runtime: cri-o annotations have been moved to podman

Let's swith to depending on podman which also simplies indirect
dependency on kubernetes components. And it helps to avoid cri-o
security issues like CVE-2022-1708 as well.

Fixes: #4972
Signed-off-by: Peng Tao <bergwolf@hyper.sh>

src/runtime/vendor/github.com/moby/sys/mountinfo/go.mod

@@ -2,4 +2,4 @@ module github.com/moby/sys/mountinfo
 
 go 1.16
 
-require golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
+require golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a

src/runtime/vendor/github.com/moby/sys/mountinfo/go.sum

@@ -1,2 +1,2 @@
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359 h1:2B5p2L5IfGiD7+b9BOoRMC6DgObAVZV+Fsp050NqXik=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

src/runtime/vendor/github.com/moby/sys/mountinfo/mounted_linux.go

@@ -7,6 +7,34 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// MountedFast is a method of detecting a mount point without reading
+// mountinfo from procfs. A caller can only trust the result if no error
+// and sure == true are returned. Otherwise, other methods (e.g. parsing
+// /proc/mounts) have to be used. If unsure, use Mounted instead (which
+// uses MountedFast, but falls back to parsing mountinfo if needed).
+//
+// If a non-existent path is specified, an appropriate error is returned.
+// In case the caller is not interested in this particular error, it should
+// be handled separately using e.g. errors.Is(err, fs.ErrNotExist).
+//
+// This function is only available on Linux. When available (since kernel
+// v5.6), openat2(2) syscall is used to reliably detect all mounts. Otherwise,
+// the implementation falls back to using stat(2), which can reliably detect
+// normal (but not bind) mounts.
+func MountedFast(path string) (mounted, sure bool, err error) {
+	// Root is always mounted.
+	if path == string(os.PathSeparator) {
+		return true, true, nil
+	}
+
+	path, err = normalizePath(path)
+	if err != nil {
+		return false, false, err
+	}
+	mounted, sure, err = mountedFast(path)
+	return
+}
+
 // mountedByOpenat2 is a method of detecting a mount that works for all kinds
 // of mounts (incl. bind mounts), but requires a recent (v5.6+) linux kernel.
 func mountedByOpenat2(path string) (bool, error) {
@@ -34,24 +62,40 @@ func mountedByOpenat2(path string) (bool, error) {
 	return false, &os.PathError{Op: "openat2", Path: path, Err: err}
 }
 
-func mounted(path string) (bool, error) {
-	path, err := normalizePath(path)
-	if err != nil {
-		return false, err
+// mountedFast is similar to MountedFast, except it expects a normalized path.
+func mountedFast(path string) (mounted, sure bool, err error) {
+	// Root is always mounted.
+	if path == string(os.PathSeparator) {
+		return true, true, nil
 	}
+
 	// Try a fast path, using openat2() with RESOLVE_NO_XDEV.
-	mounted, err := mountedByOpenat2(path)
+	mounted, err = mountedByOpenat2(path)
 	if err == nil {
-		return mounted, nil
+		return mounted, true, nil
 	}
+
 	// Another fast path: compare st.st_dev fields.
 	mounted, err = mountedByStat(path)
 	// This does not work for bind mounts, so false negative
 	// is possible, therefore only trust if return is true.
 	if mounted && err == nil {
+		return true, true, nil
+	}
+
+	return
+}
+
+func mounted(path string) (bool, error) {
+	path, err := normalizePath(path)
+	if err != nil {
+		return false, err
+	}
+	mounted, sure, err := mountedFast(path)
+	if sure && err == nil {
 		return mounted, nil
 	}
 
-	// Fallback to parsing mountinfo
+	// Fallback to parsing mountinfo.
 	return mountedByMountinfo(path)
 }

src/runtime/vendor/github.com/moby/sys/mountinfo/mounted_unix.go

@@ -1,10 +1,9 @@
-//go:build linux || (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo)
-// +build linux freebsd,cgo openbsd,cgo darwin,cgo
+//go:build linux || freebsd || openbsd || darwin
+// +build linux freebsd openbsd darwin
 
 package mountinfo
 
 import (
-	"fmt"
 	"os"
 	"path/filepath"
 
