diff --git a/go.mod b/go.mod
index d32ce9a5b4..6fb3653fd9 100644
--- a/go.mod
+++ b/go.mod
@@ -5,10 +5,10 @@ go 1.13
 require (
 	github.com/containerd/containerd v1.6.2
 	github.com/containernetworking/cni v1.0.1
-	github.com/containers/common v0.47.5
-	github.com/containers/image/v5 v5.20.0
+	github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18
+	github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3
 	github.com/containers/ocicrypt v1.1.3
-	github.com/containers/storage v1.39.0
+	github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/docker/docker v20.10.14+incompatible
 	github.com/docker/go-units v0.4.0
@@ -39,7 +39,7 @@ require (
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27
+	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
 )
 
diff --git a/go.sum b/go.sum
index f2f7122d46..86c79279a7 100644
--- a/go.sum
+++ b/go.sum
@@ -108,7 +108,6 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20210920160938-87db9fbc61c7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20211112122917-428f8eabeeb3/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -279,6 +278,7 @@ github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3
 github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/stargz-snapshotter/estargz v0.9.0/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
 github.com/containerd/stargz-snapshotter/estargz v0.11.0/go.mod h1:/KsZXsJRllMbTKFfG0miFQWViQKdI9+9aSXs+HN0+ac=
+github.com/containerd/stargz-snapshotter/estargz v0.11.1/go.mod h1:6VoPcf4M1wvnogWxqc4TqBWWErCS+R+ucnPZId2VbpQ=
 github.com/containerd/stargz-snapshotter/estargz v0.11.3 h1:k2kN16Px6LYuv++qFqK+JTcYqc8bEVxzGpf8/gFBL5M=
 github.com/containerd/stargz-snapshotter/estargz v0.11.3/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0=
 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
@@ -303,14 +303,14 @@ github.com/containernetworking/cni v1.0.1 h1:9OIL/sZmMYDBe+G8svzILAlulUpaDTUjeAb
 github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containernetworking/plugins v1.0.1 h1:wwCfYbTCj5FC0EJgyzyjTXmqysOiJE9r712Z+2KVZAk=
 github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/common v0.47.5 h1:Qm9o+wVPO9sbggTKubN3xYMtPRaPv7dmcrJQgongHHw=
-github.com/containers/common v0.47.5/go.mod h1:HgX0mFXyB0Tbe2REEIp9x9CxET6iSzmHfwR6S/t2LZc=
-github.com/containers/image/v5 v5.19.1/go.mod h1:ewoo3u+TpJvGmsz64XgzbyTHwHtM94q7mgK/pX+v2SE=
-github.com/containers/image/v5 v5.20.0 h1:BYFMRvYqmEHnHo0sjTbnLbj0fzkGLDx6P57lszm30B4=
-github.com/containers/image/v5 v5.20.0/go.mod h1:5UL1ooih6+USVYXk19r8ScQNsbTprhlJxrHezAu4OVE=
-github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
+github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNGz0C1d3wVYlHE=
+github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
+github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18 h1:Hp4ccfzcFpS2SAha0cfYcF6ofkaEFmgsuRSxBDK8W0Y=
+github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc=
+github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE=
+github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3 h1:5oH8xNWulK0r7hfga9RsEZfh2JJXSn1UfSc6uPBgcP8=
+github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
 github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
@@ -321,8 +321,10 @@ github.com/containers/ocicrypt v1.1.3 h1:uMxn2wTb4nDR7GqG3rnZSfpJXqWURfzZ7nKydzI
 github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
 github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
 github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZPWprAbAlQWPQ=
-github.com/containers/storage v1.39.0 h1:NV93CVx6KAQ04cldeJyqa7uDZivhmO3rXla1cyn75dk=
+github.com/containers/storage v1.38.3-0.20220301151551-d06b0f81c0aa/go.mod h1:LkkL34WRi4dI4jt9Cp+ImdZi/P5i36glSHimT5CP5zM=
 github.com/containers/storage v1.39.0/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs=
+github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9 h1:fA/2FemaDv+POCJgg+QGJm84gMEDBwL5H0lDeubDJoE=
+github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9/go.mod h1:IMa2AfBI+Fxxk2hQqLTGhpJX6z2pZS1/I785QJeUwUY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -485,8 +487,9 @@ github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68Fp
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -699,6 +702,7 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
 github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.14.3/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.1 h1:y9FcTHGyrebwfP0ZZqFiaxTaiDnUrGkJkI+f583BL1A=
 github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
@@ -721,8 +725,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
-github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/magefile/mage v1.12.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/magefile/mage v1.13.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
@@ -809,6 +813,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
+github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -829,7 +834,6 @@ github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9k
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
@@ -842,7 +846,6 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -883,7 +886,6 @@ github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh
 github.com/openshift/imagebuilder v1.2.3 h1:jvA7mESJdclRKkTe3Yl6UWlliFNVW6mLY8RI+Rrfhfo=
 github.com/openshift/imagebuilder v1.2.3/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -1021,9 +1023,9 @@ github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMT
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/sylabs/release-tools v0.1.0/go.mod h1:pqP/z/11/rYMQ0OM/Nn7TxGijw7KfZwW9UolD/J1TUo=
-github.com/sylabs/sif/v2 v2.3.1/go.mod h1:NnvveH62GiibimL00MrI6YYcZfb7DnZMcRo/40giY+0=
-github.com/sylabs/sif/v2 v2.3.2 h1:Kj60dUcE3TSM8Px4TaIbX7PUafB1QGhUi70Fz5Gf7iU=
 github.com/sylabs/sif/v2 v2.3.2/go.mod h1:IrLX2pzmQ2O4qgv5iy3HdKJcBNYds9DTMd9Je8A9tX4=
+github.com/sylabs/sif/v2 v2.4.2 h1:L4jcqeOF33JfSnH+8GJKC7/ooVpzpZ2K7wotGG4ZzqQ=
+github.com/sylabs/sif/v2 v2.4.2/go.mod h1:6gQvzNKRIqr4FS08XBfHpkpnxv9b7h58GLkSJ1zdK9A=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
@@ -1063,7 +1065,6 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
@@ -1408,8 +1409,9 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1616,8 +1618,9 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8 h1:U9V52f6rAgINH7kT+musA1qF8kWyVOxzF8eYuOVuFwQ=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1649,8 +1652,9 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
diff --git a/tests/images.bats b/tests/images.bats
index 69bc7c3112..092143eeeb 100644
--- a/tests/images.bats
+++ b/tests/images.bats
@@ -48,7 +48,7 @@ load helpers
   cid2=$output
 
   run_buildah 125 images --noheading --filter since k8s.gcr.io/pause
-  expect_output 'invalid image filter "since": must be in the format "filter=value"'
+  expect_output 'invalid image filter "since": must be in the format "filter=value or filter!=value"'
 
 
   run_buildah images --noheading --filter since=k8s.gcr.io/pause
diff --git a/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go
index 3b745d4913..f260f28132 100644
--- a/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go
+++ b/vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go
@@ -106,8 +106,8 @@ var _ NetNS = &netNS{}
 
 const (
 	// https://github.com/torvalds/linux/blob/master/include/uapi/linux/magic.h
-	NSFS_MAGIC   = 0x6e736673
-	PROCFS_MAGIC = 0x9fa0
+	NSFS_MAGIC   = unix.NSFS_MAGIC
+	PROCFS_MAGIC = unix.PROC_SUPER_MAGIC
 )
 
 type NSPathNotExistErr struct{ msg string }
diff --git a/vendor/github.com/containers/common/libimage/filters.go b/vendor/github.com/containers/common/libimage/filters.go
index 063f071491..f9f73f527e 100644
--- a/vendor/github.com/containers/common/libimage/filters.go
+++ b/vendor/github.com/containers/common/libimage/filters.go
@@ -95,9 +95,15 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp
 	for _, f := range options.Filters {
 		var key, value string
 		var filter filterFunc
-		split := strings.SplitN(f, "=", 2)
-		if len(split) != 2 {
-			return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value")
+		negate := false
+		split := strings.SplitN(f, "!=", 2)
+		if len(split) == 2 {
+			negate = true
+		} else {
+			split = strings.SplitN(f, "=", 2)
+			if len(split) != 2 {
+				return nil, errors.Errorf("invalid image filter %q: must be in the format %q", f, "filter=value or filter!=value")
+			}
 		}
 
 		key = split[0]
@@ -182,12 +188,22 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp
 		default:
 			return nil, errors.Errorf("unsupported image filter %q", key)
 		}
+		if negate {
+			filter = negateFilter(filter)
+		}
 		filters[key] = append(filters[key], filter)
 	}
 
 	return filters, nil
 }
 
+func negateFilter(f filterFunc) filterFunc {
+	return func(img *Image) (bool, error) {
+		b, err := f(img)
+		return !b, err
+	}
+}
+
 func (r *Runtime) containers(duplicate map[string]string, key, value string, externalFunc IsExternalContainerFunc) error {
 	if exists, ok := duplicate[key]; ok && exists != value {
 		return errors.Errorf("specifying %q filter more than once with different values is not supported", key)
diff --git a/vendor/github.com/containers/common/libimage/import.go b/vendor/github.com/containers/common/libimage/import.go
index 67ab654b2c..3db392784e 100644
--- a/vendor/github.com/containers/common/libimage/import.go
+++ b/vendor/github.com/containers/common/libimage/import.go
@@ -49,15 +49,16 @@ func (r *Runtime) Import(ctx context.Context, path string, options *ImportOption
 		ic = config.ImageConfig
 	}
 
-	hist := []v1.History{
+	history := []v1.History{
 		{Comment: options.CommitMessage},
 	}
 
 	config := v1.Image{
 		Config:       ic,
-		History:      hist,
+		History:      history,
 		OS:           options.OS,
 		Architecture: options.Arch,
+		Variant:      options.Variant,
 	}
 
 	u, err := url.ParseRequestURI(path)
diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go
index 86e7eee563..2191e3c4a1 100644
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@@ -190,6 +190,8 @@ type LookupImageOptions struct {
 	returnManifestIfNoInstance bool
 }
 
+var errNoHexValue = errors.New("invalid format: no 64-byte hexadecimal value")
+
 // Lookup Image looks up `name` in the local container storage.  Returns the
 // image and the name it has been found with.  Note that name may also use the
 // `containers-storage:` prefix used to refer to the containers-storage
@@ -233,13 +235,29 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image,
 		name = normalizedName
 	}
 
+	byDigest := false
 	originalName := name
-	idByDigest := false
 	if strings.HasPrefix(name, "sha256:") {
-		// Strip off the sha256 prefix so it can be parsed later on.
-		idByDigest = true
+		byDigest = true
 		name = strings.TrimPrefix(name, "sha256:")
 	}
+	byFullID := reference.IsFullIdentifier(name)
+
+	if byDigest && !byFullID {
+		return nil, "", fmt.Errorf("%s: %v", originalName, errNoHexValue)
+	}
+
+	// If the name clearly refers to a local image, try to look it up.
+	if byFullID || byDigest {
+		img, err := r.lookupImageInLocalStorage(originalName, name, options)
+		if err != nil {
+			return nil, "", err
+		}
+		if img != nil {
+			return img, originalName, nil
+		}
+		return nil, "", errors.Wrap(storage.ErrImageUnknown, originalName)
+	}
 
 	// Unless specified, set the platform specified in the system context
 	// for later platform matching.  Builder likes to set these things via
@@ -256,27 +274,11 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image,
 	// Normalize platform to be OCI compatible (e.g., "aarch64" -> "arm64").
 	options.OS, options.Architecture, options.Variant = NormalizePlatform(options.OS, options.Architecture, options.Variant)
 
-	// First, check if we have an exact match in the storage. Maybe an ID
-	// or a fully-qualified image name.
-	img, err := r.lookupImageInLocalStorage(name, name, options)
-	if err != nil {
-		return nil, "", err
-	}
-	if img != nil {
-		return img, originalName, nil
-	}
-
-	// If the name clearly referred to a local image, there's nothing we can
-	// do anymore.
-	if storageRef != nil || idByDigest {
-		return nil, "", errors.Wrap(storage.ErrImageUnknown, originalName)
-	}
-
 	// Second, try out the candidates as resolved by shortnames. This takes
 	// "localhost/" prefixed images into account as well.
 	candidates, err := shortnames.ResolveLocally(&r.systemContext, name)
 	if err != nil {
-		return nil, "", errors.Wrap(storage.ErrImageUnknown, originalName)
+		return nil, "", errors.Wrap(storage.ErrImageUnknown, name)
 	}
 	// Backwards compat: normalize to docker.io as some users may very well
 	// rely on that.
@@ -294,7 +296,17 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image,
 		}
 	}
 
-	return r.lookupImageInDigestsAndRepoTags(originalName, options)
+	// The specified name may refer to a short ID. Note that this *must*
+	// happen after the short-name expansion as done above.
+	img, err := r.lookupImageInLocalStorage(name, name, options)
+	if err != nil {
+		return nil, "", err
+	}
+	if img != nil {
+		return img, name, err
+	}
+
+	return r.lookupImageInDigestsAndRepoTags(name, options)
 }
 
