vendor: github.com/Microsoft/hcsshim v0.11.1

full diff: https://github.com/Microsoft/hcsshim/compare/v0.9.10...v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor.mod

@@ -14,7 +14,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
 	github.com/Graylog2/go-gelf v0.0.0-20191017102106-1550ee647df0
 	github.com/Microsoft/go-winio v0.6.1
-	github.com/Microsoft/hcsshim v0.9.10
+	github.com/Microsoft/hcsshim v0.11.1
 	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
 	github.com/aws/aws-sdk-go-v2 v1.17.6
 	github.com/aws/aws-sdk-go-v2/config v1.18.16

vendor.sum

@@ -79,37 +79,28 @@ github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/Azure/go-autorest v10.15.5+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
 github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
 github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
 github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM=
 github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
 github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
 github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
@@ -123,32 +114,18 @@ github.com/Graylog2/go-gelf v0.0.0-20191017102106-1550ee647df0/go.mod h1:fBaQWrf
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15-0.20200908182639-5b44b70ab3ab/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
 github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
 github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
 github.com/Microsoft/hcsshim v0.8.10/go.mod h1:g5uw8EV2mAlzqe94tfNBNdr89fnbD/n3HV0OhsddkmM=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.9.10 h1:TxXGNmcbQxBKVWvjvTocNb6jrPyeHlk5EiDhhgHgggs=
-github.com/Microsoft/hcsshim v0.9.10/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
+github.com/Microsoft/hcsshim v0.11.1 h1:hJ3s7GbWlGK4YVV92sO88BQSyF4ZLVy7/awqOlPxFbA=
+github.com/Microsoft/hcsshim v0.11.1/go.mod h1:nFJmaO4Zr5Y7eADdFOpYswDDlNVbvcIJJNJLECr5JQg=
 github.com/Microsoft/hcsshim/test v0.0.0-20200826032352-301c83a30e7c/go.mod h1:30A5igQ91GEmhYJF8TaRP79pMBOYynRsyOByfVV0dU4=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
@@ -172,7 +149,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -189,7 +165,6 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.15.90/go.mod h1:es1KtYUFs7le0xQ3rOihkuoVD90z7D0fR2Qm4S00/gU=
@@ -240,13 +215,11 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
@@ -259,7 +232,6 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bsphere/le_go v0.0.0-20200109081728-fc06dab2caa8 h1:fcONpniVVbh9+duVZYYbJuc+yGGdLRxTqpk7pTTz/qI=
 github.com/bsphere/le_go v0.0.0-20200109081728-fc06dab2caa8/go.mod h1:GrjfimWtH8h8EqJSfbO+sTQYV/fAjL/VN7dMeU8XP2Y=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
@@ -280,15 +252,11 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
 github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4=
 github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
@@ -317,132 +285,68 @@ github.com/container-orchestrated-devices/container-device-interface v0.6.1 h1:m
 github.com/container-orchestrated-devices/container-device-interface v0.6.1/go.mod h1:40T6oW59rFrL/ksiSs7q45GzjGlbvxnA4xaK6cyq+kA=
 github.com/container-storage-interface/spec v1.5.0 h1:lvKxe3uLgqQeVQcrnL2CPQKISoKjTJxojEs9cBk+HXo=
 github.com/container-storage-interface/spec v1.5.0/go.mod h1:8K96oQNkJ7pFcC2R9Z1ynGGBB1I93kcS6PGg3SsOk8s=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
 github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
 github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
 github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
 github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.4.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
 github.com/containerd/containerd v1.6.24 h1:HKF4bfN7WoCk+/n/hi3OrTKJlPWxZmeg1uVDRpEPlXA=
 github.com/containerd/containerd v1.6.24/go.mod h1:06DkIUikjOcYdqFgOXDwBHO+qR4/qfbMPQ9XxtAGs1c=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
 github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
 github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
 github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
 github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU=
 github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM=
 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
 github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
 github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
 github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gGleA=
 github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
 github.com/containerd/nydus-snapshotter v0.3.1 h1:b8WahTrPkt3XsabjG2o/leN4fw3HWZYr+qxo/Z8Mfzk=
 github.com/containerd/nydus-snapshotter v0.3.1/go.mod h1:+8R7NX7vrjlxAgtidnsstwIhpzyTlriYPssTxH++uiM=
 github.com/containerd/stargz-snapshotter v0.0.0-20201027054423-3a04e4c2c116/go.mod h1:o59b3PCKVAf9jjiKtCc/9hLAd+5p/rfhBfm6aBcTEr4=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
 github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
 github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs=
 github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak=
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
 github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
 github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
 github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
 github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible h1:8F3hqu9fGYLBifCmRCJsicFqDx/D68Rt3q1JMazcgBQ=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -468,10 +372,6 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -494,7 +394,6 @@ github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop
 github.com/docker/cli v20.10.0-beta1.0.20201029214301-1d20b15adc38+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
 github.com/docker/distribution v2.6.0-rc.1.0.20180327202408-83389a148052+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
@@ -507,7 +406,6 @@ github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatib
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
@@ -554,16 +452,13 @@ github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfb
 github.com/fluent/fluent-logger-golang v1.9.0 h1:zUdY44CHX2oIUc7VTNZc+4m+ORuO/mldQDA7czhWXEg=
 github.com/fluent/fluent-logger-golang v1.9.0/go.mod h1:2/HCT/jTy78yGyeNGQLGQsjF3zzzAuy6Xlk6FCMV5eU=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
@@ -624,8 +519,6 @@ github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2
 github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -637,14 +530,12 @@ github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.3.2/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/googleapis v1.4.1 h1:1Yx4Myt7BxzvUr5ldGSbwYiZG6t9wGBZ+8/fX3Wvtq0=
 github.com/gogo/googleapis v1.4.1/go.mod h1:2lpHqI5OcWCtVElxXnPt+s8oJvMpySlOyM6xDCrzib4=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -668,7 +559,6 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -724,8 +614,6 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -736,7 +624,6 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.0.0-20191010200024-a3d713f9b7f8/go.mod h1:KyKXa9ciM8+lgMXwOVsXi7UxGrsf9mM61Mzs+xKUrKE=
 github.com/google/go-containerregistry v0.1.2/go.mod h1:GPivBPgdAyd2SU+vf6EpsgOtWDuPqjW0hJZt4rNdTZ4=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -873,9 +760,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/in-toto/in-toto-golang v0.5.0 h1:hb8bgwr0M2hGdDsLjkJ3ZqJ8JFLL/tgYdAxF/XEFBbY=
@@ -886,7 +770,6 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
 github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2 h1:i2fYnDurfLlJH8AyyMOnkLHnHeP8Ff/DDpuZA/D3bPo=
 github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea/go.mod h1:QMdK4dGB3YhEW2BmA1wgGpPYI3HZy/5gD705PXKUVSg=
 github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
@@ -927,8 +810,6 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
@@ -939,7 +820,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -952,7 +832,6 @@ github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LE
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
 github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -978,15 +857,12 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
@@ -995,8 +871,6 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mistifyio/go-zfs/v3 v3.0.1 h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU=
 github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -1039,17 +913,14 @@ github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwK
 github.com/moby/sys/mountinfo v0.1.0/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
 github.com/moby/sys/mountinfo v0.1.3/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
 github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
 github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
 github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc=
 github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
 github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
@@ -1079,7 +950,6 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -1093,7 +963,6 @@ github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1102,14 +971,12 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@@ -1117,22 +984,14 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
 github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
 github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc10/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc92/go.mod h1:X1zlU4p7wOlX4+WRCz+hvlRv8phdL7UqbYD+vQwNMmE=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
 github.com/opencontainers/runc v1.1.9 h1:XR0VIHTGce5eWPkaPesqTBrhW2yAcaraWfsEalNwQLM=
 github.com/opencontainers/runc v1.1.9/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
 github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -1140,8 +999,6 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
 github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
@@ -1159,7 +1016,6 @@ github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144T
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
@@ -1222,7 +1078,6 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
@@ -1249,7 +1104,6 @@ github.com/ryancurrah/gomodguard v1.0.4/go.mod h1:9T/Cfuxs5StfsocWr4WzDL36HqnX0f
 github.com/ryancurrah/gomodguard v1.1.0/go.mod h1:4O8tr7hBODaGE6VIhfJDHcwzh5GUccKSJBU0UMXJFVM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
@@ -1271,7 +1125,6 @@ github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxr
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -1319,7 +1172,6 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1333,7 +1185,6 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
@@ -1345,7 +1196,6 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
 github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
@@ -1397,12 +1247,9 @@ github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV
 github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
 github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
 github.com/vdemeester/k8s-pkg-credentialprovider v1.17.4/go.mod h1:inCTmtUdr5KJbreVojo06krnTgaeAz/Z7lynpPk/Q2c=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
@@ -1412,11 +1259,10 @@ github.com/weppos/publicsuffix-go v0.13.1-0.20210123135404-5fd73613514e/go.mod h
 github.com/weppos/publicsuffix-go v0.15.1-0.20210511084619-b1f36a2d6c0b h1:FsyNrX12e5BkplJq7wKOLk0+C6LZ+KGXvuEcKUYm5ss=
 github.com/weppos/publicsuffix-go v0.15.1-0.20210511084619-b1f36a2d6c0b/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
 github.com/xanzy/go-gitlab v0.32.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
@@ -1448,7 +1294,6 @@ go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.6 h1:TXQWYceBKqLp4sa87rcPs11SXxUA/mHwH975v+BDvLU=
 go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
@@ -1460,7 +1305,6 @@ go.etcd.io/etcd/raft/v3 v3.5.6 h1:tOmx6Ym6rn2GpZOrvTGJZciJHek6RnC3U/zNInzIN50=
 go.etcd.io/etcd/raft/v3 v3.5.6/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0=
 go.etcd.io/etcd/server/v3 v3.5.6 h1:RXuwaB8AMiV62TqcqIt4O4bG8NWjsxOkDJVT3MZI5Ds=
 go.etcd.io/etcd/server/v3 v3.5.6/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.19.1/go.mod h1:gug0GbSHa8Pafr0d2urOSgoXHZ6x/RUlaiT0d9pqb4A=
@@ -1528,7 +1372,6 @@ gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
 golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1538,18 +1381,14 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
@@ -1599,7 +1438,6 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1639,15 +1477,12 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
@@ -1702,7 +1537,6 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1712,7 +1546,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1748,36 +1581,27 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200917073148-efd3b9a0ff20/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201013081832-0aaa2718063a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1811,7 +1635,6 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1882,15 +1705,11 @@ golang.org/x/tools v0.0.0-20200422022333-3d57cf2e726e/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
@@ -1949,7 +1768,6 @@ google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
@@ -1975,7 +1793,6 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
@@ -1989,14 +1806,12 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
@@ -2042,8 +1857,6 @@ gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
@@ -2065,7 +1878,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
@@ -2081,60 +1893,36 @@ honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 k8s.io/api v0.0.0-20180904230853-4e7be11eab3f/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA=
 k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
 k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
 k8s.io/apimachinery v0.0.0-20180904193909-def12e63c512/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0=
 k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
 k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
 k8s.io/apiserver v0.17.4/go.mod h1:5ZDQ6Xr5MNBxyi3iUZXS84QOhZl+W7Oq2us/29c0j9I=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
 k8s.io/client-go v0.0.0-20180910083459-2cefa64ff137/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
 k8s.io/client-go v0.17.4/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
 k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
 k8s.io/cloud-provider v0.17.4/go.mod h1:XEjKDzfD+b9MTLXQFlDGkk6Ho8SGMpaU8Uugx/KNK9U=
 k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
 k8s.io/component-base v0.17.4/go.mod h1:5BRqHMbbQPm2kKu35v3G+CpVq4K0RJKC7TRioF0I9lE=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
 k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
 k8s.io/csi-translation-lib v0.17.4/go.mod h1:CsxmjwxEI0tTNMzffIAcgR9lX4wOh6AKHdxQrT7L0oo=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kubernetes v1.11.10/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/legacy-cloud-providers v0.17.4/go.mod h1:FikRNoD64ECjkxO36gkDgJeiQWwyZTuBkhu+yxOc1Js=
 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
@@ -2150,13 +1938,9 @@ resenje.org/singleflight v0.4.0/go.mod h1:lAgQK7VfjG6/pgredbQfmV0RvG/uVhKo6vSuZ0
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/doc.go

@@ -0,0 +1,57 @@
+/*
+mkwinsyscall generates windows system call bodies
+
+It parses all files specified on command line containing function
+prototypes (like syscall_windows.go) and prints system call bodies
+to standard output.
+
+The prototypes are marked by lines beginning with "//sys" and read
+like func declarations if //sys is replaced by func, but:
+
+  - The parameter lists must give a name for each argument. This
+    includes return parameters.
+
+  - The parameter lists must give a type for each argument:
+    the (x, y, z int) shorthand is not allowed.
+
+  - If the return parameter is an error number, it must be named err.
+
+  - If go func name needs to be different from its winapi dll name,
+    the winapi name could be specified at the end, after "=" sign, like
+
+    //sys LoadLibrary(libname string) (handle uint32, err error) = LoadLibraryA
+
+  - Each function that returns err needs to supply a condition, that
+    return value of winapi will be tested against to detect failure.
+    This would set err to windows "last-error", otherwise it will be nil.
+    The value can be provided at end of //sys declaration, like
+
+    //sys LoadLibrary(libname string) (handle uint32, err error) [failretval==-1] = LoadLibraryA
+
+    and is [failretval==0] by default.
+
+  - If the function name ends in a "?", then the function not existing is non-
+    fatal, and an error will be returned instead of panicking.
+
+Usage:
+
+	mkwinsyscall [flags] [path ...]
+
+Flags
+
+	-output string
+	      Output file name (standard output if omitted).
+	-sort
+	      Sort DLL and function declarations (default true).
+	      Intended to help transition from  older versions of mkwinsyscall by making diffs
+	      easier to read and understand.
+	-systemdll
+	      Whether all DLLs should be loaded from the Windows system directory (default true).
+	-trace
+	      Generate print statement after every syscall.
+	-utf16
+	      Encode string arguments as UTF-16 for syscalls not ending in 'A' or 'W' (default true).
+	-winio
+	      Import this package ("github.com/Microsoft/go-winio").
+*/
+package main

vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go

@@ -0,0 +1,1059 @@
+//go:build windows
+
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"flag"
+	"fmt"
+	"go/format"
+	"go/parser"
+	"go/token"
+	"io"
+	"log"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"text/template"
+
+	"golang.org/x/sys/windows"
+)
+
+const (
+	pkgSyscall = "syscall"
+	pkgWindows = "windows"
+
+	// common types.
+
+	tBool    = "bool"
+	tBoolPtr = "*bool"
+	tError   = "error"
+	tString  = "string"
+
+	// error variable names.
+
+	varErr         = "err"
+	varErrNTStatus = "ntStatus"
+	varErrHR       = "hr"
+)
+
+var (
+	filename       = flag.String("output", "", "output file name (standard output if omitted)")
+	printTraceFlag = flag.Bool("trace", false, "generate print statement after every syscall")
+	systemDLL      = flag.Bool("systemdll", true, "whether all DLLs should be loaded from the Windows system directory")
+	winio          = flag.Bool("winio", false, `import this package ("github.com/Microsoft/go-winio")`)
+	utf16          = flag.Bool("utf16", true, "encode string arguments as UTF-16 for syscalls not ending in 'A' or 'W'")
+	sortdecls      = flag.Bool("sort", true, "sort DLL and function declarations")
+)
+
+func trim(s string) string {
+	return strings.Trim(s, " \t")
+}
+
+func endsIn(s string, c byte) bool {
+	return len(s) >= 1 && s[len(s)-1] == c
+}
+
+var packageName string
+
+func packagename() string {
+	return packageName
+}
+
+func windowsdot() string {
+	if packageName == pkgWindows {
+		return ""
+	}
+	return pkgWindows + "."
+}
+
+func syscalldot() string {
+	if packageName == pkgSyscall {
+		return ""
+	}
+	return pkgSyscall + "."
+}
+
+// Param is function parameter.
+type Param struct {
+	Name      string
+	Type      string
+	fn        *Fn
+	tmpVarIdx int
+}
+
+// tmpVar returns temp variable name that will be used to represent p during syscall.
+func (p *Param) tmpVar() string {
+	if p.tmpVarIdx < 0 {
+		p.tmpVarIdx = p.fn.curTmpVarIdx
+		p.fn.curTmpVarIdx++
+	}
+	return fmt.Sprintf("_p%d", p.tmpVarIdx)
+}
+
+// BoolTmpVarCode returns source code for bool temp variable.
+func (p *Param) BoolTmpVarCode() string {
+	const code = `var %[1]s uint32
+	if %[2]s {
+		%[1]s = 1
+	}`
+	return fmt.Sprintf(code, p.tmpVar(), p.Name)
+}
+
+// BoolPointerTmpVarCode returns source code for bool temp variable.
+func (p *Param) BoolPointerTmpVarCode() string {
+	const code = `var %[1]s uint32
+	if *%[2]s {
+		%[1]s = 1
+	}`
+	return fmt.Sprintf(code, p.tmpVar(), p.Name)
+}
+
+// SliceTmpVarCode returns source code for slice temp variable.
+func (p *Param) SliceTmpVarCode() string {
+	const code = `var %s *%s
+	if len(%s) > 0 {
+		%s = &%s[0]
+	}`
+	tmp := p.tmpVar()
+	return fmt.Sprintf(code, tmp, p.Type[2:], p.Name, tmp, p.Name)
+}
+
+// StringTmpVarCode returns source code for string temp variable.
+func (p *Param) StringTmpVarCode() string {
+	errvar := p.fn.Rets.ErrorVarName()
+	if errvar == "" {
+		errvar = "_"
+	}
+	tmp := p.tmpVar()
+	const code = `var %s %s
+	%s, %s = %s(%s)`
+	s := fmt.Sprintf(code, tmp, p.fn.StrconvType(), tmp, errvar, p.fn.StrconvFunc(), p.Name)
+	if errvar == "-" {
+		return s
+	}
+	const morecode = `
+	if %s != nil {
+		return
+	}`
+	return s + fmt.Sprintf(morecode, errvar)
+}
+
+// TmpVarCode returns source code for temp variable.
+func (p *Param) TmpVarCode() string {
+	switch {
+	case p.Type == tBool:
+		return p.BoolTmpVarCode()
+	case p.Type == tBoolPtr:
+		return p.BoolPointerTmpVarCode()
+	case strings.HasPrefix(p.Type, "[]"):
+		return p.SliceTmpVarCode()
+	default:
+		return ""
+	}
+}
+
+// TmpVarReadbackCode returns source code for reading back the temp variable into the original variable.
+func (p *Param) TmpVarReadbackCode() string {
+	switch {
+	case p.Type == tBoolPtr:
+		return fmt.Sprintf("*%s = %s != 0", p.Name, p.tmpVar())
+	default:
+		return ""
+	}
+}
+
+// TmpVarHelperCode returns source code for helper's temp variable.
+func (p *Param) TmpVarHelperCode() string {
+	if p.Type != "string" {
+		return ""
+	}
+	return p.StringTmpVarCode()
+}
+
+// SyscallArgList returns source code fragments representing p parameter
+// in syscall. Slices are translated into 2 syscall parameters: pointer to
+// the first element and length.
+func (p *Param) SyscallArgList() []string {
+	t := p.HelperType()
+	var s string
+	switch {
+	case t == tBoolPtr:
+		s = fmt.Sprintf("unsafe.Pointer(&%s)", p.tmpVar())
+	case t[0] == '*':
+		s = fmt.Sprintf("unsafe.Pointer(%s)", p.Name)
+	case t == tBool:
+		s = p.tmpVar()
+	case strings.HasPrefix(t, "[]"):
+		return []string{
+			fmt.Sprintf("uintptr(unsafe.Pointer(%s))", p.tmpVar()),
+			fmt.Sprintf("uintptr(len(%s))", p.Name),
+		}
+	default:
+		s = p.Name
+	}
+	return []string{fmt.Sprintf("uintptr(%s)", s)}
+}
+
+// IsError determines if p parameter is used to return error.
+func (p *Param) IsError() bool {
+	return p.Name == varErr && p.Type == tError
+}
+
+// HelperType returns type of parameter p used in helper function.
+func (p *Param) HelperType() string {
+	if p.Type == tString {
+		return p.fn.StrconvType()
+	}
+	return p.Type
+}
+
+// join concatenates parameters ps into a string with sep separator.
+// Each parameter is converted into string by applying fn to it
+// before conversion.
+func join(ps []*Param, fn func(*Param) string, sep string) string {
+	if len(ps) == 0 {
+		return ""
+	}
+	a := make([]string, 0)
+	for _, p := range ps {
+		a = append(a, fn(p))
+	}
+	return strings.Join(a, sep)
+}
+
+// Rets describes function return parameters.
+type Rets struct {
+	Name          string
+	Type          string
+	ReturnsError  bool
+	FailCond      string
+	fnMaybeAbsent bool
+}
+
+// ErrorVarName returns error variable name for r.
+func (r *Rets) ErrorVarName() string {
+	if r.ReturnsError {
+		return varErr
+	}
+	if r.Type == tError {
+		return r.Name
+	}
+	return ""
+}
+
+// ToParams converts r into slice of *Param.
+func (r *Rets) ToParams() []*Param {
+	ps := make([]*Param, 0)
+	if len(r.Name) > 0 {
+		ps = append(ps, &Param{Name: r.Name, Type: r.Type})
+	}
+	if r.ReturnsError {
+		ps = append(ps, &Param{Name: varErr, Type: tError})
+	}
+	return ps
+}
+
+// List returns source code of syscall return parameters.
+func (r *Rets) List() string {
+	s := join(r.ToParams(), func(p *Param) string { return p.Name + " " + p.Type }, ", ")
+	if len(s) > 0 {
+		s = "(" + s + ")"
+	} else if r.fnMaybeAbsent {
+		s = "(err error)"
+	}
+	return s
+}
+
+// PrintList returns source code of trace printing part correspondent
+// to syscall return values.
+func (r *Rets) PrintList() string {
+	return join(r.ToParams(), func(p *Param) string { return fmt.Sprintf(`"%s=", %s, `, p.Name, p.Name) }, `", ", `)
+}
+
+// SetReturnValuesCode returns source code that accepts syscall return values.
+func (r *Rets) SetReturnValuesCode() string {
+	if r.Name == "" && !r.ReturnsError {
+		return ""
+	}
+	retvar := "r0"
+	if r.Name == "" {
+		retvar = "r1"
+	}
+	errvar := "_"
+	if r.ReturnsError {
+		errvar = "e1"
+	}
+	return fmt.Sprintf("%s, _, %s := ", retvar, errvar)
+}
+
+func (r *Rets) useLongHandleErrorCode(retvar string) string {
+	const code = `if %s {
+		err = errnoErr(e1)
+	}`
+	cond := retvar + " == 0"
+	if r.FailCond != "" {
+		cond = strings.Replace(r.FailCond, "failretval", retvar, 1)
+	}
+	return fmt.Sprintf(code, cond)
+}
+
+// SetErrorCode returns source code that sets return parameters.
+func (r *Rets) SetErrorCode() string {
+	const code = `if r0 != 0 {
+		%s = %sErrno(r0)
+	}`
+	const ntStatus = `if r0 != 0 {
+		%s = %sNTStatus(r0)
+	}`
+	const hrCode = `if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		%s = %sErrno(r0)
+	}`
+
+	if r.Name == "" && !r.ReturnsError {
+		return ""
+	}
+	if r.Name == "" {
+		return r.useLongHandleErrorCode("r1")
+	}
+	if r.Type == tError {
+		switch r.Name {
+		case varErrNTStatus, strings.ToLower(varErrNTStatus): // allow ntstatus to work
+			return fmt.Sprintf(ntStatus, r.Name, windowsdot())
+		case varErrHR:
+			return fmt.Sprintf(hrCode, r.Name, syscalldot())
+		default:
+			return fmt.Sprintf(code, r.Name, syscalldot())
+		}
+	}
+
+	var s string
+	switch {
+	case r.Type[0] == '*':
+		s = fmt.Sprintf("%s = (%s)(unsafe.Pointer(r0))", r.Name, r.Type)
+	case r.Type == tBool:
+		s = fmt.Sprintf("%s = r0 != 0", r.Name)
+	default:
+		s = fmt.Sprintf("%s = %s(r0)", r.Name, r.Type)
+	}
+	if !r.ReturnsError {
+		return s
+	}
+	return s + "\n\t" + r.useLongHandleErrorCode(r.Name)
+}
+
+// Fn describes syscall function.
+type Fn struct {
+	Name        string
+	Params      []*Param
+	Rets        *Rets
+	PrintTrace  bool
+	dllname     string
+	dllfuncname string
+	src         string
+	// TODO: get rid of this field and just use parameter index instead
+	curTmpVarIdx int // insure tmp variables have uniq names
+}
+
+// extractParams parses s to extract function parameters.
+func extractParams(s string, f *Fn) ([]*Param, error) {
+	s = trim(s)
+	if s == "" {
+		return nil, nil
+	}
+	a := strings.Split(s, ",")
+	ps := make([]*Param, len(a))
+	for i := range ps {
+		s2 := trim(a[i])
+		b := strings.Split(s2, " ")
+		if len(b) != 2 {
+			b = strings.Split(s2, "\t")
+			if len(b) != 2 {
+				return nil, errors.New("Could not extract function parameter from \"" + s2 + "\"")
+			}
+		}
+		ps[i] = &Param{
+			Name:      trim(b[0]),
+			Type:      trim(b[1]),
+			fn:        f,
+			tmpVarIdx: -1,
+		}
+	}
+	return ps, nil
+}
+
+// extractSection extracts text out of string s starting after start
+// and ending just before end. found return value will indicate success,
+// and prefix, body and suffix will contain correspondent parts of string s.
+func extractSection(s string, start, end rune) (prefix, body, suffix string, found bool) {
+	s = trim(s)
+	if strings.HasPrefix(s, string(start)) {
+		// no prefix
+		body = s[1:]
+	} else {
+		a := strings.SplitN(s, string(start), 2)
+		if len(a) != 2 {
+			return "", "", s, false
+		}
+		prefix = a[0]
+		body = a[1]
+	}
+	a := strings.SplitN(body, string(end), 2)
+	if len(a) != 2 {
+		return "", "", "", false
+	}
+	return prefix, a[0], a[1], true
+}
+
+// newFn parses string s and return created function Fn.
+func newFn(s string) (*Fn, error) {
+	s = trim(s)
+	f := &Fn{
+		Rets:       &Rets{},
+		src:        s,
+		PrintTrace: *printTraceFlag,
+	}
+	// function name and args
+	prefix, body, s, found := extractSection(s, '(', ')')
+	if !found || prefix == "" {
+		return nil, errors.New("Could not extract function name and parameters from \"" + f.src + "\"")
+	}
+	f.Name = prefix
+	var err error
+	f.Params, err = extractParams(body, f)
+	if err != nil {
+		return nil, err
+	}
+	// return values
+	_, body, s, found = extractSection(s, '(', ')')
+	if found {
+		r, err := extractParams(body, f)
+		if err != nil {
+			return nil, err
+		}
+		switch len(r) {
+		case 0:
+		case 1:
+			if r[0].IsError() {
+				f.Rets.ReturnsError = true
+			} else {
+				f.Rets.Name = r[0].Name
+				f.Rets.Type = r[0].Type
+			}
+		case 2:
+			if !r[1].IsError() {
+				return nil, errors.New("Only last windows error is allowed as second return value in \"" + f.src + "\"")
+			}
+			f.Rets.ReturnsError = true
+			f.Rets.Name = r[0].Name
+			f.Rets.Type = r[0].Type
+		default:
+			return nil, errors.New("Too many return values in \"" + f.src + "\"")
+		}
+	}
+	// fail condition
+	_, body, s, found = extractSection(s, '[', ']')
+	if found {
+		f.Rets.FailCond = body
+	}
+	// dll and dll function names
+	s = trim(s)
+	if s == "" {
+		return f, nil
+	}
+	if !strings.HasPrefix(s, "=") {
+		return nil, errors.New("Could not extract dll name from \"" + f.src + "\"")
+	}
+	s = trim(s[1:])
+	if i := strings.LastIndex(s, "."); i >= 0 {
+		f.dllname = s[:i]
+		f.dllfuncname = s[i+1:]
+	} else {
+		f.dllfuncname = s
+	}
+	if f.dllfuncname == "" {
+		return nil, fmt.Errorf("function name is not specified in %q", s)
+	}
+	if n := f.dllfuncname; endsIn(n, '?') {
+		f.dllfuncname = n[:len(n)-1]
+		f.Rets.fnMaybeAbsent = true
+	}
+	return f, nil
+}
+
+// DLLName returns DLL name for function f.
+func (f *Fn) DLLName() string {
+	if f.dllname == "" {
+		return "kernel32"
+	}
+	return f.dllname
+}
+
+// DLLVar returns a valid Go identifier that represents DLLName.
+func (f *Fn) DLLVar() string {
+	id := strings.Map(func(r rune) rune {
+		switch r {
+		case '.', '-':
+			return '_'
+		default:
+			return r
+		}
+	}, f.DLLName())
+	if !token.IsIdentifier(id) {
+		panic(fmt.Errorf("could not create Go identifier for DLLName %q", f.DLLName()))
+	}
+	return id
+}
+
+// DLLFuncName returns DLL function name for function f.
+func (f *Fn) DLLFuncName() string {
+	if f.dllfuncname == "" {
+		return f.Name
+	}
+	return f.dllfuncname
+}
+
+// ParamList returns source code for function f parameters.
+func (f *Fn) ParamList() string {
+	return join(f.Params, func(p *Param) string { return p.Name + " " + p.Type }, ", ")
+}
+
+// HelperParamList returns source code for helper function f parameters.
+func (f *Fn) HelperParamList() string {
+	return join(f.Params, func(p *Param) string { return p.Name + " " + p.HelperType() }, ", ")
+}
+
+// ParamPrintList returns source code of trace printing part correspondent
+// to syscall input parameters.
+func (f *Fn) ParamPrintList() string {
+	return join(f.Params, func(p *Param) string { return fmt.Sprintf(`"%s=", %s, `, p.Name, p.Name) }, `", ", `)
+}
+
+// ParamCount return number of syscall parameters for function f.
+func (f *Fn) ParamCount() int {
+	n := 0
+	for _, p := range f.Params {
+		n += len(p.SyscallArgList())
+	}
+	return n
+}
+
+// SyscallParamCount determines which version of Syscall/Syscall6/Syscall9/...
+// to use. It returns parameter count for correspondent SyscallX function.
+func (f *Fn) SyscallParamCount() int {
+	n := f.ParamCount()
+	switch {
+	case n <= 3:
+		return 3
+	case n <= 6:
+		return 6
+	case n <= 9:
+		return 9
+	case n <= 12:
+		return 12
+	case n <= 15:
+		return 15
+	default:
+		panic("too many arguments to system call")
+	}
+}
+
+// Syscall determines which SyscallX function to use for function f.
+func (f *Fn) Syscall() string {
+	c := f.SyscallParamCount()
+	if c == 3 {
+		return syscalldot() + "Syscall"
+	}
+	return syscalldot() + "Syscall" + strconv.Itoa(c)
+}
+
+// SyscallParamList returns source code for SyscallX parameters for function f.
+func (f *Fn) SyscallParamList() string {
+	a := make([]string, 0)
+	for _, p := range f.Params {
+		a = append(a, p.SyscallArgList()...)
+	}
+	for len(a) < f.SyscallParamCount() {
+		a = append(a, "0")
+	}
+	return strings.Join(a, ", ")
+}
+
+// HelperCallParamList returns source code of call into function f helper.
+func (f *Fn) HelperCallParamList() string {
+	a := make([]string, 0, len(f.Params))
+	for _, p := range f.Params {
+		s := p.Name
+		if p.Type == tString {
+			s = p.tmpVar()
+		}
+		a = append(a, s)
+	}
+	return strings.Join(a, ", ")
+}
+
+// MaybeAbsent returns source code for handling functions that are possibly unavailable.
+func (f *Fn) MaybeAbsent() string {
+	if !f.Rets.fnMaybeAbsent {
+		return ""
+	}
+	const code = `%[1]s = proc%[2]s.Find()
+	if %[1]s != nil {
+		return
+	}`
+	errorVar := f.Rets.ErrorVarName()
+	if errorVar == "" {
+		errorVar = varErr
+	}
+	return fmt.Sprintf(code, errorVar, f.DLLFuncName())
+}
+
+// IsUTF16 is true, if f is W (UTF-16) function and false for all A (ASCII) functions.
+// Functions ending in neither will default to UTF-16, unless the `-utf16` flag is set
+// to `false`.
+func (f *Fn) IsUTF16() bool {
+	s := f.DLLFuncName()
+	return endsIn(s, 'W') || (*utf16 && !endsIn(s, 'A'))
+}
+
+// StrconvFunc returns name of Go string to OS string function for f.
+func (f *Fn) StrconvFunc() string {
+	if f.IsUTF16() {
+		return syscalldot() + "UTF16PtrFromString"
+	}
+	return syscalldot() + "BytePtrFromString"
+}
+
+// StrconvType returns Go type name used for OS string for f.
+func (f *Fn) StrconvType() string {
+	if f.IsUTF16() {
+		return "*uint16"
+	}
+	return "*byte"
+}
+
+// HasStringParam is true, if f has at least one string parameter.
+// Otherwise it is false.
+func (f *Fn) HasStringParam() bool {
+	for _, p := range f.Params {
+		if p.Type == tString {
+			return true
+		}
+	}
+	return false
+}
+
+// HelperName returns name of function f helper.
+func (f *Fn) HelperName() string {
+	if !f.HasStringParam() {
+		return f.Name
+	}
+	return "_" + f.Name
+}
+
+// DLL is a DLL's filename and a string that is valid in a Go identifier that should be used when
+// naming a variable that refers to the DLL.
+type DLL struct {
+	Name string
+	Var  string
+}
+
+// Source files and functions.
+type Source struct {
+	Funcs           []*Fn
+	DLLFuncNames    []*Fn
+	Files           []string
+	StdLibImports   []string
+	ExternalImports []string
+}
+
+func (src *Source) Import(pkg string) {
+	src.StdLibImports = append(src.StdLibImports, pkg)
+	sort.Strings(src.StdLibImports)
+}
+
+func (src *Source) ExternalImport(pkg string) {
+	src.ExternalImports = append(src.ExternalImports, pkg)
+	sort.Strings(src.ExternalImports)
+}
+
+// ParseFiles parses files listed in fs and extracts all syscall
+// functions listed in sys comments. It returns source files
+// and functions collection *Source if successful.
+func ParseFiles(fs []string) (*Source, error) {
+	src := &Source{
+		Funcs: make([]*Fn, 0),
+		Files: make([]string, 0),
+		StdLibImports: []string{
+			"unsafe",
+		},
+		ExternalImports: make([]string, 0),
+	}
+	for _, file := range fs {
+		if err := src.ParseFile(file); err != nil {
+			return nil, err
+		}
+	}
+	src.DLLFuncNames = make([]*Fn, 0, len(src.Funcs))
+	uniq := make(map[string]bool, len(src.Funcs))
+	for _, fn := range src.Funcs {
+		name := fn.DLLFuncName()
+		if !uniq[name] {
+			src.DLLFuncNames = append(src.DLLFuncNames, fn)
+			uniq[name] = true
+		}
+	}
+	return src, nil
+}
+
+// DLLs return dll names for a source set src.
+func (src *Source) DLLs() []DLL {
+	uniq := make(map[string]bool)
+	r := make([]DLL, 0)
+	for _, f := range src.Funcs {
+		id := f.DLLVar()
+		if _, found := uniq[id]; !found {
+			uniq[id] = true
+			r = append(r, DLL{f.DLLName(), id})
+		}
+	}
+	if *sortdecls {
+		sort.Slice(r, func(i, j int) bool {
+			return r[i].Var < r[j].Var
+		})
+	}
+	return r
+}
+
+// ParseFile adds additional file (or files, if path is a glob pattern) path to a source set src.
+func (src *Source) ParseFile(path string) error {
+	file, err := os.Open(path)
+	if err == nil {
+		defer file.Close()
+		return src.parseFile(file)
+	} else if !(errors.Is(err, os.ErrNotExist) || errors.Is(err, windows.ERROR_INVALID_NAME)) {
+		return err
+	}
+
+	paths, err := filepath.Glob(path)
+	if err != nil {
+		return err
+	}
+
+	for _, path := range paths {
+		file, err := os.Open(path)
+		if err != nil {
+			return err
+		}
+		err = src.parseFile(file)
+		file.Close()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (src *Source) parseFile(file *os.File) error {
+	s := bufio.NewScanner(file)
+	for s.Scan() {
+		t := trim(s.Text())
+		if len(t) < 7 {
+			continue
+		}
+		if !strings.HasPrefix(t, "//sys") {
+			continue
+		}
+		t = t[5:]
+		if !(t[0] == ' ' || t[0] == '\t') {
+			continue
+		}
+		f, err := newFn(t[1:])
+		if err != nil {
+			return err
+		}
+		src.Funcs = append(src.Funcs, f)
+	}
+	if err := s.Err(); err != nil {
+		return err
+	}
+	src.Files = append(src.Files, file.Name())
+	if *sortdecls {
+		sort.Slice(src.Funcs, func(i, j int) bool {
+			fi, fj := src.Funcs[i], src.Funcs[j]
+			if fi.DLLName() == fj.DLLName() {
+				return fi.DLLFuncName() < fj.DLLFuncName()
+			}
+			return fi.DLLName() < fj.DLLName()
+		})
+	}
+
+	// get package name
+	fset := token.NewFileSet()
+	_, err := file.Seek(0, 0)
+	if err != nil {
+		return err
+	}
+	pkg, err := parser.ParseFile(fset, "", file, parser.PackageClauseOnly)
+	if err != nil {
+		return err
+	}
+	packageName = pkg.Name.Name
+
+	return nil
+}
+
+// IsStdRepo reports whether src is part of standard library.
+func (src *Source) IsStdRepo() (bool, error) {
+	if len(src.Files) == 0 {
+		return false, errors.New("no input files provided")
+	}
+	abspath, err := filepath.Abs(src.Files[0])
+	if err != nil {
+		return false, err
+	}
+	goroot := runtime.GOROOT()
+	if runtime.GOOS == "windows" {
+		abspath = strings.ToLower(abspath)
+		goroot = strings.ToLower(goroot)
+	}
+	sep := string(os.PathSeparator)
+	if !strings.HasSuffix(goroot, sep) {
+		goroot += sep
+	}
+	return strings.HasPrefix(abspath, goroot), nil
+}
+
+// Generate output source file from a source set src.
+func (src *Source) Generate(w io.Writer) error {
+	const (
+		pkgStd         = iota // any package in std library
+		pkgXSysWindows        // x/sys/windows package
+		pkgOther
+	)
+	isStdRepo, err := src.IsStdRepo()
+	if err != nil {
+		return err
+	}
+	var pkgtype int
+	switch {
+	case isStdRepo:
+		pkgtype = pkgStd
+	case packageName == "windows":
+		// TODO: this needs better logic than just using package name
+		pkgtype = pkgXSysWindows
+	default:
+		pkgtype = pkgOther
+	}
+	if *systemDLL {
+		switch pkgtype {
+		case pkgStd:
+			src.Import("internal/syscall/windows/sysdll")
+		case pkgXSysWindows:
+		default:
+			src.ExternalImport("golang.org/x/sys/windows")
+		}
+	}
+	if *winio {
+		src.ExternalImport("github.com/Microsoft/go-winio")
+	}
+	if packageName != "syscall" {
+		src.Import("syscall")
+	}
+	funcMap := template.FuncMap{
+		"packagename": packagename,
+		"syscalldot":  syscalldot,
+		"newlazydll": func(dll string) string {
+			arg := "\"" + dll + ".dll\""
+			if !*systemDLL {
+				return syscalldot() + "NewLazyDLL(" + arg + ")"
+			}
+			if strings.HasPrefix(dll, "api_") || strings.HasPrefix(dll, "ext_") {
+				arg = strings.Replace(arg, "_", "-", -1)
+			}
+			switch pkgtype {
+			case pkgStd:
+				return syscalldot() + "NewLazyDLL(sysdll.Add(" + arg + "))"
+			case pkgXSysWindows:
+				return "NewLazySystemDLL(" + arg + ")"
+			default:
+				return "windows.NewLazySystemDLL(" + arg + ")"
+			}
+		},
+	}
+	t := template.Must(template.New("main").Funcs(funcMap).Parse(srcTemplate))
+	err = t.Execute(w, src)
+	if err != nil {
+		return errors.New("Failed to execute template: " + err.Error())
+	}
+	return nil
+}
+
+func writeTempSourceFile(data []byte) (string, error) {
+	f, err := os.CreateTemp("", "mkwinsyscall-generated-*.go")
+	if err != nil {
+		return "", err
+	}
+	_, err = f.Write(data)
+	if closeErr := f.Close(); err == nil {
+		err = closeErr
+	}
+	if err != nil {
+		os.Remove(f.Name()) // best effort
+		return "", err
+	}
+	return f.Name(), nil
+}
+
+func usage() {
+	fmt.Fprintf(os.Stderr, "usage: mkwinsyscall [flags] [path ...]\n")
+	flag.PrintDefaults()
+	os.Exit(1)
+}
+
+func main() {
+	flag.Usage = usage
+	flag.Parse()
+	if len(flag.Args()) <= 0 {
+		fmt.Fprintf(os.Stderr, "no files to parse provided\n")
+		usage()
+	}
+
+	src, err := ParseFiles(flag.Args())
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var buf bytes.Buffer
+	if err := src.Generate(&buf); err != nil {
+		log.Fatal(err)
+	}
+
+	data, err := format.Source(buf.Bytes())
+	if err != nil {
+		log.Printf("failed to format source: %v", err)
+		f, err := writeTempSourceFile(buf.Bytes())
+		if err != nil {
+			log.Fatalf("failed to write unformatted source to file: %v", err)
+		}
+		log.Fatalf("for diagnosis, wrote unformatted source to %v", f)
+	}
+	if *filename == "" {
+		_, err = os.Stdout.Write(data)
+	} else {
+		//nolint:gosec // G306: code file, no need for wants 0600
+		err = os.WriteFile(*filename, data, 0644)
+	}
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+// TODO: use println instead to print in the following template
+
+const srcTemplate = `
+{{define "main"}} //go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package {{packagename}}
+
+import (
+{{range .StdLibImports}}"{{.}}"
+{{end}}
+
+{{range .ExternalImports}}"{{.}}"
+{{end}}
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+	errnoERROR_IO_PENDING = 997
+)
+
+var (
+	errERROR_IO_PENDING error = {{syscalldot}}Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL error     = {{syscalldot}}EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e {{syscalldot}}Errno) error {
+	switch e {
+	case 0:
+		return errERROR_EINVAL
+	case errnoERROR_IO_PENDING:
+		return errERROR_IO_PENDING
+	}
+	// TODO: add more here, after collecting data on the common
+	// error values see on Windows. (perhaps when running
+	// all.bat?)
+	return e
+}
+
+var (
+{{template "dlls" .}}
+{{template "funcnames" .}})
+{{range .Funcs}}{{if .HasStringParam}}{{template "helperbody" .}}{{end}}{{template "funcbody" .}}{{end}}
+{{end}}
+
+{{/* help functions */}}
+
+{{define "dlls"}}{{range .DLLs}}	mod{{.Var}} = {{newlazydll .Name}}
+{{end}}{{end}}
+
+{{define "funcnames"}}{{range .DLLFuncNames}}	proc{{.DLLFuncName}} = mod{{.DLLVar}}.NewProc("{{.DLLFuncName}}")
+{{end}}{{end}}
+
+{{define "helperbody"}}
+func {{.Name}}({{.ParamList}}) {{template "results" .}}{
+{{template "helpertmpvars" .}}	return {{.HelperName}}({{.HelperCallParamList}})
+}
+{{end}}
+
+{{define "funcbody"}}
+func {{.HelperName}}({{.HelperParamList}}) {{template "results" .}}{
+{{template "maybeabsent" .}}	{{template "tmpvars" .}}	{{template "syscall" .}}	{{template "tmpvarsreadback" .}}
+{{template "seterror" .}}{{template "printtrace" .}}	return
+}
+{{end}}
+
+{{define "helpertmpvars"}}{{range .Params}}{{if .TmpVarHelperCode}}	{{.TmpVarHelperCode}}
+{{end}}{{end}}{{end}}
+
+{{define "maybeabsent"}}{{if .MaybeAbsent}}{{.MaybeAbsent}}
+{{end}}{{end}}
+
+{{define "tmpvars"}}{{range .Params}}{{if .TmpVarCode}}	{{.TmpVarCode}}
+{{end}}{{end}}{{end}}
+
+{{define "results"}}{{if .Rets.List}}{{.Rets.List}} {{end}}{{end}}
+
+{{define "syscall"}}{{.Rets.SetReturnValuesCode}}{{.Syscall}}(proc{{.DLLFuncName}}.Addr(), {{.ParamCount}}, {{.SyscallParamList}}){{end}}
+
+{{define "tmpvarsreadback"}}{{range .Params}}{{if .TmpVarReadbackCode}}
+{{.TmpVarReadbackCode}}{{end}}{{end}}{{end}}
+
+{{define "seterror"}}{{if .Rets.SetErrorCode}}	{{.Rets.SetErrorCode}}
+{{end}}{{end}}
+
+{{define "printtrace"}}{{if .PrintTrace}}	print("SYSCALL: {{.Name}}(", {{.ParamPrintList}}") (", {{.Rets.PrintList}}")\n")
+{{end}}{{end}}
+
+`