@@ -33,13 +32,13 @@ func mountedByStat(path string) (bool, error) {
 
 func normalizePath(path string) (realPath string, err error) {
 	if realPath, err = filepath.Abs(path); err != nil {
-		return "", fmt.Errorf("unable to get absolute path for %q: %w", path, err)
+		return "", err
 	}
 	if realPath, err = filepath.EvalSymlinks(realPath); err != nil {
-		return "", fmt.Errorf("failed to canonicalise path for %q: %w", path, err)
+		return "", err
 	}
 	if _, err := os.Stat(realPath); err != nil {
-		return "", fmt.Errorf("failed to stat target of %q: %w", path, err)
+		return "", err
 	}
 	return realPath, nil
 }

src/runtime/vendor/github.com/moby/sys/mountinfo/mountinfo.go

@@ -13,9 +13,9 @@ func GetMounts(f FilterFunc) ([]*Info, error) {
 // Mounted determines if a specified path is a mount point. In case of any
 // error, false (and an error) is returned.
 //
-// The non-existent path returns an error. If a caller is not interested
-// in this particular error, it should handle it separately using e.g.
-// errors.Is(err, os.ErrNotExist).
+// If a non-existent path is specified, an appropriate error is returned.
+// In case the caller is not interested in this particular error, it should
+// be handled separately using e.g. errors.Is(err, fs.ErrNotExist).
 func Mounted(path string) (bool, error) {
 	// root is always mounted
 	if path == string(os.PathSeparator) {

src/runtime/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go

@@ -1,53 +1,37 @@
-//go:build (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo)
-// +build freebsd,cgo openbsd,cgo darwin,cgo
+//go:build freebsd || openbsd || darwin
+// +build freebsd openbsd darwin
 
 package mountinfo
 
-/*
-#include <sys/param.h>
-#include <sys/ucred.h>
-#include <sys/mount.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"reflect"
-	"unsafe"
-)
+import "golang.org/x/sys/unix"
 
 // parseMountTable returns information about mounted filesystems
 func parseMountTable(filter FilterFunc) ([]*Info, error) {
-	var rawEntries *C.struct_statfs
-
-	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
-	if count == 0 {
-		return nil, fmt.Errorf("failed to call getmntinfo")
+	count, err := unix.Getfsstat(nil, unix.MNT_WAIT)
+	if err != nil {
+		return nil, err
 	}
 
-	var entries []C.struct_statfs
-	header := (*reflect.SliceHeader)(unsafe.Pointer(&entries))
-	header.Cap = count
-	header.Len = count
-	header.Data = uintptr(unsafe.Pointer(rawEntries))
+	entries := make([]unix.Statfs_t, count)
+	_, err = unix.Getfsstat(entries, unix.MNT_WAIT)
+	if err != nil {
+		return nil, err
+	}
 
 	var out []*Info
 	for _, entry := range entries {
-		var mountinfo Info
 		var skip, stop bool
-		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
-		mountinfo.FSType = C.GoString(&entry.f_fstypename[0])
-		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
+		mountinfo := getMountinfo(&entry)
 
 		if filter != nil {
 			// filter out entries we're not interested in
-			skip, stop = filter(&mountinfo)
+			skip, stop = filter(mountinfo)
 			if skip {
 				continue
 			}
 		}
 
-		out = append(out, &mountinfo)
+		out = append(out, mountinfo)
 		if stop {
 			break
 		}

src/runtime/vendor/github.com/moby/sys/mountinfo/mountinfo_freebsdlike.go

@@ -0,0 +1,14 @@
+//go:build freebsd || darwin
+// +build freebsd darwin
+
+package mountinfo
+
+import "golang.org/x/sys/unix"
+
+func getMountinfo(entry *unix.Statfs_t) *Info {
+	return &Info{
+		Mountpoint: unix.ByteSliceToString(entry.Mntonname[:]),
+		FSType:     unix.ByteSliceToString(entry.Fstypename[:]),
+		Source:     unix.ByteSliceToString(entry.Mntfromname[:]),
+	}
+}

src/runtime/vendor/github.com/moby/sys/mountinfo/mountinfo_openbsd.go

@@ -0,0 +1,11 @@
+package mountinfo
+
+import "golang.org/x/sys/unix"
+
+func getMountinfo(entry *unix.Statfs_t) *Info {
+	return &Info{
+		Mountpoint: unix.ByteSliceToString(entry.F_mntonname[:]),
+		FSType:     unix.ByteSliceToString(entry.F_fstypename[:]),
+		Source:     unix.ByteSliceToString(entry.F_mntfromname[:]),
+	}
+}

src/runtime/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go

@@ -1,5 +1,5 @@
-//go:build (!windows && !linux && !freebsd && !openbsd && !darwin) || (freebsd && !cgo) || (openbsd && !cgo) || (darwin && !cgo)
-// +build !windows,!linux,!freebsd,!openbsd,!darwin freebsd,!cgo openbsd,!cgo darwin,!cgo
+//go:build !windows && !linux && !freebsd && !openbsd && !darwin
+// +build !windows,!linux,!freebsd,!openbsd,!darwin
 
 package mountinfo