Skip to content

chore(deps): bump github.com/moby/profiles/seccomp from 0.1.0 to 0.2.0 in the moby group across 1 directory#4098

Merged
dtrudg merged 1 commit intorelease-4.4from
dependabot/go_modules/release-4.4/moby-d68013e6ef
Apr 30, 2026
Merged

chore(deps): bump github.com/moby/profiles/seccomp from 0.1.0 to 0.2.0 in the moby group across 1 directory#4098
dtrudg merged 1 commit intorelease-4.4from
dependabot/go_modules/release-4.4/moby-d68013e6ef

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026
edited
Loading

Bumps the moby group with 1 update in the / directory: github.com/moby/profiles/seccomp.

Updates github.com/moby/profiles/seccomp from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/profiles/seccomp's releases.

apparmor v0.2.0

What's Changed

  • Use AppArmor ABI 3.0

    The AppArmor profile now explicitly sets the AppArmor ABI to 3.0 if available. In AppArmor ABI higher than 4.0, "network" no longer includes "network unix", resulting in access to unix sockets being denied. We use ABI 3.0 to account for some LTS distros that do not yet support ABI 4.0.

    See [AppArmor issue 361][1] and [containerd issue 12726][2].

  • Load AppArmor profile without using a temp-file

    When loading the default AppArmor profile, the InstallDefault function would write the generated profile to a temporary file. This was a historical artifact from [moby/moby@2f7596a][3] before which the profile would be persisted to disk (in /etc/apparmor.d).

    The temporary file was not necessary, because apparmor_parser also supports loading a profile from STDIN (see [apparmor_parser(8)][4]).

  • Fix whitespace handling for the current profile

    The InstallDefault function reads the profile for the current (daemon) process through /proc/self/attr/current, which includes a trailing newline which could be included in the generated profile, making it invalid. The trailing newline is now trimmed correctly.

    Also fix handling of whitespace as AppArmor profile names are allowed to contain spaces when quoted (see [apparmor.d(5)][5]). This is a correctness fix, as no code is currently known to be using AppArmor profile names containing spaces.

Other changes:

  • Apply copyright and licenses headers to source code.
  • apparmor: add test-coverage for InstallDefault, IsLoaded.
  • apparmor: fix whitespace handling in profile names.
  • apparmor: add tests for generated template
  • apparmor: add "header comment" and cleanup whitespace in generated profile.
  • apparmor: improve matching for /proc/<num>.
  • apparmor: use "filepath" instead of "path", and fix linting.
  • apparmor: align ptrace rule formatting and comment with containerd
  • ci: enable GitHub actions and linting.
  • ci: pin actions by sha.

Full Changelog: moby/profiles@apparmor/v0.1.0...apparmor/v0.2.0

... (truncated)

Commits
  • 027dbab Merge pull request #15 from thaJeztah/apparmor_no_tempfile
  • 8e7e1b1 apparmor: load profile without using tempfile
  • d0d1a95 Merge pull request #17 from thaJeztah/test_load
  • e2ac83a Merge pull request #16 from thaJeztah/cleanup_whitespacew
  • c4524a3 apparmor: fix whitespace handling in profile names
  • c3f0d57 apparmor: add test-coverage for InstallDefault, IsLoaded
  • 3d33685 Merge pull request #6 from yzewei/add-loong
  • 8a31106 feat(seccomp): Add support for LoongArch64 architecture
  • 78685f6 Merge pull request #14 from thaJeztah/conditional_abi
  • cca30d1 apparmor: Set abi conditionally
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 29, 2026
@dtrudg
Copy link
Copy Markdown
Member

dtrudg commented Apr 30, 2026

@dependabot rebase

@dependabot
chore(deps): bump github.com/moby/profiles/seccomp
43e6fc7 
Bumps the moby group with 1 update in the / directory: [github.com/moby/profiles/seccomp](https://github.com/moby/profiles).


Updates `github.com/moby/profiles/seccomp` from 0.1.0 to 0.2.0
- [Release notes](https://github.com/moby/profiles/releases)
- [Commits](moby/profiles@seccomp/v0.1.0...seccomp/v0.2.0)

---
updated-dependencies:
- dependency-name: github.com/moby/profiles/seccomp
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: moby
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump github.com/moby/profiles/seccomp from 0.1.0 to 0.2.0 in the moby group chore(deps): bump github.com/moby/profiles/seccomp from 0.1.0 to 0.2.0 in the moby group across 1 directory Apr 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-4.4/moby-d68013e6ef branch from e1f2143 to 43e6fc7 Compare April 30, 2026 08:20
@dtrudg dtrudg merged commit 23db697 into release-4.4 Apr 30, 2026
1 check passed
@dtrudg dtrudg deleted the dependabot/go_modules/release-4.4/moby-d68013e6ef branch April 30, 2026 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dtrudg dtrudg dtrudg approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dtrudg