libct/devices: move config to libct/cg/devices/config

libcontainer/cgroups/config_linux.go

@@ -2,7 +2,7 @@ package cgroups
 
 import (
 	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 type FreezerState string

libcontainer/devices/device.go → libcontainer/cgroups/devices/config/device.go

@@ -1,4 +1,4 @@
-package devices
+package config
 
 import (
 	"fmt"

libcontainer/cgroups/devices/config/mknod_unix.go

@@ -0,0 +1,14 @@
+package config
+
+import (
+	"errors"
+
+	"golang.org/x/sys/unix"
+)
+
+func mkDev(d *Rule) (uint64, error) {
+	if d.Major == Wildcard || d.Minor == Wildcard {
+		return 0, errors.New("cannot mkdev() device with wildcards")
+	}
+	return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
+}

libcontainer/cgroups/devices/devicefilter.go

@@ -13,7 +13,7 @@ import (
 	"strconv"
 
 	"github.com/cilium/ebpf/asm"
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"golang.org/x/sys/unix"
 )
 

libcontainer/cgroups/devices/devicefilter_test.go

@@ -4,7 +4,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/specconv"
 )
 

libcontainer/cgroups/devices/devices_emulator.go

@@ -26,7 +26,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 // deviceMeta is a Rule without the Allow or Permissions fields, and no

libcontainer/cgroups/devices/devices_emulator_test.go

@@ -25,7 +25,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 func TestDeviceEmulatorLoad(t *testing.T) {

libcontainer/cgroups/devices/systemd.go

@@ -12,7 +12,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 // systemdProperties takes the configured device rules and generates a

libcontainer/cgroups/devices/systemd_test.go

@@ -9,8 +9,8 @@ import (
 	"testing"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
-	"github.com/opencontainers/runc/libcontainer/devices"
 )
 
 // TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true

libcontainer/cgroups/devices/v1.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/moby/sys/userns"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 var testingSkipFinalCheck bool

libcontainer/cgroups/devices/v1_test.go

@@ -8,8 +8,8 @@ import (
 	"github.com/moby/sys/userns"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
-	"github.com/opencontainers/runc/libcontainer/devices"
 )
 
 func init() {

libcontainer/cgroups/devices/v2.go

@@ -7,7 +7,7 @@ import (
 	"golang.org/x/sys/unix"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 )
 
 func isRWM(perms devices.Permissions) bool {

libcontainer/configs/config.go

@@ -10,7 +10,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 
-	"github.com/opencontainers/runc/libcontainer/devices"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 

libcontainer/devices/device_deprecated.go

@@ -0,0 +1,20 @@
+package devices
+
+import "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
+
+// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config].
+const (
+	Wildcard       = config.Wildcard
+	WildcardDevice = config.WildcardDevice
+	BlockDevice    = config.BlockDevice
+	CharDevice     = config.CharDevice
+	FifoDevice     = config.FifoDevice
+)
+
+// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config].
+type (
+	Device      = config.Device
+	Permissions = config.Permissions
+	Type        = config.Type
+	Rule        = config.Rule
+)

libcontainer/devices/device_unix.go

@@ -19,13 +19,6 @@ var (
 	osReadDir = os.ReadDir
 )
 
-func mkDev(d *Rule) (uint64, error) {
-	if d.Major == Wildcard || d.Minor == Wildcard {
-		return 0, errors.New("cannot mkdev() device with wildcards")
-	}
-	return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
-}
-
 // DeviceFromPath takes the path to a device and its cgroup_permissions (which
 // cannot be easily queried) to look up the information about a linux device
 // and returns that information as a Device struct.

libcontainer/integration/template_test.go

@@ -7,8 +7,8 @@ import (
 	"time"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/specconv"
 	"golang.org/x/sys/unix"
 )

libcontainer/integration/update_test.go

@@ -7,8 +7,8 @@ import (
 	"testing"
 
 	"github.com/opencontainers/runc/libcontainer"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
-	"github.com/opencontainers/runc/libcontainer/devices"
 )
 
 func testUpdateDevices(t *testing.T, systemd bool) {

libcontainer/rootfs_linux.go

@@ -22,9 +22,9 @@ import (
 	"golang.org/x/sys/unix"
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fs2"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/utils"
 )
 

libcontainer/specconv/spec_linux.go

@@ -15,8 +15,8 @@ import (
 	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
 	dbus "github.com/godbus/dbus/v5"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/internal/userns"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"

libcontainer/specconv/spec_linux_test.go

@@ -6,9 +6,9 @@ import (
 	"testing"
 
 	dbus "github.com/godbus/dbus/v5"
+	devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/configs/validate"
-	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
 )