.Errorf where appropriate
• Cleanup: remove duplicated cgo stuff, redundant linux build tag

Full Changelog: seccomp/libseccomp-golang@v0.9.1...v0.10.0

Changelog

Sourced from github.com/seccomp/libseccomp-golang's changelog.

• Version 0.11.0 - April 23, 2025

• Add new architectures (LOONGARCH64, M68K, SH, SHEB)
• Add support for SCMP_FLTATR_CTL_WAITKILL (GetWaitKill, SetWaitKill)
• Add support for filter precompute (Precompute)
• Add support for transactions (Transaction{Start,Commit,Reject})
• Add ExportBPFMem
• Improve documentation for struct fields
• Fix TestRuleAddAndLoad for ppc architecture
• Fix TestRuleAddAndLoad to not use magic number
• Remove unused get_*_version implementation
• Test against latest libseccomp and Go versions

• Version 0.10.0 - June 9, 2022

• Minimum supported version of libseccomp bumped to v2.3.1
• Add seccomp userspace notification API (ActNotify, filter.Notif)
• Add filter.{Get,Set}SSB (to support SCMP_FLTATR_CTL_SSB)
• Add filter.{Get,Set}Optimize (to support SCMP_FLTATR_CTL_OPTIMIZE)
• Add filter.{Get,Set}RawRC (to support SCMP_FLTATR_API_SYSRAWRC)
• Add ArchPARISC, ArchPARISC64, ArchRISCV64
• Add ActKillProcess and ActKillThread; deprecate ActKill
• Add go module support
• Return ErrSyscallDoesNotExist when unable to resolve a syscall
• Fix some functions to check for both kernel level API and libseccomp version
• Fix MakeCondition to use sanitizeCompareOp
• Fix AddRule to handle EACCES (from libseccomp >= 2.5.0)
• Updated the main docs and converted to README.md
• Added CONTRIBUTING.md, SECURITY.md, and administrative docs under doc/admin
• Add GitHub action CI, enable more linters
• test: test against various libseccomp versions
• test: fix and simplify execInSubprocess
• test: fix APILevelIsSupported
• Refactor the Errno(-1 * retCode) pattern
• Refactor/unify libseccomp version / API level checks
• Code cleanups (linter, formatting, spelling fixes)
• Cleanup: use errors.New instead of fmt.Errorf where appropriate
• Cleanup: remove duplicated cgo stuff, redundant linux build tag

• Version 0.9.1 - May 21, 2019

• Minimum supported version of libseccomp bumped to v2.2.0
• Use Libseccomp's seccomp_version API to retrieve library version
• Unconditionally set TSync attribute for filters, due to Go's heavily threaded nature
• Fix CVE-2017-18367 - Multiple syscall arguments were incorrectly combined with logical-OR, instead of logical-AND
• Fix a failure to build on Debian-based distributions due to CGo code
• Fix unit test failures on 32-bit architectures
• Improve several errors to be more verbose about their causes
• Add support for SCMP_ACT_LOG (with libseccomp versions 2.4.x and higher), permitting syscalls but logging their execution
• Add support for SCMP_FLTATR_CTL_LOG (with libseccomp versions 2.4.x and higher), logging not-allowed actions when they are denied

• Version 0.9.0 - January 5, 2017

• Initial tagged release

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #13.