 // lookupImageInLocalStorage looks up the specified candidate for name in the
@@ -580,6 +592,8 @@ type RemoveImagesOptions struct {
 	// containers using a specific image.  By default, all containers in
 	// the local containers storage will be removed (if Force is set).
 	RemoveContainerFunc RemoveContainerFunc
+	// Ignore if a specified image does not exist and do not throw an error.
+	Ignore bool
 	// IsExternalContainerFunc allows for checking whether the specified
 	// container is an external one (when containers=external filter is
 	// used).  The definition of an external container can be set by
@@ -665,6 +679,9 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem
 		for _, name := range names {
 			img, resolvedName, err := r.LookupImage(name, lookupOptions)
 			if err != nil {
+				if options.Ignore && errors.Is(err, storage.ErrImageUnknown) {
+					continue
+				}
 				appendError(err)
 				continue
 			}
diff --git a/vendor/github.com/containers/common/libnetwork/cni/cni.coverprofile b/vendor/github.com/containers/common/libnetwork/cni/cni.coverprofile
deleted file mode 100644
index d302f441c7..0000000000
--- a/vendor/github.com/containers/common/libnetwork/cni/cni.coverprofile
+++ /dev/null
@@ -1,483 +0,0 @@
-mode: count
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:25.110,36.16 4 175
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:39.2,39.37 1 175
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:47.2,48.16 2 175
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:51.2,57.34 5 175
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:109.2,111.22 2 174
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:36.16,38.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:39.37,40.51 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:40.51,44.4 2 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:48.16,50.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:58.33,61.17 3 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:64.3,67.19 2 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:72.3,72.22 1 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:75.3,75.23 1 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:79.3,80.17 2 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:84.34,87.17 3 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:90.3,93.23 2 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:97.3,98.17 2 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:102.10,105.39 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:61.17,63.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:67.19,69.4 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:72.22,74.4 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:75.23,77.4 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:80.17,82.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:87.17,89.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:93.23,95.4 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:98.17,100.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:114.74,115.33 1 174
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:120.2,120.14 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:115.33,116.34 1 678
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:116.34,118.4 1 96
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:125.95,126.45 1 175
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:131.2,131.50 1 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:135.2,136.32 2 137
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:194.2,194.12 1 136
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:126.45,129.3 2 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:131.50,133.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:136.32,137.26 1 156
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:137.26,143.18 3 156
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:146.4,150.26 3 156
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:167.4,171.29 4 155
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:177.4,177.27 1 155
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:183.4,183.44 1 155
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:188.4,188.32 1 155
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:191.4,191.48 1 155
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:143.18,145.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:150.26,152.23 2 118
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:156.5,157.20 2 117
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:152.23,154.6 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:157.20,159.6 1 97
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:160.10,160.32 1 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:160.32,163.19 2 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:163.19,165.6 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:171.29,173.26 2 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:173.26,175.6 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:177.27,179.24 2 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:179.24,181.6 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:183.44,187.5 3 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:188.32,190.5 1 20
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:198.96,199.35 1 38
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:210.2,210.12 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:199.35,200.54 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:200.54,202.29 2 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:207.4,207.17 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:202.29,203.32 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:203.32,205.6 1 19
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:216.138,223.30 2 87
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:238.2,240.36 3 87
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:259.2,261.22 3 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:266.2,269.24 3 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:289.2,291.16 3 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:294.2,295.17 2 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:310.2,311.16 2 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:314.2,314.33 1 82
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:223.30,224.42 1 84
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:233.3,233.54 1 84
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:224.42,226.18 2 91
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:229.4,231.68 3 91
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:226.18,228.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:234.8,236.3 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:240.36,241.12 1 8
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:242.14,244.18 2 4
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:248.15,250.18 2 3
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:254.11,255.69 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:244.18,246.5 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:250.18,252.5 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:261.22,264.3 2 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:270.33,274.62 3 78
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:279.3,279.18 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:283.34,284.87 1 4
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:286.10,287.85 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:274.62,277.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:279.18,281.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:291.16,293.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:295.17,298.17 3 34
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:301.3,302.17 2 34
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:305.3,306.75 2 34
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:298.17,300.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:302.17,304.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:307.8,309.3 1 48
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:311.16,313.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:318.40,319.15 1 4
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:322.2,323.16 2 4
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:326.2,326.11 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:329.2,329.15 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:319.15,321.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:323.16,325.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:326.11,328.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:333.42,334.16 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:337.2,338.16 2 3
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:341.2,341.23 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:344.2,344.15 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:334.16,336.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:338.16,340.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:341.23,343.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:347.90,349.29 2 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:377.2,377.22 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:349.29,350.26 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:353.3,355.38 2 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:350.26,352.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:355.38,356.72 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:359.4,366.41 3 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:356.72,358.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_conversion.go:366.41,374.5 2 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:47.41,49.17 2 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:54.2,54.21 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:57.2,57.12 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:49.17,51.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:51.8,51.23 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:51.23,53.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:54.21,56.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:61.122,71.16 9 688
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:74.2,74.28 1 688
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:71.16,73.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:78.88,83.22 3 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:92.2,92.14 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:83.22,84.23 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:84.23,86.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:86.9,88.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:89.8,89.63 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:89.63,91.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_exec.go:96.77,98.2 1 688
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:123.80,128.21 5 82
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:131.2,131.22 1 82
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:134.2,134.19 1 82
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:137.2,137.10 1 82
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:128.21,130.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:131.22,133.3 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:134.19,136.3 1 4
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:141.119,155.54 4 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:158.2,158.16 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:155.54,157.3 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:162.97,170.2 3 84
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:173.113,179.23 2 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:188.2,188.15 1 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:191.2,191.18 1 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:179.23,180.32 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:183.3,183.30 1 3
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:180.32,182.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:183.30,185.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:188.15,190.3 1 89
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:196.43,198.2 1 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:202.58,204.12 2 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:207.2,208.16 2 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:211.2,211.29 1 91
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:204.12,206.3 1 6
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:208.16,210.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:216.39,224.2 4 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:227.41,231.2 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:234.37,238.2 1 78
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:242.56,250.2 3 1
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:253.44,254.26 1 79
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:259.2,259.14 1 0
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:254.26,255.65 1 79
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:255.65,257.4 1 79
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:263.78,268.13 2 4
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:273.2,273.21 1 4
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:276.2,279.50 3 4
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:282.2,282.10 1 4
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:268.13,270.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:273.21,275.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:279.50,281.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/cni_types.go:285.51,292.2 3 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:20.78,24.16 4 55
-github.com/containers/podman/v3/libpod/network/cni/config.go:27.2,28.16 2 55
-github.com/containers/podman/v3/libpod/network/cni/config.go:32.2,33.32 2 34
-github.com/containers/podman/v3/libpod/network/cni/config.go:24.16,26.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:28.16,30.3 1 21
-github.com/containers/podman/v3/libpod/network/cni/config.go:38.97,40.29 1 103
-github.com/containers/podman/v3/libpod/network/cni/config.go:46.2,46.25 1 103
-github.com/containers/podman/v3/libpod/network/cni/config.go:50.2,50.30 1 102
-github.com/containers/podman/v3/libpod/network/cni/config.go:53.2,53.31 1 102
-github.com/containers/podman/v3/libpod/network/cni/config.go:56.2,56.35 1 102
-github.com/containers/podman/v3/libpod/network/cni/config.go:60.2,63.27 3 102
-github.com/containers/podman/v3/libpod/network/cni/config.go:85.2,86.17 2 99
-github.com/containers/podman/v3/libpod/network/cni/config.go:93.2,93.27 1 99
-github.com/containers/podman/v3/libpod/network/cni/config.go:112.2,112.36 1 93
-github.com/containers/podman/v3/libpod/network/cni/config.go:123.2,126.87 2 87
-github.com/containers/podman/v3/libpod/network/cni/config.go:131.2,132.16 2 87
-github.com/containers/podman/v3/libpod/network/cni/config.go:135.2,135.79 1 82
-github.com/containers/podman/v3/libpod/network/cni/config.go:40.29,42.3 1 27
-github.com/containers/podman/v3/libpod/network/cni/config.go:46.25,48.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:50.30,52.3 1 101
-github.com/containers/podman/v3/libpod/network/cni/config.go:53.31,55.3 1 94
-github.com/containers/podman/v3/libpod/network/cni/config.go:56.35,58.3 1 102
-github.com/containers/podman/v3/libpod/network/cni/config.go:63.27,64.53 1 56
-github.com/containers/podman/v3/libpod/network/cni/config.go:67.3,67.47 1 54
-github.com/containers/podman/v3/libpod/network/cni/config.go:64.53,66.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:67.47,69.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:70.8,72.17 2 46
-github.com/containers/podman/v3/libpod/network/cni/config.go:75.3,75.25 1 46
-github.com/containers/podman/v3/libpod/network/cni/config.go:72.17,74.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:86.17,88.17 2 51
-github.com/containers/podman/v3/libpod/network/cni/config.go:88.17,90.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:94.33,96.54 1 92
-github.com/containers/podman/v3/libpod/network/cni/config.go:99.3,100.17 2 92
-github.com/containers/podman/v3/libpod/network/cni/config.go:103.34,105.17 2 6
-github.com/containers/podman/v3/libpod/network/cni/config.go:108.10,109.93 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:96.54,98.4 1 34
-github.com/containers/podman/v3/libpod/network/cni/config.go:100.17,102.4 1 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:105.17,107.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:112.36,114.17 2 97
-github.com/containers/podman/v3/libpod/network/cni/config.go:117.3,117.51 1 91
-github.com/containers/podman/v3/libpod/network/cni/config.go:114.17,116.4 1 6
-github.com/containers/podman/v3/libpod/network/cni/config.go:117.51,119.4 1 6
-github.com/containers/podman/v3/libpod/network/cni/config.go:126.87,129.3 2 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:132.16,134.3 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:140.59,144.16 4 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:148.2,149.16 2 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:154.2,154.48 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:159.2,159.59 1 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:170.2,173.24 3 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:144.16,146.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:149.16,151.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:154.48,156.3 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:159.59,161.17 2 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:161.17,164.18 2 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:164.18,166.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:179.88,183.16 4 15
-github.com/containers/podman/v3/libpod/network/cni/config.go:187.2,189.33 2 15
-github.com/containers/podman/v3/libpod/network/cni/config.go:198.2,198.22 1 15
-github.com/containers/podman/v3/libpod/network/cni/config.go:183.16,185.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:189.33,190.34 1 120
-github.com/containers/podman/v3/libpod/network/cni/config.go:196.3,196.46 1 52
-github.com/containers/podman/v3/libpod/network/cni/config.go:190.34,192.31 1 99
-github.com/containers/podman/v3/libpod/network/cni/config.go:192.31,193.19 1 68
-github.com/containers/podman/v3/libpod/network/cni/config.go:202.77,206.16 4 18
-github.com/containers/podman/v3/libpod/network/cni/config.go:210.2,211.16 2 18
-github.com/containers/podman/v3/libpod/network/cni/config.go:214.2,214.32 1 16
-github.com/containers/podman/v3/libpod/network/cni/config.go:206.16,208.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:211.16,213.3 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:217.50,218.22 1 6
-github.com/containers/podman/v3/libpod/network/cni/config.go:221.2,221.36 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:230.2,230.31 1 4
-github.com/containers/podman/v3/libpod/network/cni/config.go:235.2,235.12 1 4
-github.com/containers/podman/v3/libpod/network/cni/config.go:218.22,220.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:221.36,223.17 2 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:226.3,226.71 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:223.17,225.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:226.71,228.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:230.31,232.3 1 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:232.8,234.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:238.92,239.36 1 92
-github.com/containers/podman/v3/libpod/network/cni/config.go:255.2,255.31 1 89
-github.com/containers/podman/v3/libpod/network/cni/config.go:264.2,264.25 1 89
-github.com/containers/podman/v3/libpod/network/cni/config.go:290.2,291.12 2 89
-github.com/containers/podman/v3/libpod/network/cni/config.go:239.36,241.63 2 87
-github.com/containers/podman/v3/libpod/network/cni/config.go:244.3,244.62 1 85
-github.com/containers/podman/v3/libpod/network/cni/config.go:241.63,243.4 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:244.62,246.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:247.8,250.17 3 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:250.17,252.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:255.31,257.17 2 24
-github.com/containers/podman/v3/libpod/network/cni/config.go:260.3,260.57 1 24
-github.com/containers/podman/v3/libpod/network/cni/config.go:257.17,259.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:264.25,267.42 3 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:275.3,275.12 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:282.3,282.12 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:267.42,268.37 1 7
-github.com/containers/podman/v3/libpod/network/cni/config.go:271.4,271.37 1 7
-github.com/containers/podman/v3/libpod/network/cni/config.go:268.37,270.5 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:271.37,273.5 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:275.12,277.18 2 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:280.4,280.58 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:277.18,279.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:282.12,284.18 2 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:287.4,287.58 1 3
-github.com/containers/podman/v3/libpod/network/cni/config.go:284.18,286.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:298.88,299.14 1 97
-github.com/containers/podman/v3/libpod/network/cni/config.go:302.2,302.24 1 97
-github.com/containers/podman/v3/libpod/network/cni/config.go:309.2,310.16 2 96
-github.com/containers/podman/v3/libpod/network/cni/config.go:315.2,315.59 1 96
-github.com/containers/podman/v3/libpod/network/cni/config.go:319.2,320.22 2 94
-github.com/containers/podman/v3/libpod/network/cni/config.go:331.2,331.25 1 93
-github.com/containers/podman/v3/libpod/network/cni/config.go:339.2,339.12 1 91
-github.com/containers/podman/v3/libpod/network/cni/config.go:299.14,301.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:302.24,304.3 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:310.16,312.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:315.59,317.3 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:320.22,321.36 1 2
-github.com/containers/podman/v3/libpod/network/cni/config.go:321.36,323.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:324.8,324.23 1 92
-github.com/containers/podman/v3/libpod/network/cni/config.go:324.23,326.17 2 90
-github.com/containers/podman/v3/libpod/network/cni/config.go:329.3,329.17 1 90
-github.com/containers/podman/v3/libpod/network/cni/config.go:326.17,328.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/config.go:331.25,332.78 1 5
-github.com/containers/podman/v3/libpod/network/cni/config.go:335.3,335.74 1 4
-github.com/containers/podman/v3/libpod/network/cni/config.go:332.78,334.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/config.go:335.74,337.4 1 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:74.78,77.16 2 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:81.2,82.30 2 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:86.2,87.25 2 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:90.2,91.16 2 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:95.2,106.15 3 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:77.16,79.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:82.30,84.3 1 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:87.25,89.3 1 68
-github.com/containers/podman/v3/libpod/network/cni/network.go:91.16,93.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:109.43,111.23 1 93
-github.com/containers/podman/v3/libpod/network/cni/network.go:115.2,116.16 2 67
-github.com/containers/podman/v3/libpod/network/cni/network.go:119.2,120.29 2 67
-github.com/containers/podman/v3/libpod/network/cni/network.go:160.2,160.39 1 67
-github.com/containers/podman/v3/libpod/network/cni/network.go:168.2,170.12 3 67
-github.com/containers/podman/v3/libpod/network/cni/network.go:111.23,113.3 1 26
-github.com/containers/podman/v3/libpod/network/cni/network.go:116.16,118.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:120.29,122.17 2 180
-github.com/containers/podman/v3/libpod/network/cni/network.go:130.3,130.47 1 177
-github.com/containers/podman/v3/libpod/network/cni/network.go:135.3,135.86 1 176
-github.com/containers/podman/v3/libpod/network/cni/network.go:140.3,140.41 1 176
-github.com/containers/podman/v3/libpod/network/cni/network.go:145.3,146.17 2 175
-github.com/containers/podman/v3/libpod/network/cni/network.go:150.3,156.36 3 174
-github.com/containers/podman/v3/libpod/network/cni/network.go:122.17,124.27 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:127.4,127.12 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:124.27,126.5 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:130.47,132.12 2 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:135.86,137.12 2 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:140.41,142.12 2 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:146.17,148.12 2 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:160.39,162.17 2 48
-github.com/containers/podman/v3/libpod/network/cni/network.go:165.3,165.43 1 48
-github.com/containers/podman/v3/libpod/network/cni/network.go:162.17,164.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:173.63,183.2 2 48
-github.com/containers/podman/v3/libpod/network/cni/network.go:190.68,192.41 1 23
-github.com/containers/podman/v3/libpod/network/cni/network.go:196.2,197.33 2 5
-github.com/containers/podman/v3/libpod/network/cni/network.go:210.2,210.16 1 4
-github.com/containers/podman/v3/libpod/network/cni/network.go:213.2,213.106 1 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:192.41,194.3 1 18
-github.com/containers/podman/v3/libpod/network/cni/network.go:197.33,199.37 1 9
-github.com/containers/podman/v3/libpod/network/cni/network.go:203.3,203.52 1 9
-github.com/containers/podman/v3/libpod/network/cni/network.go:199.37,201.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:203.52,204.18 1 5
-github.com/containers/podman/v3/libpod/network/cni/network.go:207.4,207.13 1 4
-github.com/containers/podman/v3/libpod/network/cni/network.go:204.18,206.5 1 1
-github.com/containers/podman/v3/libpod/network/cni/network.go:210.16,212.3 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:218.47,221.2 2 262
-github.com/containers/podman/v3/libpod/network/cni/network.go:224.97,233.6 2 25
-github.com/containers/podman/v3/libpod/network/cni/network.go:233.6,234.103 1 27
-github.com/containers/podman/v3/libpod/network/cni/network.go:240.3,242.17 3 2
-github.com/containers/podman/v3/libpod/network/cni/network.go:234.103,239.4 2 25
-github.com/containers/podman/v3/libpod/network/cni/network.go:242.17,244.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:249.97,251.29 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:264.2,264.60 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:251.29,254.17 2 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:257.3,257.104 1 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:254.17,256.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:257.104,262.4 2 3
-github.com/containers/podman/v3/libpod/network/cni/network.go:269.61,272.33 2 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:278.2,279.16 2 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:282.2,282.45 1 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:272.33,273.40 1 64
-github.com/containers/podman/v3/libpod/network/cni/network.go:273.40,275.4 1 65
-github.com/containers/podman/v3/libpod/network/cni/network.go:279.16,281.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:287.58,291.16 4 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:294.2,300.31 5 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:307.2,307.78 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:291.16,293.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/network.go:300.31,302.48 2 57
-github.com/containers/podman/v3/libpod/network/cni/network.go:302.48,305.4 2 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:312.53,314.33 2 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:317.2,317.14 1 51
-github.com/containers/podman/v3/libpod/network/cni/network.go:314.33,316.3 1 64
-github.com/containers/podman/v3/libpod/network/cni/network.go:322.57,324.33 2 138
-github.com/containers/podman/v3/libpod/network/cni/network.go:329.2,329.14 1 138
-github.com/containers/podman/v3/libpod/network/cni/network.go:324.33,325.56 1 115
-github.com/containers/podman/v3/libpod/network/cni/network.go:325.56,327.4 1 111
-github.com/containers/podman/v3/libpod/network/cni/run.go:25.116,29.16 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:33.2,33.25 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:36.2,36.31 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:39.2,39.32 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:42.2,42.46 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:54.2,54.63 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:61.2,61.16 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:65.2,69.15 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:80.2,81.16 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:85.2,86.46 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:123.2,123.21 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:29.16,31.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:33.25,35.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:36.31,38.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:39.32,41.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:42.46,44.21 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:47.3,48.17 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:44.21,46.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:48.17,50.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:54.63,56.17 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:59.3,59.13 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:56.17,58.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:61.16,63.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:69.15,70.20 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:70.20,71.38 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:71.38,73.19 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:73.19,75.6 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:81.16,83.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:86.46,92.91 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:101.3,106.20 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:110.3,112.20 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:115.3,118.20 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:121.3,121.25 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:92.91,96.21 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:96.21,98.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:106.20,108.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:112.20,114.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:118.20,120.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:128.78,131.55 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:138.2,142.35 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:172.2,173.20 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:131.55,133.16 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:136.3,136.40 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:133.16,135.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:142.35,143.26 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:147.3,147.49 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:150.3,152.9 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:143.26,145.12 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:147.49,149.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:152.9,158.4 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:158.9,160.18 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:163.4,169.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:160.18,162.5 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:177.86,178.33 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:181.1,182.39 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:190.2,190.63 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:193.2,193.12 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:178.33,180.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:182.39,183.47 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:188.3,188.118 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:183.47,184.29 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:184.29,185.19 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:190.63,192.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:196.141,213.68 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:220.2,220.29 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:224.2,224.30 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:235.2,235.27 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:242.2,242.20 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:246.2,246.11 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:213.68,214.66 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:214.66,216.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:220.29,222.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:224.30,228.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:228.8,228.36 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:228.36,232.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:235.27,239.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:242.20,244.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:250.90,254.16 4 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:257.2,257.43 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:254.16,256.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:260.90,265.16 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:269.2,270.46 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:291.2,291.30 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:265.16,267.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:270.46,274.17 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:286.3,287.17 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:274.17,276.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:276.9,279.22 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:283.4,283.32 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:279.22,281.13 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:287.17,289.4 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:294.149,299.16 3 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:305.2,306.16 2 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:309.2,309.29 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:299.16,301.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:301.8,301.29 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:301.29,303.3 1 0
-github.com/containers/podman/v3/libpod/network/cni/run.go:306.16,308.3 1 0
diff --git a/vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go b/vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go
index 5574b2b1c5..36ac468de5 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/cni_conversion.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -127,70 +128,76 @@ func findPluginByName(plugins []*libcni.NetworkConfig, name string) bool {
 // convertIPAMConfToNetwork converts A cni IPAMConfig to libpod network subnets.
 // It returns an array of subnets and an extra bool if dhcp is configured.
 func convertIPAMConfToNetwork(network *types.Network, ipam *ipamConfig, confPath string) error {
-	if ipam.PluginType == types.DHCPIPAMDriver {
-		network.IPAMOptions["driver"] = types.DHCPIPAMDriver
-		return nil
-	}
-
-	if ipam.PluginType != types.HostLocalIPAMDriver {
-		return errors.Errorf("unsupported ipam plugin %s in %s", ipam.PluginType, confPath)
-	}
-
-	network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
-	for _, r := range ipam.Ranges {
-		for _, ipam := range r {
-			s := types.Subnet{}
-
-			// Do not use types.ParseCIDR() because we want the ip to be
-			// the network address and not a random ip in the sub.
-			_, sub, err := net.ParseCIDR(ipam.Subnet)
-			if err != nil {
-				return err
-			}
-			s.Subnet = types.IPNet{IPNet: *sub}
-
-			// gateway
-			var gateway net.IP
-			if ipam.Gateway != "" {
-				gateway = net.ParseIP(ipam.Gateway)
-				if gateway == nil {
-					return errors.Errorf("failed to parse gateway ip %s", ipam.Gateway)
-				}
-				// convert to 4 byte if ipv4
-				util.NormalizeIP(&gateway)
-			} else if !network.Internal {
-				// only add a gateway address if the network is not internal
-				gateway, err = util.FirstIPInSubnet(sub)
+	switch ipam.PluginType {
+	case "":
+		network.IPAMOptions[types.Driver] = types.NoneIPAMDriver
+	case types.DHCPIPAMDriver:
+		network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
+	case types.HostLocalIPAMDriver:
+		network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
+		for _, r := range ipam.Ranges {
+			for _, ipam := range r {
+				s := types.Subnet{}
+
+				// Do not use types.ParseCIDR() because we want the ip to be
+				// the network address and not a random ip in the sub.
+				_, sub, err := net.ParseCIDR(ipam.Subnet)
 				if err != nil {
-					return errors.Errorf("failed to get first ip in subnet %s", sub.String())
+					return err
 				}
-			}
-			s.Gateway = gateway
-
-			var rangeStart net.IP
-			var rangeEnd net.IP
-			if ipam.RangeStart != "" {
-				rangeStart = net.ParseIP(ipam.RangeStart)
-				if rangeStart == nil {
-					return errors.Errorf("failed to parse range start ip %s", ipam.RangeStart)
+				s.Subnet = types.IPNet{IPNet: *sub}
+
+				// gateway
+				var gateway net.IP
+				if ipam.Gateway != "" {
+					gateway = net.ParseIP(ipam.Gateway)
+					if gateway == nil {
+						return errors.Errorf("failed to parse gateway ip %s", ipam.Gateway)
+					}
+					// convert to 4 byte if ipv4
+					util.NormalizeIP(&gateway)
+				} else if !network.Internal {
+					// only add a gateway address if the network is not internal
+					gateway, err = util.FirstIPInSubnet(sub)
+					if err != nil {
+						return errors.Errorf("failed to get first ip in subnet %s", sub.String())
+					}
 				}
-			}
-			if ipam.RangeEnd != "" {
-				rangeEnd = net.ParseIP(ipam.RangeEnd)
-				if rangeEnd == nil {
-					return errors.Errorf("failed to parse range end ip %s", ipam.RangeEnd)
+				s.Gateway = gateway
+
+				var rangeStart net.IP
+				var rangeEnd net.IP
+				if ipam.RangeStart != "" {
+					rangeStart = net.ParseIP(ipam.RangeStart)
+					if rangeStart == nil {
+						return errors.Errorf("failed to parse range start ip %s", ipam.RangeStart)
+					}
 				}
+				if ipam.RangeEnd != "" {
+					rangeEnd = net.ParseIP(ipam.RangeEnd)
+					if rangeEnd == nil {
+						return errors.Errorf("failed to parse range end ip %s", ipam.RangeEnd)
+					}
+				}
+				if rangeStart != nil || rangeEnd != nil {
+					s.LeaseRange = &types.LeaseRange{}
+					s.LeaseRange.StartIP = rangeStart
+					s.LeaseRange.EndIP = rangeEnd
+				}
+				if util.IsIPv6(s.Subnet.IP) {
+					network.IPv6Enabled = true
+				}
+				network.Subnets = append(network.Subnets, s)
 			}
-			if rangeStart != nil || rangeEnd != nil {
-				s.LeaseRange = &types.LeaseRange{}
-				s.LeaseRange.StartIP = rangeStart
-				s.LeaseRange.EndIP = rangeEnd
-			}
-			if util.IsIPv6(s.Subnet.IP) {
-				network.IPv6Enabled = true
-			}
-			network.Subnets = append(network.Subnets, s)
 		}
+	default:
+		// This is not an error. While we only support certain ipam drivers, we
+		// cannot make it fail for unsupported ones. CNI is still able to use them,
+		// just our translation logic cannot convert this into a Network.
+		// For the same reason this is not warning, it would just be annoying for
+		// everyone using a unknown ipam driver.
+		logrus.Infof("unsupported ipam plugin %q in %s", ipam.PluginType, confPath)
+		network.IPAMOptions[types.Driver] = ipam.PluginType
 	}
 	return nil
 }
@@ -218,10 +225,13 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 	var (
 		routes     []ipamRoute
 		ipamRanges [][]ipamLocalHostRangeConf
-		ipamConf   ipamConfig
+		ipamConf   *ipamConfig
 		err        error
 	)
-	if len(network.Subnets) > 0 {
+
+	ipamDriver := network.IPAMOptions[types.Driver]
+	switch ipamDriver {
+	case types.HostLocalIPAMDriver:
 		defIpv4Route := false
 		defIpv6Route := false
 		for _, subnet := range network.Subnets {
@@ -250,46 +260,20 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 				routes = append(routes, route)
 			}
 		}
-		ipamConf = newIPAMHostLocalConf(routes, ipamRanges)
-	} else {
-		ipamConf = ipamConfig{PluginType: "dhcp"}
-	}
+		conf := newIPAMHostLocalConf(routes, ipamRanges)
+		ipamConf = &conf
+	case types.DHCPIPAMDriver:
+		ipamConf = &ipamConfig{PluginType: "dhcp"}
 