vendor/github.com/Microsoft/hcsshim/.gitattributes

@@ -1 +1,3 @@
-* text=auto eol=lf
+* text=auto eol=lf
+vendor/** -text
+test/vendor/** -text

vendor/github.com/Microsoft/hcsshim/.gitignore

@@ -6,6 +6,7 @@
 
 # Ignore vscode setting files
 .vscode/
+.idea/
 
 # Test binary, build with `go test -c`
 *.test
@@ -23,16 +24,26 @@ service/pkg/
 *.img
 *.vhd
 *.tar.gz
+*.tar
 
 # Make stuff
 .rootfs-done
 bin/*
 rootfs/*
+rootfs-conv/*
 *.o
 /build/
 
 deps/*
 out/*
 
-.idea/
-.vscode/
+# test results
+test/results
+
+# go workspace files
+go.work
+go.work.sum
+
+# keys and related artifacts
+*.pem
+*.cose

vendor/github.com/Microsoft/hcsshim/.golangci.yml

@@ -1,23 +1,51 @@
 run:
   timeout: 8m
+  tests: true
+  build-tags:
+    - admin
+    - functional
+    - integration
+  skip-dirs:
+    # paths are relative to module root
+    - cri-containerd/test-images
 
 linters:
   enable:
-    - stylecheck
+    # defaults:
+    # - errcheck
+    # - gosimple
+    # - govet
+    # - ineffassign
+    # - staticcheck
+    # - typecheck
+    # - unused
+
+    - gofmt # whether code was gofmt-ed
+    - nolintlint # ill-formed or insufficient nolint directives
+    - stylecheck # golint replacement
+    - thelper #  test helpers without t.Helper()
 
 linters-settings:
   stylecheck:
     # https://staticcheck.io/docs/checks
     checks: ["all"]
 
-
 issues:
-  # This repo has a LOT of generated schema files, operating system bindings, and other things that ST1003 from stylecheck won't like
-  # (screaming case Windows api constants for example). There's also some structs that we *could* change the initialisms to be Go
-  # friendly (Id -> ID) but they're exported and it would be a breaking change. This makes it so that most new code, code that isn't
-  # supposed to be a pretty faithful mapping to an OS call/constants, or non-generated code still checks if we're following idioms,
-  # while ignoring the things that are just noise or would be more of a hassle than it'd be worth to change.
   exclude-rules:
+    # path is relative to module root, which is ./test/
+    - path: cri-containerd
+      linters:
+        - stylecheck
+      text: "^ST1003: should not use underscores in package names$"
+      source: "^package cri_containerd$"
+
+    # This repo has a LOT of generated schema files, operating system bindings, and other
+    # things that ST1003 from stylecheck won't like (screaming case Windows api constants for example).
+    # There's also some structs that we *could* change the initialisms to be Go friendly
+    # (Id -> ID) but they're exported and it would be a breaking change.
+    # This makes it so that most new code, code that isn't supposed to be a pretty faithful
+    # mapping to an OS call/constants, or non-generated code still checks if we're following idioms,
+    # while ignoring the things that are just noise or would be more of a hassle than it'd be worth to change.
     - path: layer.go
       linters:
         - stylecheck
@@ -28,11 +56,21 @@ issues:
         - stylecheck
       Text: "ST1003:"
 
-    - path: internal\\hcs\\schema2\\
+    - path: cmd\\ncproxy\\nodenetsvc\\
+      linters:
+        - stylecheck
+      Text: "ST1003:"
+
+    - path: cmd\\ncproxy_mock\\
       linters:
         - stylecheck
       Text: "ST1003:"
 
+    - path: internal\\hcs\\schema2\\
+      linters:
+        - stylecheck
+        - gofmt
+
     - path: internal\\wclayer\\
       linters:
         - stylecheck
@@ -96,4 +134,4 @@ issues:
     - path: internal\\hcserror\\
       linters:
         - stylecheck
-      Text: "ST1003:"
+      Text: "ST1003:"

vendor/github.com/Microsoft/hcsshim/Makefile

@@ -1,4 +1,5 @@
 BASE:=base.tar.gz
+DEV_BUILD:=0
 
 GO:=go
 GO_FLAGS:=-ldflags "-s -w" # strip Go binaries
@@ -12,16 +13,31 @@ GO_FLAGS_EXTRA:=
 ifeq "$(GOMODVENDOR)" "1"
 GO_FLAGS_EXTRA += -mod=vendor
 endif
+GO_BUILD_TAGS:=
+ifneq ($(strip $(GO_BUILD_TAGS)),)
+GO_FLAGS_EXTRA += -tags="$(GO_BUILD_TAGS)"
+endif
 GO_BUILD:=CGO_ENABLED=$(CGO_ENABLED) $(GO) build $(GO_FLAGS) $(GO_FLAGS_EXTRA)
 
 SRCROOT=$(dir $(abspath $(firstword $(MAKEFILE_LIST))))
+# additional directories to search for rule prerequisites and targets
+VPATH=$(SRCROOT)
+
+DELTA_TARGET=out/delta.tar.gz
+
+ifeq "$(DEV_BUILD)" "1"
+DELTA_TARGET=out/delta-dev.tar.gz
+endif
 
 # The link aliases for gcstools
 GCS_TOOLS=\
-	generichook
+	generichook \
+	install-drivers
 
 .PHONY: all always rootfs test
 
+.DEFAULT_GOAL := all
+
 all: out/initrd.img out/rootfs.tar.gz
 
 clean:
@@ -29,21 +45,13 @@ clean:
 	rm -rf bin deps rootfs out
 
 test:
-	cd $(SRCROOT) && go test -v ./internal/guest/...
+	cd $(SRCROOT) && $(GO) test -v ./internal/guest/...
 
-out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools Makefile
-	@mkdir -p out
-	rm -rf rootfs
-	mkdir -p rootfs/bin/
-	cp bin/init rootfs/
-	cp bin/vsockexec rootfs/bin/
-	cp bin/cmd/gcs rootfs/bin/
-	cp bin/cmd/gcstools rootfs/bin/
-	for tool in $(GCS_TOOLS); do ln -s gcstools rootfs/bin/$$tool; done
-	git -C $(SRCROOT) rev-parse HEAD > rootfs/gcs.commit && \
-	git -C $(SRCROOT) rev-parse --abbrev-ref HEAD > rootfs/gcs.branch
-	tar -zcf $@ -C rootfs .
-	rm -rf rootfs
+rootfs: out/rootfs.vhd
+
+out/rootfs.vhd: out/rootfs.tar.gz bin/cmd/tar2ext4
+	gzip -f -d ./out/rootfs.tar.gz
+	bin/cmd/tar2ext4 -vhd -i ./out/rootfs.tar -o $@
 
 out/rootfs.tar.gz: out/initrd.img
 	rm -rf rootfs-conv
@@ -52,27 +60,43 @@ out/rootfs.tar.gz: out/initrd.img
 	tar -zcf $@ -C rootfs-conv .
 	rm -rf rootfs-conv
 
-out/initrd.img: $(BASE) out/delta.tar.gz $(SRCROOT)/hack/catcpio.sh
-	$(SRCROOT)/hack/catcpio.sh "$(BASE)" out/delta.tar.gz > out/initrd.img.uncompressed
+out/initrd.img: $(BASE) $(DELTA_TARGET) $(SRCROOT)/hack/catcpio.sh
+	$(SRCROOT)/hack/catcpio.sh "$(BASE)" $(DELTA_TARGET) > out/initrd.img.uncompressed
 	gzip -c out/initrd.img.uncompressed > $@
 	rm out/initrd.img.uncompressed
 
--include deps/cmd/gcs.gomake
--include deps/cmd/gcstools.gomake
+# This target includes utilities which may be useful for testing purposes.
+out/delta-dev.tar.gz: out/delta.tar.gz bin/internal/tools/snp-report
+	rm -rf rootfs-dev
+	mkdir rootfs-dev
+	tar -xzf out/delta.tar.gz -C rootfs-dev
+	cp bin/internal/tools/snp-report rootfs-dev/bin/
+	tar -zcf $@ -C rootfs-dev .
+	rm -rf rootfs-dev
 
-# Implicit rule for includes that define Go targets.
-%.gomake: $(SRCROOT)/Makefile
-	@mkdir -p $(dir $@)
-	@/bin/echo $(@:deps/%.gomake=bin/%): $(SRCROOT)/hack/gomakedeps.sh > $@.new
-	@/bin/echo -e '\t@mkdir -p $$(dir $$@) $(dir $@)' >> $@.new
-	@/bin/echo -e '\t$$(GO_BUILD) -o $$@.new $$(SRCROOT)/$$(@:bin/%=%)' >> $@.new
-	@/bin/echo -e '\tGO="$(GO)" $$(SRCROOT)/hack/gomakedeps.sh $$@ $$(SRCROOT)/$$(@:bin/%=%) $$(GO_FLAGS) $$(GO_FLAGS_EXTRA) > $(@:%.gomake=%.godeps).new' >> $@.new
-	@/bin/echo -e '\tmv $(@:%.gomake=%.godeps).new $(@:%.gomake=%.godeps)' >> $@.new
-	@/bin/echo -e '\tmv $$@.new $$@' >> $@.new
-	@/bin/echo -e '-include $(@:%.gomake=%.godeps)' >> $@.new
-	mv $@.new $@
+out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths Makefile
+	@mkdir -p out
+	rm -rf rootfs
+	mkdir -p rootfs/bin/
+	mkdir -p rootfs/info/
+	cp bin/init rootfs/
+	cp bin/vsockexec rootfs/bin/
+	cp bin/cmd/gcs rootfs/bin/
+	cp bin/cmd/gcstools rootfs/bin/
+	cp bin/cmd/hooks/wait-paths rootfs/bin/
+	for tool in $(GCS_TOOLS); do ln -s gcstools rootfs/bin/$$tool; done
+	git -C $(SRCROOT) rev-parse HEAD > rootfs/info/gcs.commit && \
+	git -C $(SRCROOT) rev-parse --abbrev-ref HEAD > rootfs/info/gcs.branch && \
+	date --iso-8601=minute --utc > rootfs/info/tar.date
+	$(if $(and $(realpath $(subst .tar,.testdata.json,$(BASE))), $(shell which jq)), \
+		jq -r '.IMAGE_NAME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/image.name && \
+		jq -r '.DATETIME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/build.date)
+	tar -zcf $@ -C rootfs .
+	rm -rf rootfs
 
-VPATH=$(SRCROOT)
+bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths bin/cmd/tar2ext4 bin/internal/tools/snp-report:
+	@mkdir -p $(dir $@)
+	GOOS=linux $(GO_BUILD) -o $@ $(SRCROOT)/$(@:bin/%=%)
 
 bin/vsockexec: vsockexec/vsockexec.o vsockexec/vsock.o
 	@mkdir -p bin

vendor/github.com/Microsoft/hcsshim/Protobuild.toml

@@ -1,4 +1,4 @@
-version = "unstable"
+version = "1"
 generator = "gogoctrd"
 plugins = ["grpc", "fieldpath"]
 
@@ -14,11 +14,6 @@ plugins = ["grpc", "fieldpath"]
   # target package.
   packages = ["github.com/gogo/protobuf"]
 
-  # Paths that will be added untouched to the end of the includes. We use
-  # `/usr/local/include` to pickup the common install location of protobuf.
-  # This is the default.
-  after = ["/usr/local/include"]
-
 # This section maps protobuf imports to Go packages. These will become
 # `-M` directives in the call to the go protobuf generator.
 [packages]
@@ -36,6 +31,10 @@ plugins = ["grpc", "fieldpath"]
 prefixes = ["github.com/Microsoft/hcsshim/internal/shimdiag"]
 plugins = ["ttrpc"]
 
+[[overrides]]
+prefixes = ["github.com/Microsoft/hcsshim/internal/extendedtask"]
+plugins = ["ttrpc"]
+
 [[overrides]]
 prefixes = ["github.com/Microsoft/hcsshim/internal/computeagent"]
 plugins = ["ttrpc"]

vendor/github.com/Microsoft/hcsshim/README.md

@@ -75,24 +75,6 @@ certify they either authored the work themselves or otherwise have permission to
 more info, as well as to make sure that you can attest to the rules listed. Our CI uses the [DCO Github app](https://github.com/apps/dco) to ensure
 that all commits in a given PR are signed-off.
 
-### Test Directory (Important to note)
-
-This project has tried to trim some dependencies from the root Go modules file that would be cumbersome to get transitively included if this
-project is being vendored/used as a library. Some of these dependencies were only being used for tests, so the /test directory in this project also has
-its own go.mod file where these are now included to get around this issue. Our tests rely on the code in this project to run, so the test Go modules file
-has a relative path replace directive to pull in the latest hcsshim code that the tests actually touch from this project
-(which is the repo itself on your disk).
-
-```
-replace (
-	github.com/Microsoft/hcsshim => ../
-)
-```
-
-Because of this, for most code changes you may need to run `go mod vendor` + `go mod tidy` in the /test directory in this repository, as the
-CI in this project will check if the files are out of date and will fail if this is true.
-
-
 ## Code of Conduct
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
@@ -101,7 +83,7 @@ contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additio
 
 ## Dependencies
 
-This project requires Golang 1.9 or newer to build.
+This project requires Golang 1.17 or newer to build.
 
 For system requirements to run this project, see the Microsoft docs on [Windows Container requirements](https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements).
 

vendor/github.com/Microsoft/hcsshim/SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go

@@ -6,10 +6,12 @@ package options
 import (
 	fmt "fmt"
 	proto "github.com/gogo/protobuf/proto"
+	github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
 	_ "github.com/gogo/protobuf/types"
 	github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
 	io "io"
 	math "math"
+	math_bits "math/bits"
 	reflect "reflect"
 	strings "strings"
 	time "time"
@@ -25,7 +27,7 @@ var _ = time.Kitchen
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
 type Options_DebugType int32
 
@@ -143,7 +145,14 @@ type Options struct {
 	// io_retry_timeout_in_sec is the timeout in seconds for how long to try and reconnect to an upstream IO provider if a connection is lost.
 	// The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite
 	// timeout.
-	IoRetryTimeoutInSec  int32    `protobuf:"varint,17,opt,name=io_retry_timeout_in_sec,json=ioRetryTimeoutInSec,proto3" json:"io_retry_timeout_in_sec,omitempty"`
+	IoRetryTimeoutInSec int32 `protobuf:"varint,17,opt,name=io_retry_timeout_in_sec,json=ioRetryTimeoutInSec,proto3" json:"io_retry_timeout_in_sec,omitempty"`
+	// default_container_annotations specifies a set of annotations that should be set for every workload container
+	DefaultContainerAnnotations map[string]string `protobuf:"bytes,18,rep,name=default_container_annotations,json=defaultContainerAnnotations,proto3" json:"default_container_annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	// no_inherit_host_timezone specifies to skip inheriting the hosts time zone for WCOW UVMs and instead default to
+	// UTC.
+	NoInheritHostTimezone bool `protobuf:"varint,19,opt,name=no_inherit_host_timezone,json=noInheritHostTimezone,proto3" json:"no_inherit_host_timezone,omitempty"`
+	// scrub_logs enables removing environment variables and other potentially sensitive information from logs
+	ScrubLogs            bool     `protobuf:"varint,20,opt,name=scrub_logs,json=scrubLogs,proto3" json:"scrub_logs,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -162,7 +171,7 @@ func (m *Options) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 		return xxx_messageInfo_Options.Marshal(b, m, deterministic)
 	} else {
 		b = b[:cap(b)]
-		n, err := m.MarshalTo(b)
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
 			return nil, err
 		}
@@ -211,7 +220,7 @@ func (m *ProcessDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, erro
 		return xxx_messageInfo_ProcessDetails.Marshal(b, m, deterministic)
 	} else {
 		b = b[:cap(b)]
-		n, err := m.MarshalTo(b)
+		n, err := m.MarshalToSizedBuffer(b)
 		if err != nil {
 			return nil, err
 		}
@@ -234,6 +243,7 @@ func init() {
 	proto.RegisterEnum("containerd.runhcs.v1.Options_DebugType", Options_DebugType_name, Options_DebugType_value)
 	proto.RegisterEnum("containerd.runhcs.v1.Options_SandboxIsolation", Options_SandboxIsolation_name, Options_SandboxIsolation_value)
 	proto.RegisterType((*Options)(nil), "containerd.runhcs.v1.Options")
+	proto.RegisterMapType((map[string]string)(nil), "containerd.runhcs.v1.Options.DefaultContainerAnnotationsEntry")
 	proto.RegisterType((*ProcessDetails)(nil), "containerd.runhcs.v1.ProcessDetails")
 }
 