-	vlan := 0
-	mtu := 0
-	vlanPluginMode := ""
-	for k, v := range network.Options {
-		switch k {
-		case "mtu":
-			mtu, err = internalutil.ParseMTU(v)
-			if err != nil {
-				return nil, "", err
-			}
-
-		case "vlan":
-			vlan, err = internalutil.ParseVlan(v)
-			if err != nil {
-				return nil, "", err
-			}
-
-		case "mode":
-			switch network.Driver {
-			case types.MacVLANNetworkDriver:
-				if !pkgutil.StringInSlice(v, types.ValidMacVLANModes) {
-					return nil, "", errors.Errorf("unknown macvlan mode %q", v)
-				}
-			case types.IPVLANNetworkDriver:
-				if !pkgutil.StringInSlice(v, types.ValidIPVLANModes) {
-					return nil, "", errors.Errorf("unknown ipvlan mode %q", v)
-				}
-			default:
-				return nil, "", errors.Errorf("cannot set option \"mode\" with driver %q", network.Driver)
-			}
-			vlanPluginMode = v
+	case types.NoneIPAMDriver:
+		// do nothing
+	default:
+		return nil, "", errors.Errorf("unsupported ipam driver %q", ipamDriver)
+	}
 
-		default:
-			return nil, "", errors.Errorf("unsupported network option %s", k)
-		}
+	opts, err := parseOptions(network.Options, network.Driver)
+	if err != nil {
+		return nil, "", err
 	}
 
 	isGateway := true
@@ -307,7 +291,7 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 
 	switch network.Driver {
 	case types.BridgeNetworkDriver:
-		bridge := newHostLocalBridge(network.NetworkInterface, isGateway, ipMasq, mtu, vlan, &ipamConf)
+		bridge := newHostLocalBridge(network.NetworkInterface, isGateway, ipMasq, opts.mtu, opts.vlan, ipamConf)
 		plugins = append(plugins, bridge, newPortMapPlugin(), newFirewallPlugin(), newTuningPlugin())
 		// if we find the dnsname plugin we add configuration for it
 		if hasDNSNamePlugin(n.cniPluginDirs) && network.DNSEnabled {
@@ -316,10 +300,10 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 		}
 
 	case types.MacVLANNetworkDriver:
-		plugins = append(plugins, newVLANPlugin(types.MacVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, &ipamConf))
+		plugins = append(plugins, newVLANPlugin(types.MacVLANNetworkDriver, network.NetworkInterface, opts.vlanPluginMode, opts.mtu, ipamConf))
 
 	case types.IPVLANNetworkDriver:
-		plugins = append(plugins, newVLANPlugin(types.IPVLANNetworkDriver, network.NetworkInterface, vlanPluginMode, mtu, &ipamConf))
+		plugins = append(plugins, newVLANPlugin(types.IPVLANNetworkDriver, network.NetworkInterface, opts.vlanPluginMode, opts.mtu, ipamConf))
 
 	default:
 		return nil, "", errors.Errorf("driver %q is not supported by cni", network.Driver)
@@ -395,3 +379,48 @@ func removeMachinePlugin(conf *libcni.NetworkConfigList) *libcni.NetworkConfigLi
 	conf.Plugins = plugins
 	return conf
 }
+
+type options struct {
+	vlan           int
+	mtu            int
+	vlanPluginMode string
+}
+
+func parseOptions(networkOptions map[string]string, networkDriver string) (*options, error) {
+	opt := &options{}
+	var err error
+	for k, v := range networkOptions {
+		switch k {
+		case "mtu":
+			opt.mtu, err = internalutil.ParseMTU(v)
+			if err != nil {
+				return nil, err
+			}
+
+		case "vlan":
+			opt.vlan, err = internalutil.ParseVlan(v)
+			if err != nil {
+				return nil, err
+			}
+
+		case "mode":
+			switch networkDriver {
+			case types.MacVLANNetworkDriver:
+				if !pkgutil.StringInSlice(v, types.ValidMacVLANModes) {
+					return nil, errors.Errorf("unknown macvlan mode %q", v)
+				}
+			case types.IPVLANNetworkDriver:
+				if !pkgutil.StringInSlice(v, types.ValidIPVLANModes) {
+					return nil, errors.Errorf("unknown ipvlan mode %q", v)
+				}
+			default:
+				return nil, errors.Errorf("cannot set option \"mode\" with driver %q", networkDriver)
+			}
+			opt.vlanPluginMode = v
+
+		default:
+			return nil, errors.Errorf("unsupported network option %s", k)
+		}
+	}
+	return opt, nil
+}
diff --git a/vendor/github.com/containers/common/libnetwork/cni/cni_exec.go b/vendor/github.com/containers/common/libnetwork/cni/cni_exec.go
index c66e7ef5d7..6bfa8d63b1 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/cni_exec.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/cni_exec.go
@@ -16,6 +16,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+//go:build linux
 // +build linux
 
 package cni
diff --git a/vendor/github.com/containers/common/libnetwork/cni/cni_types.go b/vendor/github.com/containers/common/libnetwork/cni/cni_types.go
index fbfcd49ad3..25cc173a67 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/cni_types.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/cni_types.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -144,11 +145,13 @@ func newHostLocalBridge(name string, isGateWay, ipMasq bool, mtu, vlan int, ipam
 		MTU:         mtu,
 		HairpinMode: true,
 		Vlan:        vlan,
-		IPAM:        *ipamConf,
 	}
-	// if we use host-local set the ips cap to ensure we can set static ips via runtime config
-	if ipamConf.PluginType == types.HostLocalIPAMDriver {
-		bridge.Capabilities = caps
+	if ipamConf != nil {
+		bridge.IPAM = *ipamConf
+		// if we use host-local set the ips cap to ensure we can set static ips via runtime config
+		if ipamConf.PluginType == types.HostLocalIPAMDriver {
+			bridge.Capabilities = caps
+		}
 	}
 	return &bridge
 }
@@ -258,7 +261,9 @@ func hasDNSNamePlugin(paths []string) bool {
 func newVLANPlugin(pluginType, device, mode string, mtu int, ipam *ipamConfig) VLANConfig {
 	m := VLANConfig{
 		PluginType: pluginType,
-		IPAM:       *ipam,
+	}
+	if ipam != nil {
+		m.IPAM = *ipam
 	}
 	if mtu > 0 {
 		m.MTU = mtu
diff --git a/vendor/github.com/containers/common/libnetwork/cni/config.go b/vendor/github.com/containers/common/libnetwork/cni/config.go
index b1f89400cf..e94a53db68 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/config.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/config.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -52,6 +53,11 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
 		return nil, err
 	}
 
+	err = validateIPAMDriver(newNetwork)
+	if err != nil {
+		return nil, err
+	}
+
 	// Only get the used networks for validation if we do not create the default network.
 	// The default network should not be validated against used subnets, we have to ensure
 	// that this network can always be created even when a subnet is already used on the host.
@@ -69,7 +75,7 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
 
 	switch newNetwork.Driver {
 	case types.BridgeNetworkDriver:
-		err = internalutil.CreateBridge(n, newNetwork, usedNetworks)
+		err = internalutil.CreateBridge(n, newNetwork, usedNetworks, n.defaultsubnetPools)
 		if err != nil {
 			return nil, err
 		}
@@ -90,6 +96,9 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
 	// generate the network ID
 	newNetwork.ID = getNetworkIDFromName(newNetwork.Name)
 
+	// when we do not have ipam we must disable dns
+	internalutil.IpamNoneDisableDns(newNetwork)
+
 	// FIXME: Should this be a hard error?
 	if newNetwork.DNSEnabled && newNetwork.Internal && hasDNSNamePlugin(n.cniPluginDirs) {
 		logrus.Warnf("dnsname and internal networks are incompatible. dnsname plugin not configured for network %s", newNetwork.Name)
@@ -187,9 +196,6 @@ func (n *cniNetwork) NetworkInspect(nameOrID string) (types.Network, error) {
 }
 
 func createIPMACVLAN(network *types.Network) error {
-	if network.Internal {
-		return errors.New("internal is not supported with macvlan")
-	}
 	if network.NetworkInterface != "" {
 		interfaceNames, err := internalutil.GetLiveNetworkNames()
 		if err != nil {
@@ -199,10 +205,38 @@ func createIPMACVLAN(network *types.Network) error {
 			return errors.Errorf("parent interface %s does not exist", network.NetworkInterface)
 		}
 	}
-	if len(network.Subnets) == 0 {
-		network.IPAMOptions["driver"] = types.DHCPIPAMDriver
-	} else {
-		network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+
+	switch network.IPAMOptions[types.Driver] {
+	// set default
+	case "":
+		if len(network.Subnets) == 0 {
+			// if no subnets and no driver choose dhcp
+			network.IPAMOptions[types.Driver] = types.DHCPIPAMDriver
+		} else {
+			network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
+		}
+	case types.HostLocalIPAMDriver:
+		if len(network.Subnets) == 0 {
+			return errors.New("host-local ipam driver set but no subnets are given")
+		}
+	}
+
+	if network.IPAMOptions[types.Driver] == types.DHCPIPAMDriver && network.Internal {
+		return errors.New("internal is not supported with macvlan and dhcp ipam driver")
+	}
+	return nil
+}
+
+func validateIPAMDriver(n *types.Network) error {
+	ipamDriver := n.IPAMOptions[types.Driver]
+	switch ipamDriver {
+	case "", types.HostLocalIPAMDriver:
+	case types.DHCPIPAMDriver, types.NoneIPAMDriver:
+		if len(n.Subnets) > 0 {
+			return errors.Errorf("%s ipam driver is set but subnets are given", ipamDriver)
+		}
+	default:
+		return errors.Errorf("unsupported ipam driver %q", ipamDriver)
 	}
 	return nil
 }
diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go
index 9582272352..82b9cbd2e5 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/network.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/network.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -13,6 +14,7 @@ import (
 
 	"github.com/containernetworking/cni/libcni"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -31,6 +33,9 @@ type cniNetwork struct {
 	// defaultSubnet is the default subnet for the default network.
 	defaultSubnet types.IPNet
 
+	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	defaultsubnetPools []config.SubnetPool
+
 	// isMachine describes whenever podman runs in a podman machine environment.
 	isMachine bool
 
@@ -62,6 +67,9 @@ type InitConfig struct {
 	// DefaultSubnet is the default subnet for the default network.
 	DefaultSubnet string
 
+	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	DefaultsubnetPools []config.SubnetPool
+
 	// IsMachine describes whenever podman runs in a podman machine environment.
 	IsMachine bool
 }
@@ -89,15 +97,21 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, errors.Wrap(err, "failed to parse default subnet")
 	}
 
+	defaultSubnetPools := conf.DefaultsubnetPools
+	if defaultSubnetPools == nil {
+		defaultSubnetPools = config.DefaultSubnetPools
+	}
+
 	cni := libcni.NewCNIConfig(conf.CNIPluginDirs, &cniExec{})
 	n := &cniNetwork{
-		cniConfigDir:   conf.CNIConfigDir,
-		cniPluginDirs:  conf.CNIPluginDirs,
-		cniConf:        cni,
-		defaultNetwork: defaultNetworkName,
-		defaultSubnet:  defaultNet,
-		isMachine:      conf.IsMachine,
-		lock:           lock,
+		cniConfigDir:       conf.CNIConfigDir,
+		cniPluginDirs:      conf.CNIPluginDirs,
+		cniConf:            cni,
+		defaultNetwork:     defaultNetworkName,
+		defaultSubnet:      defaultNet,
+		defaultsubnetPools: defaultSubnetPools,
+		isMachine:          conf.IsMachine,
+		lock:               lock,
 	}
 
 	return n, nil
diff --git a/vendor/github.com/containers/common/libnetwork/cni/run.go b/vendor/github.com/containers/common/libnetwork/cni/run.go
index af05d9d9d5..c7fa86ed0a 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/run.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/run.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cni
@@ -124,35 +125,38 @@ func CNIResultToStatus(res cnitypes.Result) (types.StatusBlock, error) {
 	result.DNSSearchDomains = cniResult.DNS.Search
 
 	interfaces := make(map[string]types.NetInterface)
-	for _, ip := range cniResult.IPs {
-		if ip.Interface == nil {
-			// we do no expect ips without an interface
+	for intIndex, netInterface := range cniResult.Interfaces {
+		// we are only interested about interfaces in the container namespace
+		if netInterface.Sandbox == "" {
 			continue
 		}
-		if len(cniResult.Interfaces) <= *ip.Interface {
-			return result, errors.Errorf("invalid cni result, interface index %d out of range", *ip.Interface)
+
+		mac, err := net.ParseMAC(netInterface.Mac)
+		if err != nil {
+			return result, err
 		}
-		cniInt := cniResult.Interfaces[*ip.Interface]
-		netInt, ok := interfaces[cniInt.Name]
-		if ok {
-			netInt.Subnets = append(netInt.Subnets, types.NetAddress{
-				IPNet:   types.IPNet{IPNet: ip.Address},
-				Gateway: ip.Gateway,
-			})
-			interfaces[cniInt.Name] = netInt
-		} else {
-			mac, err := net.ParseMAC(cniInt.Mac)
-			if err != nil {
-				return result, err
+		subnets := make([]types.NetAddress, 0, len(cniResult.IPs))
+		for _, ip := range cniResult.IPs {
+			if ip.Interface == nil {
+				// we do no expect ips without an interface
+				continue
 			}
-			interfaces[cniInt.Name] = types.NetInterface{
-				MacAddress: types.HardwareAddr(mac),
-				Subnets: []types.NetAddress{{
+			if len(cniResult.Interfaces) <= *ip.Interface {
+				return result, errors.Errorf("invalid cni result, interface index %d out of range", *ip.Interface)
+			}
+
+			// when we have a ip for this interface add it to the subnets
+			if *ip.Interface == intIndex {
+				subnets = append(subnets, types.NetAddress{
 					IPNet:   types.IPNet{IPNet: ip.Address},
 					Gateway: ip.Gateway,
-				}},
+				})
 			}
 		}
+		interfaces[netInterface.Name] = types.NetInterface{
+			MacAddress: types.HardwareAddr(mac),
+			Subnets:    subnets,
+		}
 	}
 	result.Interfaces = interfaces
 	return result, nil
diff --git a/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go b/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
index 27ad0a4fbb..bfa72808dd 100644
--- a/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
@@ -5,11 +5,12 @@ import (
 
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/libnetwork/util"
+	"github.com/containers/common/pkg/config"
 	pkgutil "github.com/containers/common/pkg/util"
 	"github.com/pkg/errors"
 )
 
-func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet) error {
+func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet, subnetPools []config.SubnetPool) error {
 	if network.NetworkInterface != "" {
 		bridges := GetBridgeInterfaceNames(n)
 		if pkgutil.StringInSlice(network.NetworkInterface, bridges) {
@@ -26,9 +27,11 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet)
 		}
 	}
 
-	if network.IPAMOptions["driver"] != types.DHCPIPAMDriver {
+	ipamDriver := network.IPAMOptions[types.Driver]
+	// also do this when the driver is unset
+	if ipamDriver == "" || ipamDriver == types.HostLocalIPAMDriver {
 		if len(network.Subnets) == 0 {
-			freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks)
+			freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
 			if err != nil {
 				return err
 			}
@@ -48,7 +51,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet)
 				}
 			}
 			if !ipv4 {
-				freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks)
+				freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
 				if err != nil {
 					return err
 				}
@@ -62,7 +65,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet)
 				network.Subnets = append(network.Subnets, *freeSubnet)
 			}
 		}
-		network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
+		network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
 	}
 	return nil
 }
diff --git a/vendor/github.com/containers/common/libnetwork/internal/util/create.go b/vendor/github.com/containers/common/libnetwork/internal/util/create.go
index ccb0f001a5..c1a4bee757 100644
--- a/vendor/github.com/containers/common/libnetwork/internal/util/create.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/create.go
@@ -3,6 +3,7 @@ package util
 import (
 	"github.com/containers/common/libnetwork/types"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 func CommonNetworkCreate(n NetUtil, network *types.Network) error {
@@ -39,3 +40,10 @@ func CommonNetworkCreate(n NetUtil, network *types.Network) error {
 	}
 	return nil
 }
+
+func IpamNoneDisableDns(network *types.Network) {
+	if network.IPAMOptions[types.Driver] == types.NoneIPAMDriver {
+		logrus.Debugf("dns disabled for network %q because ipam driver is set to none", network.Name)
+		network.DNSEnabled = false
+	}
+}
diff --git a/vendor/github.com/containers/common/libnetwork/internal/util/ip.go b/vendor/github.com/containers/common/libnetwork/internal/util/ip.go
index 8f00a2a556..6dc5d93253 100644
--- a/vendor/github.com/containers/common/libnetwork/internal/util/ip.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/ip.go
@@ -11,11 +11,15 @@ func incByte(subnet *net.IPNet, idx int, shift uint) error {
 	if idx < 0 {
 		return errors.New("no more subnets left")
 	}
-	if subnet.IP[idx] == 255 {
-		subnet.IP[idx] = 0
-		return incByte(subnet, idx-1, 0)
+
+	var val byte = 1 << shift
+	// if overflow we have to inc the previous byte
+	if uint(subnet.IP[idx])+uint(val) > 255 {
+		if err := incByte(subnet, idx-1, 0); err != nil {
+			return err
+		}
 	}
-	subnet.IP[idx] += 1 << shift
+	subnet.IP[idx] += val
 	return nil
 }
 
@@ -31,10 +35,7 @@ func NextSubnet(subnet *net.IPNet) (*net.IPNet, error) {
 	}
 	zeroes := uint(bits - ones)
 	shift := zeroes % 8
-	idx := ones/8 - 1
-	if idx < 0 {
-		idx = 0
-	}
+	idx := (ones - 1) / 8
 	if err := incByte(newSubnet, idx, shift); err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/containers/common/libnetwork/internal/util/util.go b/vendor/github.com/containers/common/libnetwork/internal/util/util.go
index 8138d9fbc4..0ae8b6443b 100644
--- a/vendor/github.com/containers/common/libnetwork/internal/util/util.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/util.go
@@ -6,6 +6,7 @@ import (
 	"net"
 
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/util"
 	"github.com/sirupsen/logrus"
 )
@@ -79,28 +80,36 @@ func GetUsedSubnets(n NetUtil) ([]*net.IPNet, error) {
 }
 
 // GetFreeIPv4NetworkSubnet returns a unused ipv4 subnet
-func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) {
-	// the default podman network is 10.88.0.0/16
-	// start locking for free /24 networks
-	network := &net.IPNet{
-		IP:   net.IP{10, 89, 0, 0},
-		Mask: net.IPMask{255, 255, 255, 0},
-	}
-
-	// TODO: make sure to not use public subnets
-	for {
-		if intersectsConfig := NetworkIntersectsWithNetworks(network, usedNetworks); !intersectsConfig {
-			logrus.Debugf("found free ipv4 network subnet %s", network.String())
-			return &types.Subnet{
-				Subnet: types.IPNet{IPNet: *network},
-			}, nil
+func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.SubnetPool) (*types.Subnet, error) {
+	var err error
+	for _, pool := range subnetPools {
+		// make sure to copy the netip to prevent overwriting the subnet pool
+		netIP := make(net.IP, net.IPv4len)
+		copy(netIP, pool.Base.IP)
+		network := &net.IPNet{
+			IP:   netIP,
+			Mask: net.CIDRMask(pool.Size, 32),
 		}
-		var err error
-		network, err = NextSubnet(network)
-		if err != nil {
-			return nil, err
+		for pool.Base.Contains(network.IP) {
+			if !NetworkIntersectsWithNetworks(network, usedNetworks) {
+				logrus.Debugf("found free ipv4 network subnet %s", network.String())
+				return &types.Subnet{
+					Subnet: types.IPNet{IPNet: *network},
+				}, nil
+			}
+			network, err = NextSubnet(network)
+			if err != nil {
+				// when error go to next pool, we return the error only when all pools are done
+				break
+			}
 		}
 	}
+
+	if err != nil {
+		return nil, err
+	}
+	return nil, errors.New("could not find free subnet from subnet pools")
+
 }
 
 // GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet
diff --git a/vendor/github.com/containers/common/libnetwork/internal/util/validate.go b/vendor/github.com/containers/common/libnetwork/internal/util/validate.go
index ac3934f8df..4dd44110aa 100644
--- a/vendor/github.com/containers/common/libnetwork/internal/util/validate.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/validate.go
@@ -109,7 +109,7 @@ func validatePerNetworkOpts(network *types.Network, netOpts *types.PerNetworkOpt
 	if netOpts.InterfaceName == "" {
 		return errors.Errorf("interface name on network %s is empty", network.Name)
 	}
-	if network.IPAMOptions["driver"] == types.HostLocalIPAMDriver {
+	if network.IPAMOptions[types.Driver] == types.HostLocalIPAMDriver {
 	outer:
 		for _, ip := range netOpts.StaticIPs {
 			for _, s := range network.Subnets {
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/config.go b/vendor/github.com/containers/common/libnetwork/netavark/config.go
index 16b4e5c53b..6a08de55ce 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/config.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -66,6 +67,11 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 		return nil, err
 	}
 
+	err = validateIPAMDriver(newNetwork)
+	if err != nil {
+		return nil, err
+	}
+
 	// Only get the used networks for validation if we do not create the default network.
 	// The default network should not be validated against used subnets, we have to ensure
 	// that this network can always be created even when a subnet is already used on the host.
@@ -83,7 +89,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 
 	switch newNetwork.Driver {
 	case types.BridgeNetworkDriver:
-		err = internalutil.CreateBridge(n, newNetwork, usedNetworks)
+		err = internalutil.CreateBridge(n, newNetwork, usedNetworks, n.defaultsubnetPools)
 		if err != nil {
 			return nil, err
 		}
@@ -115,7 +121,10 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 		return nil, errors.Wrapf(types.ErrInvalidArg, "unsupported driver %s", newNetwork.Driver)
 	}
 
-	// add gatway when not internal or dns enabled
+	// when we do not have ipam we must disable dns
+	internalutil.IpamNoneDisableDns(newNetwork)
+
+	// add gateway when not internal or dns enabled
 	addGateway := !newNetwork.Internal || newNetwork.DNSEnabled
 	err = internalutil.ValidateSubnets(newNetwork, addGateway, usedNetworks)
 	if err != nil {
@@ -130,6 +139,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 		if err != nil {
 			return nil, err
 		}
+		defer f.Close()
 		enc := json.NewEncoder(f)
 		enc.SetIndent("", "     ")
 		err = enc.Encode(newNetwork)
@@ -142,9 +152,6 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 }
 
 func createMacvlan(network *types.Network) error {
-	if network.Internal {
-		return errors.New("internal is not supported with macvlan")
-	}
 	if network.NetworkInterface != "" {
 		interfaceNames, err := internalutil.GetLiveNetworkNames()
 		if err != nil {
@@ -154,10 +161,19 @@ func createMacvlan(network *types.Network) error {
 			return errors.Errorf("parent interface %s does not exist", network.NetworkInterface)
 		}
 	}
-	if len(network.Subnets) == 0 {
-		return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not supported with netavark")
+
+	// we already validated the drivers before so we just have to set the default here
+	switch network.IPAMOptions[types.Driver] {
+	case "":
+		if len(network.Subnets) == 0 {
+			return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not yet supported with netavark")
+		}
+		network.IPAMOptions[types.Driver] = types.HostLocalIPAMDriver
+	case types.HostLocalIPAMDriver:
+		if len(network.Subnets) == 0 {
+			return errors.Errorf("macvlan driver needs at least one subnet specified, when the host-local ipam driver is set")
+		}
 	}
-	network.IPAMOptions["driver"] = types.HostLocalIPAMDriver
 
 	// validate the given options, we do not need them but just check to make sure they are valid
 	for key, value := range network.Options {
@@ -247,3 +263,19 @@ func (n *netavarkNetwork) NetworkInspect(nameOrID string) (types.Network, error)
 	}
 	return *network, nil
 }
+
+func validateIPAMDriver(n *types.Network) error {
+	ipamDriver := n.IPAMOptions[types.Driver]
+	switch ipamDriver {
+	case "", types.HostLocalIPAMDriver:
+	case types.NoneIPAMDriver:
+		if len(n.Subnets) > 0 {
+			return errors.New("none ipam driver is set but subnets are given")
+		}
+	case types.DHCPIPAMDriver:
+		return errors.New("dhcp ipam driver is not yet supported with netavark")
+	default:
+		return errors.Errorf("unsupported ipam driver %q", ipamDriver)
+	}
+	return nil
+}
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/const.go b/vendor/github.com/containers/common/libnetwork/netavark/const.go
index 9709315c6c..29a7b4f2a5 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/const.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/const.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/exec.go b/vendor/github.com/containers/common/libnetwork/netavark/exec.go
index 1812b90843..ac87c5438b 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/exec.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/exec.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/ipam.go b/vendor/github.com/containers/common/libnetwork/netavark/ipam.go
index f99d099cad..c0535515a9 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/ipam.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/ipam.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -361,7 +362,7 @@ func (n *netavarkNetwork) deallocIPs(opts *types.NetworkOptions) error {
 // it checks the ipam driver and if subnets are set
 func requiresIPAMAlloc(network *types.Network) bool {
 	// only do host allocation when driver is set to HostLocalIPAMDriver or unset
-	switch network.IPAMOptions["driver"] {
+	switch network.IPAMOptions[types.Driver] {
 	case "", types.HostLocalIPAMDriver:
 	default:
 		return false
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/network.go b/vendor/github.com/containers/common/libnetwork/netavark/network.go
index efea36fec2..15d1f03ebe 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/network.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -12,6 +13,7 @@ import (
 
 	"github.com/containers/common/libnetwork/internal/util"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/pkg/errors"
@@ -38,6 +40,9 @@ type netavarkNetwork struct {
 	// defaultSubnet is the default subnet for the default network.
 	defaultSubnet types.IPNet
 
+	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	defaultsubnetPools []config.SubnetPool
+
 	// ipamDBPath is the path to the ip allocation bolt db
 	ipamDBPath string
 
@@ -72,6 +77,9 @@ type InitConfig struct {
 	// DefaultSubnet is the default subnet for the default network.
 	DefaultSubnet string
 
+	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	DefaultsubnetPools []config.SubnetPool
+
 	// Syslog describes whenever the netavark debbug output should be log to the syslog as well.
 	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
 	Syslog bool
@@ -108,17 +116,23 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, err
 	}
 
+	defaultSubnetPools := conf.DefaultsubnetPools
+	if defaultSubnetPools == nil {
+		defaultSubnetPools = config.DefaultSubnetPools
+	}
+
 	n := &netavarkNetwork{
-		networkConfigDir: conf.NetworkConfigDir,
-		networkRunDir:    conf.NetworkRunDir,
-		netavarkBinary:   conf.NetavarkBinary,
-		aardvarkBinary:   conf.AardvarkBinary,
-		networkRootless:  unshare.IsRootless(),
-		ipamDBPath:       filepath.Join(conf.NetworkRunDir, "ipam.db"),
-		defaultNetwork:   defaultNetworkName,
-		defaultSubnet:    defaultNet,
-		lock:             lock,
-		syslog:           conf.Syslog,
+		networkConfigDir:   conf.NetworkConfigDir,
+		networkRunDir:      conf.NetworkRunDir,
+		netavarkBinary:     conf.NetavarkBinary,
+		aardvarkBinary:     conf.AardvarkBinary,
+		networkRootless:    unshare.IsRootless(),
+		ipamDBPath:         filepath.Join(conf.NetworkRunDir, "ipam.db"),
+		defaultNetwork:     defaultNetworkName,
+		defaultSubnet:      defaultNet,
+		defaultsubnetPools: defaultSubnetPools,
+		lock:               lock,
+		syslog:             conf.Syslog,
 	}
 
 	return n, nil
@@ -231,7 +245,7 @@ func parseNetwork(network *types.Network) error {
 		return errors.Errorf("invalid network ID %q", network.ID)
 	}
 
-	// add gatway when not internal or dns enabled
+	// add gateway when not internal or dns enabled
 	addGateway := !network.Internal || network.DNSEnabled
 	return util.ValidateSubnets(network, addGateway, nil)
 }
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/run.go b/vendor/github.com/containers/common/libnetwork/netavark/run.go
index 0a9dc37042..c5aa181fd3 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/run.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/run.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netavark
@@ -44,6 +45,16 @@ func (n *netavarkNetwork) Setup(namespacePath string, options types.SetupOptions
 		return nil, errors.Wrap(err, "failed to convert net opts")
 	}
 
+	// Warn users if one or more networks have dns enabled
+	// but aardvark-dns binary is not configured
+	for _, network := range netavarkOpts.Networks {
+		if network != nil && network.DNSEnabled && n.aardvarkBinary == "" {
+			// this is not a fatal error we can still use container without dns
+			logrus.Warnf("aardvark-dns binary not found, container dns will not be enabled")
+			break
+		}
+	}
+
 	// trace output to get the json
 	if logrus.IsLevelEnabled(logrus.TraceLevel) {
 		b, err := json.Marshal(&netavarkOpts)
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index cd4fd89f15..9278d77732 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package network
@@ -61,11 +62,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			return "", nil, err
 		}
 
-		aardvarkBin, err := conf.FindHelperBinary(aardvarkBinary, false)
-		if err != nil {
-			// this is not a fatal error we can still use netavark without dns
-			logrus.Warnf("%s binary not found, container dns will not be enabled", aardvarkBin)
-		}
+		aardvarkBin, _ := conf.FindHelperBinary(aardvarkBinary, false)
 
 		confDir := conf.Network.NetworkConfigDir
 		if confDir == "" {
@@ -82,13 +79,14 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 		}
 
 		netInt, err := netavark.NewNetworkInterface(&netavark.InitConfig{
-			NetworkConfigDir: confDir,
-			NetworkRunDir:    runDir,
-			NetavarkBinary:   netavarkBin,
-			AardvarkBinary:   aardvarkBin,
-			DefaultNetwork:   conf.Network.DefaultNetwork,
-			DefaultSubnet:    conf.Network.DefaultSubnet,
-			Syslog:           syslog,
+			NetworkConfigDir:   confDir,
+			NetworkRunDir:      runDir,
+			NetavarkBinary:     netavarkBin,
+			AardvarkBinary:     aardvarkBin,
+			DefaultNetwork:     conf.Network.DefaultNetwork,
+			DefaultSubnet:      conf.Network.DefaultSubnet,
+			DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+			Syslog:             syslog,
 		})
 		return types.Netavark, netInt, err
 	case types.CNI:
@@ -171,11 +169,12 @@ func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
 		}
 	}
 	return cni.NewCNINetworkInterface(&cni.InitConfig{
-		CNIConfigDir:   confDir,
-		CNIPluginDirs:  conf.Network.CNIPluginDirs,
-		DefaultNetwork: conf.Network.DefaultNetwork,
-		DefaultSubnet:  conf.Network.DefaultSubnet,
-		IsMachine:      conf.Engine.MachineEnabled,
+		CNIConfigDir:       confDir,
+		CNIPluginDirs:      conf.Network.CNIPluginDirs,
+		DefaultNetwork:     conf.Network.DefaultNetwork,
+		DefaultSubnet:      conf.Network.DefaultSubnet,
+		DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+		IsMachine:          conf.Engine.MachineEnabled,
 	})
 }
 
diff --git a/vendor/github.com/containers/common/libnetwork/types/const.go b/vendor/github.com/containers/common/libnetwork/types/const.go
index b2d4a4538e..a1e4d71edd 100644
--- a/vendor/github.com/containers/common/libnetwork/types/const.go
+++ b/vendor/github.com/containers/common/libnetwork/types/const.go
@@ -11,10 +11,13 @@ const (
 	IPVLANNetworkDriver = "ipvlan"
 
 	// IPAM drivers
-	// HostLocalIPAMDriver store the ip
+	Driver = "driver"
+	// HostLocalIPAMDriver store the ip locally in a db
 	HostLocalIPAMDriver = "host-local"
 	// DHCPIPAMDriver get subnet and ip from dhcp server
 	DHCPIPAMDriver = "dhcp"
+	// NoneIPAMDriver do not provide ipam management
+	NoneIPAMDriver = "none"
 
 	// DefaultSubnet is the name that will be used for the default CNI network.
 	DefaultNetworkName = "podman"
diff --git a/vendor/github.com/containers/common/libnetwork/util/filters.go b/vendor/github.com/containers/common/libnetwork/util/filters.go
index b27ca1f9aa..58d79d25bd 100644
--- a/vendor/github.com/containers/common/libnetwork/util/filters.go
+++ b/vendor/github.com/containers/common/libnetwork/util/filters.go
@@ -29,7 +29,7 @@ func createFilterFuncs(key string, filterValues []string) (types.FilterFunc, err
 			return util.StringMatchRegexSlice(net.Name, filterValues)
 		}, nil
 
-	case "driver":
+	case types.Driver:
 		// matches network driver
 		return func(net types.Network) bool {
 			return util.StringInSlice(net.Driver, filterValues)
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
index 735d194932..c864a189ef 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go
@@ -1,3 +1,4 @@
+//go:build linux && apparmor
 // +build linux,apparmor
 
 package apparmor
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go
index 021e32571d..667fa9f265 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux_template.go
@@ -1,3 +1,4 @@
+//go:build linux && apparmor
 // +build linux,apparmor
 
 package apparmor
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_unsupported.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_unsupported.go
index 13469f1b62..dacfc2f48c 100644
--- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux || !apparmor
 // +build !linux !apparmor
 
 package apparmor
diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
index c1fe194b23..edb28ad180 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package cgroups
diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups_unsupported.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups_unsupported.go
index 95d4241702..b3dcb2d33d 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/cgroups_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package cgroups
diff --git a/vendor/github.com/containers/common/pkg/cgroupv2/cgroups_unsupported.go b/vendor/github.com/containers/common/pkg/cgroupv2/cgroups_unsupported.go
index 61b3653e57..f61bd3bb26 100644
--- a/vendor/github.com/containers/common/pkg/cgroupv2/cgroups_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/cgroupv2/cgroups_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package cgroupv2
diff --git a/vendor/github.com/containers/common/pkg/chown/chown_unix.go b/vendor/github.com/containers/common/pkg/chown/chown_unix.go
index 921927de4c..ea8f5963e8 100644
--- a/vendor/github.com/containers/common/pkg/chown/chown_unix.go
+++ b/vendor/github.com/containers/common/pkg/chown/chown_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package chown
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index dd30abcd63..2c556c1bbb 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"io/fs"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -10,6 +11,7 @@ import (
 	"sync"
 
 	"github.com/BurntSushi/toml"
+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/capabilities"
 	"github.com/containers/storage/pkg/unshare"
 	units "github.com/docker/go-units"
@@ -248,6 +250,10 @@ type EngineConfig struct {
 	// EventsLogFilePath is where the events log is stored.
 	EventsLogFilePath string `toml:"events_logfile_path,omitempty"`
 
+	// EventsLogFileMaxSize sets the maximum size for the events log. When the limit is exceeded,
+	// the logfile is rotated and the old one is deleted.
+	EventsLogFileMaxSize uint64 `toml:"events_logfile_max_size,omitempty,omitzero"`
+
 	// EventsLogger determines where events should be logged.
 	EventsLogger string `toml:"events_logger,omitempty"`
 
@@ -405,6 +411,10 @@ type EngineConfig struct {
 	// before sending kill signal.
 	StopTimeout uint `toml:"stop_timeout,omitempty,omitzero"`
 
+	// ExitCommandDelay is the number of seconds to wait for the exit
+	// command to be send to the API process on the server.
+	ExitCommandDelay uint `toml:"exit_command_delay,omitempty,omitzero"`
+
 	// ImageCopyTmpDir is the default location for storing temporary
 	// container image content,  Can be overridden with the TMPDIR
 	// environment variable.  If you specify "storage", then the
@@ -486,20 +496,36 @@ type NetworkConfig struct {
 	// CNIPluginDirs is where CNI plugin binaries are stored.
 	CNIPluginDirs []string `toml:"cni_plugin_dirs,omitempty"`
 
-	// DefaultNetwork is the network name of the default CNI network
+	// DefaultNetwork is the network name of the default network
 	// to attach pods to.
 	DefaultNetwork string `toml:"default_network,omitempty"`
 
-	// DefaultSubnet is the subnet to be used for the default CNI network.
+	// DefaultSubnet is the subnet to be used for the default network.
 	// If a network with the name given in DefaultNetwork is not present
 	// then a new network using this subnet will be created.
 	// Must be a valid IPv4 CIDR block.
 	DefaultSubnet string `toml:"default_subnet,omitempty"`
 
-	// NetworkConfigDir is where CNI network configuration files are stored.
+	// DefaultSubnetPools is a list of subnets and size which are used to
+	// allocate subnets automatically for podman network create.
+	// It will iterate through the list and will pick the first free subnet
+	// with the given size. This is only used for ipv4 subnets, ipv6 subnets
+	// are always assigned randomly.
+	DefaultSubnetPools []SubnetPool `toml:"default_subnet_pools,omitempty"`
+
+	// NetworkConfigDir is where network configuration files are stored.
 	NetworkConfigDir string `toml:"network_config_dir,omitempty"`
 }
 
+type SubnetPool struct {
+	// Base is a bigger subnet which will be used to allocate a subnet with
+	// the given size.
+	Base *types.IPNet `toml:"base,omitempty"`
+	// Size is the CIDR for the new subnet. It must be equal or small
+	// than the CIDR from the base subnet.
+	Size int `toml:"size,omitempty"`
+}
+
 // SecretConfig represents the "secret" TOML config table
 type SecretConfig struct {
 	// Driver specifies the secret driver to use.
@@ -624,17 +650,14 @@ func readConfigFromFile(path string, config *Config) error {
 func addConfigs(dirPath string, configs []string) ([]string, error) {
 	newConfigs := []string{}
 
-	err := filepath.Walk(dirPath,
+	err := filepath.WalkDir(dirPath,
 		// WalkFunc to read additional configs
-		func(path string, info os.FileInfo, err error) error {
+		func(path string, d fs.DirEntry, err error) error {
 			switch {
 			case err != nil:
 				// return error (could be a permission problem)
 				return err
-			case info == nil:
-				// this should only happen when err != nil but let's be sure
-				return nil
-			case info.IsDir():
+			case d.IsDir():
 				if path != dirPath {
 					// make sure to not recurse into sub-directories
 					return filepath.SkipDir
@@ -830,6 +853,21 @@ func (c *ContainersConfig) Validate() error {
 // execution checks. It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *NetworkConfig) Validate() error {
+	if &c.DefaultSubnetPools != &DefaultSubnetPools {
+		for _, pool := range c.DefaultSubnetPools {
+			if pool.Base.IP.To4() == nil {
+				return errors.Errorf("invalid subnet pool ip %q", pool.Base.IP)
+			}
+			ones, _ := pool.Base.IPNet.Mask.Size()
+			if ones > pool.Size {
+				return errors.Errorf("invalid subnet pool, size is bigger than subnet %q", &pool.Base.IPNet)
+			}
+			if pool.Size > 32 {
+				return errors.New("invalid subnet pool size, must be between 0-32")
+			}
+		}
+	}
+
 	if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) {
 		return nil
 	}
diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go
index 21dab043f8..bfb9675824 100644
--- a/vendor/github.com/containers/common/pkg/config/config_local.go
+++ b/vendor/github.com/containers/common/pkg/config/config_local.go
@@ -1,3 +1,4 @@
+//go:build !remote
 // +build !remote
 
 package config
diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go
index 7fd9202bbf..bff869efa9 100644
--- a/vendor/github.com/containers/common/pkg/config/config_remote.go
+++ b/vendor/github.com/containers/common/pkg/config/config_remote.go
@@ -1,3 +1,4 @@
+//go:build remote
 // +build remote
 
 package config
diff --git a/vendor/github.com/containers/common/pkg/config/config_unsupported.go b/vendor/github.com/containers/common/pkg/config/config_unsupported.go
index 6563fd3174..64e4fcfcdf 100644
--- a/vendor/github.com/containers/common/pkg/config/config_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/config/config_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package config
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index f497d2bbe3..48ea8263b4 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -133,10 +133,12 @@ default_sysctls = [
 