@@ -242,73 +252,80 @@ func init() {
 }
 
 var fileDescriptor_b643df6839c75082 = []byte{
-	// 953 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36,
-	0x17, 0xb6, 0xda, 0x24, 0xb6, 0x4e, 0xbe, 0x1c, 0x36, 0x40, 0x85, 0xe4, 0xad, 0x6d, 0xa4, 0x2f,
-	0xd0, 0x14, 0x6b, 0xa4, 0xa4, 0xdb, 0xdd, 0x06, 0x0c, 0x8d, 0xed, 0xb4, 0x1e, 0xf2, 0x61, 0xc8,
-	0x59, 0xba, 0x8f, 0x0b, 0x42, 0x1f, 0x8c, 0x4c, 0x54, 0x12, 0x05, 0x92, 0xf6, 0xe2, 0x5e, 0xed,
-	0x27, 0xec, 0x87, 0xec, 0x87, 0xe4, 0x72, 0x97, 0x03, 0x06, 0x64, 0xab, 0x7f, 0xc9, 0x40, 0x8a,
-	0x4a, 0xbb, 0x20, 0xd8, 0xcd, 0xae, 0x4c, 0x3e, 0xcf, 0xc3, 0x87, 0xe7, 0x1c, 0x9d, 0x43, 0xc3,
-	0x59, 0x42, 0xe5, 0x78, 0x12, 0xba, 0x11, 0xcb, 0xbc, 0x13, 0x1a, 0x71, 0x26, 0xd8, 0xa5, 0xf4,
-	0xc6, 0x91, 0x10, 0x63, 0x9a, 0x79, 0x51, 0x16, 0x7b, 0x11, 0xcb, 0x65, 0x40, 0x73, 0xc2, 0xe3,
-	0x3d, 0x85, 0xed, 0xf1, 0x49, 0x3e, 0x8e, 0xc4, 0xde, 0xf4, 0xc0, 0x63, 0x85, 0xa4, 0x2c, 0x17,
-	0x5e, 0x89, 0xb8, 0x05, 0x67, 0x92, 0xa1, 0xcd, 0x8f, 0x7a, 0xd7, 0x10, 0xd3, 0x83, 0xad, 0xcd,
-	0x84, 0x25, 0x4c, 0x0b, 0x3c, 0xb5, 0x2a, 0xb5, 0x5b, 0xed, 0x84, 0xb1, 0x24, 0x25, 0x9e, 0xde,
-	0x85, 0x93, 0x4b, 0x4f, 0xd2, 0x8c, 0x08, 0x19, 0x64, 0x45, 0x29, 0xd8, 0xf9, 0xb5, 0x0e, 0xf5,
-	0xb3, 0xf2, 0x16, 0xb4, 0x09, 0x8b, 0x31, 0x09, 0x27, 0x89, 0x63, 0x75, 0xac, 0xdd, 0x86, 0x5f,
-	0x6e, 0xd0, 0x11, 0x80, 0x5e, 0x60, 0x39, 0x2b, 0x88, 0xf3, 0xa0, 0x63, 0xed, 0xae, 0xbd, 0x7c,
-	0xe6, 0xde, 0x17, 0x83, 0x6b, 0x8c, 0xdc, 0x9e, 0xd2, 0x9f, 0xcf, 0x0a, 0xe2, 0xdb, 0x71, 0xb5,
-	0x44, 0x4f, 0x61, 0x95, 0x93, 0x84, 0x0a, 0xc9, 0x67, 0x98, 0x33, 0x26, 0x9d, 0x87, 0x1d, 0x6b,
-	0xd7, 0xf6, 0x57, 0x2a, 0xd0, 0x67, 0x4c, 0x2a, 0x91, 0x08, 0xf2, 0x38, 0x64, 0x57, 0x98, 0x66,
-	0x41, 0x42, 0x9c, 0x85, 0x52, 0x64, 0xc0, 0x81, 0xc2, 0xd0, 0x73, 0x68, 0x56, 0xa2, 0x22, 0x0d,
-	0xe4, 0x25, 0xe3, 0x99, 0xb3, 0xa8, 0x75, 0xeb, 0x06, 0x1f, 0x1a, 0x18, 0xfd, 0x08, 0x1b, 0xb7,
-	0x7e, 0x82, 0xa5, 0x81, 0x8a, 0xcf, 0x59, 0xd2, 0x39, 0xb8, 0xff, 0x9e, 0xc3, 0xc8, 0xdc, 0x58,
-	0x9d, 0xf2, 0xab, 0x3b, 0x6f, 0x11, 0xe4, 0xc1, 0x66, 0xc8, 0x98, 0xc4, 0x97, 0x34, 0x25, 0x42,
-	0xe7, 0x84, 0x8b, 0x40, 0x8e, 0x9d, 0xba, 0x8e, 0x65, 0x43, 0x71, 0x47, 0x8a, 0x52, 0x99, 0x0d,
-	0x03, 0x39, 0x46, 0x2f, 0x00, 0x4d, 0x33, 0x5c, 0x70, 0x16, 0x11, 0x21, 0x18, 0xc7, 0x11, 0x9b,
-	0xe4, 0xd2, 0x69, 0x74, 0xac, 0xdd, 0x45, 0xbf, 0x39, 0xcd, 0x86, 0x15, 0xd1, 0x55, 0x38, 0x72,
-	0x61, 0x73, 0x9a, 0xe1, 0x8c, 0x64, 0x8c, 0xcf, 0xb0, 0xa0, 0xef, 0x09, 0xa6, 0x39, 0xce, 0x42,
-	0xc7, 0xae, 0xf4, 0x27, 0x9a, 0x1a, 0xd1, 0xf7, 0x64, 0x90, 0x9f, 0x84, 0xa8, 0x05, 0xf0, 0x7a,
-	0xf8, 0xed, 0xc5, 0x9b, 0x9e, 0xba, 0xcb, 0x01, 0x1d, 0xc4, 0x27, 0x08, 0xfa, 0x0a, 0xb6, 0x45,
-	0x14, 0xa4, 0x04, 0x47, 0xc5, 0x04, 0xa7, 0x34, 0xa3, 0x52, 0x60, 0xc9, 0xb0, 0x49, 0xcb, 0x59,
-	0xd6, 0x1f, 0xfd, 0xb1, 0x96, 0x74, 0x8b, 0xc9, 0xb1, 0x16, 0x9c, 0x33, 0x53, 0x07, 0x74, 0x02,
-	0xff, 0x8f, 0xc9, 0x65, 0x30, 0x49, 0x25, 0xbe, 0xad, 0x1b, 0x16, 0x11, 0x0f, 0x64, 0x34, 0xbe,
-	0x8d, 0x2e, 0x09, 0x9d, 0x15, 0x1d, 0x5d, 0xdb, 0x68, 0xbb, 0x95, 0x74, 0x54, 0x2a, 0xcb, 0x60,
-	0x5f, 0x87, 0xe8, 0x6b, 0x78, 0x52, 0xd9, 0x4d, 0xb3, 0xfb, 0x7c, 0x56, 0xb5, 0x8f, 0x63, 0x44,
-	0x17, 0xd9, 0x5d, 0x03, 0xd5, 0x29, 0xe3, 0x80, 0x93, 0xea, 0xac, 0xb3, 0xa6, 0xe3, 0x5f, 0xd1,
-	0xa0, 0x11, 0xa3, 0x0e, 0x2c, 0x9f, 0x76, 0x87, 0x9c, 0x5d, 0xcd, 0x5e, 0xc5, 0x31, 0x77, 0xd6,
-	0x75, 0x4d, 0x3e, 0x85, 0xd0, 0x36, 0xd8, 0x29, 0x4b, 0x70, 0x4a, 0xa6, 0x24, 0x75, 0x9a, 0x9a,
-	0x6f, 0xa4, 0x2c, 0x39, 0x56, 0x7b, 0xf4, 0x05, 0x3c, 0xa6, 0x0c, 0x73, 0xa2, 0x5a, 0x56, 0x0d,
-	0x0e, 0x9b, 0x48, 0x15, 0x9d, 0x20, 0x91, 0xb3, 0xa1, 0xc3, 0x7b, 0x44, 0x99, 0xaf, 0xd8, 0xf3,
-	0x92, 0x1c, 0xe4, 0x23, 0x12, 0xed, 0x3c, 0x07, 0xfb, 0x76, 0x00, 0x90, 0x0d, 0x8b, 0xa7, 0xc3,
-	0xc1, 0xb0, 0xdf, 0xac, 0xa1, 0x06, 0x2c, 0x1c, 0x0d, 0x8e, 0xfb, 0x4d, 0x0b, 0xd5, 0xe1, 0x61,
-	0xff, 0xfc, 0x6d, 0xf3, 0xc1, 0x8e, 0x07, 0xcd, 0xbb, 0x7d, 0x86, 0x96, 0xa1, 0x3e, 0xf4, 0xcf,
-	0xba, 0xfd, 0xd1, 0xa8, 0x59, 0x43, 0x6b, 0x00, 0x6f, 0xbe, 0x1f, 0xf6, 0xfd, 0x8b, 0xc1, 0xe8,
-	0xcc, 0x6f, 0x5a, 0x3b, 0x7f, 0x3c, 0x84, 0x35, 0xd3, 0x26, 0x3d, 0x22, 0x03, 0x9a, 0x0a, 0xf4,
-	0x04, 0x40, 0x8f, 0x0a, 0xce, 0x83, 0x8c, 0xe8, 0xd1, 0xb5, 0x7d, 0x5b, 0x23, 0xa7, 0x41, 0x46,
-	0x50, 0x17, 0x20, 0xe2, 0x24, 0x90, 0x24, 0xc6, 0x81, 0xd4, 0xe3, 0xbb, 0xfc, 0x72, 0xcb, 0x2d,
-	0x9f, 0x05, 0xb7, 0x7a, 0x16, 0xdc, 0xf3, 0xea, 0x59, 0x38, 0x6c, 0x5c, 0xdf, 0xb4, 0x6b, 0xbf,
-	0xfc, 0xd9, 0xb6, 0x7c, 0xdb, 0x9c, 0x7b, 0x25, 0xd1, 0x67, 0x80, 0xde, 0x11, 0x9e, 0x93, 0x54,
-	0x97, 0x01, 0x1f, 0xec, 0xef, 0xe3, 0x5c, 0xe8, 0x01, 0x5e, 0xf0, 0xd7, 0x4b, 0x46, 0x39, 0x1c,
-	0xec, 0xef, 0x9f, 0x0a, 0xe4, 0xc2, 0x23, 0xd3, 0xb4, 0x11, 0xcb, 0x32, 0x2a, 0x71, 0x38, 0x93,
-	0x44, 0xe8, 0x49, 0x5e, 0xf0, 0x37, 0x4a, 0xaa, 0xab, 0x99, 0x43, 0x45, 0xa0, 0x23, 0xe8, 0x18,
-	0xfd, 0x4f, 0x8c, 0xbf, 0xa3, 0x79, 0x82, 0x05, 0x91, 0xb8, 0xe0, 0x74, 0x1a, 0x48, 0x62, 0x0e,
-	0x2f, 0xea, 0xc3, 0xff, 0x2b, 0x75, 0x6f, 0x4b, 0xd9, 0x88, 0xc8, 0x61, 0x29, 0x2a, 0x7d, 0x7a,
-	0xd0, 0xbe, 0xc7, 0x47, 0xf7, 0x43, 0x6c, 0x6c, 0x96, 0xb4, 0xcd, 0xf6, 0x5d, 0x9b, 0x91, 0xd6,
-	0x94, 0x2e, 0x2f, 0x00, 0xcc, 0x80, 0x62, 0x1a, 0xeb, 0x51, 0x5e, 0x3d, 0x5c, 0x9d, 0xdf, 0xb4,
-	0x6d, 0x53, 0xf6, 0x41, 0xcf, 0xb7, 0x8d, 0x60, 0x10, 0xa3, 0x67, 0xd0, 0x9c, 0x08, 0xc2, 0xff,
-	0x51, 0x96, 0x86, 0xbe, 0x64, 0x55, 0xe1, 0x1f, 0x8b, 0xf2, 0x14, 0xea, 0xe4, 0x8a, 0x44, 0xca,
-	0x53, 0xcd, 0xaf, 0x7d, 0x08, 0xf3, 0x9b, 0xf6, 0x52, 0xff, 0x8a, 0x44, 0x83, 0x9e, 0xbf, 0xa4,
-	0xa8, 0x41, 0x7c, 0x18, 0x5f, 0x7f, 0x68, 0xd5, 0x7e, 0xff, 0xd0, 0xaa, 0xfd, 0x3c, 0x6f, 0x59,
-	0xd7, 0xf3, 0x96, 0xf5, 0xdb, 0xbc, 0x65, 0xfd, 0x35, 0x6f, 0x59, 0x3f, 0x7c, 0xf3, 0xdf, 0xff,
-	0x44, 0xbe, 0x34, 0xbf, 0xdf, 0xd5, 0xc2, 0x25, 0xfd, 0xdd, 0x3f, 0xff, 0x3b, 0x00, 0x00, 0xff,
-	0xff, 0x6b, 0x83, 0xa6, 0x5f, 0x9b, 0x06, 0x00, 0x00,
+	// 1072 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x4b, 0x6f, 0xe3, 0x36,
+	0x17, 0xb5, 0xf2, 0xb4, 0x98, 0x97, 0xc3, 0xf8, 0xc3, 0x08, 0xc9, 0x37, 0xb6, 0x91, 0x29, 0x30,
+	0x19, 0x74, 0x22, 0x27, 0x69, 0x81, 0x16, 0x6d, 0xd1, 0x22, 0xb1, 0x9d, 0x89, 0x8b, 0x3c, 0x0c,
+	0xd9, 0xcd, 0xf4, 0xb1, 0x20, 0xf4, 0x60, 0x64, 0x22, 0x92, 0x28, 0x90, 0x94, 0x1b, 0x67, 0x55,
+	0xf4, 0x17, 0xf4, 0x67, 0x65, 0xd9, 0x65, 0x8b, 0x02, 0x69, 0xc7, 0xbf, 0xa4, 0x20, 0x45, 0x25,
+	0x33, 0x41, 0xda, 0x59, 0x74, 0x65, 0xf2, 0x9c, 0xc3, 0xc3, 0x7b, 0xaf, 0x78, 0xaf, 0xc1, 0x59,
+	0x48, 0xc4, 0x30, 0xf3, 0x6c, 0x9f, 0xc6, 0xcd, 0x13, 0xe2, 0x33, 0xca, 0xe9, 0x85, 0x68, 0x0e,
+	0x7d, 0xce, 0x87, 0x24, 0x6e, 0xfa, 0x71, 0xd0, 0xf4, 0x69, 0x22, 0x5c, 0x92, 0x60, 0x16, 0x6c,
+	0x4b, 0x6c, 0x9b, 0x65, 0xc9, 0xd0, 0xe7, 0xdb, 0xa3, 0xdd, 0x26, 0x4d, 0x05, 0xa1, 0x09, 0x6f,
+	0xe6, 0x88, 0x9d, 0x32, 0x2a, 0x28, 0xac, 0xde, 0xeb, 0x6d, 0x4d, 0x8c, 0x76, 0xd7, 0xab, 0x21,
+	0x0d, 0xa9, 0x12, 0x34, 0xe5, 0x2a, 0xd7, 0xae, 0xd7, 0x43, 0x4a, 0xc3, 0x08, 0x37, 0xd5, 0xce,
+	0xcb, 0x2e, 0x9a, 0x82, 0xc4, 0x98, 0x0b, 0x37, 0x4e, 0x73, 0xc1, 0xe6, 0xef, 0x26, 0x98, 0x3f,
+	0xcb, 0x6f, 0x81, 0x55, 0x30, 0x1b, 0x60, 0x2f, 0x0b, 0x2d, 0xa3, 0x61, 0x6c, 0x95, 0x9d, 0x7c,
+	0x03, 0x0f, 0x01, 0x50, 0x0b, 0x24, 0xc6, 0x29, 0xb6, 0xa6, 0x1a, 0xc6, 0xd6, 0xf2, 0xde, 0x73,
+	0xfb, 0xb1, 0x18, 0x6c, 0x6d, 0x64, 0xb7, 0xa5, 0x7e, 0x30, 0x4e, 0xb1, 0x63, 0x06, 0xc5, 0x12,
+	0x3e, 0x03, 0x4b, 0x0c, 0x87, 0x84, 0x0b, 0x36, 0x46, 0x8c, 0x52, 0x61, 0x4d, 0x37, 0x8c, 0x2d,
+	0xd3, 0x59, 0x2c, 0x40, 0x87, 0x52, 0x21, 0x45, 0xdc, 0x4d, 0x02, 0x8f, 0x5e, 0x21, 0x12, 0xbb,
+	0x21, 0xb6, 0x66, 0x72, 0x91, 0x06, 0xbb, 0x12, 0x83, 0x2f, 0x40, 0xa5, 0x10, 0xa5, 0x91, 0x2b,
+	0x2e, 0x28, 0x8b, 0xad, 0x59, 0xa5, 0x5b, 0xd1, 0x78, 0x4f, 0xc3, 0xf0, 0x07, 0xb0, 0x7a, 0xe7,
+	0xc7, 0x69, 0xe4, 0xca, 0xf8, 0xac, 0x39, 0x95, 0x83, 0xfd, 0xef, 0x39, 0xf4, 0xf5, 0x8d, 0xc5,
+	0x29, 0xa7, 0xb8, 0xf3, 0x0e, 0x81, 0x4d, 0x50, 0xf5, 0x28, 0x15, 0xe8, 0x82, 0x44, 0x98, 0xab,
+	0x9c, 0x50, 0xea, 0x8a, 0xa1, 0x35, 0xaf, 0x62, 0x59, 0x95, 0xdc, 0xa1, 0xa4, 0x64, 0x66, 0x3d,
+	0x57, 0x0c, 0xe1, 0x4b, 0x00, 0x47, 0x31, 0x4a, 0x19, 0xf5, 0x31, 0xe7, 0x94, 0x21, 0x9f, 0x66,
+	0x89, 0xb0, 0xca, 0x0d, 0x63, 0x6b, 0xd6, 0xa9, 0x8c, 0xe2, 0x5e, 0x41, 0xb4, 0x24, 0x0e, 0x6d,
+	0x50, 0x1d, 0xc5, 0x28, 0xc6, 0x31, 0x65, 0x63, 0xc4, 0xc9, 0x35, 0x46, 0x24, 0x41, 0xb1, 0x67,
+	0x99, 0x85, 0xfe, 0x44, 0x51, 0x7d, 0x72, 0x8d, 0xbb, 0xc9, 0x89, 0x07, 0x6b, 0x00, 0xbc, 0xea,
+	0x7d, 0x73, 0x7e, 0xd4, 0x96, 0x77, 0x59, 0x40, 0x05, 0xf1, 0x16, 0x02, 0xbf, 0x00, 0x1b, 0xdc,
+	0x77, 0x23, 0x8c, 0xfc, 0x34, 0x43, 0x11, 0x89, 0x89, 0xe0, 0x48, 0x50, 0xa4, 0xd3, 0xb2, 0x16,
+	0xd4, 0x47, 0x7f, 0xa2, 0x24, 0xad, 0x34, 0x3b, 0x56, 0x82, 0x01, 0xd5, 0x75, 0x80, 0x27, 0xe0,
+	0x83, 0x00, 0x5f, 0xb8, 0x59, 0x24, 0xd0, 0x5d, 0xdd, 0x10, 0xf7, 0x99, 0x2b, 0xfc, 0xe1, 0x5d,
+	0x74, 0xa1, 0x67, 0x2d, 0xaa, 0xe8, 0xea, 0x5a, 0xdb, 0x2a, 0xa4, 0xfd, 0x5c, 0x99, 0x07, 0xfb,
+	0xca, 0x83, 0x5f, 0x81, 0xa7, 0x85, 0xdd, 0x28, 0x7e, 0xcc, 0x67, 0x49, 0xf9, 0x58, 0x5a, 0x74,
+	0x1e, 0x3f, 0x34, 0x90, 0x2f, 0x65, 0xe8, 0x32, 0x5c, 0x9c, 0xb5, 0x96, 0x55, 0xfc, 0x8b, 0x0a,
+	0xd4, 0x62, 0xd8, 0x00, 0x0b, 0xa7, 0xad, 0x1e, 0xa3, 0x57, 0xe3, 0xfd, 0x20, 0x60, 0xd6, 0x8a,
+	0xaa, 0xc9, 0xdb, 0x10, 0xdc, 0x00, 0x66, 0x44, 0x43, 0x14, 0xe1, 0x11, 0x8e, 0xac, 0x8a, 0xe2,
+	0xcb, 0x11, 0x0d, 0x8f, 0xe5, 0x1e, 0x7e, 0x0c, 0x9e, 0x10, 0x8a, 0x18, 0x96, 0x4f, 0x56, 0x36,
+	0x0e, 0xcd, 0x84, 0x8c, 0x8e, 0x63, 0xdf, 0x5a, 0x55, 0xe1, 0xad, 0x11, 0xea, 0x48, 0x76, 0x90,
+	0x93, 0xdd, 0xa4, 0x8f, 0x7d, 0xf8, 0xb3, 0x71, 0x9f, 0xdb, 0x7d, 0xa9, 0xdc, 0x24, 0xa1, 0x42,
+	0xbd, 0x1b, 0x6e, 0xc1, 0xc6, 0xf4, 0xd6, 0xc2, 0xde, 0x97, 0xef, 0x6b, 0xa2, 0x77, 0x2b, 0xb8,
+	0x7f, 0x6f, 0xd0, 0x49, 0x64, 0xbf, 0x6c, 0x04, 0xff, 0xac, 0x80, 0x9f, 0x00, 0x2b, 0xa1, 0x88,
+	0x24, 0x43, 0xcc, 0x88, 0x40, 0x43, 0xca, 0x85, 0xca, 0xe0, 0x9a, 0x26, 0xd8, 0x5a, 0x53, 0x95,
+	0xfa, 0x5f, 0x42, 0xbb, 0x39, 0x7d, 0x44, 0xb9, 0x18, 0x68, 0x12, 0x3e, 0x05, 0x80, 0xfb, 0x2c,
+	0xf3, 0x50, 0x44, 0x43, 0x6e, 0x55, 0x95, 0xd4, 0x54, 0xc8, 0x31, 0x0d, 0xf9, 0xfa, 0x29, 0x68,
+	0xbc, 0x2f, 0x30, 0x58, 0x01, 0xd3, 0x97, 0x78, 0xac, 0xa6, 0x88, 0xe9, 0xc8, 0xa5, 0x9c, 0x2c,
+	0x23, 0x37, 0xca, 0xf2, 0xf1, 0x61, 0x3a, 0xf9, 0xe6, 0xb3, 0xa9, 0x4f, 0x8d, 0xcd, 0x17, 0xc0,
+	0xbc, 0x9b, 0x16, 0xd0, 0x04, 0xb3, 0xa7, 0xbd, 0x6e, 0xaf, 0x53, 0x29, 0xc1, 0x32, 0x98, 0x39,
+	0xec, 0x1e, 0x77, 0x2a, 0x06, 0x9c, 0x07, 0xd3, 0x9d, 0xc1, 0xeb, 0xca, 0xd4, 0x66, 0x13, 0x54,
+	0x1e, 0x36, 0x25, 0x5c, 0x00, 0xf3, 0x3d, 0xe7, 0xac, 0xd5, 0xe9, 0xf7, 0x2b, 0x25, 0xb8, 0x0c,
+	0xc0, 0xd1, 0x77, 0xbd, 0x8e, 0x73, 0xde, 0xed, 0x9f, 0x39, 0x15, 0x63, 0xf3, 0x8f, 0x69, 0xb0,
+	0xac, 0x7b, 0xaa, 0x8d, 0x85, 0x4b, 0x22, 0x2e, 0xb3, 0x53, 0x73, 0x05, 0x25, 0x6e, 0x8c, 0x75,
+	0x84, 0xa6, 0x42, 0x4e, 0xdd, 0x18, 0xc3, 0x16, 0x00, 0x3e, 0xc3, 0xae, 0xc0, 0x01, 0x72, 0x85,
+	0x0a, 0x76, 0x61, 0x6f, 0xdd, 0xce, 0x67, 0xa8, 0x5d, 0xcc, 0x50, 0x7b, 0x50, 0xcc, 0xd0, 0x83,
+	0xf2, 0xcd, 0x6d, 0xbd, 0xf4, 0xcb, 0x9f, 0x75, 0xc3, 0x31, 0xf5, 0xb9, 0x7d, 0x01, 0x3f, 0x04,
+	0xf0, 0x12, 0xb3, 0x04, 0x47, 0xaa, 0xe2, 0x68, 0x77, 0x67, 0x07, 0x25, 0x5c, 0x4d, 0xbb, 0x19,
+	0x67, 0x25, 0x67, 0xa4, 0xc3, 0xee, 0xce, 0xce, 0x29, 0x87, 0x36, 0x58, 0xd3, 0x1d, 0xee, 0xd3,
+	0x38, 0x26, 0x02, 0x79, 0x63, 0x81, 0xb9, 0x1a, 0x7b, 0x33, 0xce, 0x6a, 0x4e, 0xb5, 0x14, 0x73,
+	0x20, 0x09, 0x78, 0x08, 0x1a, 0x5a, 0xff, 0x23, 0x65, 0x97, 0x24, 0x09, 0x11, 0xc7, 0x02, 0xa5,
+	0x8c, 0x8c, 0x5c, 0x81, 0xf5, 0xe1, 0x59, 0x75, 0xf8, 0xff, 0xb9, 0xee, 0x75, 0x2e, 0xeb, 0x63,
+	0xd1, 0xcb, 0x45, 0xb9, 0x4f, 0x1b, 0xd4, 0x1f, 0xf1, 0x51, 0xcd, 0x13, 0x68, 0x9b, 0x39, 0x65,
+	0xb3, 0xf1, 0xd0, 0xa6, 0xaf, 0x34, 0xb9, 0xcb, 0x4b, 0x00, 0xf4, 0x34, 0x43, 0x24, 0x50, 0x73,
+	0x6f, 0xe9, 0x60, 0x69, 0x72, 0x5b, 0x37, 0x75, 0xd9, 0xbb, 0x6d, 0xc7, 0xd4, 0x82, 0x6e, 0x00,
+	0x9f, 0x83, 0x4a, 0xc6, 0x31, 0x7b, 0xa7, 0x2c, 0x65, 0x75, 0xc9, 0x92, 0xc4, 0xef, 0x8b, 0xf2,
+	0x0c, 0xcc, 0xe3, 0x2b, 0xec, 0x4b, 0x4f, 0x39, 0xec, 0xcc, 0x03, 0x30, 0xb9, 0xad, 0xcf, 0x75,
+	0xae, 0xb0, 0xdf, 0x6d, 0x3b, 0x73, 0x92, 0xea, 0x06, 0x07, 0xc1, 0xcd, 0x9b, 0x5a, 0xe9, 0xb7,
+	0x37, 0xb5, 0xd2, 0x4f, 0x93, 0x9a, 0x71, 0x33, 0xa9, 0x19, 0xbf, 0x4e, 0x6a, 0xc6, 0x5f, 0x93,
+	0x9a, 0xf1, 0xfd, 0xd7, 0xff, 0xfd, 0x1f, 0xf7, 0x73, 0xfd, 0xfb, 0x6d, 0xc9, 0x9b, 0x53, 0xdf,
+	0xfd, 0xa3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xba, 0x6d, 0x7b, 0x04, 0xc8, 0x07, 0x00, 0x00,
 }
 
 func (m *Options) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -316,131 +333,189 @@ func (m *Options) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *Options) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Options) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Debug {
-		dAtA[i] = 0x8
-		i++
-		if m.Debug {
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.ScrubLogs {
+		i--
+		if m.ScrubLogs {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.DebugType != 0 {
-		dAtA[i] = 0x10
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.DebugType))
-	}
-	if len(m.RegistryRoot) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.RegistryRoot)))
-		i += copy(dAtA[i:], m.RegistryRoot)
-	}
-	if len(m.SandboxImage) > 0 {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxImage)))
-		i += copy(dAtA[i:], m.SandboxImage)
-	}
-	if len(m.SandboxPlatform) > 0 {
-		dAtA[i] = 0x2a
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxPlatform)))
-		i += copy(dAtA[i:], m.SandboxPlatform)
-	}
-	if m.SandboxIsolation != 0 {
-		dAtA[i] = 0x30
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.SandboxIsolation))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xa0
 	}
-	if len(m.BootFilesRootPath) > 0 {
-		dAtA[i] = 0x3a
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.BootFilesRootPath)))
-		i += copy(dAtA[i:], m.BootFilesRootPath)
+	if m.NoInheritHostTimezone {
+		i--
+		if m.NoInheritHostTimezone {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x98
+	}
+	if len(m.DefaultContainerAnnotations) > 0 {
+		for k := range m.DefaultContainerAnnotations {
+			v := m.DefaultContainerAnnotations[k]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintRunhcs(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(k)
+			copy(dAtA[i:], k)
+			i = encodeVarintRunhcs(dAtA, i, uint64(len(k)))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintRunhcs(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0x92
+		}
 	}
-	if m.VmProcessorCount != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmProcessorCount))
+	if m.IoRetryTimeoutInSec != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.IoRetryTimeoutInSec))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x88
 	}
-	if m.VmMemorySizeInMb != 0 {
-		dAtA[i] = 0x48
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmMemorySizeInMb))
+	if len(m.LogLevel) > 0 {
+		i -= len(m.LogLevel)
+		copy(dAtA[i:], m.LogLevel)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.LogLevel)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0x82
 	}
-	if len(m.GPUVHDPath) > 0 {
-		dAtA[i] = 0x52
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.GPUVHDPath)))
-		i += copy(dAtA[i:], m.GPUVHDPath)
+	if len(m.NCProxyAddr) > 0 {
+		i -= len(m.NCProxyAddr)
+		copy(dAtA[i:], m.NCProxyAddr)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.NCProxyAddr)))
+		i--
+		dAtA[i] = 0x7a
 	}
-	if m.ScaleCpuLimitsToSandbox {
-		dAtA[i] = 0x58
-		i++
-		if m.ScaleCpuLimitsToSandbox {
+	if m.ShareScratch {
+		i--
+		if m.ShareScratch {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
-	}
-	if m.DefaultContainerScratchSizeInGb != 0 {
-		dAtA[i] = 0x60
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultContainerScratchSizeInGb))
+		i--
+		dAtA[i] = 0x70
 	}
 	if m.DefaultVmScratchSizeInGb != 0 {
-		dAtA[i] = 0x68
-		i++
 		i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultVmScratchSizeInGb))
+		i--
+		dAtA[i] = 0x68
 	}
-	if m.ShareScratch {
-		dAtA[i] = 0x70
-		i++
-		if m.ShareScratch {
+	if m.DefaultContainerScratchSizeInGb != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultContainerScratchSizeInGb))
+		i--
+		dAtA[i] = 0x60
+	}
+	if m.ScaleCpuLimitsToSandbox {
+		i--
+		if m.ScaleCpuLimitsToSandbox {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
-		i++
+		i--
+		dAtA[i] = 0x58
 	}
-	if len(m.NCProxyAddr) > 0 {
-		dAtA[i] = 0x7a
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.NCProxyAddr)))
-		i += copy(dAtA[i:], m.NCProxyAddr)
+	if len(m.GPUVHDPath) > 0 {
+		i -= len(m.GPUVHDPath)
+		copy(dAtA[i:], m.GPUVHDPath)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.GPUVHDPath)))
+		i--
+		dAtA[i] = 0x52
 	}
-	if len(m.LogLevel) > 0 {
-		dAtA[i] = 0x82
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.LogLevel)))
-		i += copy(dAtA[i:], m.LogLevel)
+	if m.VmMemorySizeInMb != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmMemorySizeInMb))
+		i--
+		dAtA[i] = 0x48
 	}
-	if m.IoRetryTimeoutInSec != 0 {
-		dAtA[i] = 0x88
-		i++
-		dAtA[i] = 0x1
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.IoRetryTimeoutInSec))
+	if m.VmProcessorCount != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.VmProcessorCount))
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	if len(m.BootFilesRootPath) > 0 {
+		i -= len(m.BootFilesRootPath)
+		copy(dAtA[i:], m.BootFilesRootPath)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.BootFilesRootPath)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if m.SandboxIsolation != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.SandboxIsolation))
+		i--
+		dAtA[i] = 0x30
+	}
+	if len(m.SandboxPlatform) > 0 {
+		i -= len(m.SandboxPlatform)
+		copy(dAtA[i:], m.SandboxPlatform)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxPlatform)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if len(m.SandboxImage) > 0 {
+		i -= len(m.SandboxImage)
+		copy(dAtA[i:], m.SandboxImage)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxImage)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if len(m.RegistryRoot) > 0 {
+		i -= len(m.RegistryRoot)
+		copy(dAtA[i:], m.RegistryRoot)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.RegistryRoot)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.DebugType != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.DebugType))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.Debug {
+		i--
+		if m.Debug {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x8
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
@@ -448,74 +523,84 @@ func (m *ProcessDetails) Marshal() (dAtA []byte, err error) {
 }
 
 func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) {
-	var i int
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ProcessDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.ImageName) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ImageName)))
-		i += copy(dAtA[i:], m.ImageName)
-	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintRunhcs(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt)))
-	n1, err := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:])
-	if err != nil {
-		return 0, err
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	i += n1
-	if m.KernelTime_100Ns != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.KernelTime_100Ns))
+	if len(m.ExecID) > 0 {
+		i -= len(m.ExecID)
+		copy(dAtA[i:], m.ExecID)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ExecID)))
+		i--
+		dAtA[i] = 0x4a
 	}
-	if m.MemoryCommitBytes != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryCommitBytes))
+	if m.UserTime_100Ns != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.UserTime_100Ns))
+		i--
+		dAtA[i] = 0x40
 	}
-	if m.MemoryWorkingSetPrivateBytes != 0 {
-		dAtA[i] = 0x28
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes))
+	if m.ProcessID != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.ProcessID))
+		i--
+		dAtA[i] = 0x38
 	}
 	if m.MemoryWorkingSetSharedBytes != 0 {
-		dAtA[i] = 0x30
-		i++
 		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetSharedBytes))
+		i--
+		dAtA[i] = 0x30
 	}
-	if m.ProcessID != 0 {
-		dAtA[i] = 0x38
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.ProcessID))
+	if m.MemoryWorkingSetPrivateBytes != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes))
+		i--
+		dAtA[i] = 0x28
 	}
-	if m.UserTime_100Ns != 0 {
-		dAtA[i] = 0x40
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(m.UserTime_100Ns))
+	if m.MemoryCommitBytes != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryCommitBytes))
+		i--
+		dAtA[i] = 0x20
 	}
-	if len(m.ExecID) > 0 {
-		dAtA[i] = 0x4a
-		i++
-		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ExecID)))
-		i += copy(dAtA[i:], m.ExecID)
+	if m.KernelTime_100Ns != 0 {
+		i = encodeVarintRunhcs(dAtA, i, uint64(m.KernelTime_100Ns))
+		i--
+		dAtA[i] = 0x18
 	}
-	if m.XXX_unrecognized != nil {
-		i += copy(dAtA[i:], m.XXX_unrecognized)
+	n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
+	if err1 != nil {
+		return 0, err1
+	}
+	i -= n1
+	i = encodeVarintRunhcs(dAtA, i, uint64(n1))
+	i--
+	dAtA[i] = 0x12
+	if len(m.ImageName) > 0 {
+		i -= len(m.ImageName)
+		copy(dAtA[i:], m.ImageName)
+		i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ImageName)))
+		i--
+		dAtA[i] = 0xa
 	}
-	return i, nil
+	return len(dAtA) - i, nil
 }
 
 func encodeVarintRunhcs(dAtA []byte, offset int, v uint64) int {
+	offset -= sovRunhcs(v)
+	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
-	return offset + 1
+	return base
 }
 func (m *Options) Size() (n int) {
 	if m == nil {
@@ -581,6 +666,20 @@ func (m *Options) Size() (n int) {
 	if m.IoRetryTimeoutInSec != 0 {
 		n += 2 + sovRunhcs(uint64(m.IoRetryTimeoutInSec))
 	}
+	if len(m.DefaultContainerAnnotations) > 0 {
+		for k, v := range m.DefaultContainerAnnotations {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovRunhcs(uint64(len(k))) + 1 + len(v) + sovRunhcs(uint64(len(v)))
+			n += mapEntrySize + 2 + sovRunhcs(uint64(mapEntrySize))
+		}
+	}
+	if m.NoInheritHostTimezone {
+		n += 3
+	}
+	if m.ScrubLogs {
+		n += 3
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -628,14 +727,7 @@ func (m *ProcessDetails) Size() (n int) {
 }
 
 func sovRunhcs(x uint64) (n int) {
-	for {
-		n++
-		x >>= 7
-		if x == 0 {
-			break
-		}
-	}
-	return n
+	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozRunhcs(x uint64) (n int) {
 	return sovRunhcs(uint64((x << 1) ^ uint64((int64(x) >> 63))))
@@ -644,6 +736,16 @@ func (this *Options) String() string {
 	if this == nil {
 		return "nil"
 	}
+	keysForDefaultContainerAnnotations := make([]string, 0, len(this.DefaultContainerAnnotations))
+	for k, _ := range this.DefaultContainerAnnotations {
+		keysForDefaultContainerAnnotations = append(keysForDefaultContainerAnnotations, k)
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForDefaultContainerAnnotations)
+	mapStringForDefaultContainerAnnotations := "map[string]string{"
+	for _, k := range keysForDefaultContainerAnnotations {
+		mapStringForDefaultContainerAnnotations += fmt.Sprintf("%v: %v,", k, this.DefaultContainerAnnotations[k])
+	}
+	mapStringForDefaultContainerAnnotations += "}"
 	s := strings.Join([]string{`&Options{`,
 		`Debug:` + fmt.Sprintf("%v", this.Debug) + `,`,
 		`DebugType:` + fmt.Sprintf("%v", this.DebugType) + `,`,
@@ -662,6 +764,9 @@ func (this *Options) String() string {
 		`NCProxyAddr:` + fmt.Sprintf("%v", this.NCProxyAddr) + `,`,
 		`LogLevel:` + fmt.Sprintf("%v", this.LogLevel) + `,`,
 		`IoRetryTimeoutInSec:` + fmt.Sprintf("%v", this.IoRetryTimeoutInSec) + `,`,
+		`DefaultContainerAnnotations:` + mapStringForDefaultContainerAnnotations + `,`,
+		`NoInheritHostTimezone:` + fmt.Sprintf("%v", this.NoInheritHostTimezone) + `,`,
+		`ScrubLogs:` + fmt.Sprintf("%v", this.ScrubLogs) + `,`,
 		`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
 		`}`,
 	}, "")
@@ -673,7 +778,7 @@ func (this *ProcessDetails) String() string {
 	}
 	s := strings.Join([]string{`&ProcessDetails{`,
 		`ImageName:` + fmt.Sprintf("%v", this.ImageName) + `,`,
-		`CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
+		`CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`,
 		`KernelTime_100Ns:` + fmt.Sprintf("%v", this.KernelTime_100Ns) + `,`,
 		`MemoryCommitBytes:` + fmt.Sprintf("%v", this.MemoryCommitBytes) + `,`,
 		`MemoryWorkingSetPrivateBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetPrivateBytes) + `,`,
@@ -1140,16 +1245,180 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 18:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DefaultContainerAnnotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthRunhcs
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.DefaultContainerAnnotations == nil {
+				m.DefaultContainerAnnotations = make(map[string]string)
+			}
+			var mapkey string
+			var mapvalue string
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowRunhcs
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowRunhcs
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthRunhcs
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthRunhcs
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var stringLenmapvalue uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowRunhcs
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapvalue |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
+						return ErrInvalidLengthRunhcs
+					}
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
+						return ErrInvalidLengthRunhcs
+					}
+					if postStringIndexmapvalue > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipRunhcs(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthRunhcs
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.DefaultContainerAnnotations[mapkey] = mapvalue
+			iNdEx = postIndex
+		case 19:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NoInheritHostTimezone", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NoInheritHostTimezone = bool(v != 0)
+		case 20:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ScrubLogs", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRunhcs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ScrubLogs = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRunhcs(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthRunhcs
-			}
-			if (iNdEx + skippy) < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunhcs
 			}
 			if (iNdEx + skippy) > l {
@@ -1411,10 +1680,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 			if err != nil {
 				return err
 			}
-			if skippy < 0 {
-				return ErrInvalidLengthRunhcs
-			}
-			if (iNdEx + skippy) < 0 {
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
 				return ErrInvalidLengthRunhcs
 			}
 			if (iNdEx + skippy) > l {
@@ -1433,6 +1699,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error {
 func skipRunhcs(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
+	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
@@ -1464,10 +1731,8 @@ func skipRunhcs(dAtA []byte) (n int, err error) {
 					break
 				}
 			}
-			return iNdEx, nil
 		case 1:
 			iNdEx += 8
-			return iNdEx, nil
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
@@ -1488,55 +1753,30 @@ func skipRunhcs(dAtA []byte) (n int, err error) {
 				return 0, ErrInvalidLengthRunhcs
 			}
 			iNdEx += length
-			if iNdEx < 0 {
-				return 0, ErrInvalidLengthRunhcs
-			}
-			return iNdEx, nil
 		case 3:
-			for {
-				var innerWire uint64
-				var start int = iNdEx
-				for shift := uint(0); ; shift += 7 {
-					if shift >= 64 {
-						return 0, ErrIntOverflowRunhcs
-					}
-					if iNdEx >= l {
-						return 0, io.ErrUnexpectedEOF
-					}
-					b := dAtA[iNdEx]
-					iNdEx++
-					innerWire |= (uint64(b) & 0x7F) << shift
-					if b < 0x80 {
-						break
-					}
-				}
-				innerWireType := int(innerWire & 0x7)
-				if innerWireType == 4 {
-					break
-				}
-				next, err := skipRunhcs(dAtA[start:])
-				if err != nil {
-					return 0, err
-				}
-				iNdEx = start + next
-				if iNdEx < 0 {
-					return 0, ErrInvalidLengthRunhcs
-				}
-			}
-			return iNdEx, nil
+			depth++
 		case 4:
-			return iNdEx, nil
+			if depth == 0 {
+				return 0, ErrUnexpectedEndOfGroupRunhcs
+			}
+			depth--
 		case 5:
 			iNdEx += 4
-			return iNdEx, nil
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
+		if iNdEx < 0 {
+			return 0, ErrInvalidLengthRunhcs
+		}
+		if depth == 0 {
+			return iNdEx, nil
+		}
 	}
-	panic("unreachable")
+	return 0, io.ErrUnexpectedEOF
 }
 
 var (
-	ErrInvalidLengthRunhcs = fmt.Errorf("proto: negative length found during unmarshaling")
-	ErrIntOverflowRunhcs   = fmt.Errorf("proto: integer overflow")
+	ErrInvalidLengthRunhcs        = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowRunhcs          = fmt.Errorf("proto: integer overflow")
+	ErrUnexpectedEndOfGroupRunhcs = fmt.Errorf("proto: unexpected end of group")
 )

vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto

@@ -98,6 +98,16 @@ message Options {
 	// The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite
 	// timeout.
 	int32 io_retry_timeout_in_sec = 17;
+
+	// default_container_annotations specifies a set of annotations that should be set for every workload container
+	map<string, string> default_container_annotations = 18;
+
+	// no_inherit_host_timezone specifies to skip inheriting the hosts time zone for WCOW UVMs and instead default to
+	// UTC.
+	bool no_inherit_host_timezone = 19;
+
+	// scrub_logs enables removing environment variables and other potentially sensitive information from logs
+	bool scrub_logs = 20;
 }
 
 // ProcessDetails contains additional information about a process. This is the additional

vendor/github.com/Microsoft/hcsshim/computestorage/attach.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -17,8 +19,8 @@ import (
 //
 // `layerData` is the parent read-only layer data.
 func AttachLayerStorageFilter(ctx context.Context, layerPath string, layerData LayerData) (err error) {
-	title := "hcsshim.AttachLayerStorageFilter"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::AttachLayerStorageFilter"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(

vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -12,8 +14,8 @@ import (
 //
 // `layerPath` is a path to a directory containing the layer to export.
 func DestroyLayer(ctx context.Context, layerPath string) (err error) {
-	title := "hcsshim.DestroyLayer"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::DestroyLayer"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("layerPath", layerPath))

vendor/github.com/Microsoft/hcsshim/computestorage/detach.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -12,8 +14,8 @@ import (
 //
 // `layerPath` is a path to a directory containing the layer to export.
 func DetachLayerStorageFilter(ctx context.Context, layerPath string) (err error) {
-	title := "hcsshim.DetachLayerStorageFilter"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::DetachLayerStorageFilter"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("layerPath", layerPath))

vendor/github.com/Microsoft/hcsshim/computestorage/export.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -19,8 +21,8 @@ import (
 //
 // `options` are the export options applied to the exported layer.
 func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerData LayerData, options ExportLayerOptions) (err error) {
-	title := "hcsshim.ExportLayer"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::ExportLayer"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(
@@ -28,17 +30,17 @@ func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerD
 		trace.StringAttribute("exportFolderPath", exportFolderPath),
 	)
 
-	ldbytes, err := json.Marshal(layerData)
+	ldBytes, err := json.Marshal(layerData)
 	if err != nil {
 		return err
 	}
 
-	obytes, err := json.Marshal(options)
+	oBytes, err := json.Marshal(options)
 	if err != nil {
 		return err
 	}
 
-	err = hcsExportLayer(layerPath, exportFolderPath, string(ldbytes), string(obytes))
+	err = hcsExportLayer(layerPath, exportFolderPath, string(ldBytes), string(oBytes))
 	if err != nil {
 		return errors.Wrap(err, "failed to export layer")
 	}

vendor/github.com/Microsoft/hcsshim/computestorage/format.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -5,16 +7,20 @@ import (
 
 	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/pkg/errors"
-	"go.opencensus.io/trace"
 	"golang.org/x/sys/windows"
 )
 
 // FormatWritableLayerVhd formats a virtual disk for use as a writable container layer.
 //
 // If the VHD is not mounted it will be temporarily mounted.
+//
+// NOTE: This API had a breaking change in the operating system after Windows Server 2019.
+// On ws2019 the API expects to get passed a file handle from CreateFile for the vhd that
+// the caller wants to format. On > ws2019, its expected that the caller passes a vhd handle
+// that can be obtained from the virtdisk APIs.
 func FormatWritableLayerVhd(ctx context.Context, vhdHandle windows.Handle) (err error) {
-	title := "hcsshim.FormatWritableLayerVhd"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::FormatWritableLayerVhd"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 

vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -6,10 +8,12 @@ import (
 	"path/filepath"
 	"syscall"
 
-	"github.com/Microsoft/go-winio/pkg/security"
 	"github.com/Microsoft/go-winio/vhd"
+	"github.com/Microsoft/hcsshim/internal/memory"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
+
+	"github.com/Microsoft/hcsshim/internal/security"
 )
 
 const defaultVHDXBlockSizeInMB = 1
@@ -59,8 +63,8 @@ func SetupContainerBaseLayer(ctx context.Context, layerPath, baseVhdPath, diffVh
 	createParams := &vhd.CreateVirtualDiskParameters{
 		Version: 2,
 		Version2: vhd.CreateVersion2{
-			MaximumSize:      sizeInGB * 1024 * 1024 * 1024,
-			BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024,
+			MaximumSize:      sizeInGB * memory.GiB,
+			BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB,
 		},
 	}
 	handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
@@ -135,8 +139,8 @@ func SetupUtilityVMBaseLayer(ctx context.Context, uvmPath, baseVhdPath, diffVhdP
 	createParams := &vhd.CreateVirtualDiskParameters{
 		Version: 2,
 		Version2: vhd.CreateVersion2{
-			MaximumSize:      sizeInGB * 1024 * 1024 * 1024,
-			BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024,
+			MaximumSize:      sizeInGB * memory.GiB,
+			BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB,
 		},
 	}
 	handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)

vendor/github.com/Microsoft/hcsshim/computestorage/import.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -19,8 +21,8 @@ import (
 //
 // `layerData` is the parent layer data.
 func ImportLayer(ctx context.Context, layerPath, sourceFolderPath string, layerData LayerData) (err error) {
-	title := "hcsshim.ImportLayer"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::ImportLayer"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(

vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -16,8 +18,8 @@ import (
 //
 // `layerData` is the parent read-only layer data.
 func InitializeWritableLayer(ctx context.Context, layerPath string, layerData LayerData) (err error) {
-	title := "hcsshim.InitializeWritableLayer"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::InitializeWritableLayer"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(

vendor/github.com/Microsoft/hcsshim/computestorage/mount.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -6,14 +8,13 @@ import (
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/pkg/errors"
-	"go.opencensus.io/trace"
 	"golang.org/x/sys/windows"
 )
 
 // GetLayerVhdMountPath returns the volume path for a virtual disk of a writable container layer.
 func GetLayerVhdMountPath(ctx context.Context, vhdHandle windows.Handle) (path string, err error) {
-	title := "hcsshim.GetLayerVhdMountPath"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::GetLayerVhdMountPath"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 

vendor/github.com/Microsoft/hcsshim/computestorage/setup.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package computestorage
 
 import (
@@ -21,8 +23,8 @@ import (
 //
 // `options` are the options applied while processing the layer.
 func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.Handle, options OsLayerOptions) (err error) {
-	title := "hcsshim.SetupBaseOSLayer"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::SetupBaseOSLayer"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(
@@ -48,12 +50,16 @@ func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.H
 // `volumePath` is the path to the volume to be used for setup.
 //
 // `options` are the options applied while processing the layer.
+//
+// NOTE: This API is only available on builds of Windows greater than 19645. Inside we
+// check if the hosts build has the API available by using 'GetVersion' which requires
+// the calling application to be manifested. https://docs.microsoft.com/en-us/windows/win32/sbscs/manifests
 func SetupBaseOSVolume(ctx context.Context, layerPath, volumePath string, options OsLayerOptions) (err error) {
 	if osversion.Build() < 19645 {
 		return errors.New("SetupBaseOSVolume is not present on builds older than 19645")
 	}
-	title := "hcsshim.SetupBaseOSVolume"
-	ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+	title := "hcsshim::SetupBaseOSVolume"
+	ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(

vendor/github.com/Microsoft/hcsshim/computestorage/storage.go

@@ -7,7 +7,7 @@ import (
 	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
 )
 
-//go:generate go run ../mksyscall_windows.go -output zsyscall_windows.go storage.go
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go storage.go
 
 //sys hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) = computestorage.HcsImportLayer?
 //sys hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) = computestorage.HcsExportLayer?
@@ -20,10 +20,13 @@ import (
 //sys hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) = computestorage.HcsGetLayerVhdMountPath?
 //sys hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) = computestorage.HcsSetupBaseOSVolume?
 