 # Default way to to create an IPC namespace (POSIX SysV IPC) for the container
 # Options are:
-# `private` Create private IPC Namespace for the container.
-# `host`    Share host IPC Namespace with the container.
+#  "host"     Share host IPC Namespace with the container.
+#  "none"     Create shareable IPC Namespace for the container without a private /dev/shm.
+#  "private"  Create private IPC Namespace for the container, other containers are not allowed to share it.
+#  "shareable" Create shareable IPC Namespace for the container.
 #
-#ipcns = "private"
+#ipcns = "shareable"
 
 # keyring tells the container engine whether to create
 # a kernel keyring for use within the container.
@@ -284,6 +286,20 @@ default_sysctls = [
 #
 #default_subnet = "10.88.0.0/16"
 
+# DefaultSubnetPools is a list of subnets and size which are used to
+# allocate subnets automatically for podman network create.
+# It will iterate through the list and will pick the first free subnet
+# with the given size. This is only used for ipv4 subnets, ipv6 subnets
+# are always assigned randomly.
+#
+#default_subnet_pools = [
+#  {"base" = "10.89.0.0/16", "size" = 24},
+#  {"base" = "10.90.0.0/15", "size" = 24},
+#  {"base" = "10.92.0.0/14", "size" = 24},
+#  {"base" = "10.96.0.0/11", "size" = 24},
+#  {"base" = "10.128.0.0/9", "size" = 24},
+#]
+
 # Path to the directory where network configuration files are located.
 # For the CNI backend the default is "/etc/cni/net.d" as root
 # and "$HOME/.config/cni/net.d" as rootless.
@@ -357,6 +373,12 @@ default_sysctls = [
 # Define where event logs will be stored, when events_logger is "file".
 #events_logfile_path=""
 
+# Sets the maximum size for events_logfile_path in bytes. When the limit is exceeded,
+# the logfile will be rotated and the old one will be deleted.
+# If the maximum size is set to 0, then no limit will be applied,
+# and the logfile will not be rotated.
+#events_logfile_max_size = 0
+
 # Selects which logging mechanism to use for container engine events.
 # Valid values are `journald`, `file` and `none`.
 #
@@ -501,6 +523,11 @@ default_sysctls = [
 #
 #stop_timeout = 10
 
+# Number of seconds to wait before exit command in API process is given to.
+# This mimics Docker's exec cleanup behaviour, where the default is 5 minutes (value is in seconds).
+#
+#exit_command_delay = 300
+
 # map of service destinations
 #
 #[service_destinations]
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 2791197497..14858e967f 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -3,12 +3,14 @@ package config
 import (
 	"bytes"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
 
+	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/cgroupv2"
 	"github.com/containers/common/pkg/util"
@@ -85,8 +87,30 @@ var (
 		"/usr/lib/cni",
 		"/opt/cni/bin",
 	}
+	DefaultSubnetPools = []SubnetPool{
+		// 10.89.0.0/24-10.255.255.0/24
+		parseSubnetPool("10.89.0.0/16", 24),
+		parseSubnetPool("10.90.0.0/15", 24),
+		parseSubnetPool("10.92.0.0/14", 24),
+		parseSubnetPool("10.96.0.0/11", 24),
+		parseSubnetPool("10.128.0.0/9", 24),
+	}
+	// additionalHelperBinariesDir is an extra helper binaries directory that
+	// should be set during link-time, if different packagers put their
+	// helper binary in a different location
+	additionalHelperBinariesDir string
 )
 
+// nolint:unparam
+func parseSubnetPool(subnet string, size int) SubnetPool {
+	_, n, _ := net.ParseCIDR(subnet)
+	return SubnetPool{
+		Base: &nettypes.IPNet{IPNet: *n},
+		Size: size,
+	}
+
+}
+
 const (
 	// _etcDir is the sysconfdir where podman should look for system config files.
 	// It can be overridden at build time.
@@ -111,7 +135,7 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
-	// DefaultSubnet is the subnet that will be used for the default CNI
+	// DefaultSubnet is the subnet that will be used for the default
 	// network.
 	DefaultSubnet = "10.88.0.0/16"
 	// DefaultRootlessSignaturePolicyPath is the location within
@@ -181,7 +205,7 @@ func DefaultConfig() (*Config, error) {
 			HTTPProxy:  true,
 			Init:       false,
 			InitPath:   "",
-			IPCNS:      "private",
+			IPCNS:      "shareable",
 			LogDriver:  defaultLogDriver(),
 			LogSizeMax: DefaultLogSizeMax,
 			NetNS:      "private",
@@ -195,9 +219,10 @@ func DefaultConfig() (*Config, error) {
 			UserNSSize: DefaultUserNSSize,
 		},
 		Network: NetworkConfig{
-			DefaultNetwork: "podman",
-			DefaultSubnet:  DefaultSubnet,
-			CNIPluginDirs:  DefaultCNIPluginDirs,
+			DefaultNetwork:     "podman",
+			DefaultSubnet:      DefaultSubnet,
+			DefaultSubnetPools: DefaultSubnetPools,
+			CNIPluginDirs:      DefaultCNIPluginDirs,
 		},
 		Engine:  *defaultEngineConfig,
 		Secrets: defaultSecretConfig(),
@@ -251,11 +276,14 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 		storeOpts.GraphRoot = _defaultGraphRoot
 	}
 	c.graphRoot = storeOpts.GraphRoot
-	c.ImageCopyTmpDir = "/var/tmp"
+	c.ImageCopyTmpDir = getDefaultTmpDir()
 	c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod")
 	c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes")
 
 	c.HelperBinariesDir = defaultHelperBinariesDir
+	if additionalHelperBinariesDir != "" {
+		c.HelperBinariesDir = append(c.HelperBinariesDir, additionalHelperBinariesDir)
+	}
 	c.HooksDir = DefaultHooksDirs
 	c.ImageDefaultTransport = _defaultTransport
 	c.StateType = BoltDBStateStore
@@ -265,6 +293,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	c.CgroupManager = defaultCgroupManager()
 	c.ServiceTimeout = uint(5)
 	c.StopTimeout = uint(10)
+	c.ExitCommandDelay = uint(5 * 60)
 	c.NetworkCmdOptions = []string{
 		"enable_ipv6=true",
 	}
@@ -385,15 +414,14 @@ func probeConmon(conmonBinary string) error {
 	cmd := exec.Command(conmonBinary, "--version")
 	var out bytes.Buffer
 	cmd.Stdout = &out
-	err := cmd.Run()
-	if err != nil {
+	if err := cmd.Run(); err != nil {
 		return err
 	}
 	r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
 
 	matches := r.FindStringSubmatch(out.String())
 	if len(matches) != 4 {
-		return errors.Wrap(err, _conmonVersionFormatErr)
+		return errors.New(_conmonVersionFormatErr)
 	}
 	major, err := strconv.Atoi(matches[1])
 	if err != nil {
diff --git a/vendor/github.com/containers/common/pkg/config/default_linux.go b/vendor/github.com/containers/common/pkg/config/default_linux.go
index cc2d0fe3eb..d6ea4359cc 100644
--- a/vendor/github.com/containers/common/pkg/config/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/config/default_linux.go
@@ -3,6 +3,7 @@ package config
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strconv"
 	"strings"
 
@@ -48,3 +49,12 @@ func getDefaultProcessLimits() []string {
 	}
 	return defaultLimits
 }
+
+// getDefaultTmpDir for linux
+func getDefaultTmpDir() string {
+	// first check the TMPDIR env var
+	if path, found := os.LookupEnv("TMPDIR"); found {
+		return path
+	}
+	return "/var/tmp"
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_unsupported.go b/vendor/github.com/containers/common/pkg/config/default_unsupported.go
index 1aa7f6ef3d..4be8267558 100644
--- a/vendor/github.com/containers/common/pkg/config/default_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/config/default_unsupported.go
@@ -1,7 +1,10 @@
+//go:build !linux && !windows
 // +build !linux,!windows
 
 package config
 
+import "os"
+
 // getDefaultMachineImage returns the default machine image stream
 // On Linux/Mac, this returns the FCOS stream
 func getDefaultMachineImage() string {
@@ -22,3 +25,12 @@ func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) {
 func getDefaultProcessLimits() []string {
 	return []string{}
 }
+
+// getDefaultTmpDir for linux
+func getDefaultTmpDir() string {
+	// first check the TMPDIR env var
+	if path, found := os.LookupEnv("TMPDIR"); found {
+		return path
+	}
+	return "/var/tmp"
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_windows.go b/vendor/github.com/containers/common/pkg/config/default_windows.go
index 28f102f1c5..db230dfb28 100644
--- a/vendor/github.com/containers/common/pkg/config/default_windows.go
+++ b/vendor/github.com/containers/common/pkg/config/default_windows.go
@@ -1,5 +1,7 @@
 package config
 
+import "os"
+
 // getDefaultImage returns the default machine image stream
 // On Windows this refers to the Fedora major release number
 func getDefaultMachineImage() string {
@@ -20,3 +22,13 @@ func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) {
 func getDefaultProcessLimits() []string {
 	return []string{}
 }
+
+// getDefaultTmpDir for windows
+func getDefaultTmpDir() string {
+	// first check the Temp env var
+	// https://answers.microsoft.com/en-us/windows/forum/all/where-is-the-temporary-folder/44a039a5-45ba-48dd-84db-fd700e54fd56
+	if val, ok := os.LookupEnv("TEMP"); ok {
+		return val
+	}
+	return os.Getenv("LOCALAPPDATA") + "\\Temp"
+}
diff --git a/vendor/github.com/containers/common/pkg/config/nosystemd.go b/vendor/github.com/containers/common/pkg/config/nosystemd.go
index f64b2dfc61..352fddf92c 100644
--- a/vendor/github.com/containers/common/pkg/config/nosystemd.go
+++ b/vendor/github.com/containers/common/pkg/config/nosystemd.go
@@ -1,3 +1,4 @@
+//go:build !systemd || !cgo
 // +build !systemd !cgo
 
 package config
diff --git a/vendor/github.com/containers/common/pkg/config/systemd.go b/vendor/github.com/containers/common/pkg/config/systemd.go
index 186e8b343c..f17a843040 100644
--- a/vendor/github.com/containers/common/pkg/config/systemd.go
+++ b/vendor/github.com/containers/common/pkg/config/systemd.go
@@ -1,3 +1,4 @@
+//go:build systemd && cgo
 // +build systemd,cgo
 
 package config
diff --git a/vendor/github.com/containers/common/pkg/parse/parse.go b/vendor/github.com/containers/common/pkg/parse/parse.go
index 5d826e8051..e73d442879 100644
--- a/vendor/github.com/containers/common/pkg/parse/parse.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse.go
@@ -34,6 +34,10 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			finalOpts = append(finalOpts, opt)
 			continue
 		}
+		if strings.HasPrefix(opt, "idmap") {
+			finalOpts = append(finalOpts, opt)
+			continue
+		}
 
 		switch opt {
 		case "noexec", "exec":
@@ -84,7 +88,6 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			// are intended to be always safe to use, even not on OS
 			// X).
 			continue
-		case "idmap":
 		default:
 			return nil, errors.Errorf("invalid option type %q", opt)
 		}
diff --git a/vendor/github.com/containers/common/pkg/parse/parse_unix.go b/vendor/github.com/containers/common/pkg/parse/parse_unix.go
index ce4446a1b0..d087c4a02b 100644
--- a/vendor/github.com/containers/common/pkg/parse/parse_unix.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package parse
diff --git a/vendor/github.com/containers/common/pkg/retry/retry_unsupported.go b/vendor/github.com/containers/common/pkg/retry/retry_unsupported.go
index 6769809755..901e28a5dc 100644
--- a/vendor/github.com/containers/common/pkg/retry/retry_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/retry/retry_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package retry
diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
index d196384f03..3712afc71f 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
@@ -169,6 +169,7 @@ func DefaultProfile() *Seccomp {
 				"futex",
 				"futex_time64",
 				"futimesat",
+				"get_mempolicy",
 				"get_robust_list",
 				"get_thread_area",
 				"getcpu",
@@ -184,7 +185,6 @@ func DefaultProfile() *Seccomp {
 				"getgroups",
 				"getgroups32",
 				"getitimer",
-				"get_mempolicy",
 				"getpeername",
 				"getpgid",
 				"getpgrp",
@@ -236,6 +236,7 @@ func DefaultProfile() *Seccomp {
 				"lstat64",
 				"madvise",
 				"mbind",
+				"membarrier",
 				"memfd_create",
 				"memfd_secret",
 				"mincore",
@@ -249,6 +250,7 @@ func DefaultProfile() *Seccomp {
 				"mmap",
 				"mmap2",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
@@ -272,9 +274,9 @@ func DefaultProfile() *Seccomp {
 				"nanosleep",
 				"newfstatat",
 				"open",
+				"open_tree",
 				"openat",
 				"openat2",
-				"open_tree",
 				"pause",
 				"pidfd_getfd",
 				"pidfd_open",
@@ -293,8 +295,12 @@ func DefaultProfile() *Seccomp {
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
+				"process_vm_readv",
+				"process_vm_writev",
 				"pselect6",
 				"pselect6_time64",
+				"ptrace",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@@ -353,7 +359,6 @@ func DefaultProfile() *Seccomp {
 				"sendmmsg",
 				"sendmsg",
 				"sendto",
-				"setns",
 				"set_mempolicy",
 				"set_robust_list",
 				"set_thread_area",
@@ -367,6 +372,7 @@ func DefaultProfile() *Seccomp {
 				"setgroups",
 				"setgroups32",
 				"setitimer",
+				"setns",
 				"setpgid",
 				"setpriority",
 				"setregid",
@@ -388,10 +394,15 @@ func DefaultProfile() *Seccomp {
 				"shmdt",
 				"shmget",
 				"shutdown",
+				"sigaction",
 				"sigaltstack",
+				"signal",
 				"signalfd",
 				"signalfd4",
+				"sigpending",
+				"sigprocmask",
 				"sigreturn",
+				"sigsuspend",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -405,6 +416,7 @@ func DefaultProfile() *Seccomp {
 				"sync",
 				"sync_file_range",
 				"syncfs",
+				"syscall",
 				"sysinfo",
 				"syslog",
 				"tee",
@@ -417,6 +429,7 @@ func DefaultProfile() *Seccomp {
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
+				"timerfd",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",
@@ -517,10 +530,10 @@ func DefaultProfile() *Seccomp {
 			Names: []string{
 				"arm_fadvise64_64",
 				"arm_sync_file_range",
-				"sync_file_range2",
 				"breakpoint",
 				"cacheflush",
 				"set_tls",
+				"sync_file_range2",
 			},
 			Action: ActAllow,
 			Args:   []*Arg{},
@@ -643,8 +656,8 @@ func DefaultProfile() *Seccomp {
 		{
 			Names: []string{
 				"delete_module",
-				"init_module",
 				"finit_module",
+				"init_module",
 				"query_module",
 			},
 			Action: ActAllow,
@@ -656,8 +669,8 @@ func DefaultProfile() *Seccomp {
 		{
 			Names: []string{
 				"delete_module",
-				"init_module",
 				"finit_module",
+				"init_module",
 				"query_module",
 			},
 			Action:   ActErrno,
@@ -694,9 +707,6 @@ func DefaultProfile() *Seccomp {
 			Names: []string{
 				"kcmp",
 				"process_madvise",
-				"process_vm_readv",
-				"process_vm_writev",
-				"ptrace",
 			},
 			Action: ActAllow,
 			Args:   []*Arg{},
@@ -708,9 +718,6 @@ func DefaultProfile() *Seccomp {
 			Names: []string{
 				"kcmp",
 				"process_madvise",
-				"process_vm_readv",
-				"process_vm_writev",
-				"ptrace",
 			},
 			Action:   ActErrno,
 			Errno:    "EPERM",
@@ -722,8 +729,8 @@ func DefaultProfile() *Seccomp {
 		},
 		{
 			Names: []string{
-				"iopl",
 				"ioperm",
+				"iopl",
 			},
 			Action: ActAllow,
 			Args:   []*Arg{},
@@ -733,8 +740,8 @@ func DefaultProfile() *Seccomp {
 		},
 		{
 			Names: []string{
-				"iopl",
 				"ioperm",
+				"iopl",
 			},
 			Action:   ActErrno,
 			Errno:    "EPERM",
@@ -746,10 +753,10 @@ func DefaultProfile() *Seccomp {
 		},
 		{
 			Names: []string{
-				"settimeofday",
-				"stime",
 				"clock_settime",
 				"clock_settime64",
+				"settimeofday",
+				"stime",
 			},
 			Action: ActAllow,
 			Args:   []*Arg{},
@@ -759,10 +766,10 @@ func DefaultProfile() *Seccomp {
 		},
 		{
 			Names: []string{
-				"settimeofday",
-				"stime",
 				"clock_settime",
 				"clock_settime64",
+				"settimeofday",
+				"stime",
 			},
 			Action:   ActErrno,
 			Errno:    "EPERM",
diff --git a/vendor/github.com/containers/common/pkg/seccomp/errno_list.go b/vendor/github.com/containers/common/pkg/seccomp/errno_list.go
index a1009012df..87ac2ab77a 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/errno_list.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/errno_list.go
@@ -1,3 +1,4 @@
+//go:build linux && seccomp
 // +build linux,seccomp
 
 package seccomp
diff --git a/vendor/github.com/containers/common/pkg/seccomp/filter.go b/vendor/github.com/containers/common/pkg/seccomp/filter.go
index 90da99f0a4..5c278574cf 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/filter.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/filter.go
@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 // NOTE: this package has originally been copied from
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
index 9314eb3cc5..442632e7d1 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
@@ -176,6 +176,7 @@
 				"futex",
 				"futex_time64",
 				"futimesat",
+				"get_mempolicy",
 				"get_robust_list",
 				"get_thread_area",
 				"getcpu",
@@ -191,7 +192,6 @@
 				"getgroups",
 				"getgroups32",
 				"getitimer",
-				"get_mempolicy",
 				"getpeername",
 				"getpgid",
 				"getpgrp",
@@ -243,6 +243,7 @@
 				"lstat64",
 				"madvise",
 				"mbind",
+				"membarrier",
 				"memfd_create",
 				"memfd_secret",
 				"mincore",
@@ -256,6 +257,7 @@
 				"mmap",
 				"mmap2",
 				"mount",
+				"mount_setattr",
 				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
@@ -279,9 +281,9 @@
 				"nanosleep",
 				"newfstatat",
 				"open",
+				"open_tree",
 				"openat",
 				"openat2",
-				"open_tree",
 				"pause",
 				"pidfd_getfd",
 				"pidfd_open",
@@ -300,8 +302,12 @@
 				"preadv",
 				"preadv2",
 				"prlimit64",
+				"process_mrelease",
+				"process_vm_readv",
+				"process_vm_writev",
 				"pselect6",
 				"pselect6_time64",
+				"ptrace",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@@ -360,7 +366,6 @@
 				"sendmmsg",
 				"sendmsg",
 				"sendto",
-				"setns",
 				"set_mempolicy",
 				"set_robust_list",
 				"set_thread_area",
@@ -374,6 +379,7 @@
 				"setgroups",
 				"setgroups32",
 				"setitimer",
+				"setns",
 				"setpgid",
 				"setpriority",
 				"setregid",
@@ -395,10 +401,15 @@
 				"shmdt",
 				"shmget",
 				"shutdown",
+				"sigaction",
 				"sigaltstack",
+				"signal",
 				"signalfd",
 				"signalfd4",
+				"sigpending",
+				"sigprocmask",
 				"sigreturn",
+				"sigsuspend",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -412,6 +423,7 @@
 				"sync",
 				"sync_file_range",
 				"syncfs",
+				"syscall",
 				"sysinfo",
 				"syslog",
 				"tee",
@@ -424,6 +436,7 @@
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
+				"timerfd",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",
@@ -561,10 +574,10 @@
 			"names": [
 				"arm_fadvise64_64",
 				"arm_sync_file_range",
-				"sync_file_range2",
 				"breakpoint",
 				"cacheflush",
-				"set_tls"
+				"set_tls",
+				"sync_file_range2"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -732,8 +745,8 @@
 		{
 			"names": [
 				"delete_module",
-				"init_module",
 				"finit_module",
+				"init_module",
 				"query_module"
 			],
 			"action": "SCMP_ACT_ALLOW",
@@ -749,8 +762,8 @@
 		{
 			"names": [
 				"delete_module",
-				"init_module",
 				"finit_module",
+				"init_module",
 				"query_module"
 			],
 			"action": "SCMP_ACT_ERRNO",
@@ -798,10 +811,7 @@
 		{
 			"names": [
 				"kcmp",
-				"process_madvise",
-				"process_vm_readv",
-				"process_vm_writev",
-				"ptrace"
+				"process_madvise"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -816,10 +826,7 @@
 		{
 			"names": [
 				"kcmp",
-				"process_madvise",
-				"process_vm_readv",
-				"process_vm_writev",
-				"ptrace"
+				"process_madvise"
 			],
 			"action": "SCMP_ACT_ERRNO",
 			"args": [],
@@ -835,8 +842,8 @@
 		},
 		{
 			"names": [
-				"iopl",
-				"ioperm"
+				"ioperm",
+				"iopl"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -850,8 +857,8 @@
 		},
 		{
 			"names": [
-				"iopl",
-				"ioperm"
+				"ioperm",
+				"iopl"
 			],
 			"action": "SCMP_ACT_ERRNO",
 			"args": [],
@@ -867,10 +874,10 @@
 		},
 		{
 			"names": [
-				"settimeofday",
-				"stime",
 				"clock_settime",
-				"clock_settime64"
+				"clock_settime64",
+				"settimeofday",
+				"stime"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
@@ -884,10 +891,10 @@
 		},
 		{
 			"names": [
-				"settimeofday",
-				"stime",
 				"clock_settime",
-				"clock_settime64"
+				"clock_settime64",
+				"settimeofday",
+				"stime"
 			],
 			"action": "SCMP_ACT_ERRNO",
 			"args": [],
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp_linux.go b/vendor/github.com/containers/common/pkg/seccomp/seccomp_linux.go
index 0c022ac7ab..d2498747c5 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp_linux.go
@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 // SPDX-License-Identifier: Apache-2.0
@@ -120,6 +121,13 @@ func setupSeccomp(config *Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error)
 		return nil, err
 	}
 
+	for _, flag := range config.Flags {
+		newConfig.Flags = append(newConfig.Flags, specs.LinuxSeccompFlag(flag))
+	}
+
+	newConfig.ListenerPath = config.ListenerPath
+	newConfig.ListenerMetadata = config.ListenerMetadata
+
 	if len(config.ArchMap) != 0 {
 		for _, a := range config.ArchMap {
 			seccompArch, ok := nativeToSeccomp[arch]
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp_unsupported.go b/vendor/github.com/containers/common/pkg/seccomp/seccomp_unsupported.go
index 8b23ee2c04..da5230c563 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux || !seccomp
 // +build !linux !seccomp
 
 // SPDX-License-Identifier: Apache-2.0
diff --git a/vendor/github.com/containers/common/pkg/seccomp/supported.go b/vendor/github.com/containers/common/pkg/seccomp/supported.go
index 86e1b66bbe..f8a20e5364 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/supported.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/supported.go
@@ -1,3 +1,4 @@
+//go:build linux && seccomp
 // +build linux,seccomp
 
 package seccomp
diff --git a/vendor/github.com/containers/common/pkg/seccomp/types.go b/vendor/github.com/containers/common/pkg/seccomp/types.go
index a8a9e9d4f7..784b1ba8dd 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/types.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/types.go
@@ -14,9 +14,12 @@ type Seccomp struct {
 
 	// Architectures is kept to maintain backward compatibility with the old
 	// seccomp profile.
-	Architectures []Arch         `json:"architectures,omitempty"`
-	ArchMap       []Architecture `json:"archMap,omitempty"`
-	Syscalls      []*Syscall     `json:"syscalls"`
+	Architectures    []Arch         `json:"architectures,omitempty"`
+	ArchMap          []Architecture `json:"archMap,omitempty"`
+	Syscalls         []*Syscall     `json:"syscalls"`
+	Flags            []string       `json:"flags,omitempty"`
+	ListenerPath     string         `json:"listenerPath,omitempty"`
+	ListenerMetadata string         `json:"listenerMetadata,omitempty"`
 }
 
 // Architecture is used to represent a specific architecture
diff --git a/vendor/github.com/containers/common/pkg/seccomp/validate.go b/vendor/github.com/containers/common/pkg/seccomp/validate.go
index 1c5c4edc64..669ab04a2e 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/validate.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/validate.go
@@ -1,3 +1,4 @@
+//go:build seccomp
 // +build seccomp
 
 package seccomp
diff --git a/vendor/github.com/containers/common/pkg/signal/signal_linux.go b/vendor/github.com/containers/common/pkg/signal/signal_linux.go
index 305b9d21f4..21e09c9fef 100644
--- a/vendor/github.com/containers/common/pkg/signal/signal_linux.go
+++ b/vendor/github.com/containers/common/pkg/signal/signal_linux.go
@@ -1,5 +1,5 @@
-// +build linux
-// +build !mips,!mipsle,!mips64,!mips64le
+//go:build linux && !mips && !mipsle && !mips64 && !mips64le
+// +build linux,!mips,!mipsle,!mips64,!mips64le
 
 // Signal handling for Linux only.
 package signal
diff --git a/vendor/github.com/containers/common/pkg/signal/signal_linux_mipsx.go b/vendor/github.com/containers/common/pkg/signal/signal_linux_mipsx.go
index 45c9d5af1e..52b07aaf46 100644
--- a/vendor/github.com/containers/common/pkg/signal/signal_linux_mipsx.go
+++ b/vendor/github.com/containers/common/pkg/signal/signal_linux_mipsx.go
@@ -1,3 +1,4 @@
+//go:build linux && (mips || mipsle || mips64 || mips64le)
 // +build linux
 // +build mips mipsle mips64 mips64le
 
diff --git a/vendor/github.com/containers/common/pkg/signal/signal_unsupported.go b/vendor/github.com/containers/common/pkg/signal/signal_unsupported.go
index 9d1733c02d..0e8685a7c5 100644
--- a/vendor/github.com/containers/common/pkg/signal/signal_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/signal/signal_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 // Signal handling for Linux only.
diff --git a/vendor/github.com/containers/common/pkg/umask/umask_unix.go b/vendor/github.com/containers/common/pkg/umask/umask_unix.go
index bb589f7ac0..e59d7bea72 100644
--- a/vendor/github.com/containers/common/pkg/umask/umask_unix.go
+++ b/vendor/github.com/containers/common/pkg/umask/umask_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package umask
diff --git a/vendor/github.com/containers/common/pkg/umask/umask_unsupported.go b/vendor/github.com/containers/common/pkg/umask/umask_unsupported.go
index 9041d5f209..cf76ea1d37 100644
--- a/vendor/github.com/containers/common/pkg/umask/umask_unsupported.go
+++ b/vendor/github.com/containers/common/pkg/umask/umask_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !darwin
 // +build !linux,!darwin
 
 package umask
diff --git a/vendor/github.com/containers/common/pkg/util/util_supported.go b/vendor/github.com/containers/common/pkg/util/util_supported.go
index 422e28742b..284f3ffdd5 100644
--- a/vendor/github.com/containers/common/pkg/util/util_supported.go
+++ b/vendor/github.com/containers/common/pkg/util/util_supported.go
@@ -1,3 +1,4 @@
+//go:build linux || darwin
 // +build linux darwin
 
 package util
@@ -19,6 +20,12 @@ var (
 	rootlessRuntimeDir     string
 )
 
+// isWriteableOnlyByOwner checks that the specified permission mask allows write
+// access only to the owner.
+func isWriteableOnlyByOwner(perm os.FileMode) bool {
+	return (perm & 0722) == 0700
+}
+
 // GetRuntimeDir returns the runtime directory
 func GetRuntimeDir() (string, error) {
 	var rootlessRuntimeDirError error
@@ -43,7 +50,7 @@ func GetRuntimeDir() (string, error) {
 				logrus.Debugf("unable to make temp dir: %v", err)
 			}
 			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
+			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
 				runtimeDir = tmpDir
 			}
 		}
@@ -53,7 +60,7 @@ func GetRuntimeDir() (string, error) {
 				logrus.Debugf("unable to make temp dir %v", err)
 			}
 			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
+			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
 				runtimeDir = tmpDir
 			}
 		}
diff --git a/vendor/github.com/containers/common/pkg/util/util_windows.go b/vendor/github.com/containers/common/pkg/util/util_windows.go
index 2add712f19..1cffb21fc3 100644
--- a/vendor/github.com/containers/common/pkg/util/util_windows.go
+++ b/vendor/github.com/containers/common/pkg/util/util_windows.go
@@ -1,3 +1,4 @@
+//go:build windows
 // +build windows
 
 package util
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index 2088e95529..c1ae6c9dd2 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.47.5"
+const Version = "0.47.4+dev"
diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go
index 0501fb3c11..b616e566cb 100644
--- a/vendor/github.com/containers/image/v5/copy/copy.go
+++ b/vendor/github.com/containers/image/v5/copy/copy.go
@@ -124,9 +124,10 @@ type ImageListSelection int
 
 // Options allows supplying non-default configuration modifying the behavior of CopyImage.
 type Options struct {
-	RemoveSignatures bool   // Remove any pre-existing signatures. SignBy will still add a new signature.
-	SignBy           string // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(),
-	SignPassphrase   string // Passphare to use when signing with the key ID from `SignBy`.
+	RemoveSignatures bool            // Remove any pre-existing signatures. SignBy will still add a new signature.
+	SignBy           string          // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(),
+	SignPassphrase   string          // Passphare to use when signing with the key ID from `SignBy`.
+	SignIdentity     reference.Named // Identify to use when signing, defaults to the docker reference of the destination
 	ReportWriter     io.Writer
 	SourceCtx        *types.SystemContext
 	DestinationCtx   *types.SystemContext
@@ -574,7 +575,7 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur
 
 	// Sign the manifest list.
 	if options.SignBy != "" {
-		newSig, err := c.createSignature(manifestList, options.SignBy, options.SignPassphrase)
+		newSig, err := c.createSignature(manifestList, options.SignBy, options.SignPassphrase, options.SignIdentity)
 		if err != nil {
 			return nil, err
 		}
@@ -796,7 +797,7 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli
 	}
 
 	if options.SignBy != "" {
-		newSig, err := c.createSignature(manifestBytes, options.SignBy, options.SignPassphrase)
+		newSig, err := c.createSignature(manifestBytes, options.SignBy, options.SignPassphrase, options.SignIdentity)
 		if err != nil {
 			return nil, "", "", err
 		}
diff --git a/vendor/github.com/containers/image/v5/copy/sign.go b/vendor/github.com/containers/image/v5/copy/sign.go
index 21a3facd72..aa42674bcd 100644
--- a/vendor/github.com/containers/image/v5/copy/sign.go
+++ b/vendor/github.com/containers/image/v5/copy/sign.go
@@ -1,13 +1,14 @@
 package copy
 
 import (
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/transports"
 	"github.com/pkg/errors"
 )
 
 // createSignature creates a new signature of manifest using keyIdentity.
-func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string) ([]byte, error) {
+func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase string, identity reference.Named) ([]byte, error) {
 	mech, err := signature.NewGPGSigningMechanism()
 	if err != nil {
 		return nil, errors.Wrap(err, "initializing GPG")
@@ -17,13 +18,19 @@ func (c *copier) createSignature(manifest []byte, keyIdentity string, passphrase
 		return nil, errors.Wrap(err, "Signing not supported")
 	}
 
-	dockerReference := c.dest.Reference().DockerReference()
-	if dockerReference == nil {
-		return nil, errors.Errorf("Cannot determine canonical Docker reference for destination %s", transports.ImageName(c.dest.Reference()))
+	if identity != nil {
+		if reference.IsNameOnly(identity) {
+			return nil, errors.Errorf("Sign identity must be a fully specified reference %s", identity)
+		}
+	} else {
+		identity = c.dest.Reference().DockerReference()
+		if identity == nil {
+			return nil, errors.Errorf("Cannot determine canonical Docker reference for destination %s", transports.ImageName(c.dest.Reference()))
+		}
 	}
 
 	c.Printf("Signing manifest\n")
-	newSig, err := signature.SignDockerManifestWithOptions(manifest, dockerReference.String(), mech, keyIdentity, &signature.SignOptions{Passphrase: passphrase})
+	newSig, err := signature.SignDockerManifestWithOptions(manifest, identity.String(), mech, keyIdentity, &signature.SignOptions{Passphrase: passphrase})
 	if err != nil {
 		return nil, errors.Wrap(err, "creating signature")
 	}
diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go
index 833323b424..9837235d83 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_client.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_client.go
@@ -463,7 +463,11 @@ func (c *dockerClient) makeRequest(ctx context.Context, method, path string, hea
 		return nil, err
 	}
 
-	url := fmt.Sprintf("%s://%s%s", c.scheme, c.registry, path)
+	urlString := fmt.Sprintf("%s://%s%s", c.scheme, c.registry, path)
+	url, err := url.Parse(urlString)
+	if err != nil {
+		return nil, err
+	}
 	return c.makeRequestToResolvedURL(ctx, method, url, headers, stream, -1, auth, extraScope)
 }
 
@@ -500,7 +504,7 @@ func parseRetryAfter(res *http.Response, fallbackDelay time.Duration) time.Durat
 // makeRequest should generally be preferred.
 // In case of an HTTP 429 status code in the response, it may automatically retry a few times.
 // TODO(runcom): too many arguments here, use a struct
-func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url string, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
+func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method string, url *url.URL, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
 	delay := backoffInitialDelay
 	attempts := 0
 	for {
@@ -518,7 +522,7 @@ func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url
 		if delay > backoffMaxDelay {
 			delay = backoffMaxDelay
 		}
-		logrus.Debugf("Too many requests to %s: sleeping for %f seconds before next attempt", url, delay.Seconds())
+		logrus.Debugf("Too many requests to %s: sleeping for %f seconds before next attempt", url.Redacted(), delay.Seconds())
 		select {
 		case <-ctx.Done():
 			return nil, ctx.Err()
@@ -533,12 +537,12 @@ func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url
 // streamLen, if not -1, specifies the length of the data expected on stream.
 // makeRequest should generally be preferred.
 // Note that no exponential back off is performed when receiving an http 429 status code.
-func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method, url string, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
-	req, err := http.NewRequestWithContext(ctx, method, url, stream)
+func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method string, url *url.URL, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) {
+	req, err := http.NewRequestWithContext(ctx, method, url.String(), stream)
 	if err != nil {
 		return nil, err
 	}
-	if streamLen != -1 { // Do not blindly overwrite if streamLen == -1, http.NewRequest above can figure out the length of bytes.Reader and similar objects without us having to compute it.
+	if streamLen != -1 { // Do not blindly overwrite if streamLen == -1, http.NewRequestWithContext above can figure out the length of bytes.Reader and similar objects without us having to compute it.
 		req.ContentLength = streamLen
 	}
 	req.Header.Set("Docker-Distribution-API-Version", "registry/2.0")
@@ -553,7 +557,7 @@ func (c *dockerClient) makeRequestToResolvedURLOnce(ctx context.Context, method,
 			return nil, err
 		}
 	}
-	logrus.Debugf("%s %s", method, url)
+	logrus.Debugf("%s %s", method, url.Redacted())
 	res, err := c.client.Do(req)
 	if err != nil {
 		return nil, err
@@ -653,7 +657,7 @@ func (c *dockerClient) getBearerTokenOAuth2(ctx context.Context, challenge chall
 	authReq.Body = ioutil.NopCloser(bytes.NewBufferString(params.Encode()))
 	authReq.Header.Add("User-Agent", c.userAgent)
 	authReq.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	logrus.Debugf("%s %s", authReq.Method, authReq.URL.String())
+	logrus.Debugf("%s %s", authReq.Method, authReq.URL.Redacted())
 	res, err := c.client.Do(authReq)
 	if err != nil {
 		return nil, err
@@ -705,7 +709,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge,
 	}
 	authReq.Header.Add("User-Agent", c.userAgent)
 
-	logrus.Debugf("%s %s", authReq.Method, authReq.URL.String())
+	logrus.Debugf("%s %s", authReq.Method, authReq.URL.Redacted())
 	res, err := c.client.Do(authReq)
 	if err != nil {
 		return nil, err
@@ -735,14 +739,17 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error {
 	c.client = &http.Client{Transport: tr}
 
 	ping := func(scheme string) error {
-		url := fmt.Sprintf(resolvedPingV2URL, scheme, c.registry)
+		url, err := url.Parse(fmt.Sprintf(resolvedPingV2URL, scheme, c.registry))
+		if err != nil {
+			return err
+		}
 		resp, err := c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
 		if err != nil {
-			logrus.Debugf("Ping %s err %s (%#v)", url, err.Error(), err)
+			logrus.Debugf("Ping %s err %s (%#v)", url.Redacted(), err.Error(), err)
 			return err
 		}
 		defer resp.Body.Close()
-		logrus.Debugf("Ping %s status %d", url, resp.StatusCode)
+		logrus.Debugf("Ping %s status %d", url.Redacted(), resp.StatusCode)
 		if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized {
 			return httpResponseToError(resp, "")
 		}
@@ -762,14 +769,17 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error {
 		}
 		// best effort to understand if we're talking to a V1 registry
 		pingV1 := func(scheme string) bool {
-			url := fmt.Sprintf(resolvedPingV1URL, scheme, c.registry)
+			url, err := url.Parse(fmt.Sprintf(resolvedPingV1URL, scheme, c.registry))
+			if err != nil {
+				return false
+			}
 			resp, err := c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
 			if err != nil {
-				logrus.Debugf("Ping %s err %s (%#v)", url, err.Error(), err)
+				logrus.Debugf("Ping %s err %s (%#v)", url.Redacted(), err.Error(), err)
 				return false
 			}
 			defer resp.Body.Close()
-			logrus.Debugf("Ping %s status %d", url, resp.StatusCode)
+			logrus.Debugf("Ping %s status %d", url.Redacted(), resp.StatusCode)
 			if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized {
 				return false
 			}
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
index e7af8f93d5..e3275aa457 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
@@ -182,7 +182,7 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader,
 		// This error text should never be user-visible, we terminate only after makeRequestToResolvedURL
 		// returns, so there isn’t a way for the error text to be provided to any of our callers.
 		defer uploadReader.Terminate(errors.New("Reading data from an already terminated upload"))
-		res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPatch, uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil)
+		res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPatch, uploadLocation, map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil)
 		if err != nil {
 			logrus.Debugf("Error uploading layer chunked %v", err)
 			return nil, err
@@ -207,7 +207,7 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader,
 	locationQuery := uploadLocation.Query()
 	locationQuery.Set("digest", blobDigest.String())
 	uploadLocation.RawQuery = locationQuery.Encode()
-	res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPut, uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, nil, -1, v2Auth, nil)
+	res, err = d.c.makeRequestToResolvedURL(ctx, http.MethodPut, uploadLocation, map[string][]string{"Content-Type": {"application/octet-stream"}}, nil, -1, v2Auth, nil)
 	if err != nil {
 		return types.BlobInfo{}, err
 	}
@@ -257,9 +257,8 @@ func (d *dockerImageDestination) mountBlob(ctx context.Context, srcRepo referenc
 			"from":  {reference.Path(srcRepo)},
 		}.Encode(),
 	}
-	mountPath := u.String()
-	logrus.Debugf("Trying to mount %s", mountPath)
-	res, err := d.c.makeRequest(ctx, http.MethodPost, mountPath, nil, nil, v2Auth, extraScope)
+	logrus.Debugf("Trying to mount %s", u.Redacted())
+	res, err := d.c.makeRequest(ctx, http.MethodPost, u.String(), nil, nil, v2Auth, extraScope)
 	if err != nil {
 		return err
 	}
@@ -276,8 +275,8 @@ func (d *dockerImageDestination) mountBlob(ctx context.Context, srcRepo referenc
 		if err != nil {
 			return errors.Wrap(err, "determining upload URL after a mount attempt")
 		}
-		logrus.Debugf("... started an upload instead of mounting, trying to cancel at %s", uploadLocation.String())
-		res2, err := d.c.makeRequestToResolvedURL(ctx, http.MethodDelete, uploadLocation.String(), nil, nil, -1, v2Auth, extraScope)
+		logrus.Debugf("... started an upload instead of mounting, trying to cancel at %s", uploadLocation.Redacted())
+		res2, err := d.c.makeRequestToResolvedURL(ctx, http.MethodDelete, uploadLocation, nil, nil, -1, v2Auth, extraScope)
 		if err != nil {
 			logrus.Debugf("Error trying to cancel an inadvertent upload: %s", err)
 		} else {
@@ -600,9 +599,9 @@ func (d *dockerImageDestination) putOneSignature(url *url.URL, signature []byte)
 		return nil
 
 	case "http", "https":
-		return errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.String())
+		return errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.Redacted())
 	default:
-		return errors.Errorf("Unsupported scheme when writing signature to %s", url.String())
+		return errors.Errorf("Unsupported scheme when writing signature to %s", url.Redacted())
 	}
 }
 