+type Version = hcsschema.Version
+type Layer = hcsschema.Layer
+
 // LayerData is the data used to describe parent layer information.
 type LayerData struct {
-	SchemaVersion hcsschema.Version `json:"SchemaVersion,omitempty"`
-	Layers        []hcsschema.Layer `json:"Layers,omitempty"`
+	SchemaVersion Version `json:"SchemaVersion,omitempty"`
+	Layers        []Layer `json:"Layers,omitempty"`
 }
 
 // ExportLayerOptions are the set of options that are used with the `computestorage.HcsExportLayer` syscall.

vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go

@@ -1,4 +1,6 @@
-// Code generated mksyscall_windows.exe DO NOT EDIT
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 
 package computestorage
 
@@ -19,6 +21,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +29,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -39,42 +42,86 @@ func errnoErr(e syscall.Errno) error {
 var (
 	modcomputestorage = windows.NewLazySystemDLL("computestorage.dll")
 
-	procHcsImportLayer              = modcomputestorage.NewProc("HcsImportLayer")
-	procHcsExportLayer              = modcomputestorage.NewProc("HcsExportLayer")
-	procHcsDestoryLayer             = modcomputestorage.NewProc("HcsDestoryLayer")
-	procHcsSetupBaseOSLayer         = modcomputestorage.NewProc("HcsSetupBaseOSLayer")
-	procHcsInitializeWritableLayer  = modcomputestorage.NewProc("HcsInitializeWritableLayer")
 	procHcsAttachLayerStorageFilter = modcomputestorage.NewProc("HcsAttachLayerStorageFilter")
+	procHcsDestoryLayer             = modcomputestorage.NewProc("HcsDestoryLayer")
 	procHcsDetachLayerStorageFilter = modcomputestorage.NewProc("HcsDetachLayerStorageFilter")
+	procHcsExportLayer              = modcomputestorage.NewProc("HcsExportLayer")
 	procHcsFormatWritableLayerVhd   = modcomputestorage.NewProc("HcsFormatWritableLayerVhd")
 	procHcsGetLayerVhdMountPath     = modcomputestorage.NewProc("HcsGetLayerVhdMountPath")
+	procHcsImportLayer              = modcomputestorage.NewProc("HcsImportLayer")
+	procHcsInitializeWritableLayer  = modcomputestorage.NewProc("HcsInitializeWritableLayer")
+	procHcsSetupBaseOSLayer         = modcomputestorage.NewProc("HcsSetupBaseOSLayer")
 	procHcsSetupBaseOSVolume        = modcomputestorage.NewProc("HcsSetupBaseOSVolume")
 )
 
-func hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) {
+func hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(layerPath)
 	if hr != nil {
 		return
 	}
 	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(sourceFolderPath)
+	_p1, hr = syscall.UTF16PtrFromString(layerData)
 	if hr != nil {
 		return
 	}
-	var _p2 *uint16
-	_p2, hr = syscall.UTF16PtrFromString(layerData)
+	return _hcsAttachLayerStorageFilter(_p0, _p1)
+}
+
+func _hcsAttachLayerStorageFilter(layerPath *uint16, layerData *uint16) (hr error) {
+	hr = procHcsAttachLayerStorageFilter.Find()
 	if hr != nil {
 		return
 	}
-	return _hcsImportLayer(_p0, _p1, _p2)
+	r0, _, _ := syscall.Syscall(procHcsAttachLayerStorageFilter.Addr(), 2, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
 }
 
-func _hcsImportLayer(layerPath *uint16, sourceFolderPath *uint16, layerData *uint16) (hr error) {
-	if hr = procHcsImportLayer.Find(); hr != nil {
+func hcsDestroyLayer(layerPath string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsImportLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
+	return _hcsDestroyLayer(_p0)
+}
+
+func _hcsDestroyLayer(layerPath *uint16) (hr error) {
+	hr = procHcsDestoryLayer.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsDestoryLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcsDetachLayerStorageFilter(layerPath string) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+	if hr != nil {
+		return
+	}
+	return _hcsDetachLayerStorageFilter(_p0)
+}
+
+func _hcsDetachLayerStorageFilter(layerPath *uint16) (hr error) {
+	hr = procHcsDetachLayerStorageFilter.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcsDetachLayerStorageFilter.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -109,7 +156,8 @@ func hcsExportLayer(layerPath string, exportFolderPath string, layerData string,
 }
 
 func _hcsExportLayer(layerPath *uint16, exportFolderPath *uint16, layerData *uint16, options *uint16) (hr error) {
-	if hr = procHcsExportLayer.Find(); hr != nil {
+	hr = procHcsExportLayer.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall6(procHcsExportLayer.Addr(), 4, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(exportFolderPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)), 0, 0)
@@ -122,20 +170,27 @@ func _hcsExportLayer(layerPath *uint16, exportFolderPath *uint16, layerData *uin
 	return
 }
 
-func hcsDestroyLayer(layerPath string) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+func hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) {
+	hr = procHcsFormatWritableLayerVhd.Find()
 	if hr != nil {
 		return
 	}
-	return _hcsDestroyLayer(_p0)
+	r0, _, _ := syscall.Syscall(procHcsFormatWritableLayerVhd.Addr(), 1, uintptr(handle), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
 }
 
-func _hcsDestroyLayer(layerPath *uint16) (hr error) {
-	if hr = procHcsDestoryLayer.Find(); hr != nil {
+func hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) {
+	hr = procHcsGetLayerVhdMountPath.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsDestoryLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcsGetLayerVhdMountPath.Addr(), 2, uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -145,25 +200,31 @@ func _hcsDestroyLayer(layerPath *uint16) (hr error) {
 	return
 }
 
-func hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) {
+func hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(layerPath)
 	if hr != nil {
 		return
 	}
 	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(options)
+	_p1, hr = syscall.UTF16PtrFromString(sourceFolderPath)
 	if hr != nil {
 		return
 	}
-	return _hcsSetupBaseOSLayer(_p0, handle, _p1)
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(layerData)
+	if hr != nil {
+		return
+	}
+	return _hcsImportLayer(_p0, _p1, _p2)
 }
 
-func _hcsSetupBaseOSLayer(layerPath *uint16, handle windows.Handle, options *uint16) (hr error) {
-	if hr = procHcsSetupBaseOSLayer.Find(); hr != nil {
+func _hcsImportLayer(layerPath *uint16, sourceFolderPath *uint16, layerData *uint16) (hr error) {
+	hr = procHcsImportLayer.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
+	r0, _, _ := syscall.Syscall(procHcsImportLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -193,7 +254,8 @@ func hcsInitializeWritableLayer(writableLayerPath string, layerData string, opti
 }
 
 func _hcsInitializeWritableLayer(writableLayerPath *uint16, layerData *uint16, options *uint16) (hr error) {
-	if hr = procHcsInitializeWritableLayer.Find(); hr != nil {
+	hr = procHcsInitializeWritableLayer.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall(procHcsInitializeWritableLayer.Addr(), 3, uintptr(unsafe.Pointer(writableLayerPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
@@ -206,76 +268,26 @@ func _hcsInitializeWritableLayer(writableLayerPath *uint16, layerData *uint16, o
 	return
 }
 
-func hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) {
+func hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(layerPath)
 	if hr != nil {
 		return
 	}
 	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(layerData)
+	_p1, hr = syscall.UTF16PtrFromString(options)
 	if hr != nil {
 		return
 	}
-	return _hcsAttachLayerStorageFilter(_p0, _p1)
-}
-
-func _hcsAttachLayerStorageFilter(layerPath *uint16, layerData *uint16) (hr error) {
-	if hr = procHcsAttachLayerStorageFilter.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsAttachLayerStorageFilter.Addr(), 2, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)), 0)
-	if int32(r0) < 0 {
-		if r0&0x1fff0000 == 0x00070000 {
-			r0 &= 0xffff
-		}
-		hr = syscall.Errno(r0)
-	}
-	return
+	return _hcsSetupBaseOSLayer(_p0, handle, _p1)
 }
 
-func hcsDetachLayerStorageFilter(layerPath string) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(layerPath)
+func _hcsSetupBaseOSLayer(layerPath *uint16, handle windows.Handle, options *uint16) (hr error) {
+	hr = procHcsSetupBaseOSLayer.Find()
 	if hr != nil {
 		return
 	}
-	return _hcsDetachLayerStorageFilter(_p0)
-}
-
-func _hcsDetachLayerStorageFilter(layerPath *uint16) (hr error) {
-	if hr = procHcsDetachLayerStorageFilter.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsDetachLayerStorageFilter.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
-	if int32(r0) < 0 {
-		if r0&0x1fff0000 == 0x00070000 {
-			r0 &= 0xffff
-		}
-		hr = syscall.Errno(r0)
-	}
-	return
-}
-
-func hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) {
-	if hr = procHcsFormatWritableLayerVhd.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsFormatWritableLayerVhd.Addr(), 1, uintptr(handle), 0, 0)
-	if int32(r0) < 0 {
-		if r0&0x1fff0000 == 0x00070000 {
-			r0 &= 0xffff
-		}
-		hr = syscall.Errno(r0)
-	}
-	return
-}
-
-func hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) {
-	if hr = procHcsGetLayerVhdMountPath.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcsGetLayerVhdMountPath.Addr(), 2, uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)), 0)
+	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -305,7 +317,8 @@ func hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (
 }
 
 func _hcsSetupBaseOSVolume(layerPath *uint16, volumePath *uint16, options *uint16) (hr error) {
-	if hr = procHcsSetupBaseOSVolume.Find(); hr != nil {
+	hr = procHcsSetupBaseOSVolume.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSVolume.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(volumePath)), uintptr(unsafe.Pointer(options)))

vendor/github.com/Microsoft/hcsshim/container.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (
@@ -60,7 +62,7 @@ type container struct {
 	waitCh   chan struct{}
 }
 
-// createComputeSystemAdditionalJSON is read from the environment at initialisation
+// createContainerAdditionalJSON is read from the environment at initialization
 // time. It allows an environment variable to define additional JSON which
 // is merged in the CreateComputeSystem call to HCS.
 var createContainerAdditionalJSON []byte

vendor/github.com/Microsoft/hcsshim/errors.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (
@@ -50,6 +52,9 @@ var (
 	// ErrUnexpectedValue is an error encountered when hcs returns an invalid value
 	ErrUnexpectedValue = hcs.ErrUnexpectedValue
 
+	// ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied
+	ErrOperationDenied = hcs.ErrOperationDenied
+
 	// ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container
 	ErrVmcomputeAlreadyStopped = hcs.ErrVmcomputeAlreadyStopped
 

vendor/github.com/Microsoft/hcsshim/functional_tests.ps1

@@ -1,12 +0,0 @@
-# Requirements so far:
-# dockerd running
-#  - image microsoft/nanoserver (matching host base image)  docker load -i c:\baseimages\nanoserver.tar
-#  - image alpine (linux) docker pull --platform=linux alpine
-
-
-# TODO: Add this a parameter for debugging. ie "functional-tests -debug=$true"
-#$env:HCSSHIM_FUNCTIONAL_TESTS_DEBUG="yes please"
-
-#pushd uvm
-go test -v -tags "functional uvmcreate uvmscratch uvmscsi uvmvpmem uvmvsmb uvmp9" ./...
-#popd

vendor/github.com/Microsoft/hcsshim/hcn/doc.go

@@ -0,0 +1,3 @@
+// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server
+// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS).
+package hcn

vendor/github.com/Microsoft/hcsshim/hcn/hcn.go

@@ -1,5 +1,5 @@
-// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server
-// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS).
+//go:build windows
+
 package hcn
 
 import (
@@ -10,7 +10,7 @@ import (
 	"github.com/Microsoft/go-winio/pkg/guid"
 )
 
-//go:generate go run ../mksyscall_windows.go -output zsyscall_windows.go hcn.go
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go hcn.go
 
 /// HNS V1 API
 
@@ -228,7 +228,7 @@ func IPv6DualStackSupported() error {
 	return platformDoesNotSupportError("IPv6 DualStack")
 }
 
-//L4proxySupported returns an error if the HCN verison does not support L4Proxy
+// L4proxySupported returns an error if the HCN version does not support L4Proxy
 func L4proxyPolicySupported() error {
 	supported, err := GetCachedSupportedFeatures()
 	if err != nil {
@@ -240,7 +240,7 @@ func L4proxyPolicySupported() error {
 	return platformDoesNotSupportError("L4ProxyPolicy")
 }
 
-// L4WfpProxySupported returns an error if the HCN verison does not support L4WfpProxy
+// L4WfpProxySupported returns an error if the HCN version does not support L4WfpProxy
 func L4WfpProxyPolicySupported() error {
 	supported, err := GetCachedSupportedFeatures()
 	if err != nil {

vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (
@@ -9,7 +11,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// IpConfig is assoicated with an endpoint
+// IpConfig is associated with an endpoint
 type IpConfig struct {
 	IpAddress    string `json:",omitempty"`
 	PrefixLength uint8  `json:",omitempty"`
@@ -70,14 +72,14 @@ type PolicyEndpointRequest struct {
 	Policies []EndpointPolicy `json:",omitempty"`
 }
 
-func getEndpoint(endpointGuid guid.GUID, query string) (*HostComputeEndpoint, error) {
+func getEndpoint(endpointGUID guid.GUID, query string) (*HostComputeEndpoint, error) {
 	// Open endpoint.
 	var (
 		endpointHandle   hcnEndpoint
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenEndpoint(&endpointGuid, &endpointHandle, &resultBuffer)
+	hr := hcnOpenEndpoint(&endpointGUID, &endpointHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenEndpoint", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -119,8 +121,8 @@ func enumerateEndpoints(query string) ([]HostComputeEndpoint, error) {
 	}
 
 	var outputEndpoints []HostComputeEndpoint
-	for _, endpointGuid := range endpointIds {
-		endpoint, err := getEndpoint(endpointGuid, query)
+	for _, endpointGUID := range endpointIds {
+		endpoint, err := getEndpoint(endpointGUID, query)
 		if err != nil {
 			return nil, err
 		}
@@ -129,22 +131,22 @@ func enumerateEndpoints(query string) ([]HostComputeEndpoint, error) {
 	return outputEndpoints, nil
 }
 
-func createEndpoint(networkId string, endpointSettings string) (*HostComputeEndpoint, error) {
-	networkGuid, err := guid.FromString(networkId)
+func createEndpoint(networkID string, endpointSettings string) (*HostComputeEndpoint, error) {
+	networkGUID, err := guid.FromString(networkID)
 	if err != nil {
 		return nil, errInvalidNetworkID
 	}
 	// Open network.
 	var networkHandle hcnNetwork
 	var resultBuffer *uint16
-	hr := hcnOpenNetwork(&networkGuid, &networkHandle, &resultBuffer)
+	hr := hcnOpenNetwork(&networkGUID, &networkHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenNetwork", hr, resultBuffer); err != nil {
 		return nil, err
 	}
 	// Create endpoint.
-	endpointId := guid.GUID{}
+	endpointID := guid.GUID{}
 	var endpointHandle hcnEndpoint
-	hr = hcnCreateEndpoint(networkHandle, &endpointId, endpointSettings, &endpointHandle, &resultBuffer)
+	hr = hcnCreateEndpoint(networkHandle, &endpointID, endpointSettings, &endpointHandle, &resultBuffer)
 	if err := checkForErrors("hcnCreateEndpoint", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -178,8 +180,8 @@ func createEndpoint(networkId string, endpointSettings string) (*HostComputeEndp
 	return &outputEndpoint, nil
 }
 
-func modifyEndpoint(endpointId string, settings string) (*HostComputeEndpoint, error) {
-	endpointGuid, err := guid.FromString(endpointId)
+func modifyEndpoint(endpointID string, settings string) (*HostComputeEndpoint, error) {
+	endpointGUID, err := guid.FromString(endpointID)
 	if err != nil {
 		return nil, errInvalidEndpointID
 	}
@@ -189,7 +191,7 @@ func modifyEndpoint(endpointId string, settings string) (*HostComputeEndpoint, e
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenEndpoint(&endpointGuid, &endpointHandle, &resultBuffer)
+	hr := hcnOpenEndpoint(&endpointGUID, &endpointHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenEndpoint", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -222,13 +224,13 @@ func modifyEndpoint(endpointId string, settings string) (*HostComputeEndpoint, e
 	return &outputEndpoint, nil
 }
 
-func deleteEndpoint(endpointId string) error {
-	endpointGuid, err := guid.FromString(endpointId)
+func deleteEndpoint(endpointID string) error {
+	endpointGUID, err := guid.FromString(endpointID)
 	if err != nil {
 		return errInvalidEndpointID
 	}
 	var resultBuffer *uint16
-	hr := hcnDeleteEndpoint(&endpointGuid, &resultBuffer)
+	hr := hcnDeleteEndpoint(&endpointGUID, &resultBuffer)
 	if err := checkForErrors("hcnDeleteEndpoint", hr, resultBuffer); err != nil {
 		return err
 	}
@@ -247,12 +249,12 @@ func ListEndpoints() ([]HostComputeEndpoint, error) {
 
 // ListEndpointsQuery makes a call to query the list of available endpoints.
 func ListEndpointsQuery(query HostComputeQuery) ([]HostComputeEndpoint, error) {
-	queryJson, err := json.Marshal(query)
+	queryJSON, err := json.Marshal(query)
 	if err != nil {
 		return nil, err
 	}
 
-	endpoints, err := enumerateEndpoints(string(queryJson))
+	endpoints, err := enumerateEndpoints(string(queryJSON))
 	if err != nil {
 		return nil, err
 	}
@@ -260,10 +262,10 @@ func ListEndpointsQuery(query HostComputeQuery) ([]HostComputeEndpoint, error) {
 }
 
 // ListEndpointsOfNetwork queries the list of endpoints on a network.
-func ListEndpointsOfNetwork(networkId string) ([]HostComputeEndpoint, error) {
+func ListEndpointsOfNetwork(networkID string) ([]HostComputeEndpoint, error) {
 	hcnQuery := defaultQuery()
 	// TODO: Once query can convert schema, change to {HostComputeNetwork:networkId}
-	mapA := map[string]string{"VirtualNetwork": networkId}
+	mapA := map[string]string{"VirtualNetwork": networkID}
 	filter, err := json.Marshal(mapA)
 	if err != nil {
 		return nil, err
@@ -274,9 +276,9 @@ func ListEndpointsOfNetwork(networkId string) ([]HostComputeEndpoint, error) {
 }
 
 // GetEndpointByID returns an endpoint specified by Id
-func GetEndpointByID(endpointId string) (*HostComputeEndpoint, error) {
+func GetEndpointByID(endpointID string) (*HostComputeEndpoint, error) {
 	hcnQuery := defaultQuery()
-	mapA := map[string]string{"ID": endpointId}
+	mapA := map[string]string{"ID": endpointID}
 	filter, err := json.Marshal(mapA)
 	if err != nil {
 		return nil, err
@@ -288,7 +290,7 @@ func GetEndpointByID(endpointId string) (*HostComputeEndpoint, error) {
 		return nil, err
 	}
 	if len(endpoints) == 0 {
-		return nil, EndpointNotFoundError{EndpointID: endpointId}
+		return nil, EndpointNotFoundError{EndpointID: endpointID}
 	}
 	return &endpoints[0], err
 }
@@ -345,15 +347,15 @@ func (endpoint *HostComputeEndpoint) Delete() error {
 }
 
 // ModifyEndpointSettings updates the Port/Policy of an Endpoint.
-func ModifyEndpointSettings(endpointId string, request *ModifyEndpointSettingRequest) error {
-	logrus.Debugf("hcn::HostComputeEndpoint::ModifyEndpointSettings id=%s", endpointId)
+func ModifyEndpointSettings(endpointID string, request *ModifyEndpointSettingRequest) error {
+	logrus.Debugf("hcn::HostComputeEndpoint::ModifyEndpointSettings id=%s", endpointID)
 
 	endpointSettingsRequest, err := json.Marshal(request)
 	if err != nil {
 		return err
 	}
 
-	_, err = modifyEndpoint(endpointId, string(endpointSettingsRequest))
+	_, err = modifyEndpoint(endpointID, string(endpointSettingsRequest))
 	if err != nil {
 		return err
 	}
@@ -364,25 +366,25 @@ func ModifyEndpointSettings(endpointId string, request *ModifyEndpointSettingReq
 func (endpoint *HostComputeEndpoint) ApplyPolicy(requestType RequestType, endpointPolicy PolicyEndpointRequest) error {
 	logrus.Debugf("hcn::HostComputeEndpoint::ApplyPolicy id=%s", endpoint.Id)
 
-	settingsJson, err := json.Marshal(endpointPolicy)
+	settingsJSON, err := json.Marshal(endpointPolicy)
 	if err != nil {
 		return err
 	}
 	requestMessage := &ModifyEndpointSettingRequest{
 		ResourceType: EndpointResourceTypePolicy,
 		RequestType:  requestType,
-		Settings:     settingsJson,
+		Settings:     settingsJSON,
 	}
 
 	return ModifyEndpointSettings(endpoint.Id, requestMessage)
 }
 
 // NamespaceAttach modifies a Namespace to add an endpoint.
-func (endpoint *HostComputeEndpoint) NamespaceAttach(namespaceId string) error {
-	return AddNamespaceEndpoint(namespaceId, endpoint.Id)
+func (endpoint *HostComputeEndpoint) NamespaceAttach(namespaceID string) error {
+	return AddNamespaceEndpoint(namespaceID, endpoint.Id)
 }
 
 // NamespaceDetach modifies a Namespace to remove an endpoint.
-func (endpoint *HostComputeEndpoint) NamespaceDetach(namespaceId string) error {
-	return RemoveNamespaceEndpoint(namespaceId, endpoint.Id)
+func (endpoint *HostComputeEndpoint) NamespaceDetach(namespaceID string) error {
+	return RemoveNamespaceEndpoint(namespaceID, endpoint.Id)
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go

@@ -1,5 +1,5 @@
-// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server
-// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS).
+//go:build windows
+
 package hcn
 
 import (
@@ -10,6 +10,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/sys/windows"
 )
 
 var (
@@ -48,8 +49,8 @@ type ErrorCode uint32
 
 // For common errors, define the error as it is in windows, so we can quickly determine it later
 const (
-	ERROR_NOT_FOUND                     = 0x490
-	HCN_E_PORT_ALREADY_EXISTS ErrorCode = 0x803b0013
+	ERROR_NOT_FOUND                     = ErrorCode(windows.ERROR_NOT_FOUND)
+	HCN_E_PORT_ALREADY_EXISTS ErrorCode = ErrorCode(windows.HCN_E_PORT_ALREADY_EXISTS)
 )
 
 type HcnError struct {
@@ -87,10 +88,10 @@ func new(hr error, title string, rest string) error {
 
 //
 // Note that the below errors are not errors returned by hcn itself
-// we wish to seperate them as they are shim usage error
+// we wish to separate them as they are shim usage error
 //
 
-// NetworkNotFoundError results from a failed seach for a network by Id or Name
+// NetworkNotFoundError results from a failed search for a network by Id or Name
 type NetworkNotFoundError struct {
 	NetworkName string
 	NetworkID   string
@@ -103,7 +104,7 @@ func (e NetworkNotFoundError) Error() string {
 	return fmt.Sprintf("Network ID %q not found", e.NetworkID)
 }
 
-// EndpointNotFoundError results from a failed seach for an endpoint by Id or Name
+// EndpointNotFoundError results from a failed search for an endpoint by Id or Name
 type EndpointNotFoundError struct {
 	EndpointName string
 	EndpointID   string
@@ -116,7 +117,7 @@ func (e EndpointNotFoundError) Error() string {
 	return fmt.Sprintf("Endpoint ID %q not found", e.EndpointID)
 }
 
-// NamespaceNotFoundError results from a failed seach for a namsepace by Id
+// NamespaceNotFoundError results from a failed search for a namsepace by Id
 type NamespaceNotFoundError struct {
 	NamespaceID string
 }
@@ -125,7 +126,7 @@ func (e NamespaceNotFoundError) Error() string {
 	return fmt.Sprintf("Namespace ID %q not found", e.NamespaceID)
 }
 
-// LoadBalancerNotFoundError results from a failed seach for a loadbalancer by Id
+// LoadBalancerNotFoundError results from a failed search for a loadbalancer by Id
 type LoadBalancerNotFoundError struct {
 	LoadBalancerId string
 }
@@ -134,7 +135,7 @@ func (e LoadBalancerNotFoundError) Error() string {
 	return fmt.Sprintf("LoadBalancer %q not found", e.LoadBalancerId)
 }
 
-// RouteNotFoundError results from a failed seach for a route by Id
+// RouteNotFoundError results from a failed search for a route by Id
 type RouteNotFoundError struct {
 	RouteId string
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (

vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (
@@ -28,14 +30,14 @@ type HostComputeLoadBalancer struct {
 	Flags                LoadBalancerFlags         `json:",omitempty"` // 0: None, 1: EnableDirectServerReturn
 }
 
-//LoadBalancerFlags modify settings for a loadbalancer.
+// LoadBalancerFlags modify settings for a loadbalancer.
 type LoadBalancerFlags uint32
 
 var (
 	// LoadBalancerFlagsNone is the default.
 	LoadBalancerFlagsNone LoadBalancerFlags = 0
 	// LoadBalancerFlagsDSR enables Direct Server Return (DSR)
-	LoadBalancerFlagsDSR LoadBalancerFlags = 1
+	LoadBalancerFlagsDSR  LoadBalancerFlags = 1
 	LoadBalancerFlagsIPv6 LoadBalancerFlags = 2
 )
 
@@ -67,14 +69,14 @@ var (
 	LoadBalancerDistributionSourceIP LoadBalancerDistribution = 2
 )
 
-func getLoadBalancer(loadBalancerGuid guid.GUID, query string) (*HostComputeLoadBalancer, error) {
+func getLoadBalancer(loadBalancerGUID guid.GUID, query string) (*HostComputeLoadBalancer, error) {
 	// Open loadBalancer.
 	var (
 		loadBalancerHandle hcnLoadBalancer
 		resultBuffer       *uint16
 		propertiesBuffer   *uint16
 	)
-	hr := hcnOpenLoadBalancer(&loadBalancerGuid, &loadBalancerHandle, &resultBuffer)
+	hr := hcnOpenLoadBalancer(&loadBalancerGUID, &loadBalancerHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenLoadBalancer", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -115,8 +117,8 @@ func enumerateLoadBalancers(query string) ([]HostComputeLoadBalancer, error) {
 	}
 
 	var outputLoadBalancers []HostComputeLoadBalancer
-	for _, loadBalancerGuid := range loadBalancerIds {
-		loadBalancer, err := getLoadBalancer(loadBalancerGuid, query)
+	for _, loadBalancerGUID := range loadBalancerIds {
+		loadBalancer, err := getLoadBalancer(loadBalancerGUID, query)
 		if err != nil {
 			return nil, err
 		}
@@ -132,8 +134,8 @@ func createLoadBalancer(settings string) (*HostComputeLoadBalancer, error) {
 		resultBuffer       *uint16
 		propertiesBuffer   *uint16
 	)
-	loadBalancerGuid := guid.GUID{}
-	hr := hcnCreateLoadBalancer(&loadBalancerGuid, settings, &loadBalancerHandle, &resultBuffer)
+	loadBalancerGUID := guid.GUID{}
+	hr := hcnCreateLoadBalancer(&loadBalancerGUID, settings, &loadBalancerHandle, &resultBuffer)
 	if err := checkForErrors("hcnCreateLoadBalancer", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -161,13 +163,13 @@ func createLoadBalancer(settings string) (*HostComputeLoadBalancer, error) {
 	return &outputLoadBalancer, nil
 }
 
-func deleteLoadBalancer(loadBalancerId string) error {
-	loadBalancerGuid, err := guid.FromString(loadBalancerId)
+func deleteLoadBalancer(loadBalancerID string) error {
+	loadBalancerGUID, err := guid.FromString(loadBalancerID)
 	if err != nil {
 		return errInvalidLoadBalancerID
 	}
 	var resultBuffer *uint16
-	hr := hcnDeleteLoadBalancer(&loadBalancerGuid, &resultBuffer)
+	hr := hcnDeleteLoadBalancer(&loadBalancerGUID, &resultBuffer)
 	if err := checkForErrors("hcnDeleteLoadBalancer", hr, resultBuffer); err != nil {
 		return err
 	}
@@ -186,12 +188,12 @@ func ListLoadBalancers() ([]HostComputeLoadBalancer, error) {
 
 // ListLoadBalancersQuery makes a call to query the list of available loadBalancers.
 func ListLoadBalancersQuery(query HostComputeQuery) ([]HostComputeLoadBalancer, error) {
-	queryJson, err := json.Marshal(query)
+	queryJSON, err := json.Marshal(query)
 	if err != nil {
 		return nil, err
 	}
 
-	loadBalancers, err := enumerateLoadBalancers(string(queryJson))
+	loadBalancers, err := enumerateLoadBalancers(string(queryJSON))
 	if err != nil {
 		return nil, err
 	}
@@ -199,9 +201,9 @@ func ListLoadBalancersQuery(query HostComputeQuery) ([]HostComputeLoadBalancer,
 }
 
 // GetLoadBalancerByID returns the LoadBalancer specified by Id.
-func GetLoadBalancerByID(loadBalancerId string) (*HostComputeLoadBalancer, error) {
+func GetLoadBalancerByID(loadBalancerID string) (*HostComputeLoadBalancer, error) {
 	hcnQuery := defaultQuery()
-	mapA := map[string]string{"ID": loadBalancerId}
+	mapA := map[string]string{"ID": loadBalancerID}
 	filter, err := json.Marshal(mapA)
 	if err != nil {
 		return nil, err
@@ -213,7 +215,7 @@ func GetLoadBalancerByID(loadBalancerId string) (*HostComputeLoadBalancer, error
 		return nil, err
 	}
 	if len(loadBalancers) == 0 {
-		return nil, LoadBalancerNotFoundError{LoadBalancerId: loadBalancerId}
+		return nil, LoadBalancerNotFoundError{LoadBalancerId: loadBalancerID}
 	}
 	return &loadBalancers[0], err
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (
@@ -27,7 +29,7 @@ type NamespaceResourceContainer struct {
 type NamespaceResourceType string
 
 var (
-	// NamespaceResourceTypeContainer are contianers associated with a Namespace.
+	// NamespaceResourceTypeContainer are containers associated with a Namespace.
 	NamespaceResourceTypeContainer NamespaceResourceType = "Container"
 	// NamespaceResourceTypeEndpoint are endpoints associated with a Namespace.
 	NamespaceResourceTypeEndpoint NamespaceResourceType = "Endpoint"
@@ -70,14 +72,14 @@ type ModifyNamespaceSettingRequest struct {
 	Settings     json.RawMessage       `json:",omitempty"`
 }
 
-func getNamespace(namespaceGuid guid.GUID, query string) (*HostComputeNamespace, error) {
+func getNamespace(namespaceGUID guid.GUID, query string) (*HostComputeNamespace, error) {
 	// Open namespace.
 	var (
 		namespaceHandle  hcnNamespace
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenNamespace(&namespaceGuid, &namespaceHandle, &resultBuffer)
+	hr := hcnOpenNamespace(&namespaceGUID, &namespaceHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenNamespace", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -118,8 +120,8 @@ func enumerateNamespaces(query string) ([]HostComputeNamespace, error) {
 	}
 
 	var outputNamespaces []HostComputeNamespace
-	for _, namespaceGuid := range namespaceIds {
-		namespace, err := getNamespace(namespaceGuid, query)
+	for _, namespaceGUID := range namespaceIds {
+		namespace, err := getNamespace(namespaceGUID, query)
 		if err != nil {
 			return nil, err
 		}
@@ -135,8 +137,8 @@ func createNamespace(settings string) (*HostComputeNamespace, error) {
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	namespaceGuid := guid.GUID{}
-	hr := hcnCreateNamespace(&namespaceGuid, settings, &namespaceHandle, &resultBuffer)
+	namespaceGUID := guid.GUID{}
+	hr := hcnCreateNamespace(&namespaceGUID, settings, &namespaceHandle, &resultBuffer)
 	if err := checkForErrors("hcnCreateNamespace", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -164,8 +166,8 @@ func createNamespace(settings string) (*HostComputeNamespace, error) {
 	return &outputNamespace, nil
 }
 