@@ -620,9 +619,9 @@ func (c *dockerClient) deleteOneSignature(url *url.URL) (missing bool, err error
 		return false, err
 
 	case "http", "https":
-		return false, errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.String())
+		return false, errors.Errorf("Writing directly to a %s sigstore %s is not supported. Configure a sigstore-staging: location", url.Scheme, url.Redacted())
 	default:
-		return false, errors.Errorf("Unsupported scheme when deleting signature from %s", url.String())
+		return false, errors.Errorf("Unsupported scheme when deleting signature from %s", url.Redacted())
 	}
 }
 
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
index cb520d6705..c08e5538a1 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
@@ -253,13 +253,14 @@ func (s *dockerImageSource) getExternalBlob(ctx context.Context, urls []string)
 		return nil, 0, errors.New("internal error: getExternalBlob called with no URLs")
 	}
 	for _, u := range urls {
-		if u, err := url.Parse(u); err != nil || (u.Scheme != "http" && u.Scheme != "https") {
+		url, err := url.Parse(u)
+		if err != nil || (url.Scheme != "http" && url.Scheme != "https") {
 			continue // unsupported url. skip this url.
 		}
 		// NOTE: we must not authenticate on additional URLs as those
 		//       can be abused to leak credentials or tokens.  Please
 		//       refer to CVE-2020-15157 for more information.
-		resp, err = s.c.makeRequestToResolvedURL(ctx, http.MethodGet, u, nil, nil, -1, noAuth, nil)
+		resp, err = s.c.makeRequestToResolvedURL(ctx, http.MethodGet, url, nil, nil, -1, noAuth, nil)
 		if err == nil {
 			if resp.StatusCode != http.StatusOK {
 				err = errors.Errorf("error fetching external blob from %q: %d (%s)", u, resp.StatusCode, http.StatusText(resp.StatusCode))
@@ -524,7 +525,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
 		return sig, false, nil
 
 	case "http", "https":
-		logrus.Debugf("GET %s", url)
+		logrus.Debugf("GET %s", url.Redacted())
 		req, err := http.NewRequestWithContext(ctx, http.MethodGet, url.String(), nil)
 		if err != nil {
 			return nil, false, err
@@ -537,7 +538,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
 		if res.StatusCode == http.StatusNotFound {
 			return nil, true, nil
 		} else if res.StatusCode != http.StatusOK {
-			return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode))
+			return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.Redacted(), res.StatusCode, http.StatusText(res.StatusCode))
 		}
 		sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize)
 		if err != nil {
@@ -546,7 +547,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
 		return sig, false, nil
 
 	default:
-		return nil, false, errors.Errorf("Unsupported scheme when reading signature from %s", url.String())
+		return nil, false, errors.Errorf("Unsupported scheme when reading signature from %s", url.Redacted())
 	}
 }
 
diff --git a/vendor/github.com/containers/image/v5/docker/lookaside.go b/vendor/github.com/containers/image/v5/docker/lookaside.go
index 515e59327d..22d84931c8 100644
--- a/vendor/github.com/containers/image/v5/docker/lookaside.go
+++ b/vendor/github.com/containers/image/v5/docker/lookaside.go
@@ -82,7 +82,7 @@ func SignatureStorageBaseURL(sys *types.SystemContext, ref types.ImageReference,
 	} else {
 		// returns default directory if no sigstore specified in configuration file
 		url = builtinDefaultSignatureStorageDir(rootless.GetRootlessEUID())
-		logrus.Debugf(" No signature storage configuration found for %s, using built-in default %s", dr.PolicyConfigurationIdentity(), url.String())
+		logrus.Debugf(" No signature storage configuration found for %s, using built-in default %s", dr.PolicyConfigurationIdentity(), url.Redacted())
 	}
 	// NOTE: Keep this in sync with docs/signature-protocols.md!
 	// FIXME? Restrict to explicitly supported schemes?
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go
index c7c6cf6945..67612d800c 100644
--- a/vendor/github.com/containers/image/v5/openshift/openshift.go
+++ b/vendor/github.com/containers/image/v5/openshift/openshift.go
@@ -95,7 +95,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re
 		req.Header.Set("Content-Type", "application/json")
 	}
 
-	logrus.Debugf("%s %s", method, url.String())
+	logrus.Debugf("%s %s", method, url.Redacted())
 	res, err := c.httpClient.Do(req)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
index 7122e869fe..6909ea0a60 100644
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // defaultShortNameMode is the default mode of registries.conf files if the
@@ -315,11 +316,14 @@ func (c *shortNameAliasCache) updateWithConfigurationFrom(updates *shortNameAlia
 func loadShortNameAliasConf(confPath string) (*shortNameAliasConf, *shortNameAliasCache, error) {
 	conf := shortNameAliasConf{}
 
-	_, err := toml.DecodeFile(confPath, &conf)
+	meta, err := toml.DecodeFile(confPath, &conf)
 	if err != nil && !os.IsNotExist(err) {
 		// It's okay if the config doesn't exist.  Other errors are not.
 		return nil, nil, errors.Wrapf(err, "loading short-name aliases config file %q", confPath)
 	}
+	if keys := meta.Undecoded(); len(keys) > 0 {
+		logrus.Debugf("Failed to decode keys %q from %q", keys, confPath)
+	}
 
 	// Even if we don’t always need the cache, doing so validates the machine-generated config.  The
 	// file could still be corrupted by another process or user.
diff --git a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
index c8a603c4ef..c5df241b70 100644
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/system_registries_v2.go
@@ -43,6 +43,16 @@ const builtinRegistriesConfDirPath = "/etc/containers/registries.conf.d"
 // helper.
 const AuthenticationFileHelper = "containers-auth.json"
 
+const (
+	// configuration values for "pull-from-mirror"
+	// mirrors will be used for both digest pulls and tag pulls
+	MirrorAll = "all"
+	// mirrors will only be used for digest pulls
+	MirrorByDigestOnly = "digest-only"
+	// mirrors will only be used for tag pulls
+	MirrorByTagOnly = "tag-only"
+)
+
 // Endpoint describes a remote location of a registry.
 type Endpoint struct {
 	// The endpoint's remote location. Can be empty iff Prefix contains
@@ -53,6 +63,18 @@ type Endpoint struct {
 	// If true, certs verification will be skipped and HTTP (non-TLS)
 	// connections will be allowed.
 	Insecure bool `toml:"insecure,omitempty"`
+	// PullFromMirror is used for adding restrictions to image pull through the mirror.
+	// Set to "all", "digest-only", or "tag-only".
+	// If "digest-only"， mirrors will only be used for digest pulls. Pulling images by
+	// tag can potentially yield different images, depending on which endpoint
+	// we pull from.  Restricting mirrors to pulls by digest avoids that issue.
+	// If "tag-only", mirrors will only be used for tag pulls.  For a more up-to-date and expensive mirror
+	// that it is less likely to be out of sync if tags move, it should not be unnecessarily
+	// used for digest references.
+	// Default is "all" (or left empty), mirrors will be used for both digest pulls and tag pulls unless the mirror-by-digest-only is set for the primary registry.
+	// This can only be set in a registry's Mirror field, not in the registry's primary Endpoint.
+	// This per-mirror setting is allowed only when mirror-by-digest-only is not configured for the primary registry.
+	PullFromMirror string `toml:"pull-from-mirror,omitempty"`
 }
 
 // userRegistriesFile is the path to the per user registry configuration file.
@@ -115,7 +137,7 @@ type Registry struct {
 	Blocked bool `toml:"blocked,omitempty"`
 	// If true, mirrors will only be used for digest pulls. Pulling images by
 	// tag can potentially yield different images, depending on which endpoint
-	// we pull from.  Forcing digest-pulls for mirrors avoids that issue.
+	// we pull from.  Restricting mirrors to pulls by digest avoids that issue.
 	MirrorByDigestOnly bool `toml:"mirror-by-digest-only,omitempty"`
 }
 
@@ -130,17 +152,29 @@ type PullSource struct {
 // reference.
 func (r *Registry) PullSourcesFromReference(ref reference.Named) ([]PullSource, error) {
 	var endpoints []Endpoint
-
+	_, isDigested := ref.(reference.Canonical)
 	if r.MirrorByDigestOnly {
-		// Only use mirrors when the reference is a digest one.
-		if _, isDigested := ref.(reference.Canonical); isDigested {
-			endpoints = append(r.Mirrors, r.Endpoint)
-		} else {
-			endpoints = []Endpoint{r.Endpoint}
+		// Only use mirrors when the reference is a digested one.
+		if isDigested {
+			endpoints = append(endpoints, r.Mirrors...)
 		}
 	} else {
-		endpoints = append(r.Mirrors, r.Endpoint)
+		for _, mirror := range r.Mirrors {
+			// skip the mirror if per mirror setting exists but reference does not match the restriction
+			switch mirror.PullFromMirror {
+			case MirrorByDigestOnly:
+				if !isDigested {
+					continue
+				}
+			case MirrorByTagOnly:
+				if isDigested {
+					continue
+				}
+			}
+			endpoints = append(endpoints, mirror)
+		}
 	}
+	endpoints = append(endpoints, r.Endpoint)
 
 	sources := []PullSource{}
 	for _, ep := range endpoints {
@@ -374,6 +408,10 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
 			}
 		}
 
+		// validate the mirror usage settings does not apply to primary registry
+		if reg.PullFromMirror != "" {
+			return fmt.Errorf("pull-from-mirror must not be set for a non-mirror registry %q", reg.Prefix)
+		}
 		// make sure mirrors are valid
 		for _, mir := range reg.Mirrors {
 			mir.Location, err = parseLocation(mir.Location)
@@ -387,6 +425,14 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
 			if mir.Location == "" {
 				return &InvalidRegistries{s: "invalid condition: mirror location is unset"}
 			}
+
+			if reg.MirrorByDigestOnly && mir.PullFromMirror != "" {
+				return &InvalidRegistries{s: fmt.Sprintf("cannot set mirror usage mirror-by-digest-only for the registry (%q) and pull-from-mirror for per-mirror (%q) at the same time", reg.Prefix, mir.Location)}
+			}
+			if mir.PullFromMirror != "" && mir.PullFromMirror != MirrorAll &&
+				mir.PullFromMirror != MirrorByDigestOnly && mir.PullFromMirror != MirrorByTagOnly {
+				return &InvalidRegistries{s: fmt.Sprintf("unsupported pull-from-mirror value %q for mirror %q", mir.PullFromMirror, mir.Location)}
+			}
 		}
 		if reg.Location == "" {
 			regMap[reg.Prefix] = append(regMap[reg.Prefix], reg)
@@ -877,10 +923,13 @@ func loadConfigFile(path string, forceV2 bool) (*parsedConfig, error) {
 
 	// Load the tomlConfig. Note that `DecodeFile` will overwrite set fields.
 	var combinedTOML tomlConfig
-	_, err := toml.DecodeFile(path, &combinedTOML)
+	meta, err := toml.DecodeFile(path, &combinedTOML)
 	if err != nil {
 		return nil, err
 	}
+	if keys := meta.Undecoded(); len(keys) > 0 {
+		logrus.Debugf("Failed to decode keys %q from %q", keys, path)
+	}
 
 	if combinedTOML.V1RegistriesConf.Nonempty() {
 		// Enforce the v2 format if requested.
diff --git a/vendor/github.com/containers/image/v5/signature/mechanism.go b/vendor/github.com/containers/image/v5/signature/mechanism.go
index 9a32a43640..961246147a 100644
--- a/vendor/github.com/containers/image/v5/signature/mechanism.go
+++ b/vendor/github.com/containers/image/v5/signature/mechanism.go
@@ -13,6 +13,7 @@ import (
 	// code path, where cryptography is not relevant. For now, continue to
 	// use this frozen deprecated implementation. When mechanism_openpgp.go
 	// migrates to another implementation, this should migrate as well.
+	//lint:ignore SA1019 See above
 	"golang.org/x/crypto/openpgp" //nolint:staticcheck
 )
 
diff --git a/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go b/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
index 7a31425f19..ef4e70e7f2 100644
--- a/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
+++ b/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go
@@ -20,6 +20,7 @@ import (
 	// For this verify-only fallback, we haven't reviewed any of the
 	// existing alternatives to choose; so, for now, continue to
 	// use this frozen deprecated implementation.
+	//lint:ignore SA1019 See above
 	"golang.org/x/crypto/openpgp" //nolint:staticcheck
 )
 
diff --git a/vendor/github.com/containers/image/v5/storage/storage_image.go b/vendor/github.com/containers/image/v5/storage/storage_image.go
index bcb09c83ce..08ae042ac6 100644
--- a/vendor/github.com/containers/image/v5/storage/storage_image.go
+++ b/vendor/github.com/containers/image/v5/storage/storage_image.go
@@ -1197,21 +1197,13 @@ func (s *storageImageDestination) Commit(ctx context.Context, unparsedToplevel t
 		}
 		logrus.Debugf("saved image metadata %q", string(metadata))
 	}
-	// Set the reference's name on the image.  We don't need to worry about avoiding duplicate
-	// values because SetNames() will deduplicate the list that we pass to it.
-	if name := s.imageRef.DockerReference(); len(oldNames) > 0 || name != nil {
-		names := []string{}
-		if name != nil {
-			names = append(names, name.String())
+	// Adds the reference's name on the image.  We don't need to worry about avoiding duplicate
+	// values because AddNames() will deduplicate the list that we pass to it.
+	if name := s.imageRef.DockerReference(); name != nil {
+		if err := s.imageRef.transport.store.AddNames(img.ID, []string{name.String()}); err != nil {
+			return errors.Wrapf(err, "adding names %v to image %q", name, img.ID)
 		}
-		if len(oldNames) > 0 {
-			names = append(names, oldNames...)
-		}
-		if err := s.imageRef.transport.store.SetNames(img.ID, names); err != nil {
-			logrus.Debugf("error setting names %v on image %q: %v", names, img.ID, err)
-			return errors.Wrapf(err, "setting names %v on image %q", names, img.ID)
-		}
-		logrus.Debugf("set names of image %q to %v", img.ID, names)
+		logrus.Debugf("added name %q to image %q", name, img.ID)
 	}
 
 	commitSucceeded = true
diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go
index 30d772c30d..c928b87abd 100644
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -6,7 +6,7 @@ const (
 	// VersionMajor is for an API incompatible changes
 	VersionMajor = 5
 	// VersionMinor is for functionality in a backwards-compatible manner
-	VersionMinor = 20
+	VersionMinor = 21
 	// VersionPatch is for backwards-compatible bug fixes
 	VersionPatch = 0
 
diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml
index 726acc3aef..28ad751a72 100644
--- a/vendor/github.com/containers/storage/.cirrus.yml
+++ b/vendor/github.com/containers/storage/.cirrus.yml
@@ -24,10 +24,10 @@ env:
     # GCE project where images live
     IMAGE_PROJECT: "libpod-218412"
     # VM Image built in containers/automation_images
-    _BUILT_IMAGE_SUFFIX: "c6431352024203264"
-    FEDORA_CACHE_IMAGE_NAME: "fedora-${_BUILT_IMAGE_SUFFIX}"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${_BUILT_IMAGE_SUFFIX}"
-    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${_BUILT_IMAGE_SUFFIX}"
+    IMAGE_SUFFIX: "c4512539143831552"
+    FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
+    PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
+    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
 
     ####
     #### Command variables to help avoid duplication
@@ -132,7 +132,7 @@ lint_task:
 meta_task:
 
     container:
-        image: "quay.io/libpod/imgts:${_BUILT_IMAGE_SUFFIX}"
+        image: "quay.io/libpod/imgts:${IMAGE_SUFFIX}"
         cpu: 1
         memory: 1
 
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index 5edffce6d5..79833f2ce5 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.39.0
+1.39.0+dev
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 4da8384afe..c44fb5e0e6 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -18,9 +18,9 @@ require (
 	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
 	github.com/moby/sys/mountinfo v0.6.0
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/runc v1.1.0
+	github.com/opencontainers/runc v1.1.1
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
-	github.com/opencontainers/selinux v1.10.0
+	github.com/opencontainers/selinux v1.10.1
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.1
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index b995da734f..0a17af991e 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -520,8 +520,8 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h
 github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
 github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
-github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
+github.com/opencontainers/runc v1.1.1 h1:PJ9DSs2sVwE0iVr++pAHE6QkS9tzcVWozlPifdwMgrU=
+github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -533,8 +533,9 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
+github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
diff --git a/vendor/github.com/containers/storage/pkg/idtools/idtools.go b/vendor/github.com/containers/storage/pkg/idtools/idtools.go
index a19ba288b4..7c8f4d10c2 100644
--- a/vendor/github.com/containers/storage/pkg/idtools/idtools.go
+++ b/vendor/github.com/containers/storage/pkg/idtools/idtools.go
@@ -190,7 +190,6 @@ func (i *IDMappings) RootPair() IDPair {
 }
 
 // ToHost returns the host UID and GID for the container uid, gid.
-// Remapping is only performed if the ids aren't already the remapped root ids
 func (i *IDMappings) ToHost(pair IDPair) (IDPair, error) {
 	var err error
 	var target IDPair
diff --git a/vendor/github.com/godbus/dbus/v5/auth.go b/vendor/github.com/godbus/dbus/v5/auth.go
index a59b4c0eb7..0f3b252c07 100644
--- a/vendor/github.com/godbus/dbus/v5/auth.go
+++ b/vendor/github.com/godbus/dbus/v5/auth.go
@@ -176,9 +176,10 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo
 					return err, false
 				}
 				state = waitingForReject
+			} else {
+				conn.uuid = string(s[1])
+				return nil, true
 			}
-			conn.uuid = string(s[1])
-			return nil, true
 		case state == waitingForData:
 			err = authWriteLine(conn.transport, []byte("ERROR"))
 			if err != nil {
@@ -191,9 +192,10 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo
 					return err, false
 				}
 				state = waitingForReject
+			} else {
+				conn.uuid = string(s[1])
+				return nil, true
 			}
-			conn.uuid = string(s[1])
-			return nil, true
 		case state == waitingForOk && string(s[0]) == "DATA":
 			err = authWriteLine(conn.transport, []byte("DATA"))
 			if err != nil {
diff --git a/vendor/github.com/godbus/dbus/v5/conn.go b/vendor/github.com/godbus/dbus/v5/conn.go
index 76fc5cde3d..69978ea26a 100644
--- a/vendor/github.com/godbus/dbus/v5/conn.go
+++ b/vendor/github.com/godbus/dbus/v5/conn.go
@@ -169,7 +169,7 @@ func Connect(address string, opts ...ConnOption) (*Conn, error) {
 