-func modifyNamespace(namespaceId string, settings string) (*HostComputeNamespace, error) {
-	namespaceGuid, err := guid.FromString(namespaceId)
+func modifyNamespace(namespaceID string, settings string) (*HostComputeNamespace, error) {
+	namespaceGUID, err := guid.FromString(namespaceID)
 	if err != nil {
 		return nil, errInvalidNamespaceID
 	}
@@ -175,7 +177,7 @@ func modifyNamespace(namespaceId string, settings string) (*HostComputeNamespace
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenNamespace(&namespaceGuid, &namespaceHandle, &resultBuffer)
+	hr := hcnOpenNamespace(&namespaceGUID, &namespaceHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenNamespace", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -208,13 +210,13 @@ func modifyNamespace(namespaceId string, settings string) (*HostComputeNamespace
 	return &outputNamespace, nil
 }
 
-func deleteNamespace(namespaceId string) error {
-	namespaceGuid, err := guid.FromString(namespaceId)
+func deleteNamespace(namespaceID string) error {
+	namespaceGUID, err := guid.FromString(namespaceID)
 	if err != nil {
 		return errInvalidNamespaceID
 	}
 	var resultBuffer *uint16
-	hr := hcnDeleteNamespace(&namespaceGuid, &resultBuffer)
+	hr := hcnDeleteNamespace(&namespaceGUID, &resultBuffer)
 	if err := checkForErrors("hcnDeleteNamespace", hr, resultBuffer); err != nil {
 		return err
 	}
@@ -233,12 +235,12 @@ func ListNamespaces() ([]HostComputeNamespace, error) {
 
 // ListNamespacesQuery makes a call to query the list of available namespaces.
 func ListNamespacesQuery(query HostComputeQuery) ([]HostComputeNamespace, error) {
-	queryJson, err := json.Marshal(query)
+	queryJSON, err := json.Marshal(query)
 	if err != nil {
 		return nil, err
 	}
 
-	namespaces, err := enumerateNamespaces(string(queryJson))
+	namespaces, err := enumerateNamespaces(string(queryJSON))
 	if err != nil {
 		return nil, err
 	}
@@ -246,9 +248,9 @@ func ListNamespacesQuery(query HostComputeQuery) ([]HostComputeNamespace, error)
 }
 
 // GetNamespaceByID returns the Namespace specified by Id.
-func GetNamespaceByID(namespaceId string) (*HostComputeNamespace, error) {
+func GetNamespaceByID(namespaceID string) (*HostComputeNamespace, error) {
 	hcnQuery := defaultQuery()
-	mapA := map[string]string{"ID": namespaceId}
+	mapA := map[string]string{"ID": namespaceID}
 	filter, err := json.Marshal(mapA)
 	if err != nil {
 		return nil, err
@@ -260,15 +262,15 @@ func GetNamespaceByID(namespaceId string) (*HostComputeNamespace, error) {
 		return nil, err
 	}
 	if len(namespaces) == 0 {
-		return nil, NamespaceNotFoundError{NamespaceID: namespaceId}
+		return nil, NamespaceNotFoundError{NamespaceID: namespaceID}
 	}
 
 	return &namespaces[0], err
 }
 
 // GetNamespaceEndpointIds returns the endpoints of the Namespace specified by Id.
-func GetNamespaceEndpointIds(namespaceId string) ([]string, error) {
-	namespace, err := GetNamespaceByID(namespaceId)
+func GetNamespaceEndpointIds(namespaceID string) ([]string, error) {
+	namespace, err := GetNamespaceByID(namespaceID)
 	if err != nil {
 		return nil, err
 	}
@@ -286,19 +288,19 @@ func GetNamespaceEndpointIds(namespaceId string) ([]string, error) {
 }
 
 // GetNamespaceContainerIds returns the containers of the Namespace specified by Id.
-func GetNamespaceContainerIds(namespaceId string) ([]string, error) {
-	namespace, err := GetNamespaceByID(namespaceId)
+func GetNamespaceContainerIds(namespaceID string) ([]string, error) {
+	namespace, err := GetNamespaceByID(namespaceID)
 	if err != nil {
 		return nil, err
 	}
 	var containerIds []string
 	for _, resource := range namespace.Resources {
 		if resource.Type == "Container" {
-			var contaienrResource NamespaceResourceContainer
-			if err := json.Unmarshal([]byte(resource.Data), &contaienrResource); err != nil {
+			var containerResource NamespaceResourceContainer
+			if err := json.Unmarshal([]byte(resource.Data), &containerResource); err != nil {
 				return nil, err
 			}
-			containerIds = append(containerIds, contaienrResource.Id)
+			containerIds = append(containerIds, containerResource.Id)
 		}
 	}
 	return containerIds, nil
@@ -375,7 +377,7 @@ func (namespace *HostComputeNamespace) Sync() error {
 	}
 	shimPath := runhcs.VMPipePath(cfg.HostUniqueID)
 	if err := runhcs.IssueVMRequest(shimPath, &req); err != nil {
-		// The shim is likey gone. Simply ignore the sync as if it didn't exist.
+		// The shim is likely gone. Simply ignore the sync as if it didn't exist.
 		if perr, ok := err.(*os.PathError); ok && perr.Err == syscall.ERROR_FILE_NOT_FOUND {
 			// Remove the reg key there is no point to try again
 			_ = cfg.Remove()
@@ -394,15 +396,15 @@ func (namespace *HostComputeNamespace) Sync() error {
 }
 
 // ModifyNamespaceSettings updates the Endpoints/Containers of a Namespace.
-func ModifyNamespaceSettings(namespaceId string, request *ModifyNamespaceSettingRequest) error {
-	logrus.Debugf("hcn::HostComputeNamespace::ModifyNamespaceSettings id=%s", namespaceId)
+func ModifyNamespaceSettings(namespaceID string, request *ModifyNamespaceSettingRequest) error {
+	logrus.Debugf("hcn::HostComputeNamespace::ModifyNamespaceSettings id=%s", namespaceID)
 
 	namespaceSettings, err := json.Marshal(request)
 	if err != nil {
 		return err
 	}
 
-	_, err = modifyNamespace(namespaceId, string(namespaceSettings))
+	_, err = modifyNamespace(namespaceID, string(namespaceSettings))
 	if err != nil {
 		return err
 	}
@@ -410,37 +412,37 @@ func ModifyNamespaceSettings(namespaceId string, request *ModifyNamespaceSetting
 }
 
 // AddNamespaceEndpoint adds an endpoint to a Namespace.
-func AddNamespaceEndpoint(namespaceId string, endpointId string) error {
-	logrus.Debugf("hcn::HostComputeEndpoint::AddNamespaceEndpoint id=%s", endpointId)
+func AddNamespaceEndpoint(namespaceID string, endpointID string) error {
+	logrus.Debugf("hcn::HostComputeEndpoint::AddNamespaceEndpoint id=%s", endpointID)
 
-	mapA := map[string]string{"EndpointId": endpointId}
-	settingsJson, err := json.Marshal(mapA)
+	mapA := map[string]string{"EndpointId": endpointID}
+	settingsJSON, err := json.Marshal(mapA)
 	if err != nil {
 		return err
 	}
 	requestMessage := &ModifyNamespaceSettingRequest{
 		ResourceType: NamespaceResourceTypeEndpoint,
 		RequestType:  RequestTypeAdd,
-		Settings:     settingsJson,
+		Settings:     settingsJSON,
 	}
 
-	return ModifyNamespaceSettings(namespaceId, requestMessage)
+	return ModifyNamespaceSettings(namespaceID, requestMessage)
 }
 
 // RemoveNamespaceEndpoint removes an endpoint from a Namespace.
-func RemoveNamespaceEndpoint(namespaceId string, endpointId string) error {
-	logrus.Debugf("hcn::HostComputeNamespace::RemoveNamespaceEndpoint id=%s", endpointId)
+func RemoveNamespaceEndpoint(namespaceID string, endpointID string) error {
+	logrus.Debugf("hcn::HostComputeNamespace::RemoveNamespaceEndpoint id=%s", endpointID)
 
-	mapA := map[string]string{"EndpointId": endpointId}
-	settingsJson, err := json.Marshal(mapA)
+	mapA := map[string]string{"EndpointId": endpointID}
+	settingsJSON, err := json.Marshal(mapA)
 	if err != nil {
 		return err
 	}
 	requestMessage := &ModifyNamespaceSettingRequest{
 		ResourceType: NamespaceResourceTypeEndpoint,
 		RequestType:  RequestTypeRemove,
-		Settings:     settingsJson,
+		Settings:     settingsJSON,
 	}
 
-	return ModifyNamespaceSettings(namespaceId, requestMessage)
+	return ModifyNamespaceSettings(namespaceID, requestMessage)
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (
@@ -110,14 +112,14 @@ type PolicyNetworkRequest struct {
 	Policies []NetworkPolicy `json:",omitempty"`
 }
 
-func getNetwork(networkGuid guid.GUID, query string) (*HostComputeNetwork, error) {
+func getNetwork(networkGUID guid.GUID, query string) (*HostComputeNetwork, error) {
 	// Open network.
 	var (
 		networkHandle    hcnNetwork
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenNetwork(&networkGuid, &networkHandle, &resultBuffer)
+	hr := hcnOpenNetwork(&networkGUID, &networkHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenNetwork", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -164,8 +166,8 @@ func enumerateNetworks(query string) ([]HostComputeNetwork, error) {
 	}
 
 	var outputNetworks []HostComputeNetwork
-	for _, networkGuid := range networkIds {
-		network, err := getNetwork(networkGuid, query)
+	for _, networkGUID := range networkIds {
+		network, err := getNetwork(networkGUID, query)
 		if err != nil {
 			return nil, err
 		}
@@ -181,8 +183,8 @@ func createNetwork(settings string) (*HostComputeNetwork, error) {
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	networkGuid := guid.GUID{}
-	hr := hcnCreateNetwork(&networkGuid, settings, &networkHandle, &resultBuffer)
+	networkGUID := guid.GUID{}
+	hr := hcnCreateNetwork(&networkGUID, settings, &networkHandle, &resultBuffer)
 	if err := checkForErrors("hcnCreateNetwork", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -216,8 +218,8 @@ func createNetwork(settings string) (*HostComputeNetwork, error) {
 	return &outputNetwork, nil
 }
 
-func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, error) {
-	networkGuid, err := guid.FromString(networkId)
+func modifyNetwork(networkID string, settings string) (*HostComputeNetwork, error) {
+	networkGUID, err := guid.FromString(networkID)
 	if err != nil {
 		return nil, errInvalidNetworkID
 	}
@@ -227,7 +229,7 @@ func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, erro
 		resultBuffer     *uint16
 		propertiesBuffer *uint16
 	)
-	hr := hcnOpenNetwork(&networkGuid, &networkHandle, &resultBuffer)
+	hr := hcnOpenNetwork(&networkGUID, &networkHandle, &resultBuffer)
 	if err := checkForErrors("hcnOpenNetwork", hr, resultBuffer); err != nil {
 		return nil, err
 	}
@@ -266,13 +268,13 @@ func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, erro
 	return &outputNetwork, nil
 }
 
-func deleteNetwork(networkId string) error {
-	networkGuid, err := guid.FromString(networkId)
+func deleteNetwork(networkID string) error {
+	networkGUID, err := guid.FromString(networkID)
 	if err != nil {
 		return errInvalidNetworkID
 	}
 	var resultBuffer *uint16
-	hr := hcnDeleteNetwork(&networkGuid, &resultBuffer)
+	hr := hcnDeleteNetwork(&networkGUID, &resultBuffer)
 	if err := checkForErrors("hcnDeleteNetwork", hr, resultBuffer); err != nil {
 		return err
 	}
@@ -291,12 +293,12 @@ func ListNetworks() ([]HostComputeNetwork, error) {
 
 // ListNetworksQuery makes a call to query the list of available networks.
 func ListNetworksQuery(query HostComputeQuery) ([]HostComputeNetwork, error) {
-	queryJson, err := json.Marshal(query)
+	queryJSON, err := json.Marshal(query)
 	if err != nil {
 		return nil, err
 	}
 
-	networks, err := enumerateNetworks(string(queryJson))
+	networks, err := enumerateNetworks(string(queryJSON))
 	if err != nil {
 		return nil, err
 	}
@@ -408,14 +410,14 @@ func (network *HostComputeNetwork) ModifyNetworkSettings(request *ModifyNetworkS
 func (network *HostComputeNetwork) AddPolicy(networkPolicy PolicyNetworkRequest) error {
 	logrus.Debugf("hcn::HostComputeNetwork::AddPolicy id=%s", network.Id)
 
-	settingsJson, err := json.Marshal(networkPolicy)
+	settingsJSON, err := json.Marshal(networkPolicy)
 	if err != nil {
 		return err
 	}
 	requestMessage := &ModifyNetworkSettingRequest{
 		ResourceType: NetworkResourceTypePolicy,
 		RequestType:  RequestTypeAdd,
-		Settings:     settingsJson,
+		Settings:     settingsJSON,
 	}
 
 	return network.ModifyNetworkSettings(requestMessage)
@@ -425,14 +427,14 @@ func (network *HostComputeNetwork) AddPolicy(networkPolicy PolicyNetworkRequest)
 func (network *HostComputeNetwork) RemovePolicy(networkPolicy PolicyNetworkRequest) error {
 	logrus.Debugf("hcn::HostComputeNetwork::RemovePolicy id=%s", network.Id)
 
-	settingsJson, err := json.Marshal(networkPolicy)
+	settingsJSON, err := json.Marshal(networkPolicy)
 	if err != nil {
 		return err
 	}
 	requestMessage := &ModifyNetworkSettingRequest{
 		ResourceType: NetworkResourceTypePolicy,
 		RequestType:  RequestTypeRemove,
-		Settings:     settingsJson,
+		Settings:     settingsJSON,
 	}
 
 	return network.ModifyNetworkSettings(requestMessage)

vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (
@@ -23,7 +25,7 @@ const (
 	// Endpoint and Network have InterfaceConstraint and ProviderAddress
 	NetworkProviderAddress     EndpointPolicyType = "ProviderAddress"
 	NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint"
-	TierAcl       EndpointPolicyType = "TierAcl"	
+	TierAcl                    EndpointPolicyType = "TierAcl"
 )
 
 // EndpointPolicy is a collection of Policy settings for an Endpoint.
@@ -133,7 +135,7 @@ type AclPolicySetting struct {
 	RemotePorts     string        `json:",omitempty"`
 	RuleType        RuleType      `json:",omitempty"`
 	Priority        uint16        `json:",omitempty"`
-} 
+}
 
 // QosPolicySetting sets Quality of Service bandwidth caps on an Endpoint.
 type QosPolicySetting struct {
@@ -166,7 +168,7 @@ type NetworkACLPolicySetting struct {
 	RemotePorts     string        `json:",omitempty"`
 	RuleType        RuleType      `json:",omitempty"`
 	Priority        uint16        `json:",omitempty"`
-} 
+}
 
 // FiveTuple is nested in L4ProxyPolicySetting  for WFP support.
 type FiveTuple struct {
@@ -284,7 +286,7 @@ type RemoteSubnetRoutePolicySetting struct {
 type SetPolicyType string
 
 const (
-	SetPolicyTypeIpSet SetPolicyType = "IPSET"
+	SetPolicyTypeIpSet       SetPolicyType = "IPSET"
 	SetPolicyTypeNestedIpSet SetPolicyType = "NESTEDIPSET"
 )
 
@@ -292,7 +294,7 @@ const (
 type SetPolicySetting struct {
 	Id     string
 	Name   string
-	Type   SetPolicyType
+	Type   SetPolicyType `json:"PolicyType"`
 	Values string
 }
 
@@ -313,32 +315,32 @@ const (
 	ProtocolTypeICMPv6  ProtocolType = 58
 )
 
-//L4ProxyPolicySetting applies proxy policy on network/endpoint
+// L4ProxyPolicySetting applies proxy policy on network/endpoint
 type L4ProxyPolicySetting struct {
 	IP          string       `json:",omitempty"`
 	Port        string       `json:",omitempty"`
 	Protocol    ProtocolType `json:",omitempty"`
 	Exceptions  []string     `json:",omitempty"`
 	Destination string
-	OutboundNAT bool         `json:",omitempty"`
+	OutboundNAT bool `json:",omitempty"`
 }
 
 // TierAclRule represents an ACL within TierAclPolicySetting
 type TierAclRule struct {
-	Id                string        `json:",omitempty"`
-	Protocols         string        `json:",omitempty"`
-	TierAclRuleAction ActionType    `json:","`
-	LocalAddresses    string        `json:",omitempty"`
-	RemoteAddresses   string        `json:",omitempty"`
-	LocalPorts        string        `json:",omitempty"`
-	RemotePorts       string        `json:",omitempty"`
-	Priority          uint16        `json:",omitempty"`
+	Id                string     `json:",omitempty"`
+	Protocols         string     `json:",omitempty"`
+	TierAclRuleAction ActionType `json:","`
+	LocalAddresses    string     `json:",omitempty"`
+	RemoteAddresses   string     `json:",omitempty"`
+	LocalPorts        string     `json:",omitempty"`
+	RemotePorts       string     `json:",omitempty"`
+	Priority          uint16     `json:",omitempty"`
 }
 
 // TierAclPolicySetting represents a Tier containing ACLs
 type TierAclPolicySetting struct {
-	Name            string         `json:","`
-	Direction       DirectionType  `json:","`
-	Order           uint16         `json:""`
-	TierAclRules    []TierAclRule  `json:",omitempty"`
+	Name         string        `json:","`
+	Direction    DirectionType `json:","`
+	Order        uint16        `json:""`
+	TierAclRules []TierAclRule `json:",omitempty"`
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcn
 
 import (

vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go

@@ -1,11 +1,14 @@
+//go:build windows
+
 package hcn
 
 import (
-	"fmt"
 	"sync"
 
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+
+	"github.com/Microsoft/hcsshim/internal/log"
 )
 
 var (
@@ -112,9 +115,9 @@ func getSupportedFeatures() (SupportedFeatures, error) {
 	features.NetworkACL = isFeatureSupported(globals.Version, NetworkACLPolicyVersion)
 	features.NestedIpSet = isFeatureSupported(globals.Version, NestedIpSetVersion)
 
-	logrus.WithFields(logrus.Fields{
-		"version":           fmt.Sprintf("%+v", globals.Version),
-		"supportedFeatures": fmt.Sprintf("%+v", features),
+	log.L.WithFields(logrus.Fields{
+		"version":           globals.Version,
+		"supportedFeatures": features,
 	}).Info("HCN feature check")
 
 	return features, nil

vendor/github.com/Microsoft/hcsshim/hcn/zsyscall_windows.go

@@ -1,4 +1,6 @@
-// Code generated mksyscall_windows.exe DO NOT EDIT
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 
 package hcn
 
@@ -19,6 +21,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +29,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -37,51 +40,55 @@ func errnoErr(e syscall.Errno) error {
 }
 
 var (
+	modcomputenetwork = windows.NewLazySystemDLL("computenetwork.dll")
 	modiphlpapi       = windows.NewLazySystemDLL("iphlpapi.dll")
 	modvmcompute      = windows.NewLazySystemDLL("vmcompute.dll")
-	modcomputenetwork = windows.NewLazySystemDLL("computenetwork.dll")
 
-	procSetCurrentThreadCompartmentId  = modiphlpapi.NewProc("SetCurrentThreadCompartmentId")
-	procHNSCall                        = modvmcompute.NewProc("HNSCall")
-	procHcnEnumerateNetworks           = modcomputenetwork.NewProc("HcnEnumerateNetworks")
-	procHcnCreateNetwork               = modcomputenetwork.NewProc("HcnCreateNetwork")
-	procHcnOpenNetwork                 = modcomputenetwork.NewProc("HcnOpenNetwork")
-	procHcnModifyNetwork               = modcomputenetwork.NewProc("HcnModifyNetwork")
-	procHcnQueryNetworkProperties      = modcomputenetwork.NewProc("HcnQueryNetworkProperties")
-	procHcnDeleteNetwork               = modcomputenetwork.NewProc("HcnDeleteNetwork")
+	procHcnCloseEndpoint               = modcomputenetwork.NewProc("HcnCloseEndpoint")
+	procHcnCloseLoadBalancer           = modcomputenetwork.NewProc("HcnCloseLoadBalancer")
+	procHcnCloseNamespace              = modcomputenetwork.NewProc("HcnCloseNamespace")
 	procHcnCloseNetwork                = modcomputenetwork.NewProc("HcnCloseNetwork")
-	procHcnEnumerateEndpoints          = modcomputenetwork.NewProc("HcnEnumerateEndpoints")
+	procHcnCloseSdnRoute               = modcomputenetwork.NewProc("HcnCloseSdnRoute")
 	procHcnCreateEndpoint              = modcomputenetwork.NewProc("HcnCreateEndpoint")
-	procHcnOpenEndpoint                = modcomputenetwork.NewProc("HcnOpenEndpoint")
-	procHcnModifyEndpoint              = modcomputenetwork.NewProc("HcnModifyEndpoint")
-	procHcnQueryEndpointProperties     = modcomputenetwork.NewProc("HcnQueryEndpointProperties")
-	procHcnDeleteEndpoint              = modcomputenetwork.NewProc("HcnDeleteEndpoint")
-	procHcnCloseEndpoint               = modcomputenetwork.NewProc("HcnCloseEndpoint")
-	procHcnEnumerateNamespaces         = modcomputenetwork.NewProc("HcnEnumerateNamespaces")
+	procHcnCreateLoadBalancer          = modcomputenetwork.NewProc("HcnCreateLoadBalancer")
 	procHcnCreateNamespace             = modcomputenetwork.NewProc("HcnCreateNamespace")
-	procHcnOpenNamespace               = modcomputenetwork.NewProc("HcnOpenNamespace")
-	procHcnModifyNamespace             = modcomputenetwork.NewProc("HcnModifyNamespace")
-	procHcnQueryNamespaceProperties    = modcomputenetwork.NewProc("HcnQueryNamespaceProperties")
+	procHcnCreateNetwork               = modcomputenetwork.NewProc("HcnCreateNetwork")
+	procHcnCreateSdnRoute              = modcomputenetwork.NewProc("HcnCreateSdnRoute")
+	procHcnDeleteEndpoint              = modcomputenetwork.NewProc("HcnDeleteEndpoint")
+	procHcnDeleteLoadBalancer          = modcomputenetwork.NewProc("HcnDeleteLoadBalancer")
 	procHcnDeleteNamespace             = modcomputenetwork.NewProc("HcnDeleteNamespace")
-	procHcnCloseNamespace              = modcomputenetwork.NewProc("HcnCloseNamespace")
+	procHcnDeleteNetwork               = modcomputenetwork.NewProc("HcnDeleteNetwork")
+	procHcnDeleteSdnRoute              = modcomputenetwork.NewProc("HcnDeleteSdnRoute")
+	procHcnEnumerateEndpoints          = modcomputenetwork.NewProc("HcnEnumerateEndpoints")
 	procHcnEnumerateLoadBalancers      = modcomputenetwork.NewProc("HcnEnumerateLoadBalancers")
-	procHcnCreateLoadBalancer          = modcomputenetwork.NewProc("HcnCreateLoadBalancer")
-	procHcnOpenLoadBalancer            = modcomputenetwork.NewProc("HcnOpenLoadBalancer")
-	procHcnModifyLoadBalancer          = modcomputenetwork.NewProc("HcnModifyLoadBalancer")
-	procHcnQueryLoadBalancerProperties = modcomputenetwork.NewProc("HcnQueryLoadBalancerProperties")
-	procHcnDeleteLoadBalancer          = modcomputenetwork.NewProc("HcnDeleteLoadBalancer")
-	procHcnCloseLoadBalancer           = modcomputenetwork.NewProc("HcnCloseLoadBalancer")
+	procHcnEnumerateNamespaces         = modcomputenetwork.NewProc("HcnEnumerateNamespaces")
+	procHcnEnumerateNetworks           = modcomputenetwork.NewProc("HcnEnumerateNetworks")
 	procHcnEnumerateSdnRoutes          = modcomputenetwork.NewProc("HcnEnumerateSdnRoutes")
-	procHcnCreateSdnRoute              = modcomputenetwork.NewProc("HcnCreateSdnRoute")
-	procHcnOpenSdnRoute                = modcomputenetwork.NewProc("HcnOpenSdnRoute")
+	procHcnModifyEndpoint              = modcomputenetwork.NewProc("HcnModifyEndpoint")
+	procHcnModifyLoadBalancer          = modcomputenetwork.NewProc("HcnModifyLoadBalancer")
+	procHcnModifyNamespace             = modcomputenetwork.NewProc("HcnModifyNamespace")
+	procHcnModifyNetwork               = modcomputenetwork.NewProc("HcnModifyNetwork")
 	procHcnModifySdnRoute              = modcomputenetwork.NewProc("HcnModifySdnRoute")
+	procHcnOpenEndpoint                = modcomputenetwork.NewProc("HcnOpenEndpoint")
+	procHcnOpenLoadBalancer            = modcomputenetwork.NewProc("HcnOpenLoadBalancer")
+	procHcnOpenNamespace               = modcomputenetwork.NewProc("HcnOpenNamespace")
+	procHcnOpenNetwork                 = modcomputenetwork.NewProc("HcnOpenNetwork")
+	procHcnOpenSdnRoute                = modcomputenetwork.NewProc("HcnOpenSdnRoute")
+	procHcnQueryEndpointProperties     = modcomputenetwork.NewProc("HcnQueryEndpointProperties")
+	procHcnQueryLoadBalancerProperties = modcomputenetwork.NewProc("HcnQueryLoadBalancerProperties")
+	procHcnQueryNamespaceProperties    = modcomputenetwork.NewProc("HcnQueryNamespaceProperties")
+	procHcnQueryNetworkProperties      = modcomputenetwork.NewProc("HcnQueryNetworkProperties")
 	procHcnQuerySdnRouteProperties     = modcomputenetwork.NewProc("HcnQuerySdnRouteProperties")
-	procHcnDeleteSdnRoute              = modcomputenetwork.NewProc("HcnDeleteSdnRoute")
-	procHcnCloseSdnRoute               = modcomputenetwork.NewProc("HcnCloseSdnRoute")
+	procSetCurrentThreadCompartmentId  = modiphlpapi.NewProc("SetCurrentThreadCompartmentId")
+	procHNSCall                        = modvmcompute.NewProc("HNSCall")
 )
 
-func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
-	r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
+func hcnCloseEndpoint(endpoint hcnEndpoint) (hr error) {
+	hr = procHcnCloseEndpoint.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnCloseEndpoint.Addr(), 1, uintptr(endpoint), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -91,30 +98,27 @@ func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
 	return
 }
 
-func _hnsCall(method string, path string, object string, response **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(method)
-	if hr != nil {
-		return
-	}
-	var _p1 *uint16
-	_p1, hr = syscall.UTF16PtrFromString(path)
+func hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) {
+	hr = procHcnCloseLoadBalancer.Find()
 	if hr != nil {
 		return
 	}
-	var _p2 *uint16
-	_p2, hr = syscall.UTF16PtrFromString(object)
-	if hr != nil {
-		return
+	r0, _, _ := syscall.Syscall(procHcnCloseLoadBalancer.Addr(), 1, uintptr(loadBalancer), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
 	}
-	return __hnsCall(_p0, _p1, _p2, response)
+	return
 }
 
-func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16) (hr error) {
-	if hr = procHNSCall.Find(); hr != nil {
+func hcnCloseNamespace(namespace hcnNamespace) (hr error) {
+	hr = procHcnCloseNamespace.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnCloseNamespace.Addr(), 1, uintptr(namespace), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -124,20 +128,27 @@ func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16)
 	return
 }
 
-func hcnEnumerateNetworks(query string, networks **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+func hcnCloseNetwork(network hcnNetwork) (hr error) {
+	hr = procHcnCloseNetwork.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnEnumerateNetworks(_p0, networks, result)
+	r0, _, _ := syscall.Syscall(procHcnCloseNetwork.Addr(), 1, uintptr(network), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
 }
 
-func _hcnEnumerateNetworks(query *uint16, networks **uint16, result **uint16) (hr error) {
-	if hr = procHcnEnumerateNetworks.Find(); hr != nil {
+func hcnCloseRoute(route hcnRoute) (hr error) {
+	hr = procHcnCloseSdnRoute.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnEnumerateNetworks.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(networks)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnCloseSdnRoute.Addr(), 1, uintptr(route), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -147,20 +158,21 @@ func _hcnEnumerateNetworks(query *uint16, networks **uint16, result **uint16) (h
 	return
 }
 
-func hcnCreateNetwork(id *_guid, settings string, network *hcnNetwork, result **uint16) (hr error) {
+func hcnCreateEndpoint(network hcnNetwork, id *_guid, settings string, endpoint *hcnEndpoint, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnCreateNetwork(id, _p0, network, result)
+	return _hcnCreateEndpoint(network, id, _p0, endpoint, result)
 }
 
-func _hcnCreateNetwork(id *_guid, settings *uint16, network *hcnNetwork, result **uint16) (hr error) {
-	if hr = procHcnCreateNetwork.Find(); hr != nil {
+func _hcnCreateEndpoint(network hcnNetwork, id *_guid, settings *uint16, endpoint *hcnEndpoint, result **uint16) (hr error) {
+	hr = procHcnCreateEndpoint.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnCreateNetwork.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall6(procHcnCreateEndpoint.Addr(), 5, uintptr(network), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -170,11 +182,21 @@ func _hcnCreateNetwork(id *_guid, settings *uint16, network *hcnNetwork, result
 	return
 }
 
-func hcnOpenNetwork(id *_guid, network *hcnNetwork, result **uint16) (hr error) {
-	if hr = procHcnOpenNetwork.Find(); hr != nil {
+func hcnCreateLoadBalancer(id *_guid, settings string, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenNetwork.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)))
+	return _hcnCreateLoadBalancer(id, _p0, loadBalancer, result)
+}
+
+func _hcnCreateLoadBalancer(id *_guid, settings *uint16, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
+	hr = procHcnCreateLoadBalancer.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcnCreateLoadBalancer.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -184,20 +206,21 @@ func hcnOpenNetwork(id *_guid, network *hcnNetwork, result **uint16) (hr error)
 	return
 }
 
-func hcnModifyNetwork(network hcnNetwork, settings string, result **uint16) (hr error) {
+func hcnCreateNamespace(id *_guid, settings string, namespace *hcnNamespace, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnModifyNetwork(network, _p0, result)
+	return _hcnCreateNamespace(id, _p0, namespace, result)
 }
 
-func _hcnModifyNetwork(network hcnNetwork, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcnModifyNetwork.Find(); hr != nil {
+func _hcnCreateNamespace(id *_guid, settings *uint16, namespace *hcnNamespace, result **uint16) (hr error) {
+	hr = procHcnCreateNamespace.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnModifyNetwork.Addr(), 3, uintptr(network), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall6(procHcnCreateNamespace.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -207,20 +230,21 @@ func _hcnModifyNetwork(network hcnNetwork, settings *uint16, result **uint16) (h
 	return
 }
 
-func hcnQueryNetworkProperties(network hcnNetwork, query string, properties **uint16, result **uint16) (hr error) {
+func hcnCreateNetwork(id *_guid, settings string, network *hcnNetwork, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnQueryNetworkProperties(network, _p0, properties, result)
+	return _hcnCreateNetwork(id, _p0, network, result)
 }
 
-func _hcnQueryNetworkProperties(network hcnNetwork, query *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcnQueryNetworkProperties.Find(); hr != nil {
+func _hcnCreateNetwork(id *_guid, settings *uint16, network *hcnNetwork, result **uint16) (hr error) {
+	hr = procHcnCreateNetwork.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnQueryNetworkProperties.Addr(), 4, uintptr(network), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall6(procHcnCreateNetwork.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -230,11 +254,21 @@ func _hcnQueryNetworkProperties(network hcnNetwork, query *uint16, properties **
 	return
 }
 
-func hcnDeleteNetwork(id *_guid, result **uint16) (hr error) {
-	if hr = procHcnDeleteNetwork.Find(); hr != nil {
+func hcnCreateRoute(id *_guid, settings string, route *hcnRoute, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnDeleteNetwork.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
+	return _hcnCreateRoute(id, _p0, route, result)
+}
+
+func _hcnCreateRoute(id *_guid, settings *uint16, route *hcnRoute, result **uint16) (hr error) {
+	hr = procHcnCreateSdnRoute.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcnCreateSdnRoute.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -244,11 +278,12 @@ func hcnDeleteNetwork(id *_guid, result **uint16) (hr error) {
 	return
 }
 
-func hcnCloseNetwork(network hcnNetwork) (hr error) {
-	if hr = procHcnCloseNetwork.Find(); hr != nil {
+func hcnDeleteEndpoint(id *_guid, result **uint16) (hr error) {
+	hr = procHcnDeleteEndpoint.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseNetwork.Addr(), 1, uintptr(network), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnDeleteEndpoint.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -258,20 +293,12 @@ func hcnCloseNetwork(network hcnNetwork) (hr error) {
 	return
 }
 
-func hcnEnumerateEndpoints(query string, endpoints **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+func hcnDeleteLoadBalancer(id *_guid, result **uint16) (hr error) {
+	hr = procHcnDeleteLoadBalancer.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnEnumerateEndpoints(_p0, endpoints, result)
-}
-
-func _hcnEnumerateEndpoints(query *uint16, endpoints **uint16, result **uint16) (hr error) {
-	if hr = procHcnEnumerateEndpoints.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcnEnumerateEndpoints.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(endpoints)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnDeleteLoadBalancer.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -281,20 +308,12 @@ func _hcnEnumerateEndpoints(query *uint16, endpoints **uint16, result **uint16)
 	return
 }
 
-func hcnCreateEndpoint(network hcnNetwork, id *_guid, settings string, endpoint *hcnEndpoint, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+func hcnDeleteNamespace(id *_guid, result **uint16) (hr error) {
+	hr = procHcnDeleteNamespace.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnCreateEndpoint(network, id, _p0, endpoint, result)
-}
-
-func _hcnCreateEndpoint(network hcnNetwork, id *_guid, settings *uint16, endpoint *hcnEndpoint, result **uint16) (hr error) {
-	if hr = procHcnCreateEndpoint.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcnCreateEndpoint.Addr(), 5, uintptr(network), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)), 0)
+	r0, _, _ := syscall.Syscall(procHcnDeleteNamespace.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -304,11 +323,12 @@ func _hcnCreateEndpoint(network hcnNetwork, id *_guid, settings *uint16, endpoin
 	return
 }
 
-func hcnOpenEndpoint(id *_guid, endpoint *hcnEndpoint, result **uint16) (hr error) {
-	if hr = procHcnOpenEndpoint.Find(); hr != nil {
+func hcnDeleteNetwork(id *_guid, result **uint16) (hr error) {
+	hr = procHcnDeleteNetwork.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenEndpoint.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnDeleteNetwork.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -318,20 +338,12 @@ func hcnOpenEndpoint(id *_guid, endpoint *hcnEndpoint, result **uint16) (hr erro
 	return
 }
 
-func hcnModifyEndpoint(endpoint hcnEndpoint, settings string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+func hcnDeleteRoute(id *_guid, result **uint16) (hr error) {
+	hr = procHcnDeleteSdnRoute.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnModifyEndpoint(endpoint, _p0, result)
-}
-
-func _hcnModifyEndpoint(endpoint hcnEndpoint, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcnModifyEndpoint.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcnModifyEndpoint.Addr(), 3, uintptr(endpoint), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnDeleteSdnRoute.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -341,20 +353,21 @@ func _hcnModifyEndpoint(endpoint hcnEndpoint, settings *uint16, result **uint16)
 	return
 }
 
-func hcnQueryEndpointProperties(endpoint hcnEndpoint, query string, properties **uint16, result **uint16) (hr error) {
+func hcnEnumerateEndpoints(query string, endpoints **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(query)
 	if hr != nil {
 		return
 	}
-	return _hcnQueryEndpointProperties(endpoint, _p0, properties, result)
+	return _hcnEnumerateEndpoints(_p0, endpoints, result)
 }
 
-func _hcnQueryEndpointProperties(endpoint hcnEndpoint, query *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcnQueryEndpointProperties.Find(); hr != nil {
+func _hcnEnumerateEndpoints(query *uint16, endpoints **uint16, result **uint16) (hr error) {
+	hr = procHcnEnumerateEndpoints.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnQueryEndpointProperties.Addr(), 4, uintptr(endpoint), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnEnumerateEndpoints.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(endpoints)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -364,25 +377,21 @@ func _hcnQueryEndpointProperties(endpoint hcnEndpoint, query *uint16, properties
 	return
 }
 
-func hcnDeleteEndpoint(id *_guid, result **uint16) (hr error) {
-	if hr = procHcnDeleteEndpoint.Find(); hr != nil {
+func hcnEnumerateLoadBalancers(query string, loadBalancers **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnDeleteEndpoint.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
-	if int32(r0) < 0 {
-		if r0&0x1fff0000 == 0x00070000 {
-			r0 &= 0xffff
-		}
-		hr = syscall.Errno(r0)
-	}
-	return
+	return _hcnEnumerateLoadBalancers(_p0, loadBalancers, result)
 }
 
-func hcnCloseEndpoint(endpoint hcnEndpoint) (hr error) {
-	if hr = procHcnCloseEndpoint.Find(); hr != nil {
+func _hcnEnumerateLoadBalancers(query *uint16, loadBalancers **uint16, result **uint16) (hr error) {
+	hr = procHcnEnumerateLoadBalancers.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseEndpoint.Addr(), 1, uintptr(endpoint), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnEnumerateLoadBalancers.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(loadBalancers)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -402,7 +411,8 @@ func hcnEnumerateNamespaces(query string, namespaces **uint16, result **uint16)
 }
 
 func _hcnEnumerateNamespaces(query *uint16, namespaces **uint16, result **uint16) (hr error) {
-	if hr = procHcnEnumerateNamespaces.Find(); hr != nil {
+	hr = procHcnEnumerateNamespaces.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall(procHcnEnumerateNamespaces.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(namespaces)), uintptr(unsafe.Pointer(result)))
@@ -415,20 +425,21 @@ func _hcnEnumerateNamespaces(query *uint16, namespaces **uint16, result **uint16
 	return
 }
 
-func hcnCreateNamespace(id *_guid, settings string, namespace *hcnNamespace, result **uint16) (hr error) {
+func hcnEnumerateNetworks(query string, networks **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+	_p0, hr = syscall.UTF16PtrFromString(query)
 	if hr != nil {
 		return
 	}
-	return _hcnCreateNamespace(id, _p0, namespace, result)
+	return _hcnEnumerateNetworks(_p0, networks, result)
 }
 
-func _hcnCreateNamespace(id *_guid, settings *uint16, namespace *hcnNamespace, result **uint16) (hr error) {
-	if hr = procHcnCreateNamespace.Find(); hr != nil {
+func _hcnEnumerateNetworks(query *uint16, networks **uint16, result **uint16) (hr error) {
+	hr = procHcnEnumerateNetworks.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnCreateNamespace.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnEnumerateNetworks.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(networks)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -438,11 +449,21 @@ func _hcnCreateNamespace(id *_guid, settings *uint16, namespace *hcnNamespace, r
 	return
 }
 
-func hcnOpenNamespace(id *_guid, namespace *hcnNamespace, result **uint16) (hr error) {
-	if hr = procHcnOpenNamespace.Find(); hr != nil {
+func hcnEnumerateRoutes(query string, routes **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenNamespace.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)))
+	return _hcnEnumerateRoutes(_p0, routes, result)
+}
+
+func _hcnEnumerateRoutes(query *uint16, routes **uint16, result **uint16) (hr error) {
+	hr = procHcnEnumerateSdnRoutes.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnEnumerateSdnRoutes.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(routes)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -452,20 +473,21 @@ func hcnOpenNamespace(id *_guid, namespace *hcnNamespace, result **uint16) (hr e
 	return
 }
 
-func hcnModifyNamespace(namespace hcnNamespace, settings string, result **uint16) (hr error) {
+func hcnModifyEndpoint(endpoint hcnEndpoint, settings string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnModifyNamespace(namespace, _p0, result)
+	return _hcnModifyEndpoint(endpoint, _p0, result)
 }
 
-func _hcnModifyNamespace(namespace hcnNamespace, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcnModifyNamespace.Find(); hr != nil {
+func _hcnModifyEndpoint(endpoint hcnEndpoint, settings *uint16, result **uint16) (hr error) {
+	hr = procHcnModifyEndpoint.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnModifyNamespace.Addr(), 3, uintptr(namespace), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnModifyEndpoint.Addr(), 3, uintptr(endpoint), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -475,20 +497,21 @@ func _hcnModifyNamespace(namespace hcnNamespace, settings *uint16, result **uint
 	return
 }
 
-func hcnQueryNamespaceProperties(namespace hcnNamespace, query string, properties **uint16, result **uint16) (hr error) {
+func hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings string, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnQueryNamespaceProperties(namespace, _p0, properties, result)
+	return _hcnModifyLoadBalancer(loadBalancer, _p0, result)
 }
 
-func _hcnQueryNamespaceProperties(namespace hcnNamespace, query *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcnQueryNamespaceProperties.Find(); hr != nil {
+func _hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings *uint16, result **uint16) (hr error) {
+	hr = procHcnModifyLoadBalancer.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnQueryNamespaceProperties.Addr(), 4, uintptr(namespace), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnModifyLoadBalancer.Addr(), 3, uintptr(loadBalancer), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -498,25 +521,21 @@ func _hcnQueryNamespaceProperties(namespace hcnNamespace, query *uint16, propert
 	return
 }
 
-func hcnDeleteNamespace(id *_guid, result **uint16) (hr error) {
-	if hr = procHcnDeleteNamespace.Find(); hr != nil {
+func hcnModifyNamespace(namespace hcnNamespace, settings string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnDeleteNamespace.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
-	if int32(r0) < 0 {
-		if r0&0x1fff0000 == 0x00070000 {
-			r0 &= 0xffff
-		}
-		hr = syscall.Errno(r0)
-	}
-	return
+	return _hcnModifyNamespace(namespace, _p0, result)
 }
 
-func hcnCloseNamespace(namespace hcnNamespace) (hr error) {
-	if hr = procHcnCloseNamespace.Find(); hr != nil {
+func _hcnModifyNamespace(namespace hcnNamespace, settings *uint16, result **uint16) (hr error) {
+	hr = procHcnModifyNamespace.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseNamespace.Addr(), 1, uintptr(namespace), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnModifyNamespace.Addr(), 3, uintptr(namespace), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -526,20 +545,21 @@ func hcnCloseNamespace(namespace hcnNamespace) (hr error) {
 	return
 }
 
-func hcnEnumerateLoadBalancers(query string, loadBalancers **uint16, result **uint16) (hr error) {
+func hcnModifyNetwork(network hcnNetwork, settings string, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnEnumerateLoadBalancers(_p0, loadBalancers, result)
+	return _hcnModifyNetwork(network, _p0, result)
 }
 
-func _hcnEnumerateLoadBalancers(query *uint16, loadBalancers **uint16, result **uint16) (hr error) {
-	if hr = procHcnEnumerateLoadBalancers.Find(); hr != nil {
+func _hcnModifyNetwork(network hcnNetwork, settings *uint16, result **uint16) (hr error) {
+	hr = procHcnModifyNetwork.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnEnumerateLoadBalancers.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(loadBalancers)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnModifyNetwork.Addr(), 3, uintptr(network), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -549,20 +569,21 @@ func _hcnEnumerateLoadBalancers(query *uint16, loadBalancers **uint16, result **
 	return
 }
 
-func hcnCreateLoadBalancer(id *_guid, settings string, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
+func hcnModifyRoute(route hcnRoute, settings string, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(settings)
 	if hr != nil {
 		return
 	}
-	return _hcnCreateLoadBalancer(id, _p0, loadBalancer, result)
+	return _hcnModifyRoute(route, _p0, result)
 }
 
-func _hcnCreateLoadBalancer(id *_guid, settings *uint16, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
-	if hr = procHcnCreateLoadBalancer.Find(); hr != nil {
+func _hcnModifyRoute(route hcnRoute, settings *uint16, result **uint16) (hr error) {
+	hr = procHcnModifySdnRoute.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnCreateLoadBalancer.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnModifySdnRoute.Addr(), 3, uintptr(route), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -572,11 +593,12 @@ func _hcnCreateLoadBalancer(id *_guid, settings *uint16, loadBalancer *hcnLoadBa
 	return
 }
 
-func hcnOpenLoadBalancer(id *_guid, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
-	if hr = procHcnOpenLoadBalancer.Find(); hr != nil {
+func hcnOpenEndpoint(id *_guid, endpoint *hcnEndpoint, result **uint16) (hr error) {
+	hr = procHcnOpenEndpoint.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenLoadBalancer.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnOpenEndpoint.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(endpoint)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -586,20 +608,12 @@ func hcnOpenLoadBalancer(id *_guid, loadBalancer *hcnLoadBalancer, result **uint
 	return
 }
 
-func hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings string, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+func hcnOpenLoadBalancer(id *_guid, loadBalancer *hcnLoadBalancer, result **uint16) (hr error) {
+	hr = procHcnOpenLoadBalancer.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnModifyLoadBalancer(loadBalancer, _p0, result)
-}
-
-func _hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcnModifyLoadBalancer.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcnModifyLoadBalancer.Addr(), 3, uintptr(loadBalancer), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall(procHcnOpenLoadBalancer.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(loadBalancer)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -609,20 +623,12 @@ func _hcnModifyLoadBalancer(loadBalancer hcnLoadBalancer, settings *uint16, resu
 	return
 }
 
-func hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query string, properties **uint16, result **uint16) (hr error) {
-	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(query)
+func hcnOpenNamespace(id *_guid, namespace *hcnNamespace, result **uint16) (hr error) {
+	hr = procHcnOpenNamespace.Find()
 	if hr != nil {
 		return
 	}
-	return _hcnQueryLoadBalancerProperties(loadBalancer, _p0, properties, result)
-}
-
-func _hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcnQueryLoadBalancerProperties.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall6(procHcnQueryLoadBalancerProperties.Addr(), 4, uintptr(loadBalancer), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnOpenNamespace.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(namespace)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -632,11 +638,12 @@ func _hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query *uint16
 	return
 }
 
-func hcnDeleteLoadBalancer(id *_guid, result **uint16) (hr error) {
-	if hr = procHcnDeleteLoadBalancer.Find(); hr != nil {
+func hcnOpenNetwork(id *_guid, network *hcnNetwork, result **uint16) (hr error) {
+	hr = procHcnOpenNetwork.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnDeleteLoadBalancer.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
+	r0, _, _ := syscall.Syscall(procHcnOpenNetwork.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(network)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -646,11 +653,12 @@ func hcnDeleteLoadBalancer(id *_guid, result **uint16) (hr error) {
 	return
 }
 
-func hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) {
-	if hr = procHcnCloseLoadBalancer.Find(); hr != nil {
+func hcnOpenRoute(id *_guid, route *hcnRoute, result **uint16) (hr error) {
+	hr = procHcnOpenSdnRoute.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseLoadBalancer.Addr(), 1, uintptr(loadBalancer), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnOpenSdnRoute.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -660,20 +668,21 @@ func hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) {
 	return
 }
 
-func hcnEnumerateRoutes(query string, routes **uint16, result **uint16) (hr error) {
+func hcnQueryEndpointProperties(endpoint hcnEndpoint, query string, properties **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(query)
 	if hr != nil {
 		return
 	}
-	return _hcnEnumerateRoutes(_p0, routes, result)
+	return _hcnQueryEndpointProperties(endpoint, _p0, properties, result)
 }
 
-func _hcnEnumerateRoutes(query *uint16, routes **uint16, result **uint16) (hr error) {
-	if hr = procHcnEnumerateSdnRoutes.Find(); hr != nil {
+func _hcnQueryEndpointProperties(endpoint hcnEndpoint, query *uint16, properties **uint16, result **uint16) (hr error) {
+	hr = procHcnQueryEndpointProperties.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnEnumerateSdnRoutes.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(routes)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall6(procHcnQueryEndpointProperties.Addr(), 4, uintptr(endpoint), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -683,20 +692,21 @@ func _hcnEnumerateRoutes(query *uint16, routes **uint16, result **uint16) (hr er
 	return
 }
 
-func hcnCreateRoute(id *_guid, settings string, route *hcnRoute, result **uint16) (hr error) {
+func hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query string, properties **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+	_p0, hr = syscall.UTF16PtrFromString(query)
 	if hr != nil {
 		return
 	}
-	return _hcnCreateRoute(id, _p0, route, result)
+	return _hcnQueryLoadBalancerProperties(loadBalancer, _p0, properties, result)
 }
 
-func _hcnCreateRoute(id *_guid, settings *uint16, route *hcnRoute, result **uint16) (hr error) {
-	if hr = procHcnCreateSdnRoute.Find(); hr != nil {
+func _hcnQueryLoadBalancerProperties(loadBalancer hcnLoadBalancer, query *uint16, properties **uint16, result **uint16) (hr error) {
+	hr = procHcnQueryLoadBalancerProperties.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnCreateSdnRoute.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)), 0, 0)
+	r0, _, _ := syscall.Syscall6(procHcnQueryLoadBalancerProperties.Addr(), 4, uintptr(loadBalancer), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -706,11 +716,21 @@ func _hcnCreateRoute(id *_guid, settings *uint16, route *hcnRoute, result **uint
 	return
 }
 
-func hcnOpenRoute(id *_guid, route *hcnRoute, result **uint16) (hr error) {
-	if hr = procHcnOpenSdnRoute.Find(); hr != nil {
+func hcnQueryNamespaceProperties(namespace hcnNamespace, query string, properties **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenSdnRoute.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)))
+	return _hcnQueryNamespaceProperties(namespace, _p0, properties, result)
+}
+
+func _hcnQueryNamespaceProperties(namespace hcnNamespace, query *uint16, properties **uint16, result **uint16) (hr error) {
+	hr = procHcnQueryNamespaceProperties.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcnQueryNamespaceProperties.Addr(), 4, uintptr(namespace), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -720,20 +740,21 @@ func hcnOpenRoute(id *_guid, route *hcnRoute, result **uint16) (hr error) {
 	return
 }
 
-func hcnModifyRoute(route hcnRoute, settings string, result **uint16) (hr error) {
+func hcnQueryNetworkProperties(network hcnNetwork, query string, properties **uint16, result **uint16) (hr error) {
 	var _p0 *uint16
-	_p0, hr = syscall.UTF16PtrFromString(settings)
+	_p0, hr = syscall.UTF16PtrFromString(query)
 	if hr != nil {
 		return
 	}
-	return _hcnModifyRoute(route, _p0, result)
+	return _hcnQueryNetworkProperties(network, _p0, properties, result)
 }
 
-func _hcnModifyRoute(route hcnRoute, settings *uint16, result **uint16) (hr error) {
-	if hr = procHcnModifySdnRoute.Find(); hr != nil {
+func _hcnQueryNetworkProperties(network hcnNetwork, query *uint16, properties **uint16, result **uint16) (hr error) {
+	hr = procHcnQueryNetworkProperties.Find()
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnModifySdnRoute.Addr(), 3, uintptr(route), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	r0, _, _ := syscall.Syscall6(procHcnQueryNetworkProperties.Addr(), 4, uintptr(network), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -753,7 +774,8 @@ func hcnQueryRouteProperties(route hcnRoute, query string, properties **uint16,
 }
 
 func _hcnQueryRouteProperties(route hcnRoute, query *uint16, properties **uint16, result **uint16) (hr error) {
-	if hr = procHcnQuerySdnRouteProperties.Find(); hr != nil {
+	hr = procHcnQuerySdnRouteProperties.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall6(procHcnQuerySdnRouteProperties.Addr(), 4, uintptr(route), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
@@ -766,11 +788,8 @@ func _hcnQueryRouteProperties(route hcnRoute, query *uint16, properties **uint16
 	return
 }
 
-func hcnDeleteRoute(id *_guid, result **uint16) (hr error) {
-	if hr = procHcnDeleteSdnRoute.Find(); hr != nil {
-		return
-	}
-	r0, _, _ := syscall.Syscall(procHcnDeleteSdnRoute.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
+func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
+	r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -780,11 +799,31 @@ func hcnDeleteRoute(id *_guid, result **uint16) (hr error) {
 	return
 }
 
-func hcnCloseRoute(route hcnRoute) (hr error) {
-	if hr = procHcnCloseSdnRoute.Find(); hr != nil {
+func _hnsCall(method string, path string, object string, response **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(method)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseSdnRoute.Addr(), 1, uintptr(route), 0, 0)
+	var _p1 *uint16
+	_p1, hr = syscall.UTF16PtrFromString(path)
+	if hr != nil {
+		return
+	}
+	var _p2 *uint16
+	_p2, hr = syscall.UTF16PtrFromString(object)
+	if hr != nil {
+		return
+	}
+	return __hnsCall(_p0, _p1, _p2, response)
+}
+
+func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16) (hr error) {
+	hr = procHNSCall.Find()
+	if hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff

vendor/github.com/Microsoft/hcsshim/hcsshim.go

@@ -1,15 +1,17 @@
+//go:build windows
+
 // Shim for the Host Compute Service (HCS) to manage Windows Server
 // containers and Hyper-V containers.
 
 package hcsshim
 
 import (
-	"syscall"
+	"golang.org/x/sys/windows"
 
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 )
 
-//go:generate go run mksyscall_windows.go -output zsyscall_windows.go hcsshim.go
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go hcsshim.go
 
 //sys SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) = iphlpapi.SetCurrentThreadCompartmentId
 
@@ -17,9 +19,9 @@ const (
 	// Specific user-visible exit codes
 	WaitErrExecFailed = 32767
 
-	ERROR_GEN_FAILURE          = hcserror.ERROR_GEN_FAILURE
-	ERROR_SHUTDOWN_IN_PROGRESS = syscall.Errno(1115)
-	WSAEINVAL                  = syscall.Errno(10022)
+	ERROR_GEN_FAILURE          = windows.ERROR_GEN_FAILURE
+	ERROR_SHUTDOWN_IN_PROGRESS = windows.ERROR_SHUTDOWN_IN_PROGRESS
+	WSAEINVAL                  = windows.WSAEINVAL
 
 	// Timeout on wait calls
 	TimeoutInfinite = 0xFFFFFFFF

vendor/github.com/Microsoft/hcsshim/hnsendpoint.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (
@@ -13,7 +15,7 @@ type HNSEndpointStats = hns.EndpointStats
 // Namespace represents a Compartment.
 type Namespace = hns.Namespace
 
-//SystemType represents the type of the system on which actions are done
+// SystemType represents the type of the system on which actions are done
 type SystemType string
 
 // SystemType const

vendor/github.com/Microsoft/hcsshim/hnsglobals.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (

vendor/github.com/Microsoft/hcsshim/hnsnetwork.go

@@ -1,14 +1,16 @@
+//go:build windows
+
 package hcsshim
 
 import (
 	"github.com/Microsoft/hcsshim/internal/hns"
 )
 
-// Subnet is assoicated with a network and represents a list
+// Subnet is associated with a network and represents a list
 // of subnets available to the network
 type Subnet = hns.Subnet
 
-// MacPool is assoicated with a network and represents a list
+// MacPool is associated with a network and represents a list
 // of macaddresses available to the network
 type MacPool = hns.MacPool
 

vendor/github.com/Microsoft/hcsshim/hnspolicylist.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (

vendor/github.com/Microsoft/hcsshim/hnssupport.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (

vendor/github.com/Microsoft/hcsshim/interface.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcsshim
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/cni/doc.go

@@ -0,0 +1 @@
+package cni

vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package cni
 
 import (
@@ -84,7 +86,7 @@ func (pnc *PersistedNamespaceConfig) Store() error {
 }
 
 // Remove removes any persisted state associated with this config. If the config
-// is not found in the registery `Remove` returns no error.
+// is not found in the registry `Remove` returns no error.
 func (pnc *PersistedNamespaceConfig) Remove() error {
 	if pnc.stored {
 		sk, err := regstate.Open(cniRoot, false)

vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package cow
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go

@@ -0,0 +1 @@
+package hcs

vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (
@@ -51,6 +53,9 @@ var (
 	// ErrUnexpectedValue is an error encountered when hcs returns an invalid value
 	ErrUnexpectedValue = errors.New("unexpected value returned from hcs")
 
+	// ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied
+	ErrOperationDenied = errors.New("operation denied")
+
 	// ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container
 	ErrVmcomputeAlreadyStopped = syscall.Errno(0xc0370110)
 
@@ -82,7 +87,7 @@ var (
 	// ErrProcessAlreadyStopped is returned by hcs if the process we're trying to kill has already been stopped.
 	ErrProcessAlreadyStopped = syscall.Errno(0x8037011f)
 
-	// ErrInvalidHandle is an error that can be encountrered when querying the properties of a compute system when the handle to that
+	// ErrInvalidHandle is an error that can be encountered when querying the properties of a compute system when the handle to that
 	// compute system has already been closed.
 	ErrInvalidHandle = syscall.Errno(0x6)
 )
@@ -152,33 +157,38 @@ func (e *HcsError) Error() string {
 	return s
 }
 
+func (e *HcsError) Is(target error) bool {
+	return errors.Is(e.Err, target)
+}
+
+// unwrap isnt really needed, but helpful convince function
+
+func (e *HcsError) Unwrap() error {
+	return e.Err
+}
+
+// Deprecated: net.Error.Temporary is deprecated.
 func (e *HcsError) Temporary() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Temporary() //nolint:staticcheck
+	err := e.netError()
+	return (err != nil) && err.Temporary()
 }
 
 func (e *HcsError) Timeout() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Timeout()
+	err := e.netError()
+	return (err != nil) && err.Timeout()
 }
 
-// ProcessError is an error encountered in HCS during an operation on a Process object
-type ProcessError struct {
-	SystemID string
-	Pid      int
-	Op       string
-	Err      error
-	Events   []ErrorEvent
+func (e *HcsError) netError() (err net.Error) {
+	if errors.As(e.Unwrap(), &err) {
+		return err
+	}
+	return nil
 }
 
-var _ net.Error = &ProcessError{}
-
 // SystemError is an error encountered in HCS during an operation on a Container object
 type SystemError struct {
-	ID     string
-	Op     string
-	Err    error
-	Events []ErrorEvent
+	HcsError
+	ID string
 }
 
 var _ net.Error = &SystemError{}
@@ -191,29 +201,32 @@ func (e *SystemError) Error() string {
 	return s
 }
 
-func (e *SystemError) Temporary() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Temporary() //nolint:staticcheck
-}
-
-func (e *SystemError) Timeout() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Timeout()
-}
-
 func makeSystemError(system *System, op string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
-	if _, ok := err.(*SystemError); ok {
+	var e *SystemError
+	if errors.As(err, &e) {
 		return err
 	}
+
 	return &SystemError{
-		ID:     system.ID(),
-		Op:     op,
-		Err:    err,
-		Events: events,
+		ID: system.ID(),
+		HcsError: HcsError{
+			Op:     op,
+			Err:    err,
+			Events: events,
+		},
 	}
 }
 
+// ProcessError is an error encountered in HCS during an operation on a Process object
+type ProcessError struct {
+	HcsError
+	SystemID string
+	Pid      int
+}
+
+var _ net.Error = &ProcessError{}
+
 func (e *ProcessError) Error() string {
 	s := fmt.Sprintf("%s %s:%d: %s", e.Op, e.SystemID, e.Pid, e.Err.Error())
 	for _, ev := range e.Events {
@@ -222,27 +235,20 @@ func (e *ProcessError) Error() string {
 	return s
 }
 
-func (e *ProcessError) Temporary() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Temporary() //nolint:staticcheck
-}
-
-func (e *ProcessError) Timeout() bool {
-	err, ok := e.Err.(net.Error)
-	return ok && err.Timeout()
-}
-
 func makeProcessError(process *Process, op string, err error, events []ErrorEvent) error {
 	// Don't double wrap errors
-	if _, ok := err.(*ProcessError); ok {
+	var e *ProcessError
+	if errors.As(err, &e) {
 		return err
 	}
 	return &ProcessError{
 		Pid:      process.Pid(),
 		SystemID: process.SystemID(),
-		Op:       op,
-		Err:      err,
-		Events:   events,
+		HcsError: HcsError{
+			Op:     op,
+			Err:    err,
+			Events: events,
+		},
 	}
 }
 
@@ -251,41 +257,41 @@ func makeProcessError(process *Process, op string, err error, events []ErrorEven
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
 // will currently return true when the error is ErrElementNotFound.
 func IsNotExist(err error) bool {
-	err = getInnerError(err)
-	return err == ErrComputeSystemDoesNotExist ||
-		err == ErrElementNotFound
+	return IsAny(err, ErrComputeSystemDoesNotExist, ErrElementNotFound)
 }
 
 // IsErrorInvalidHandle checks whether the error is the result of an operation carried
 // out on a handle that is invalid/closed. This error popped up while trying to query
 // stats on a container in the process of being stopped.
 func IsErrorInvalidHandle(err error) bool {
-	err = getInnerError(err)
-	return err == ErrInvalidHandle
+	return errors.Is(err, ErrInvalidHandle)
 }
 
 // IsAlreadyClosed checks if an error is caused by the Container or Process having been
 // already closed by a call to the Close() method.
 func IsAlreadyClosed(err error) bool {
-	err = getInnerError(err)
-	return err == ErrAlreadyClosed
+	return errors.Is(err, ErrAlreadyClosed)
 }
 
 // IsPending returns a boolean indicating whether the error is that
 // the requested operation is being completed in the background.
 func IsPending(err error) bool {
-	err = getInnerError(err)
-	return err == ErrVmcomputeOperationPending
+	return errors.Is(err, ErrVmcomputeOperationPending)
 }
 
 // IsTimeout returns a boolean indicating whether the error is caused by
 // a timeout waiting for the operation to complete.
 func IsTimeout(err error) bool {
-	if err, ok := err.(net.Error); ok && err.Timeout() {
+	// HcsError and co. implement Timeout regardless of whether the errors they wrap do,
+	// so `errors.As(err, net.Error)`` will always be true.
+	// Using `errors.As(err.Unwrap(), net.Err)` wont work for general errors.
+	// So first check if there an `ErrTimeout` in the chain, then convert to a net error.
+	if errors.Is(err, ErrTimeout) {
 		return true
 	}
-	err = getInnerError(err)
-	return err == ErrTimeout
+
+	var nerr net.Error
+	return errors.As(err, &nerr) && nerr.Timeout()
 }
 
 // IsAlreadyStopped returns a boolean indicating whether the error is caused by
@@ -294,10 +300,7 @@ func IsTimeout(err error) bool {
 // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
 // will currently return true when the error is ErrElementNotFound.
 func IsAlreadyStopped(err error) bool {
-	err = getInnerError(err)
-	return err == ErrVmcomputeAlreadyStopped ||
-		err == ErrProcessAlreadyStopped ||
-		err == ErrElementNotFound
+	return IsAny(err, ErrVmcomputeAlreadyStopped, ErrProcessAlreadyStopped, ErrElementNotFound)
 }
 
 // IsNotSupported returns a boolean indicating whether the error is caused by
@@ -306,38 +309,28 @@ func IsAlreadyStopped(err error) bool {
 // ErrVmcomputeInvalidJSON, ErrInvalidData, ErrNotSupported or ErrVmcomputeUnknownMessage
 // is thrown from the Platform
 func IsNotSupported(err error) bool {
-	err = getInnerError(err)
 	// If Platform doesn't recognize or support the request sent, below errors are seen
-	return err == ErrVmcomputeInvalidJSON ||
-		err == ErrInvalidData ||
-		err == ErrNotSupported ||
-		err == ErrVmcomputeUnknownMessage
+	return IsAny(err, ErrVmcomputeInvalidJSON, ErrInvalidData, ErrNotSupported, ErrVmcomputeUnknownMessage)
 }
 
 // IsOperationInvalidState returns true when err is caused by
 // `ErrVmcomputeOperationInvalidState`.
 func IsOperationInvalidState(err error) bool {
-	err = getInnerError(err)
-	return err == ErrVmcomputeOperationInvalidState
+	return errors.Is(err, ErrVmcomputeOperationInvalidState)
 }
 
 // IsAccessIsDenied returns true when err is caused by
 // `ErrVmcomputeOperationAccessIsDenied`.
 func IsAccessIsDenied(err error) bool {
-	err = getInnerError(err)
-	return err == ErrVmcomputeOperationAccessIsDenied
+	return errors.Is(err, ErrVmcomputeOperationAccessIsDenied)
 }
 
-func getInnerError(err error) error {
-	switch pe := err.(type) {
-	case nil:
-		return nil
-	case *HcsError:
-		err = pe.Err
-	case *SystemError:
-		err = pe.Err
-	case *ProcessError:
-		err = pe.Err
+// IsAny is a vectorized version of [errors.Is], it returns true if err is one of targets.
+func IsAny(err error, targets ...error) bool {
+	for _, e := range targets {
+		if errors.Is(err, e) {
+			return true
+		}
 	}
-	return err
+	return false
 }

vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (
@@ -10,6 +12,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/Microsoft/hcsshim/internal/cow"
 	"github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/oc"
 	"github.com/Microsoft/hcsshim/internal/vmcompute"
@@ -36,6 +39,8 @@ type Process struct {
 	waitError      error
 }
 
+var _ cow.Process = &Process{}
+
 func newProcess(process vmcompute.HcsProcess, processID int, computeSystem *System) *Process {
 	return &Process{
 		handle:    process,
@@ -89,10 +94,7 @@ func (process *Process) processSignalResult(ctx context.Context, err error) (boo
 	case nil:
 		return true, nil
 	case ErrVmcomputeOperationInvalidState, ErrComputeSystemDoesNotExist, ErrElementNotFound:
-		select {
-		case <-process.waitBlock:
-			// The process exit notification has already arrived.
-		default:
+		if !process.stopped() {
 			// The process should be gone, but we have not received the notification.
 			// After a second, force unblock the process wait to work around a possible
 			// deadlock in the HCS.
@@ -114,9 +116,9 @@ func (process *Process) processSignalResult(ctx context.Context, err error) (boo
 
 // Signal signals the process with `options`.
 //
-// For LCOW `guestrequest.SignalProcessOptionsLCOW`.
+// For LCOW `guestresource.SignalProcessOptionsLCOW`.
 //
-// For WCOW `guestrequest.SignalProcessOptionsWCOW`.
+// For WCOW `guestresource.SignalProcessOptionsWCOW`.
 func (process *Process) Signal(ctx context.Context, options interface{}) (bool, error) {
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
@@ -152,6 +154,10 @@ func (process *Process) Kill(ctx context.Context) (bool, error) {
 		return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
+	if process.stopped() {
+		return false, makeProcessError(process, operation, ErrProcessAlreadyStopped, nil)
+	}
+
 	if process.killSignalDelivered {
 		// A kill signal has already been sent to this process. Sending a second
 		// one offers no real benefit, as processes cannot stop themselves from
@@ -233,7 +239,7 @@ func (process *Process) Kill(ctx context.Context) (bool, error) {
 // call multiple times.
 func (process *Process) waitBackground() {
 	operation := "hcs::Process::waitBackground"
-	ctx, span := trace.StartSpan(context.Background(), operation)
+	ctx, span := oc.StartSpan(context.Background(), operation)
 	defer span.End()
 	span.AddAttributes(
 		trace.StringAttribute("cid", process.SystemID()),
@@ -259,12 +265,12 @@ func (process *Process) waitBackground() {
 			propertiesJSON, resultJSON, err = vmcompute.HcsGetProcessProperties(ctx, process.handle)
 			events := processHcsResult(ctx, resultJSON)
 			if err != nil {
-				err = makeProcessError(process, operation, err, events) //nolint:ineffassign
+				err = makeProcessError(process, operation, err, events)
 			} else {
 				properties := &processStatus{}
 				err = json.Unmarshal([]byte(propertiesJSON), properties)
 				if err != nil {
-					err = makeProcessError(process, operation, err, nil) //nolint:ineffassign
+					err = makeProcessError(process, operation, err, nil)
 				} else {
 					if properties.LastWaitResult != 0 {
 						log.G(ctx).WithField("wait-result", properties.LastWaitResult).Warning("non-zero last wait result")
@@ -286,12 +292,22 @@ func (process *Process) waitBackground() {
 }
 
 // Wait waits for the process to exit. If the process has already exited returns
-// the pervious error (if any).
+// the previous error (if any).
 func (process *Process) Wait() error {
 	<-process.waitBlock
 	return process.waitError
 }
 
+// Exited returns if the process has stopped
+func (process *Process) stopped() bool {
+	select {
+	case <-process.waitBlock:
+		return true
+	default:
+		return false
+	}
+}
+
 // ResizeConsole resizes the console of the process.
 func (process *Process) ResizeConsole(ctx context.Context, width, height uint16) error {
 	process.handleLock.RLock()
@@ -328,15 +344,13 @@ func (process *Process) ResizeConsole(ctx context.Context, width, height uint16)
 // ExitCode returns the exit code of the process. The process must have
 // already terminated.
 func (process *Process) ExitCode() (int, error) {
-	select {
-	case <-process.waitBlock:
-		if process.waitError != nil {
-			return -1, process.waitError
-		}
-		return process.exitCode, nil
-	default:
+	if !process.stopped() {
 		return -1, makeProcessError(process, "hcs::Process::ExitCode", ErrInvalidProcessState, nil)
 	}
+	if process.waitError != nil {
+		return -1, process.waitError
+	}
+	return process.exitCode, nil
 }
 
 // StdioLegacy returns the stdin, stdout, and stderr pipes, respectively. Closing
@@ -344,7 +358,7 @@ func (process *Process) ExitCode() (int, error) {
 // are the responsibility of the caller to close.
 func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) {
 	operation := "hcs::Process::StdioLegacy"
-	ctx, span := trace.StartSpan(context.Background(), operation)
+	ctx, span := oc.StartSpan(context.Background(), operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(
@@ -382,7 +396,7 @@ func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.R
 }
 
 // Stdio returns the stdin, stdout, and stderr pipes, respectively.
-// To close them, close the process handle.
+// To close them, close the process handle, or use the `CloseStd*` functions.
 func (process *Process) Stdio() (stdin io.Writer, stdout, stderr io.Reader) {
 	process.stdioLock.Lock()
 	defer process.stdioLock.Unlock()
@@ -391,46 +405,55 @@ func (process *Process) Stdio() (stdin io.Writer, stdout, stderr io.Reader) {
 
 // CloseStdin closes the write side of the stdin pipe so that the process is
 // notified on the read side that there is no more data in stdin.
-func (process *Process) CloseStdin(ctx context.Context) error {
+func (process *Process) CloseStdin(ctx context.Context) (err error) {
+	operation := "hcs::Process::CloseStdin"
+	ctx, span := trace.StartSpan(ctx, operation)
+	defer span.End()
+	defer func() { oc.SetSpanStatus(span, err) }()
+	span.AddAttributes(
+		trace.StringAttribute("cid", process.SystemID()),
+		trace.Int64Attribute("pid", int64(process.processID)))
+
 	process.handleLock.RLock()
 	defer process.handleLock.RUnlock()
 
-	operation := "hcs::Process::CloseStdin"
-
 	if process.handle == 0 {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 
-	modifyRequest := processModifyRequest{
-		Operation: modifyCloseHandle,
-		CloseHandle: &closeHandle{
-			Handle: stdIn,
-		},
-	}
+	//HcsModifyProcess request to close stdin will fail if the process has already exited
+	if !process.stopped() {
+		modifyRequest := processModifyRequest{
+			Operation: modifyCloseHandle,
+			CloseHandle: &closeHandle{
+				Handle: stdIn,
+			},
+		}
 
-	modifyRequestb, err := json.Marshal(modifyRequest)
-	if err != nil {
-		return err
-	}
+		modifyRequestb, err := json.Marshal(modifyRequest)
+		if err != nil {
+			return err
+		}
 
-	resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
-	events := processHcsResult(ctx, resultJSON)
-	if err != nil {
-		return makeProcessError(process, operation, err, events)
+		resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+		events := processHcsResult(ctx, resultJSON)
+		if err != nil {
+			return makeProcessError(process, operation, err, events)
+		}
 	}
 
 	process.stdioLock.Lock()
+	defer process.stdioLock.Unlock()
 	if process.stdin != nil {
 		process.stdin.Close()
 		process.stdin = nil
 	}
-	process.stdioLock.Unlock()
 
 	return nil
 }
 
 func (process *Process) CloseStdout(ctx context.Context) (err error) {
-	ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck
+	ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(
@@ -454,7 +477,7 @@ func (process *Process) CloseStdout(ctx context.Context) (err error) {
 }
 
 func (process *Process) CloseStderr(ctx context.Context) (err error) {
-	ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck
+	ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(
@@ -473,7 +496,6 @@ func (process *Process) CloseStderr(ctx context.Context) (err error) {
 	if process.stderr != nil {
 		process.stderr.Close()
 		process.stderr = nil
-
 	}
 	return nil
 }
@@ -482,7 +504,7 @@ func (process *Process) CloseStderr(ctx context.Context) (err error) {
 // or wait on it.
 func (process *Process) Close() (err error) {
 	operation := "hcs::Process::Close"
-	ctx, span := trace.StartSpan(context.Background(), operation)
+	ctx, span := oc.StartSpan(context.Background(), operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package schema1
 
 import (
@@ -101,7 +103,7 @@ type ContainerConfig struct {
 	HvRuntime                   *HvRuntime          `json:",omitempty"` // Hyper-V container settings. Used by Hyper-V containers only. Format ImagePath=%root%\BaseLayerID\UtilityVM
 	Servicing                   bool                `json:",omitempty"` // True if this container is for servicing
 	AllowUnqualifiedDNSQuery    bool                `json:",omitempty"` // True to allow unqualified DNS name resolution
-	DNSSearchList               string              `json:",omitempty"` // Comma seperated list of DNS suffixes to use for name resolution
+	DNSSearchList               string              `json:",omitempty"` // Comma separated list of DNS suffixes to use for name resolution
 	ContainerType               string              `json:",omitempty"` // "Linux" for Linux containers on Windows. Omitted otherwise.
 	TerminateOnLastHandleClosed bool                `json:",omitempty"` // Should HCS terminate the container once all handles have been closed
 	MappedVirtualDisks          []MappedVirtualDisk `json:",omitempty"` // Array of virtual disks to mount at start

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go

@@ -9,6 +9,14 @@
 
 package hcsschema
 
+type CPUGroupPropertyCode uint32
+
+const (
+	CPUCapacityProperty           = 0x00010000
+	CPUSchedulingPriorityProperty = 0x00020000
+	IdleLPReserveProperty         = 0x00030000
+)
+
 type CpuGroupProperty struct {
 	PropertyCode  uint32 `json:"PropertyCode,omitempty"`
 	PropertyValue uint32 `json:"PropertyValue,omitempty"`

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/debug_options.go

@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DebugOptions struct {
+	// BugcheckSavedStateFileName is the path for the file in which the guest VM state will be saved when
+	// the guest crashes.
+	BugcheckSavedStateFileName string `json:"BugcheckSavedStateFileName,omitempty"`
+	// BugcheckNoCrashdumpSavedStateFileName is the path of the file in which the guest VM state will be
+	// saved when the guest crashes but the guest isn't able to generate the crash dump. This usually
+	// happens in early boot failures.
+	BugcheckNoCrashdumpSavedStateFileName string `json:"BugcheckNoCrashdumpSavedStateFileName,omitempty"`
+	TripleFaultSavedStateFileName         string `json:"TripleFaultSavedStateFileName,omitempty"`
+	FirmwareDumpFileName                  string `json:"FirmwareDumpFileName,omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go

@@ -14,6 +14,9 @@ type GuestState struct {
 	//  The path to an existing file uses for persistent guest state storage.  An empty string indicates the system should initialize new transient, in-memory guest state.
 	GuestStateFilePath string `json:"GuestStateFilePath,omitempty"`
 
+	//  The guest state file type affected by different guest isolation modes - whether a file or block storage.
+	GuestStateFileType string `json:"GuestStateFileType,omitempty"`
+
 	//  The path to an existing file for persistent runtime state storage.  An empty string indicates the system should initialize new transient, in-memory runtime state.
 	RuntimeStateFilePath string `json:"RuntimeStateFilePath,omitempty"`
 

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go

@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type IsolationSettings struct {
+	// Guest isolation type options to decide virtual trust levels of virtual machine
+	IsolationType string `json:"IsolationType,omitempty"`
+	// Configuration to debug HCL layer for HCS VM TODO: Task 31102306: Miss the way to prevent the exposure of private debug configuration in HCS TODO: Think about the secret configurations which are private in VMMS VM (only edit by hvsedit)
+	DebugHost string `json:"DebugHost,omitempty"`
+	DebugPort int64  `json:"DebugPort,omitempty"`
+	// Optional data passed by host on isolated virtual machine start
+	LaunchData string `json:"LaunchData,omitempty"`
+	HclEnabled bool   `json:"HclEnabled,omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go

@@ -9,10 +9,12 @@
 
 package hcsschema
 
+import "github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+
 type ModifySettingRequest struct {
 	ResourcePath string `json:"ResourcePath,omitempty"`
 
-	RequestType string `json:"RequestType,omitempty"`
+	RequestType guestrequest.RequestType `json:"RequestType,omitempty"` // NOTE: Swagger generated as string. Locally updated.
 
 	Settings interface{} `json:"Settings,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated
 

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go

@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SecuritySettings struct {
+	// Enablement of Trusted Platform Module on the computer system
+	EnableTpm bool               `json:"EnableTpm,omitempty"`
+	Isolation *IsolationSettings `json:"Isolation,omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go

@@ -0,0 +1,28 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SystemTime struct {
+	Year int32 `json:"Year,omitempty"`
+
+	Month int32 `json:"Month,omitempty"`
+
+	DayOfWeek int32 `json:"DayOfWeek,omitempty"`
+
+	Day int32 `json:"Day,omitempty"`
+
+	Hour int32 `json:"Hour,omitempty"`
+
+	Minute int32 `json:"Minute,omitempty"`
+
+	Second int32 `json:"Second,omitempty"`
+
+	Milliseconds int32 `json:"Milliseconds,omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go

@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type TimeZoneInformation struct {
+	Bias int32 `json:"Bias,omitempty"`
+
+	StandardName string `json:"StandardName,omitempty"`
+
+	StandardDate *SystemTime `json:"StandardDate,omitempty"`
+
+	StandardBias int32 `json:"StandardBias,omitempty"`
+
+	DaylightName string `json:"DaylightName,omitempty"`
+
+	DaylightDate *SystemTime `json:"DaylightDate,omitempty"`
+
+	DaylightBias int32 `json:"DaylightBias,omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go

@@ -12,6 +12,8 @@ package hcsschema
 type Uefi struct {
 	EnableDebugger bool `json:"EnableDebugger,omitempty"`
 
+	ApplySecureBootTemplate string `json:"ApplySecureBootTemplate,omitempty"`
+
 	SecureBootTemplateId string `json:"SecureBootTemplateId,omitempty"`
 
 	BootThis *UefiBootEntry `json:"BootThis,omitempty"`

vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go

@@ -29,4 +29,8 @@ type VirtualMachine struct {
 	StorageQoS *StorageQoS `json:"StorageQoS,omitempty"`
 
 	GuestConnection *GuestConnection `json:"GuestConnection,omitempty"`
+
+	SecuritySettings *SecuritySettings `json:"SecuritySettings,omitempty"`
+
+	DebugOptions *DebugOptions `json:"DebugOptions,omitempty"`
 }

vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (
@@ -37,6 +39,9 @@ type System struct {
 	startTime      time.Time
 }
 
+var _ cow.Container = &System{}
+var _ cow.ProcessHost = &System{}
+
 func newSystem(id string) *System {
 	return &System{
 		id:        id,
@@ -55,7 +60,7 @@ func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface in
 
 	// hcsCreateComputeSystemContext is an async operation. Start the outer span
 	// here to measure the full create time.
-	ctx, span := trace.StartSpan(ctx, operation)
+	ctx, span := oc.StartSpan(ctx, operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", id))
@@ -89,7 +94,8 @@ func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface in
 		}
 	}
 
-	events, err := processAsyncHcsResult(ctx, createError, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
+	events, err := processAsyncHcsResult(ctx, createError, resultJSON, computeSystem.callbackNumber,
+		hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
 	if err != nil {
 		if err == ErrTimeout {
 			// Terminate the compute system if it still exists. We're okay to
@@ -190,7 +196,7 @@ func (computeSystem *System) Start(ctx context.Context) (err error) {
 
 	// hcsStartComputeSystemContext is an async operation. Start the outer span
 	// here to measure the full start time.
-	ctx, span := trace.StartSpan(ctx, operation)
+	ctx, span := oc.StartSpan(ctx, operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
@@ -198,12 +204,15 @@ func (computeSystem *System) Start(ctx context.Context) (err error) {
 	computeSystem.handleLock.RLock()
 	defer computeSystem.handleLock.RUnlock()
 
+	// prevent starting an exited system because waitblock we do not recreate waitBlock
+	// or rerun waitBackground, so we have no way to be notified of it closing again
 	if computeSystem.handle == 0 {
 		return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
 	}
 
 	resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "")
-	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+		hcsNotificationSystemStartCompleted, &timeout.SystemStart)
 	if err != nil {
 		return makeSystemError(computeSystem, operation, err, events)
 	}
@@ -223,7 +232,7 @@ func (computeSystem *System) Shutdown(ctx context.Context) error {
 
 	operation := "hcs::System::Shutdown"
 
-	if computeSystem.handle == 0 {
+	if computeSystem.handle == 0 || computeSystem.stopped() {
 		return nil
 	}
 
@@ -244,7 +253,7 @@ func (computeSystem *System) Terminate(ctx context.Context) error {
 
 	operation := "hcs::System::Terminate"
 
-	if computeSystem.handle == 0 {
+	if computeSystem.handle == 0 || computeSystem.stopped() {
 		return nil
 	}
 
@@ -265,7 +274,7 @@ func (computeSystem *System) Terminate(ctx context.Context) error {
 // safe to call multiple times.
 func (computeSystem *System) waitBackground() {
 	operation := "hcs::System::waitBackground"
-	ctx, span := trace.StartSpan(context.Background(), operation)
+	ctx, span := oc.StartSpan(context.Background(), operation)
 	defer span.End()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
 
@@ -302,17 +311,25 @@ func (computeSystem *System) Wait() error {
 	return computeSystem.WaitError()
 }
 
-// ExitError returns an error describing the reason the compute system terminated.
-func (computeSystem *System) ExitError() error {
+// stopped returns true if the compute system stopped.
+func (computeSystem *System) stopped() bool {
 	select {
 	case <-computeSystem.waitBlock:
-		if computeSystem.waitError != nil {
-			return computeSystem.waitError
-		}
-		return computeSystem.exitError
+		return true
 	default:
+	}
+	return false
+}
+
+// ExitError returns an error describing the reason the compute system terminated.
+func (computeSystem *System) ExitError() error {
+	if !computeSystem.stopped() {
 		return errors.New("container not exited")
 	}
+	if computeSystem.waitError != nil {
+		return computeSystem.waitError
+	}
+	return computeSystem.exitError
 }
 
 // Properties returns the requested container properties targeting a V1 schema container.
@@ -322,6 +339,10 @@ func (computeSystem *System) Properties(ctx context.Context, types ...schema1.Pr
 
 	operation := "hcs::System::Properties"
 
+	if computeSystem.handle == 0 {
+		return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+	}
+
 	queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types})
 	if err != nil {
 		return nil, makeSystemError(computeSystem, operation, err, nil)
@@ -349,7 +370,11 @@ func (computeSystem *System) Properties(ctx context.Context, types ...schema1.Pr
 // failed to be queried they will be tallied up and returned in as the first return value. Failures on
 // query are NOT considered errors; the only failure case for this method is if the containers job object
 // cannot be opened.
-func (computeSystem *System) queryInProc(ctx context.Context, props *hcsschema.Properties, types []hcsschema.PropertyType) ([]hcsschema.PropertyType, error) {
+func (computeSystem *System) queryInProc(
+	ctx context.Context,
+	props *hcsschema.Properties,
+	types []hcsschema.PropertyType,
+) ([]hcsschema.PropertyType, error) {
 	// In the future we can make use of some new functionality in the HCS that allows you
 	// to pass a job object for HCS to use for the container. Currently, the only way we'll
 	// be able to open the job/silo is if we're running as SYSTEM.
@@ -415,7 +440,7 @@ func (computeSystem *System) statisticsInProc(job *jobobject.JobObject) (*hcssch
 	// as well which isn't great and is wasted work to fetch.
 	//
 	// HCS only let's you grab statistics in an all or nothing fashion, so we can't just grab the private
-	// working set ourselves and ask for everything else seperately. The optimization we can make here is
+	// working set ourselves and ask for everything else separately. The optimization we can make here is
 	// to open the silo ourselves and do the same queries for the rest of the info, as well as calculating
 	// the private working set in a more efficient manner by:
 	//
@@ -455,6 +480,10 @@ func (computeSystem *System) statisticsInProc(job *jobobject.JobObject) (*hcssch
 func (computeSystem *System) hcsPropertiesV2Query(ctx context.Context, types []hcsschema.PropertyType) (*hcsschema.Properties, error) {
 	operation := "hcs::System::PropertiesV2"
 
+	if computeSystem.handle == 0 {
+		return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+	}
+
 	queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types})
 	if err != nil {
 		return nil, makeSystemError(computeSystem, operation, err, nil)
@@ -503,7 +532,7 @@ func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschem
 	if err == nil && len(fallbackTypes) == 0 {
 		return properties, nil
 	} else if err != nil {
-		logEntry.WithError(fmt.Errorf("failed to query compute system properties in-proc: %w", err))
+		logEntry = logEntry.WithError(fmt.Errorf("failed to query compute system properties in-proc: %w", err))
 		fallbackTypes = types
 	}
 
@@ -535,9 +564,9 @@ func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschem
 func (computeSystem *System) Pause(ctx context.Context) (err error) {
 	operation := "hcs::System::Pause"
 
-	// hcsPauseComputeSystemContext is an async peration. Start the outer span
+	// hcsPauseComputeSystemContext is an async operation. Start the outer span
 	// here to measure the full pause time.
-	ctx, span := trace.StartSpan(ctx, operation)
+	ctx, span := oc.StartSpan(ctx, operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
@@ -550,7 +579,8 @@ func (computeSystem *System) Pause(ctx context.Context) (err error) {
 	}
 
 	resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "")
-	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+		hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
 	if err != nil {
 		return makeSystemError(computeSystem, operation, err, events)
 	}
@@ -564,7 +594,7 @@ func (computeSystem *System) Resume(ctx context.Context) (err error) {
 
 	// hcsResumeComputeSystemContext is an async operation. Start the outer span
 	// here to measure the full restore time.
-	ctx, span := trace.StartSpan(ctx, operation)
+	ctx, span := oc.StartSpan(ctx, operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
@@ -577,7 +607,8 @@ func (computeSystem *System) Resume(ctx context.Context) (err error) {
 	}
 
 	resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "")
-	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
+	events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+		hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
 	if err != nil {
 		return makeSystemError(computeSystem, operation, err, events)
 	}
@@ -589,9 +620,9 @@ func (computeSystem *System) Resume(ctx context.Context) (err error) {
 func (computeSystem *System) Save(ctx context.Context, options interface{}) (err error) {
 	operation := "hcs::System::Save"
 
-	// hcsSaveComputeSystemContext is an async peration. Start the outer span
+	// hcsSaveComputeSystemContext is an async operation. Start the outer span
 	// here to measure the full save time.
-	ctx, span := trace.StartSpan(ctx, operation)
+	ctx, span := oc.StartSpan(ctx, operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
@@ -609,7 +640,8 @@ func (computeSystem *System) Save(ctx context.Context, options interface{}) (err
 	}
 
 	result, err := vmcompute.HcsSaveComputeSystem(ctx, computeSystem.handle, string(saveOptions))
-	events, err := processAsyncHcsResult(ctx, err, result, computeSystem.callbackNumber, hcsNotificationSystemSaveCompleted, &timeout.SystemSave)
+	events, err := processAsyncHcsResult(ctx, err, result, computeSystem.callbackNumber,
+		hcsNotificationSystemSaveCompleted, &timeout.SystemSave)
 	if err != nil {
 		return makeSystemError(computeSystem, operation, err, events)
 	}
@@ -634,6 +666,11 @@ func (computeSystem *System) createProcess(ctx context.Context, operation string
 	processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration)
 	events := processHcsResult(ctx, resultJSON)
 	if err != nil {
+		if v2, ok := c.(*hcsschema.ProcessParameters); ok {
+			operation += ": " + v2.CommandLine
+		} else if v1, ok := c.(*schema1.ProcessConfig); ok {
+			operation += ": " + v1.CommandLine
+		}
 		return nil, nil, makeSystemError(computeSystem, operation, err, events)
 	}
 
@@ -700,7 +737,7 @@ func (computeSystem *System) OpenProcess(ctx context.Context, pid int) (*Process
 // Close cleans up any state associated with the compute system but does not terminate or wait for it.
 func (computeSystem *System) Close() (err error) {
 	operation := "hcs::System::Close"
-	ctx, span := trace.StartSpan(context.Background(), operation)
+	ctx, span := oc.StartSpan(context.Background(), operation)
 	defer span.End()
 	defer func() { oc.SetSpanStatus(span, err) }()
 	span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
@@ -743,7 +780,8 @@ func (computeSystem *System) registerCallback(ctx context.Context) error {
 	callbackMap[callbackNumber] = callbackContext
 	callbackMapLock.Unlock()
 
-	callbackHandle, err := vmcompute.HcsRegisterComputeSystemCallback(ctx, computeSystem.handle, notificationWatcherCallback, callbackNumber)
+	callbackHandle, err := vmcompute.HcsRegisterComputeSystemCallback(ctx, computeSystem.handle,
+		notificationWatcherCallback, callbackNumber)
 	if err != nil {
 		return err
 	}
@@ -770,7 +808,7 @@ func (computeSystem *System) unregisterCallback(ctx context.Context) error {
 		return nil
 	}
 
-	// hcsUnregisterComputeSystemCallback has its own syncronization
+	// hcsUnregisterComputeSystemCallback has its own synchronization
 	// to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
 	err := vmcompute.HcsUnregisterComputeSystemCallback(ctx, handle)
 	if err != nil {

vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hcs
 
 import (
@@ -7,7 +9,14 @@ import (
 	"github.com/Microsoft/hcsshim/internal/log"
 )
 
-func processAsyncHcsResult(ctx context.Context, err error, resultJSON string, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) ([]ErrorEvent, error) {
+func processAsyncHcsResult(
+	ctx context.Context,
+	err error,
+	resultJSON string,
+	callbackNumber uintptr,
+	expectedNotification hcsNotification,
+	timeout *time.Duration,
+) ([]ErrorEvent, error) {
 	events := processHcsResult(ctx, resultJSON)
 	if IsPending(err) {
 		return nil, waitForNotification(ctx, callbackNumber, expectedNotification, timeout)
@@ -16,7 +25,12 @@ func processAsyncHcsResult(ctx context.Context, err error, resultJSON string, ca
 	return events, err
 }
 
-func waitForNotification(ctx context.Context, callbackNumber uintptr, expectedNotification hcsNotification, timeout *time.Duration) error {
+func waitForNotification(
+	ctx context.Context,
+	callbackNumber uintptr,
+	expectedNotification hcsNotification,
+	timeout *time.Duration,
+) error {
 	callbackMapLock.RLock()
 	if _, ok := callbackMap[callbackNumber]; !ok {
 		callbackMapLock.RUnlock()

vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go

@@ -0,0 +1 @@
+package hcserror

vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go

@@ -1,11 +1,13 @@
+//go:build windows
+
 package hcserror
 
 import (
+	"errors"
 	"fmt"
-	"syscall"
-)
 
-const ERROR_GEN_FAILURE = syscall.Errno(31)
+	"golang.org/x/sys/windows"
+)
 
 type HcsError struct {
 	title string
@@ -30,18 +32,21 @@ func (e *HcsError) Error() string {
 
 func New(err error, title, rest string) error {
 	// Pass through DLL errors directly since they do not originate from HCS.
-	if _, ok := err.(*syscall.DLLError); ok {
+	var e *windows.DLLError
+	if errors.As(err, &e) {
 		return err
 	}
 	return &HcsError{title, rest, err}
 }
 
 func Win32FromError(err error) uint32 {
-	if herr, ok := err.(*HcsError); ok {
+	var herr *HcsError
+	if errors.As(err, &herr) {
 		return Win32FromError(herr.Err)
 	}
-	if code, ok := err.(syscall.Errno); ok {
+	var code windows.Errno
+	if errors.As(err, &code) {
 		return uint32(code)
 	}
-	return uint32(ERROR_GEN_FAILURE)
+	return uint32(windows.ERROR_GEN_FAILURE)
 }

vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go

@@ -0,0 +1 @@
+package hns

vendor/github.com/Microsoft/hcsshim/internal/hns/hns.go

@@ -2,7 +2,7 @@ package hns
 
 import "fmt"
 
-//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go hns.go
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go hns.go
 
 //sys _hnsCall(method string, path string, object string, response **uint16) (hr error) = vmcompute.HNSCall?
 

vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 import (
@@ -34,7 +36,7 @@ type HNSEndpoint struct {
 	SharedContainers   []string          `json:",omitempty"`
 }
 
-//SystemType represents the type of the system on which actions are done
+// SystemType represents the type of the system on which actions are done
 type SystemType string
 
 // SystemType const
@@ -146,7 +148,6 @@ func (endpoint *HNSEndpoint) IsAttached(vID string) (bool, error) {
 	}
 
 	return false, nil
-
 }
 
 // Create Endpoint by sending EndpointRequest to HNS. TODO: Create a separate HNS interface to place all these methods
@@ -281,7 +282,6 @@ func (endpoint *HNSEndpoint) HostAttach(compartmentID uint16) error {
 		return err
 	}
 	return hnsCall("POST", "/endpoints/"+endpoint.Id+"/attach", string(jsonString), &response)
-
 }
 
 // HostDetach detaches a nic on the host

vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 type HNSGlobals struct {

vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go

@@ -1,13 +1,16 @@
+//go:build windows
+
 package hns
 
 import (
 	"encoding/json"
 	"errors"
-	"github.com/sirupsen/logrus"
 	"net"
+
+	"github.com/sirupsen/logrus"
 )
 
-// Subnet is assoicated with a network and represents a list
+// Subnet is associated with a network and represents a list
 // of subnets available to the network
 type Subnet struct {
 	AddressPrefix  string            `json:",omitempty"`
@@ -15,7 +18,7 @@ type Subnet struct {
 	Policies       []json.RawMessage `json:",omitempty"`
 }
 
-// MacPool is assoicated with a network and represents a list
+// MacPool is associated with a network and represents a list
 // of macaddresses available to the network
 type MacPool struct {
 	StartMacAddress string `json:",omitempty"`

vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go

@@ -94,15 +94,15 @@ type ACLPolicy struct {
 	InternalPort    uint16     `json:",omitempty"`
 	Action          ActionType
 	Direction       DirectionType
-	LocalAddresses  string     `json:",omitempty"`
-	RemoteAddresses string     `json:",omitempty"`
-	LocalPorts      string     `json:"LocalPorts,omitempty"`
-	LocalPort       uint16     `json:",omitempty"`
-	RemotePorts     string     `json:"RemotePorts,omitempty"`
-	RemotePort      uint16     `json:",omitempty"`
-	RuleType        RuleType   `json:"RuleType,omitempty"`
-	Priority        uint16     `json:",omitempty"`
-	ServiceName     string     `json:",omitempty"`
+	LocalAddresses  string   `json:",omitempty"`
+	RemoteAddresses string   `json:",omitempty"`
+	LocalPorts      string   `json:"LocalPorts,omitempty"`
+	LocalPort       uint16   `json:",omitempty"`
+	RemotePorts     string   `json:"RemotePorts,omitempty"`
+	RemotePort      uint16   `json:",omitempty"`
+	RuleType        RuleType `json:"RuleType,omitempty"`
+	Priority        uint16   `json:",omitempty"`
+	ServiceName     string   `json:",omitempty"`
 }
 
 type Policy struct {

vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package hns
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go

@@ -1,4 +1,6 @@
-// Code generated mksyscall_windows.exe DO NOT EDIT
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 
 package hns
 
@@ -19,6 +21,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +29,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
@@ -62,7 +65,8 @@ func _hnsCall(method string, path string, object string, response **uint16) (hr
 }
 
 func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16) (hr error) {
-	if hr = procHNSCall.Find(); hr != nil {
+	hr = procHNSCall.Find()
+	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)

vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go

@@ -0,0 +1 @@
+package interop

vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package interop
 
 import (
@@ -5,7 +7,7 @@ import (
 	"unsafe"
 )
 
-//go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go interop.go
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go interop.go
 
 //sys coTaskMemFree(buffer unsafe.Pointer) = api_ms_win_core_com_l1_1_0.CoTaskMemFree
 

vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go

@@ -1,4 +1,6 @@
-// Code generated mksyscall_windows.exe DO NOT EDIT
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 
 package interop
 
@@ -19,6 +21,7 @@ const (
 
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+	errERROR_EINVAL     error = syscall.EINVAL
 )
 
 // errnoErr returns common boxed Errno values, to prevent
@@ -26,7 +29,7 @@ var (
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
-		return nil
+		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}

vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go

@@ -0,0 +1,8 @@
+// This package provides higher level constructs for the win32 job object API.
+// Most of the core creation and management functions are already present in "golang.org/x/sys/windows"
+// (CreateJobObject, AssignProcessToJobObject, etc.) as well as most of the limit information
+// structs and associated limit flags. Whatever is not present from the job object API
+// in golang.org/x/sys/windows is located in /internal/winapi.
+//
+// https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects
+package jobobject

vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package jobobject
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go

@@ -1,10 +1,15 @@
+//go:build windows
+
 package jobobject
 
 import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
+	"path/filepath"
 	"sync"
+	"sync/atomic"
 	"unsafe"
 
 	"github.com/Microsoft/hcsshim/internal/queue"
@@ -12,19 +17,14 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-// This file provides higher level constructs for the win32 job object API.
-// Most of the core creation and management functions are already present in "golang.org/x/sys/windows"
-// (CreateJobObject, AssignProcessToJobObject, etc.) as well as most of the limit information
-// structs and associated limit flags. Whatever is not present from the job object API
-// in golang.org/x/sys/windows is located in /internal/winapi.
-//
-// https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects
-
 // JobObject is a high level wrapper around a Windows job object. Holds a handle to
 // the job, a queue to receive iocp notifications about the lifecycle
 // of the job and a mutex for synchronized handle access.
 type JobObject struct {
-	handle     windows.Handle
+	handle windows.Handle
+	// All accesses to this MUST be done atomically except in `Open` as the object
+	// is being created in the function. 1 signifies that this job is currently a silo.
+	silo       uint32
 	mq         *queue.MessageQueue
 	handleLock sync.RWMutex
 }
@@ -56,6 +56,7 @@ const (
 var (
 	ErrAlreadyClosed = errors.New("the handle has already been closed")
 	ErrNotRegistered = errors.New("job is not registered to receive notifications")
+	ErrNotSilo       = errors.New("job is not a silo")
 )
 
 // Options represents the set of configurable options when making or opening a job object.
@@ -68,6 +69,9 @@ type Options struct {
 	// `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject.
 	// Defaults to false.
 	UseNTVariant bool
+	// `Silo` specifies to promote the job to a silo. This additionally sets the flag
+	// JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE as it is required for the upgrade to complete.
+	Silo bool
 	// `IOTracking` enables tracking I/O statistics on the job object. More specifically this
 	// calls SetInformationJobObject with the JobObjectIoAttribution class.
 	EnableIOTracking bool
@@ -143,6 +147,16 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
 		}
 	}
 
+	if options.Silo {
+		// This is a required setting for upgrading to a silo.
+		if err := job.SetTerminateOnLastHandleClose(); err != nil {
+			return nil, err
+		}
+		if err := job.PromoteToSilo(); err != nil {
+			return nil, err
+		}
+	}
+
 	return job, nil
 }
 
@@ -163,7 +177,7 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
 	}
 
 	var jobHandle windows.Handle
-	if options != nil && options.UseNTVariant {
+	if options.UseNTVariant {
 		oa := winapi.ObjectAttributes{
 			Length:     unsafe.Sizeof(winapi.ObjectAttributes{}),
 			ObjectName: unicodeJobName,
@@ -174,7 +188,7 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
 			return nil, winapi.RtlNtStatusToDosError(status)
 		}
 	} else {
-		jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, false, unicodeJobName.Buffer)
+		jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, 0, unicodeJobName.Buffer)
 		if err != nil {
 			return nil, err
 		}
@@ -190,9 +204,13 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
 		handle: jobHandle,
 	}
 
+	if isJobSilo(jobHandle) {
+		job.silo = 1
+	}
+
 	// If the IOCP we'll be using to receive messages for all jobs hasn't been
 	// created, create it and start polling.
-	if options != nil && options.Notifications {
+	if options.Notifications {
 		mq, err := setupNotifications(ctx, job)
 		if err != nil {
 			return nil, err
@@ -450,6 +468,119 @@ func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFO
 	return &info, nil
 }
 
+// ApplyFileBinding makes a file binding using the Bind Filter from target to root. If the job has
+// not been upgraded to a silo this call will fail. The binding is only applied and visible for processes
+// running in the job, any processes on the host or in another job will not be able to see the binding.
+func (job *JobObject) ApplyFileBinding(root, target string, readOnly bool) error {
+	job.handleLock.RLock()
+	defer job.handleLock.RUnlock()
+
+	if job.handle == 0 {
+		return ErrAlreadyClosed
+	}
+
+	if !job.isSilo() {
+		return ErrNotSilo
+	}
+
+	// The parent directory needs to exist for the bind to work. MkdirAll stats and
+	// returns nil if the directory exists internally so we should be fine to mkdirall
+	// every time.
+	if err := os.MkdirAll(filepath.Dir(root), 0); err != nil {
+		return err
+	}
+
+	rootPtr, err := windows.UTF16PtrFromString(root)
+	if err != nil {
+		return err
+	}
+
+	targetPtr, err := windows.UTF16PtrFromString(target)
+	if err != nil {
+		return err
+	}
+
+	flags := winapi.BINDFLT_FLAG_USE_CURRENT_SILO_MAPPING
+	if readOnly {
+		flags |= winapi.BINDFLT_FLAG_READ_ONLY_MAPPING
+	}
+
+	if err := winapi.BfSetupFilter(
+		job.handle,
+		flags,
+		rootPtr,
+		targetPtr,
+		nil,
+		0,
+	); err != nil {
+		return fmt.Errorf("failed to bind target %q to root %q for job object: %w", target, root, err)
+	}
+	return nil
+}
+
+// isJobSilo is a helper to determine if a job object that was opened is a silo. This should ONLY be called
+// from `Open` and any callers in this package afterwards should use `job.isSilo()`
+func isJobSilo(h windows.Handle) bool {
+	// None of the information from the structure that this info class expects will be used, this is just used as
+	// the call will fail if the job hasn't been upgraded to a silo so we can use this to tell when we open a job
+	// if it's a silo or not. Because none of the info matters simply define a dummy struct with the size that the call
+	// expects which is 16 bytes.
+	type isSiloObj struct {
+		_ [16]byte
+	}
+	var siloInfo isSiloObj
+	err := winapi.QueryInformationJobObject(
+		h,
+		winapi.JobObjectSiloBasicInformation,
+		unsafe.Pointer(&siloInfo),
+		uint32(unsafe.Sizeof(siloInfo)),
+		nil,
+	)
+	return err == nil
+}
+
+// PromoteToSilo promotes a job object to a silo. There must be no running processess
+// in the job for this to succeed. If the job is already a silo this is a no-op.
+func (job *JobObject) PromoteToSilo() error {
+	job.handleLock.RLock()
+	defer job.handleLock.RUnlock()
+
+	if job.handle == 0 {
+		return ErrAlreadyClosed
+	}
+
+	if job.isSilo() {
+		return nil
+	}
+
+	pids, err := job.Pids()
+	if err != nil {
+		return err
+	}
+
+	if len(pids) != 0 {
+		return fmt.Errorf("job cannot have running processes to be promoted to a silo, found %d running processes", len(pids))
+	}
+
+	_, err = windows.SetInformationJobObject(
+		job.handle,
+		winapi.JobObjectCreateSilo,
+		0,
+		0,
+	)
+	if err != nil {
+		return fmt.Errorf("failed to promote job to silo: %w", err)
+	}
+
+	atomic.StoreUint32(&job.silo, 1)
+	return nil
+}
+
+// isSilo returns if the job object is a silo.
+func (job *JobObject) isSilo() bool {
+	return atomic.LoadUint32(&job.silo) == 1
+}
+
 // QueryPrivateWorkingSet returns the private working set size for the job. This is calculated by adding up the
 // private working set for every process running in the job.
 func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {

vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go

@@ -1,3 +1,5 @@
+//go:build windows
+
 package jobobject
 
 import (

vendor/github.com/Microsoft/hcsshim/internal/log/context.go

@@ -0,0 +1,118 @@
+package log
+
+import (
+	"context"
+
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+type entryContextKeyType int
+
+const _entryContextKey entryContextKeyType = iota
+
+var (
+	// L is the default, blank logging entry. WithField and co. all return a copy
+	// of the original entry, so this will not leak fields between calls.
+	//
+	// Do NOT modify fields directly, as that will corrupt state for all users and
+	// is not thread safe.
+	// Instead, use `L.With*` or `L.Dup()`. Or `G(context.Background())`.
+	L = logrus.NewEntry(logrus.StandardLogger())
+
+	// G is an alias for GetEntry
+	G = GetEntry
+
+	// S is an alias for SetEntry
+	S = SetEntry
+
+	// U is an alias for UpdateContext
+	U = UpdateContext
+)
+
+// GetEntry returns a `logrus.Entry` stored in the context, if one exists.
+// Otherwise, it returns a default entry that points to the current context.
+//
+// Note: if the a new entry is returned, it will reference the passed in context.
+// However, existing contexts may be stored in parent contexts and additionally reference
+// earlier contexts.
+// Use `UpdateContext` to update the entry and context.
+func GetEntry(ctx context.Context) *logrus.Entry {
+	entry := fromContext(ctx)
+
+	if entry == nil {
+		entry = L.WithContext(ctx)
+	}
+
+	return entry
+}
+
+// SetEntry updates the log entry in the context with the provided fields, and
+// returns both. It is equivalent to:
+//
+//	entry := GetEntry(ctx).WithFields(fields)
+//	ctx = WithContext(ctx, entry)
+//
+// See WithContext for more information.
+func SetEntry(ctx context.Context, fields logrus.Fields) (context.Context, *logrus.Entry) {
+	e := GetEntry(ctx)
+	if len(fields) > 0 {
+		e = e.WithFields(fields)
+	}
+	return WithContext(ctx, e)
+}
+
+// UpdateContext extracts the log entry from the context, and, if the entry's
+// context points to a parent's of the current context, ands the entry
+// to the most recent context. It is equivalent to:
+//
+//	entry := GetEntry(ctx)
+//	ctx = WithContext(ctx, entry)
+//
+// This allows the entry to reference the most recent context and any new
+// values (such as span contexts) added to it.
+//
+// See WithContext for more information.
+func UpdateContext(ctx context.Context) context.Context {
+	// there is no way to check its ctx (and not one of its parents) that contains `e`
+	// so, at a slight cost, force add `e` to the context
+	ctx, _ = WithContext(ctx, GetEntry(ctx))
+	return ctx
+}
+
+// WithContext returns a context that contains the provided log entry.
+// The entry can be extracted with `GetEntry` (`G`)
+//
+// The entry in the context is a copy of `entry` (generated by `entry.WithContext`)
+func WithContext(ctx context.Context, entry *logrus.Entry) (context.Context, *logrus.Entry) {
+	// regardless of the order, entry.Context != GetEntry(ctx)
+	// here, the returned entry will reference the supplied context
+	entry = entry.WithContext(ctx)
+	ctx = context.WithValue(ctx, _entryContextKey, entry)
+
+	return ctx, entry
+}
+
+// Copy extracts the tracing Span and logging entry from the src Context, if they
+// exist, and adds them to the dst Context.
+//
+// This is useful to share tracing and logging between contexts, but not the
+// cancellation. For example, if the src Context has been cancelled but cleanup
+// operations triggered by the cancellation require a non-cancelled context to
+// execute.
+func Copy(dst context.Context, src context.Context) context.Context {
+	if s := trace.FromContext(src); s != nil {
+		dst = trace.NewContext(dst, s)
+	}
+
+	if e := fromContext(src); e != nil {
+		dst, _ = WithContext(dst, e)
+	}
+
+	return dst
+}
+
+func fromContext(ctx context.Context) *logrus.Entry {
+	e, _ := ctx.Value(_entryContextKey).(*logrus.Entry)
+	return e
+}

vendor/github.com/Microsoft/hcsshim/internal/log/format.go

@@ -0,0 +1,85 @@
+package log
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net"
+	"reflect"
+	"time"
+
+	"github.com/containerd/containerd/log"
+)
+
+const TimeFormat = log.RFC3339NanoFixed
+
+func FormatTime(t time.Time) string {
+	return t.Format(TimeFormat)
+}
+
+// DurationFormat formats a [time.Duration] log entry.
+//
+// A nil value signals an error with the formatting.
+type DurationFormat func(time.Duration) interface{}
+
+func DurationFormatString(d time.Duration) interface{}       { return d.String() }
+func DurationFormatSeconds(d time.Duration) interface{}      { return d.Seconds() }
+func DurationFormatMilliseconds(d time.Duration) interface{} { return d.Milliseconds() }
+
+// FormatIO formats net.Conn and other types that have an `Addr()` or `Name()`.
+//
+// See FormatEnabled for more information.
+func FormatIO(ctx context.Context, v interface{}) string {
+	m := make(map[string]string)
+	m["type"] = reflect.TypeOf(v).String()
+
+	switch t := v.(type) {
+	case net.Conn:
+		m["localAddress"] = formatAddr(t.LocalAddr())
+		m["remoteAddress"] = formatAddr(t.RemoteAddr())
+	case interface{ Addr() net.Addr }:
+		m["address"] = formatAddr(t.Addr())
+	default:
+		return Format(ctx, t)
+	}
+
+	return Format(ctx, m)
+}
+
+func formatAddr(a net.Addr) string {
+	return a.Network() + "://" + a.String()
+}
+
+// Format formats an object into a JSON string, without any indendtation or
+// HTML escapes.
+// Context is used to output a log waring if the conversion fails.
+//
+// This is intended primarily for `trace.StringAttribute()`
+func Format(ctx context.Context, v interface{}) string {
+	b, err := encode(v)
+	if err != nil {
+		G(ctx).WithError(err).Warning("could not format value")
+		return ""
+	}
+
+	return string(b)
+}
+
+func encode(v interface{}) ([]byte, error) {
+	return encodeBuffer(&bytes.Buffer{}, v)
+}
+
+func encodeBuffer(buf *bytes.Buffer, v interface{}) ([]byte, error) {
+	enc := json.NewEncoder(buf)
+	enc.SetEscapeHTML(false)
+	enc.SetIndent("", "")
+
+	if err := enc.Encode(v); err != nil {
+		err = fmt.Errorf("could not marshall %T to JSON for logging: %w", v, err)
+		return nil, err
+	}
+
+	// encoder.Encode appends a newline to the end
+	return bytes.TrimSpace(buf.Bytes()), nil
+}

vendor/github.com/Microsoft/hcsshim/internal/log/g.go

@@ -1,23 +0,0 @@
-package log
-
-import (
-	"context"
-
-	"github.com/sirupsen/logrus"
-	"go.opencensus.io/trace"
-)
-
-// G returns a `logrus.Entry` with the `TraceID, SpanID` from `ctx` if `ctx`
-// contains an OpenCensus `trace.Span`.
-func G(ctx context.Context) *logrus.Entry {
-	span := trace.FromContext(ctx)
-	if span != nil {
-		sctx := span.SpanContext()
-		return logrus.WithFields(logrus.Fields{
-			"traceID": sctx.TraceID.String(),
-			"spanID":  sctx.SpanID.String(),
-			// "parentSpanID": TODO: JTERRY75 - Try to convince OC to export this?
-		})
-	}
-	return logrus.NewEntry(logrus.StandardLogger())
-}

vendor/github.com/Microsoft/hcsshim/internal/log/hook.go

@@ -0,0 +1,174 @@
+package log
+
+import (
+	"bytes"
+	"reflect"
+	"time"
+
+	"github.com/Microsoft/hcsshim/internal/logfields"
+	"github.com/containerd/containerd/log"
+	"github.com/sirupsen/logrus"
+	"go.opencensus.io/trace"
+)
+
+const nullString = "null"
+
+// Hook intercepts and formats a [logrus.Entry] before it logged.
+//
+// The shim either outputs the logs through an ETW hook, discarding the (formatted) output
+// or logs output to a pipe for logging binaries to consume.
+// The Linux GCS outputs logrus entries over stdout, which is then consumed and re-output
+// by the shim.
+type Hook struct {
+	// EncodeAsJSON formats structs, maps, arrays, slices, and [bytes.Buffer] as JSON.
+	// Variables of [bytes.Buffer] will be converted to []byte.
+	//
+	// Default is false.
+	EncodeAsJSON bool
+
+	// FormatTime specifies the format for [time.Time] variables.
+	// An empty string disables formatting.
+	// When disabled, the fall back will the JSON encoding, if enabled.
+	//
+	// Default is [github.com/containerd/containerd/log.RFC3339NanoFixed].
+	TimeFormat string
+
+	// Duration format converts a [time.Duration] fields to an appropriate encoding.
+	// nil disables formatting.
+	// When disabled, the fall back will the JSON encoding, if enabled.
+	//
+	// Default is [DurationFormatString], which appends a duration unit after the value.
+	DurationFormat DurationFormat
+
+	// AddSpanContext adds [logfields.TraceID] and [logfields.SpanID] fields to
+	// the entry from the span context stored in [logrus.Entry.Context], if it exists.
+	AddSpanContext bool
+}
+
+var _ logrus.Hook = &Hook{}
+
+func NewHook() *Hook {
+	return &Hook{
+		TimeFormat:     log.RFC3339NanoFixed,
+		DurationFormat: DurationFormatString,
+		AddSpanContext: true,
+	}
+}
+
+func (h *Hook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+func (h *Hook) Fire(e *logrus.Entry) (err error) {
+	// JSON encode, if necessary, then add span information
+	h.encode(e)
+	h.addSpanContext(e)
+
+	return nil
+}
+
+// encode loops through all the fields in the [logrus.Entry] and encodes them according to
+// the settings in [Hook].
+// If [Hook.TimeFormat] is non-empty, it will be passed to [time.Time.Format] for
+// fields of type [time.Time].
+//
+// If [Hook.EncodeAsJSON] is true, then fields that are not numeric, boolean, strings, or
+// errors will be encoded via a [json.Marshal] (with HTML escaping disabled).
+// Chanel- and function-typed fields, as well as unsafe pointers are left alone and not encoded.
+//
+// If [Hook.TimeFormat] and [Hook.DurationFormat] are empty and [Hook.EncodeAsJSON] is false,
+// then this is a no-op.
+func (h *Hook) encode(e *logrus.Entry) {
+	d := e.Data
+
+	formatTime := h.TimeFormat != ""
+	formatDuration := h.DurationFormat != nil
+	if !(h.EncodeAsJSON || formatTime || formatDuration) {
+		return
+	}
+
+	for k, v := range d {
+		// encode types with dedicated formatting options first
+
+		if vv, ok := v.(time.Time); formatTime && ok {
+			d[k] = vv.Format(h.TimeFormat)
+			continue
+		}
+
+		if vv, ok := v.(time.Duration); formatDuration && ok {
+			d[k] = h.DurationFormat(vv)
+			continue
+		}
+
+		// general case JSON encoding
+
+		if !h.EncodeAsJSON {
+			continue
+		}
+
+		switch vv := v.(type) {
+		// built in types
+		// "json" marshals errors as "{}", so leave alone here
+		case bool, string, error, uintptr,
+			int8, int16, int32, int64, int,
+			uint8, uint32, uint64, uint,
+			float32, float64:
+			continue
+
+		// Rather than setting d[k] = vv.String(), JSON encode []byte value, since it
+		// may be a binary payload and not representable as a string.
+		// `case bytes.Buffer,*bytes.Buffer:` resolves `vv` to `interface{}`,
+		// so cannot use `vv.Bytes`.
+		// Could move to below the `reflect.Indirect()` call below, but
+		// that would require additional typematching and dereferencing.
+		// Easier to keep these duplicate branches here.
+		case bytes.Buffer:
+			v = vv.Bytes()
+		case *bytes.Buffer:
+			v = vv.Bytes()
+		}
+
+		// dereference pointer or interface variables
+		rv := reflect.Indirect(reflect.ValueOf(v))
+		// check if `v` is a null pointer
+		if !rv.IsValid() {
+			d[k] = nullString
+			continue
+		}
+
+		switch rv.Kind() {
+		case reflect.Map, reflect.Struct, reflect.Array, reflect.Slice:
+		default:
+			// Bool, [U]?Int*, Float*, Complex*, Uintptr, String: encoded as normal
+			// Chan, Func: not supported by json
+			// Interface, Pointer: dereferenced above
+			// UnsafePointer: not supported by json, not safe to de-reference; leave alone
+			continue
+		}
+
+		b, err := encode(v)
+		if err != nil {
+			// Errors are written to stderr (ie, to `panic.log`) and stops the remaining
+			// hooks (ie, exporting to ETW) from firing. So add encoding errors to
+			// the entry data to be written out, but keep on processing.
+			d[k+"-"+logrus.ErrorKey] = err.Error()
+			// keep the original `v` as the value,
+			continue
+		}
+		d[k] = string(b)
+	}
+}
+
+func (h *Hook) addSpanContext(e *logrus.Entry) {
+	ctx := e.Context
+	if !h.AddSpanContext || ctx == nil {
+		return
+	}
+	span := trace.FromContext(ctx)
+	if span == nil {
+		return
+	}
+	sctx := span.SpanContext()
+	e.Data[logfields.TraceID] = sctx.TraceID.String()
+	e.Data[logfields.SpanID] = sctx.SpanID.String()
+}

vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go

@@ -0,0 +1,184 @@
+package log
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"sync/atomic"
+
+	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+// This package scrubs objects of potentially sensitive information to pass to logging
+
+type genMap = map[string]interface{}
+type scrubberFunc func(genMap) error
+
+const _scrubbedReplacement = "<scrubbed>"
+
+var (
+	ErrUnknownType = errors.New("encoded object is of unknown type")
+
+	// case sensitive keywords, so "env" is not a substring on "Environment"
+	_scrubKeywords = [][]byte{[]byte("env"), []byte("Environment")}
+
+	_scrub int32
+)
+
+// SetScrubbing enables scrubbing
+func SetScrubbing(enable bool) {
+	v := int32(0) // cant convert from bool to int32 directly
+	if enable {
+		v = 1
+	}
+	atomic.StoreInt32(&_scrub, v)
+}
+
+// IsScrubbingEnabled checks if scrubbing is enabled
+func IsScrubbingEnabled() bool {
+	v := atomic.LoadInt32(&_scrub)
+	return v != 0
+}
+
+// ScrubProcessParameters scrubs HCS Create Process requests with config parameters of
+// type internal/hcs/schema2.ScrubProcessParameters (aka hcsshema.ScrubProcessParameters)
+func ScrubProcessParameters(s string) (string, error) {
+	// todo: deal with v1 ProcessConfig
+	b := []byte(s)
+	if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) {
+		return s, nil
+	}
+
+	pp := hcsschema.ProcessParameters{}
+	if err := json.Unmarshal(b, &pp); err != nil {
+		return "", err
+	}
+	pp.Environment = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
+
+	b, err := encodeBuffer(bytes.NewBuffer(b[:0]), pp)
+	if err != nil {
+		return "", err
+	}
+	return string(b), nil
+}
+
+// ScrubBridgeCreate scrubs requests sent over the bridge of type
+// internal/gcs/protocol.containerCreate wrapping an internal/hcsoci.linuxHostedSystem
+func ScrubBridgeCreate(b []byte) ([]byte, error) {
+	return scrubBytes(b, scrubBridgeCreate)
+}
+
+func scrubBridgeCreate(m genMap) error {
+	if !isRequestBase(m) {
+		return ErrUnknownType
+	}
+	if ss, ok := m["ContainerConfig"]; ok {
+		// ContainerConfig is a json encoded struct passed as a regular string field
+		s, ok := ss.(string)
+		if !ok {
+			return ErrUnknownType
+		}
+		b, err := scrubBytes([]byte(s), scrubLinuxHostedSystem)
+		if err != nil {
+			return err
+		}
+		m["ContainerConfig"] = string(b)
+		return nil
+	}
+	return ErrUnknownType
+}
+
+func scrubLinuxHostedSystem(m genMap) error {
+	if m, ok := index(m, "OciSpecification"); ok {
+		if _, ok := m["annotations"]; ok {
+			m["annotations"] = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
+		}
+		if m, ok := index(m, "process"); ok {
+			if _, ok := m["env"]; ok {
+				m["env"] = []string{_scrubbedReplacement}
+				return nil
+			}
+		}
+	}
+	return ErrUnknownType
+}
+
+// ScrubBridgeExecProcess scrubs requests sent over the bridge of type
+// internal/gcs/protocol.containerExecuteProcess
+func ScrubBridgeExecProcess(b []byte) ([]byte, error) {
+	return scrubBytes(b, scrubExecuteProcess)
+}
+
+func scrubExecuteProcess(m genMap) error {
+	if !isRequestBase(m) {
+		return ErrUnknownType
+	}
+	if m, ok := index(m, "Settings"); ok {
+		if ss, ok := m["ProcessParameters"]; ok {
+			// ProcessParameters is a json encoded struct passed as a regular sting field
+			s, ok := ss.(string)
+			if !ok {
+				return ErrUnknownType
+			}
+
+			s, err := ScrubProcessParameters(s)
+			if err != nil {
+				return err
+			}
+
+			m["ProcessParameters"] = s
+			return nil
+		}
+	}
+	return ErrUnknownType
+}
+
+func scrubBytes(b []byte, scrub scrubberFunc) ([]byte, error) {
+	if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) {
+		return b, nil
+	}
+
+	m := make(genMap)
+	if err := json.Unmarshal(b, &m); err != nil {
+		return nil, err
+	}
+
+	// could use regexp, but if the env strings contain braces, the regexp fails
+	// parsing into individual structs would require access to private structs
+	if err := scrub(m); err != nil {
+		return nil, err
+	}
+
+	b, err := encode(m)
+	if err != nil {
+		return nil, err
+	}
+
+	return b, nil
+}
+
+func isRequestBase(m genMap) bool {
+	// neither of these are (currently) `omitempty`
+	_, a := m["ActivityId"]
+	_, c := m["ContainerId"]
+	return a && c
+}
+
+// combination `m, ok := m[s]` and `m, ok := m.(genMap)`
+func index(m genMap, s string) (genMap, bool) {
+	if m, ok := m[s]; ok {
+		mm, ok := m.(genMap)
+		return mm, ok
+	}
+
+	return m, false
+}
+
+func hasKeywords(b []byte) bool {
+	for _, bb := range _scrubKeywords {
+		if bytes.Contains(b, bb) {
+			return true
+		}
+	}
+	return false
+}

vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go

@@ -3,21 +3,44 @@ package logfields
 const (
 	// Identifiers
 
+	Name      = "name"
+	Namespace = "namespace"
+	Operation = "operation"
+
+	ID          = "id"
+	SandboxID   = "sid"
 	ContainerID = "cid"
-	UVMID       = "uvm-id"
+	ExecID      = "eid"
 	ProcessID   = "pid"
+	TaskID      = "tid"
+	UVMID       = "uvm-id"
+
+	// networking and IO
+
+	File  = "file"
+	Path  = "path"
+	Bytes = "bytes"
+	Pipe  = "pipe"
 
 	// Common Misc
 
-	// Timeout represents an operation timeout.
-	Timeout = "timeout"
+	Attempt = "attemptNo"
 	JSON    = "json"
 
+	// Time
+
+	StartTime = "startTime"
+	EndTime   = "endTime"
+	Duration  = "duration"
+	Timeout   = "timeout"
+
 	// Keys/values
 
 	Field         = "field"
+	Key           = "key"
 	OCIAnnotation = "oci-annotation"
 	Value         = "value"
+	Options       = "options"
 
 	// Golang type's
 
@@ -29,4 +52,10 @@ const (
 	// runhcs
 
 	VMShimOperation = "vmshim-op"
+
+	// logging and tracing
+
+	TraceID      = "traceID"
+	SpanID       = "spanID"
+	ParentSpanID = "parentSpanID"
 )

vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go

@@ -0,0 +1,316 @@
+package memory
+
+import (
+	"github.com/pkg/errors"
+)
+
+const (
+	minimumClassSize  = MiB
+	maximumClassSize  = 4 * GiB
+	memoryClassNumber = 7
+)
+
+var (
+	ErrInvalidMemoryClass = errors.New("invalid memory class")
+	ErrEarlyMerge         = errors.New("not all children have been freed")
+	ErrEmptyPoolOperation = errors.New("operation on empty pool")
+)
+
+// GetMemoryClassType returns the minimum memory class type that can hold a device of
+// a given size. The smallest class is 1MB and the largest one is 4GB with 2 bit offset
+// intervals in between, for a total of 7 different classes. This function does not
+// do a validity check
+func GetMemoryClassType(s uint64) classType {
+	s = (s - 1) >> 20
+	memCls := uint32(0)
+	for s > 0 {
+		s = s >> 2
+		memCls++
+	}
+	return classType(memCls)
+}
+
+// GetMemoryClassSize returns size in bytes for a given memory class
+func GetMemoryClassSize(memCls classType) (uint64, error) {
+	if memCls >= memoryClassNumber {
+		return 0, ErrInvalidMemoryClass
+	}
+	return minimumClassSize << (2 * memCls), nil
+}
+
+// region represents a contiguous memory block
+type region struct {
+	// parent region that has been split into 4
+	parent *region
+	class  classType
+	// offset represents offset in bytes
+	offset uint64
+}
+
+// memoryPool tracks free and busy (used) memory regions
+type memoryPool struct {
+	free map[uint64]*region
+	busy map[uint64]*region
+}
+
+// PoolAllocator implements a memory allocation strategy similar to buddy-malloc https://github.com/evanw/buddy-malloc/blob/master/buddy-malloc.c
+// We borrow the idea of spanning a tree of fixed size regions on top of a contiguous memory
+// space.
+//
+// There are a total of 7 different region sizes that can be allocated, with the smallest
+// being 1MB and the largest 4GB (the default maximum size of a Virtual PMem device).
+//
+// For efficiency and to reduce fragmentation an entire region is allocated when requested.
+// When there's no available region of requested size, we try to allocate more memory for
+// this particular size by splitting the next available larger region into smaller ones, e.g.
+// if there's no region available for size class 0, we try splitting a region from class 1,
+// then class 2 etc, until we are able to do so or hit the upper limit.
+type PoolAllocator struct {
+	pools [memoryClassNumber]*memoryPool
+}
+
+var _ MappedRegion = &region{}
+var _ Allocator = &PoolAllocator{}
+
+func (r *region) Offset() uint64 {
+	return r.offset
+}
+
+func (r *region) Size() uint64 {
+	sz, err := GetMemoryClassSize(r.class)
+	if err != nil {
+		panic(err)
+	}
+	return sz
+}
+
+func (r *region) Type() classType {
+	return r.class
+}
+
+func newEmptyMemoryPool() *memoryPool {
+	return &memoryPool{
+		free: make(map[uint64]*region),
+		busy: make(map[uint64]*region),
+	}
+}
+
+func NewPoolMemoryAllocator() PoolAllocator {
+	pa := PoolAllocator{}
+	p := newEmptyMemoryPool()
+	// by default we allocate a single region with maximum possible size (class type)
+	p.free[0] = &region{
+		class:  memoryClassNumber - 1,
+		offset: 0,
+	}
+	pa.pools[memoryClassNumber-1] = p
+	return pa
+}
+
+// Allocate checks memory region pool for the given `size` and returns a free region with
+// minimal offset, if none available tries expanding matched memory pool.
+//
+// Internally it's done via moving a region from free pool into a busy pool
+func (pa *PoolAllocator) Allocate(size uint64) (MappedRegion, error) {
+	memCls := GetMemoryClassType(size)
+	if memCls >= memoryClassNumber {
+		return nil, ErrInvalidMemoryClass
+	}
+
+	// find region with the smallest offset
+	nextCls, nextOffset, err := pa.findNextOffset(memCls)
+	if err != nil {
+		return nil, err
+	}
+
+	// this means that there are no more regions for the current class, try expanding
+	if nextCls != memCls {
+		if err := pa.split(memCls); err != nil {
+			if err == ErrInvalidMemoryClass {
+				return nil, ErrNotEnoughSpace
+			}
+			return nil, err
+		}
+	}
+
+	if err := pa.markBusy(memCls, nextOffset); err != nil {
+		return nil, err
+	}
+
+	// by this point memory pool for memCls should have been created,
+	// either prior or during split call
+	if r := pa.pools[memCls].busy[nextOffset]; r != nil {
+		return r, nil
+	}
+
+	return nil, ErrNotEnoughSpace
+}
+
+// Release marks a memory region of class `memCls` and offset `offset` as free and tries to merge smaller regions into
+// a bigger one
+func (pa *PoolAllocator) Release(reg MappedRegion) error {
+	mp := pa.pools[reg.Type()]
+	if mp == nil {
+		return ErrEmptyPoolOperation
+	}
+
+	err := pa.markFree(reg.Type(), reg.Offset())
+	if err != nil {
+		return err
+	}
+
+	n := mp.free[reg.Offset()]
+	if n == nil {
+		return ErrNotAllocated
+	}
+	if err := pa.merge(n.parent); err != nil {
+		if err != ErrEarlyMerge {
+			return err
+		}
+	}
+	return nil
+}
+
+// findNextOffset finds next region location for a given memCls
+func (pa *PoolAllocator) findNextOffset(memCls classType) (classType, uint64, error) {
+	for mc := memCls; mc < memoryClassNumber; mc++ {
+		pi := pa.pools[mc]
+		if pi == nil || len(pi.free) == 0 {
+			continue
+		}
+
+		target := uint64(maximumClassSize)
+		for offset := range pi.free {
+			if offset < target {
+				target = offset
+			}
+		}
+		return mc, target, nil
+	}
+	return 0, 0, ErrNotEnoughSpace
+}
+
+// split tries to recursively split a bigger memory region into smaller ones until it succeeds or hits the upper limit
+func (pa *PoolAllocator) split(clsType classType) error {
+	nextClsType := clsType + 1
+	if nextClsType >= memoryClassNumber {
+		return ErrInvalidMemoryClass
+	}
+
+	nextPool := pa.pools[nextClsType]
+	if nextPool == nil {
+		nextPool = newEmptyMemoryPool()
+		pa.pools[nextClsType] = nextPool
+	}
+
+	cls, offset, err := pa.findNextOffset(nextClsType)
+	if err != nil {
+		return err
+	}
+	// not enough memory in the next class, try to recursively expand
+	if cls != nextClsType {
+		if err := pa.split(nextClsType); err != nil {
+			return err
+		}
+	}
+
+	if err := pa.markBusy(nextClsType, offset); err != nil {
+		return err
+	}
+
+	// memCls validity has been checked already, we can ignore the error
+	clsSize, _ := GetMemoryClassSize(clsType)
+
+	nextReg := nextPool.busy[offset]
+	if nextReg == nil {
+		return ErrNotAllocated
+	}
+
+	// expand memCls
+	cp := pa.pools[clsType]
+	if cp == nil {
+		cp = newEmptyMemoryPool()
+		pa.pools[clsType] = cp
+	}
+	// create 4 smaller regions
+	for i := uint64(0); i < 4; i++ {
+		offset := nextReg.offset + i*clsSize
+		reg := &region{
+			parent: nextReg,
+			class:  clsType,
+			offset: offset,
+		}
+		cp.free[offset] = reg
+	}
+	return nil
+}
+
+func (pa *PoolAllocator) merge(parent *region) error {
+	// nothing to merge
+	if parent == nil {
+		return nil
+	}
+
+	childCls := parent.class - 1
+	childPool := pa.pools[childCls]
+	// no child nodes to merge, try to merge parent
+	if childPool == nil {
+		return pa.merge(parent.parent)
+	}
+
+	childSize, err := GetMemoryClassSize(childCls)
+	if err != nil {
+		return err
+	}
+
+	// check if all the child nodes are free
+	var children []*region
+	for i := uint64(0); i < 4; i++ {
+		child, free := childPool.free[parent.offset+i*childSize]
+		if !free {
+			return ErrEarlyMerge
+		}
+		children = append(children, child)
+	}
+
+	// at this point all the child nodes will be free and we can merge
+	for _, child := range children {
+		delete(childPool.free, child.offset)
+	}
+
+	if err := pa.markFree(parent.class, parent.offset); err != nil {
+		return err
+	}
+
+	return pa.merge(parent.parent)
+}
+
+// markFree internally moves a region with `offset` from busy to free map
+func (pa *PoolAllocator) markFree(memCls classType, offset uint64) error {
+	clsPool := pa.pools[memCls]
+	if clsPool == nil {
+		return ErrEmptyPoolOperation
+	}
+
+	if reg, exists := clsPool.busy[offset]; exists {
+		clsPool.free[offset] = reg
+		delete(clsPool.busy, offset)
+		return nil
+	}
+	return ErrNotAllocated
+}
+
+// markBusy internally moves a region with `offset` from free to busy map
+func (pa *PoolAllocator) markBusy(memCls classType, offset uint64) error {
+	clsPool := pa.pools[memCls]
+	if clsPool == nil {
+		return ErrEmptyPoolOperation
+	}
+
+	if reg, exists := clsPool.free[offset]; exists {
+		clsPool.busy[offset] = reg
+		delete(clsPool.free, offset)
+		return nil
+	}
+	return ErrNotAllocated
+}

vendor/github.com/Microsoft/hcsshim/internal/memory/types.go

@@ -0,0 +1,28 @@
+package memory
+
+import "github.com/pkg/errors"
+
+type classType uint32
+
+const (
+	MiB = 1024 * 1024
+	GiB = 1024 * MiB
+)
+
+var (
+	ErrNotEnoughSpace = errors.New("not enough space")
+	ErrNotAllocated   = errors.New("no memory allocated at the given offset")
+)
+
+// MappedRegion represents a memory block with an offset
+type MappedRegion interface {
+	Offset() uint64
+	Size() uint64
+	Type() classType
+}
+
+// Allocator is an interface for memory allocation
+type Allocator interface {
+	Allocate(uint64) (MappedRegion, error)
+	Release(MappedRegion) error
+}

vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go

@@ -0,0 +1,69 @@
+package oc
+
+import (
+	"errors"
+	"io"
+	"net"
+	"os"
+
+	"github.com/containerd/containerd/errdefs"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// todo: break import cycle with "internal/hcs/errors.go" and reference errors defined there
+// todo: add errors defined in "internal/guest/gcserror" (Hresult does not implement error)
+
+func toStatusCode(err error) codes.Code {
+	// checks if err implements GRPCStatus() *"google.golang.org/grpc/status".Status,
+	// wraps an error defined in "github.com/containerd/containerd/errdefs", or is a
+	// context timeout or cancelled error
+	if s, ok := status.FromError(errdefs.ToGRPC(err)); ok {
+		return s.Code()
+	}
+
+	switch {
+	// case isAny(err):
+	// 	return codes.Cancelled
+	case isAny(err, os.ErrInvalid):
+		return codes.InvalidArgument
+	case isAny(err, os.ErrDeadlineExceeded):
+		return codes.DeadlineExceeded
+	case isAny(err, os.ErrNotExist):
+		return codes.NotFound
+	case isAny(err, os.ErrExist):
+		return codes.AlreadyExists
+	case isAny(err, os.ErrPermission):
+		return codes.PermissionDenied
+	// case isAny(err):
+	// 	return codes.ResourceExhausted
+	case isAny(err, os.ErrClosed, net.ErrClosed, io.ErrClosedPipe, io.ErrShortBuffer):
+		return codes.FailedPrecondition
+	// case isAny(err):
+	// 	return codes.Aborted
+	// case isAny(err):
+	// 	return codes.OutOfRange
+	// case isAny(err):
+	// 	return codes.Unimplemented
+	case isAny(err, io.ErrNoProgress):
+		return codes.Internal
+	// case isAny(err):
+	// 	return codes.Unavailable
+	case isAny(err, io.ErrShortWrite, io.ErrUnexpectedEOF):
+		return codes.DataLoss
+	// case isAny(err):
+	// 	return codes.Unauthenticated
+	default:
+		return codes.Unknown
+	}
+}
+
+// isAny returns true if errors.Is is true for any of the provided errors, errs.
+func isAny(err error, errs ...error) bool {
+	for _, e := range errs {
+		if errors.Is(err, e) {
+			return true
+		}
+	}
+	return false
+}

vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go

@@ -3,19 +3,26 @@ package oc
 import (
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
+	"google.golang.org/grpc/codes"
+
+	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/internal/logfields"
 )
 
-var _ = (trace.Exporter)(&LogrusExporter{})
+const spanMessage = "Span"
+
+var _errorCodeKey = logrus.ErrorKey + "Code"
 
 // LogrusExporter is an OpenCensus `trace.Exporter` that exports
 // `trace.SpanData` to logrus output.
-type LogrusExporter struct {
-}
+type LogrusExporter struct{}
+
+var _ trace.Exporter = &LogrusExporter{}
 
 // ExportSpan exports `s` based on the the following rules:
 //
-// 1. All output will contain `s.Attributes`, `s.TraceID`, `s.SpanID`,
-// `s.ParentSpanID` for correlation
+// 1. All output will contain `s.Attributes`, `s.SpanKind`, `s.TraceID`,
+// `s.SpanID`, and `s.ParentSpanID` for correlation
 //
 // 2. Any calls to .Annotate will not be supported.
 //
@@ -23,21 +30,57 @@ type LogrusExporter struct {
 // `s.Status.Code != 0` in which case it will be written at `logrus.ErrorLevel`
 // providing `s.Status.Message` as the error value.
 func (le *LogrusExporter) ExportSpan(s *trace.SpanData) {
-	// Combine all span annotations with traceID, spanID, parentSpanID
-	baseEntry := logrus.WithFields(logrus.Fields(s.Attributes))
-	baseEntry.Data["traceID"] = s.TraceID.String()
-	baseEntry.Data["spanID"] = s.SpanID.String()
-	baseEntry.Data["parentSpanID"] = s.ParentSpanID.String()
-	baseEntry.Data["startTime"] = s.StartTime
-	baseEntry.Data["endTime"] = s.EndTime
-	baseEntry.Data["duration"] = s.EndTime.Sub(s.StartTime).String()
-	baseEntry.Data["name"] = s.Name
-	baseEntry.Time = s.StartTime
+	if s.DroppedAnnotationCount > 0 {
+		logrus.WithFields(logrus.Fields{
+			"name":            s.Name,
+			logfields.TraceID: s.TraceID.String(),
+			logfields.SpanID:  s.SpanID.String(),
+			"dropped":         s.DroppedAttributeCount,
+			"maxAttributes":   len(s.Attributes),
+		}).Warning("span had dropped attributes")
+	}
+
+	entry := log.L.Dup()
+	// Combine all span annotations with span data (eg, trace ID, span ID, parent span ID,
+	// error, status code)
+	// (OC) Span attributes are guaranteed to be  strings, bools, or int64s, so we can
+	// can skip overhead in entry.WithFields() and add them directly to entry.Data.
+	// Preallocate ahead of time, since we should add, at most, 10 additional entries
+	data := make(logrus.Fields, len(entry.Data)+len(s.Attributes)+10)
+
+	// Default log entry may have prexisting/application-wide data
+	for k, v := range entry.Data {
+		data[k] = v
+	}
+	for k, v := range s.Attributes {
+		data[k] = v
+	}
+
+	data[logfields.Name] = s.Name
+	data[logfields.TraceID] = s.TraceID.String()
+	data[logfields.SpanID] = s.SpanID.String()
+	data[logfields.ParentSpanID] = s.ParentSpanID.String()
+	data[logfields.StartTime] = s.StartTime
+	data[logfields.EndTime] = s.EndTime
+	data[logfields.Duration] = s.EndTime.Sub(s.StartTime)
+	if sk := spanKindToString(s.SpanKind); sk != "" {
+		data["spanKind"] = sk
+	}
 
 	level := logrus.InfoLevel
 	if s.Status.Code != 0 {
 		level = logrus.ErrorLevel
-		baseEntry.Data[logrus.ErrorKey] = s.Status.Message
+
+		// don't overwrite an existing "error" or "errorCode" attributes
+		if _, ok := data[logrus.ErrorKey]; !ok {
+			data[logrus.ErrorKey] = s.Status.Message
+		}
+		if _, ok := data[_errorCodeKey]; !ok {
+			data[_errorCodeKey] = codes.Code(s.Status.Code).String()
+		}
 	}
-	baseEntry.Log(level, "Span")
+
+	entry.Data = data
+	entry.Time = s.StartTime
+	entry.Log(level, spanMessage)
 }

vendor/github.com/Microsoft/hcsshim/internal/oc/span.go

@@ -1,17 +1,58 @@
 package oc
 
 import (
+	"context"
+
+	"github.com/Microsoft/hcsshim/internal/log"
 	"go.opencensus.io/trace"
 )
 
+var DefaultSampler = trace.AlwaysSample()
+
 // SetSpanStatus sets `span.SetStatus` to the proper status depending on `err`. If
 // `err` is `nil` assumes `trace.StatusCodeOk`.
 func SetSpanStatus(span *trace.Span, err error) {
 	status := trace.Status{}
 	if err != nil {
-		// TODO: JTERRY75 - Handle errors in a non-generic way
-		status.Code = trace.StatusCodeUnknown
+		status.Code = int32(toStatusCode(err))
 		status.Message = err.Error()
 	}
 	span.SetStatus(status)
 }
+
+// StartSpan wraps "go.opencensus.io/trace".StartSpan, but, if the span is sampling,
+// adds a log entry to the context that points to the newly created span.
+func StartSpan(ctx context.Context, name string, o ...trace.StartOption) (context.Context, *trace.Span) {
+	ctx, s := trace.StartSpan(ctx, name, o...)
+	return update(ctx, s)
+}
+
+// StartSpanWithRemoteParent wraps "go.opencensus.io/trace".StartSpanWithRemoteParent.
+//
+// See StartSpan for more information.
+func StartSpanWithRemoteParent(ctx context.Context, name string, parent trace.SpanContext, o ...trace.StartOption) (context.Context, *trace.Span) {
+	ctx, s := trace.StartSpanWithRemoteParent(ctx, name, parent, o...)
+	return update(ctx, s)
+}
+
+func update(ctx context.Context, s *trace.Span) (context.Context, *trace.Span) {
+	if s.IsRecordingEvents() {
+		ctx = log.UpdateContext(ctx)
+	}
+
+	return ctx, s
+}
+
+var WithServerSpanKind = trace.WithSpanKind(trace.SpanKindServer)
+var WithClientSpanKind = trace.WithSpanKind(trace.SpanKindClient)
+
+func spanKindToString(sk int) string {
+	switch sk {
+	case trace.SpanKindClient:
+		return "client"
+	case trace.SpanKindServer:
+		return "server"
+	default:
+		return ""
+	}
+}