 // SystemBusPrivate returns a new private connection to the system bus.
 // Note: this connection is not ready to use. One must perform Auth and Hello
-// on the connection before it is useable.
+// on the connection before it is usable.
 func SystemBusPrivate(opts ...ConnOption) (*Conn, error) {
 	return Dial(getSystemBusPlatformAddress(), opts...)
 }
@@ -284,10 +284,6 @@ func newConn(tr transport, opts ...ConnOption) (*Conn, error) {
 		conn.ctx = context.Background()
 	}
 	conn.ctx, conn.cancelCtx = context.WithCancel(conn.ctx)
-	go func() {
-		<-conn.ctx.Done()
-		conn.Close()
-	}()
 
 	conn.calls = newCallTracker()
 	if conn.handler == nil {
@@ -302,6 +298,11 @@ func newConn(tr transport, opts ...ConnOption) (*Conn, error) {
 	conn.outHandler = &outputHandler{conn: conn}
 	conn.names = newNameTracker()
 	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
+
+	go func() {
+		<-conn.ctx.Done()
+		conn.Close()
+	}()
 	return conn, nil
 }
 
@@ -550,6 +551,11 @@ func (conn *Conn) send(ctx context.Context, msg *Message, ch chan *Call) *Call {
 		call.ctx = ctx
 		call.ctxCanceler = canceler
 		conn.calls.track(msg.serial, call)
+		if ctx.Err() != nil {
+			// short path: don't even send the message if context already cancelled
+			conn.calls.handleSendError(msg, ctx.Err())
+			return call
+		}
 		go func() {
 			<-ctx.Done()
 			conn.calls.handleSendError(msg, ctx.Err())
@@ -649,7 +655,9 @@ func (conn *Conn) RemoveMatchSignalContext(ctx context.Context, options ...Match
 
 // Signal registers the given channel to be passed all received signal messages.
 //
-// Multiple of these channels can be registered at the same time.
+// Multiple of these channels can be registered at the same time. The channel is
+// closed if the Conn is closed; it should not be closed by the caller before
+// RemoveSignal was called on it.
 //
 // These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
 // channel for eavesdropped messages, this channel receives all signals, and
@@ -765,7 +773,12 @@ func getKey(s, key string) string {
 	for _, keyEqualsValue := range strings.Split(s, ",") {
 		keyValue := strings.SplitN(keyEqualsValue, "=", 2)
 		if len(keyValue) == 2 && keyValue[0] == key {
-			return keyValue[1]
+			val, err := UnescapeBusAddressValue(keyValue[1])
+			if err != nil {
+				// No way to return an error.
+				return ""
+			}
+			return val
 		}
 	}
 	return ""
diff --git a/vendor/github.com/godbus/dbus/v5/conn_other.go b/vendor/github.com/godbus/dbus/v5/conn_other.go
index 616dcf6644..90289ca85a 100644
--- a/vendor/github.com/godbus/dbus/v5/conn_other.go
+++ b/vendor/github.com/godbus/dbus/v5/conn_other.go
@@ -54,7 +54,7 @@ func tryDiscoverDbusSessionBusAddress() string {
 		if runUserBusFile := path.Join(runtimeDirectory, "bus"); fileExists(runUserBusFile) {
 			// if /run/user/<uid>/bus exists, that file itself
 			// *is* the unix socket, so return its path
-			return fmt.Sprintf("unix:path=%s", runUserBusFile)
+			return fmt.Sprintf("unix:path=%s", EscapeBusAddressValue(runUserBusFile))
 		}
 		if runUserSessionDbusFile := path.Join(runtimeDirectory, "dbus-session"); fileExists(runUserSessionDbusFile) {
 			// if /run/user/<uid>/dbus-session exists, it's a
@@ -85,9 +85,6 @@ func getRuntimeDirectory() (string, error) {
 }
 
 func fileExists(filename string) bool {
-	if _, err := os.Stat(filename); !os.IsNotExist(err) {
-		return true
-	} else {
-		return false
-	}
+	_, err := os.Stat(filename)
+	return !os.IsNotExist(err)
 }
diff --git a/vendor/github.com/godbus/dbus/v5/dbus.go b/vendor/github.com/godbus/dbus/v5/dbus.go
index ddf3b7afde..c188d10485 100644
--- a/vendor/github.com/godbus/dbus/v5/dbus.go
+++ b/vendor/github.com/godbus/dbus/v5/dbus.go
@@ -122,8 +122,11 @@ func isConvertibleTo(dest, src reflect.Type) bool {
 	case dest.Kind() == reflect.Slice:
 		return src.Kind() == reflect.Slice &&
 			isConvertibleTo(dest.Elem(), src.Elem())
+	case dest.Kind() == reflect.Ptr:
+		dest = dest.Elem()
+		return isConvertibleTo(dest, src)
 	case dest.Kind() == reflect.Struct:
-		return src == interfacesType
+		return src == interfacesType || dest.Kind() == src.Kind()
 	default:
 		return src.ConvertibleTo(dest)
 	}
@@ -274,13 +277,8 @@ func storeSliceIntoInterface(dest, src reflect.Value) error {
 func storeSliceIntoSlice(dest, src reflect.Value) error {
 	if dest.IsNil() || dest.Len() < src.Len() {
 		dest.Set(reflect.MakeSlice(dest.Type(), src.Len(), src.Cap()))
-	}
-	if dest.Len() != src.Len() {
-		return fmt.Errorf(
-			"dbus.Store: type mismatch: "+
-				"slices are different lengths "+
-				"need: %d have: %d",
-			src.Len(), dest.Len())
+	} else if dest.Len() > src.Len() {
+		dest.Set(dest.Slice(0, src.Len()))
 	}
 	for i := 0; i < src.Len(); i++ {
 		err := store(dest.Index(i), getVariantValue(src.Index(i)))
diff --git a/vendor/github.com/godbus/dbus/v5/doc.go b/vendor/github.com/godbus/dbus/v5/doc.go
index ade1df951c..8f25a00d61 100644
--- a/vendor/github.com/godbus/dbus/v5/doc.go
+++ b/vendor/github.com/godbus/dbus/v5/doc.go
@@ -10,8 +10,10 @@ value.
 Conversion Rules
 
 For outgoing messages, Go types are automatically converted to the
-corresponding D-Bus types. The following types are directly encoded as their
-respective D-Bus equivalents:
+corresponding D-Bus types. See the official specification at
+https://dbus.freedesktop.org/doc/dbus-specification.html#type-system for more
+information on the D-Bus type system. The following types are directly encoded
+as their respective D-Bus equivalents:
 
      Go type     | D-Bus type
      ------------+-----------
@@ -39,8 +41,8 @@ Maps encode as DICTs, provided that their key type can be used as a key for
 a DICT.
 
 Structs other than Variant and Signature encode as a STRUCT containing their
-exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
-be skipped.
+exported fields in order. Fields whose tags contain `dbus:"-"` and unexported
+fields will be skipped.
 
 Pointers encode as the value they're pointed to.
 
diff --git a/vendor/github.com/godbus/dbus/v5/escape.go b/vendor/github.com/godbus/dbus/v5/escape.go
new file mode 100644
index 0000000000..d1509d9458
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/escape.go
@@ -0,0 +1,84 @@
+package dbus
+
+import "net/url"
+
+// EscapeBusAddressValue implements a requirement to escape the values
+// in D-Bus server addresses, as defined by the D-Bus specification at
+// https://dbus.freedesktop.org/doc/dbus-specification.html#addresses.
+func EscapeBusAddressValue(val string) string {
+	toEsc := strNeedsEscape(val)
+	if toEsc == 0 {
+		// Avoid unneeded allocation/copying.
+		return val
+	}
+
+	// Avoid allocation for short paths.
+	var buf [64]byte
+	var out []byte
+	// Every to-be-escaped byte needs 2 extra bytes.
+	required := len(val) + 2*toEsc
+	if required <= len(buf) {
+		out = buf[:required]
+	} else {
+		out = make([]byte, required)
+	}
+
+	j := 0
+	for i := 0; i < len(val); i++ {
+		if ch := val[i]; needsEscape(ch) {
+			// Convert ch to %xx, where xx is hex value.
+			out[j] = '%'
+			out[j+1] = hexchar(ch >> 4)
+			out[j+2] = hexchar(ch & 0x0F)
+			j += 3
+		} else {
+			out[j] = ch
+			j++
+		}
+	}
+
+	return string(out)
+}
+
+// UnescapeBusAddressValue unescapes values in D-Bus server addresses,
+// as defined by the D-Bus specification at
+// https://dbus.freedesktop.org/doc/dbus-specification.html#addresses.
+func UnescapeBusAddressValue(val string) (string, error) {
+	// Looks like url.PathUnescape does exactly what is required.
+	return url.PathUnescape(val)
+}
+
+// hexchar returns an octal representation of a n, where n < 16.
+// For invalid values of n, the function panics.
+func hexchar(n byte) byte {
+	const hex = "0123456789abcdef"
+
+	// For n >= len(hex), runtime will panic.
+	return hex[n]
+}
+
+// needsEscape tells if a byte is NOT one of optionally-escaped bytes.
+func needsEscape(c byte) bool {
+	if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
+		return false
+	}
+	switch c {
+	case '-', '_', '/', '\\', '.', '*':
+		return false
+	}
+
+	return true
+}
+
+// strNeedsEscape tells how many bytes in the string need escaping.
+func strNeedsEscape(val string) int {
+	count := 0
+
+	for i := 0; i < len(val); i++ {
+		if needsEscape(val[i]) {
+			count++
+		}
+	}
+
+	return count
+}
diff --git a/vendor/github.com/godbus/dbus/v5/export.go b/vendor/github.com/godbus/dbus/v5/export.go
index 522334715b..d3dd9f7cd6 100644
--- a/vendor/github.com/godbus/dbus/v5/export.go
+++ b/vendor/github.com/godbus/dbus/v5/export.go
@@ -3,6 +3,7 @@ package dbus
 import (
 	"errors"
 	"fmt"
+	"os"
 	"reflect"
 	"strings"
 )
@@ -209,28 +210,23 @@ func (conn *Conn) handleCall(msg *Message) {
 		}
 		reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
 
-		conn.sendMessageAndIfClosed(reply, nil)
+		if err := reply.IsValid(); err != nil {
+			fmt.Fprintf(os.Stderr, "dbus: dropping invalid reply to %s.%s on obj %s: %s\n", ifaceName, name, path, err)
+		} else {
+			conn.sendMessageAndIfClosed(reply, nil)
+		}
 	}
 }
 
 // Emit emits the given signal on the message bus. The name parameter must be
 // formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
 func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
-	if !path.IsValid() {
-		return errors.New("dbus: invalid object path")
-	}
 	i := strings.LastIndex(name, ".")
 	if i == -1 {
 		return errors.New("dbus: invalid method name")
 	}
 	iface := name[:i]
 	member := name[i+1:]
-	if !isValidMember(member) {
-		return errors.New("dbus: invalid method name")
-	}
-	if !isValidInterface(iface) {
-		return errors.New("dbus: invalid interface name")
-	}
 	msg := new(Message)
 	msg.Type = TypeSignal
 	msg.Headers = make(map[HeaderField]Variant)
@@ -241,6 +237,9 @@ func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) erro
 	if len(values) > 0 {
 		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
 	}
+	if err := msg.IsValid(); err != nil {
+		return err
+	}
 
 	var closed bool
 	conn.sendMessageAndIfClosed(msg, func() {
diff --git a/vendor/github.com/godbus/dbus/v5/homedir.go b/vendor/github.com/godbus/dbus/v5/homedir.go
index 0b745f9313..c44d9b5fc2 100644
--- a/vendor/github.com/godbus/dbus/v5/homedir.go
+++ b/vendor/github.com/godbus/dbus/v5/homedir.go
@@ -2,27 +2,24 @@ package dbus
 
 import (
 	"os"
-	"sync"
-)
-
-var (
-	homeDir     string
-	homeDirLock sync.Mutex
+	"os/user"
 )
 
+// Get returns the home directory of the current user, which is usually the
+// value of HOME environment variable. In case it is not set or empty, os/user
+// package is used.
+//
+// If linking statically with cgo enabled against glibc, make sure the
+// osusergo build tag is used.
+//
+// If needing to do nss lookups, do not disable cgo or set osusergo.
 func getHomeDir() string {
-	homeDirLock.Lock()
-	defer homeDirLock.Unlock()
-
+	homeDir := os.Getenv("HOME")
 	if homeDir != "" {
 		return homeDir
 	}
-
-	homeDir = os.Getenv("HOME")
-	if homeDir != "" {
-		return homeDir
+	if u, err := user.Current(); err == nil {
+		return u.HomeDir
 	}
-
-	homeDir = lookupHomeDir()
-	return homeDir
+	return "/"
 }
diff --git a/vendor/github.com/godbus/dbus/v5/homedir_dynamic.go b/vendor/github.com/godbus/dbus/v5/homedir_dynamic.go
deleted file mode 100644
index 2732081e73..0000000000
--- a/vendor/github.com/godbus/dbus/v5/homedir_dynamic.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// +build !static_build
-
-package dbus
-
-import (
-	"os/user"
-)
-
-func lookupHomeDir() string {
-	u, err := user.Current()
-	if err != nil {
-		return "/"
-	}
-	return u.HomeDir
-}
diff --git a/vendor/github.com/godbus/dbus/v5/homedir_static.go b/vendor/github.com/godbus/dbus/v5/homedir_static.go
deleted file mode 100644
index b9d9cb5525..0000000000
--- a/vendor/github.com/godbus/dbus/v5/homedir_static.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// +build static_build
-
-package dbus
-
-import (
-	"bufio"
-	"os"
-	"strconv"
-	"strings"
-)
-
-func lookupHomeDir() string {
-	myUid := os.Getuid()
-
-	f, err := os.Open("/etc/passwd")
-	if err != nil {
-		return "/"
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			break
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
-			continue
-		}
-
-		parts := strings.Split(line, ":")
-
-		if len(parts) >= 6 {
-			uid, err := strconv.Atoi(parts[2])
-			if err == nil && uid == myUid {
-				return parts[5]
-			}
-		}
-	}
-
-	// Default to / if we can't get a better value
-	return "/"
-}
diff --git a/vendor/github.com/godbus/dbus/v5/message.go b/vendor/github.com/godbus/dbus/v5/message.go
index 16693eb301..bdf43fdd6e 100644
--- a/vendor/github.com/godbus/dbus/v5/message.go
+++ b/vendor/github.com/godbus/dbus/v5/message.go
@@ -208,7 +208,7 @@ func DecodeMessageWithFDs(rd io.Reader, fds []int) (msg *Message, err error) {
 // The possibly returned error can be an error of the underlying reader, an
 // InvalidMessageError or a FormatError.
 func DecodeMessage(rd io.Reader) (msg *Message, err error) {
-	return DecodeMessageWithFDs(rd, make([]int, 0));
+	return DecodeMessageWithFDs(rd, make([]int, 0))
 }
 
 type nullwriter struct{}
@@ -227,8 +227,8 @@ func (msg *Message) CountFds() (int, error) {
 }
 
 func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds []int, err error) {
-	if err := msg.IsValid(); err != nil {
-		return make([]int, 0), err
+	if err := msg.validateHeader(); err != nil {
+		return nil, err
 	}
 	var vs [7]interface{}
 	switch order {
@@ -237,7 +237,7 @@ func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds
 	case binary.BigEndian:
 		vs[0] = byte('B')
 	default:
-		return make([]int, 0), errors.New("dbus: invalid byte order")
+		return nil, errors.New("dbus: invalid byte order")
 	}
 	body := new(bytes.Buffer)
 	fds = make([]int, 0)
@@ -284,8 +284,13 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) (err error)
 }
 
 // IsValid checks whether msg is a valid message and returns an
-// InvalidMessageError if it is not.
+// InvalidMessageError or FormatError if it is not.
 func (msg *Message) IsValid() error {
+	var b bytes.Buffer
+	return msg.EncodeTo(&b, nativeEndian)
+}
+
+func (msg *Message) validateHeader() error {
 	if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected|FlagAllowInteractiveAuthorization) != 0 {
 		return InvalidMessageError("invalid flags")
 	}
@@ -330,6 +335,7 @@ func (msg *Message) IsValid() error {
 			return InvalidMessageError("missing signature")
 		}
 	}
+
 	return nil
 }
 
diff --git a/vendor/github.com/godbus/dbus/v5/server_interfaces.go b/vendor/github.com/godbus/dbus/v5/server_interfaces.go
index 79d97edf3e..e4e0389fdf 100644
--- a/vendor/github.com/godbus/dbus/v5/server_interfaces.go
+++ b/vendor/github.com/godbus/dbus/v5/server_interfaces.go
@@ -63,7 +63,7 @@ type Method interface {
 // any other decoding scheme.
 type ArgumentDecoder interface {
 	// To decode the arguments of a method the sender and message are
-	// provided incase the semantics of the implementer provides access
+	// provided in case the semantics of the implementer provides access
 	// to these as part of the method invocation.
 	DecodeArguments(conn *Conn, sender string, msg *Message, args []interface{}) ([]interface{}, error)
 }
diff --git a/vendor/github.com/godbus/dbus/v5/sig.go b/vendor/github.com/godbus/dbus/v5/sig.go
index 41a0398129..6b9cadb5fb 100644
--- a/vendor/github.com/godbus/dbus/v5/sig.go
+++ b/vendor/github.com/godbus/dbus/v5/sig.go
@@ -102,7 +102,7 @@ func getSignature(t reflect.Type, depth *depthCounter) (sig string) {
 			}
 		}
 		if len(s) == 0 {
-			panic("empty struct")
+			panic(InvalidTypeError{t})
 		}
 		return "(" + s + ")"
 	case reflect.Array, reflect.Slice:
diff --git a/vendor/github.com/godbus/dbus/v5/transport_unix.go b/vendor/github.com/godbus/dbus/v5/transport_unix.go
index 2212e7fa7f..0a8c712ebd 100644
--- a/vendor/github.com/godbus/dbus/v5/transport_unix.go
+++ b/vendor/github.com/godbus/dbus/v5/transport_unix.go
@@ -154,17 +154,15 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 		// substitute the values in the message body (which are indices for the
 		// array receiver via OOB) with the actual values
 		for i, v := range msg.Body {
-			switch v.(type) {
+			switch index := v.(type) {
 			case UnixFDIndex:
-				j := v.(UnixFDIndex)
-				if uint32(j) >= unixfds {
+				if uint32(index) >= unixfds {
 					return nil, InvalidMessageError("invalid index for unix fd")
 				}
-				msg.Body[i] = UnixFD(fds[j])
+				msg.Body[i] = UnixFD(fds[index])
 			case []UnixFDIndex:
-				idxArray := v.([]UnixFDIndex)
-				fdArray := make([]UnixFD, len(idxArray))
-				for k, j := range idxArray {
+				fdArray := make([]UnixFD, len(index))
+				for k, j := range index {
 					if uint32(j) >= unixfds {
 						return nil, InvalidMessageError("invalid index for unix fd")
 					}
diff --git a/vendor/github.com/godbus/dbus/v5/transport_zos.go b/vendor/github.com/godbus/dbus/v5/transport_zos.go
new file mode 100644
index 0000000000..1bba0d6bf7
--- /dev/null
+++ b/vendor/github.com/godbus/dbus/v5/transport_zos.go
@@ -0,0 +1,6 @@
+package dbus
+
+func (t *unixTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
diff --git a/vendor/github.com/godbus/dbus/v5/variant.go b/vendor/github.com/godbus/dbus/v5/variant.go
index f1e81f3ede..ca3dbe16a4 100644
--- a/vendor/github.com/godbus/dbus/v5/variant.go
+++ b/vendor/github.com/godbus/dbus/v5/variant.go
@@ -49,7 +49,7 @@ func ParseVariant(s string, sig Signature) (Variant, error) {
 }
 
 // format returns a formatted version of v and whether this string can be parsed
-// unambigously.
+// unambiguously.
 func (v Variant) format() (string, bool) {
 	switch v.sig.str[0] {
 	case 'b', 'i':
diff --git a/vendor/github.com/sylabs/sif/v2/pkg/sif/arch.go b/vendor/github.com/sylabs/sif/v2/pkg/sif/arch.go
index d7acbb6944..d6f667378a 100644
--- a/vendor/github.com/sylabs/sif/v2/pkg/sif/arch.go
+++ b/vendor/github.com/sylabs/sif/v2/pkg/sif/arch.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2021, Sylabs Inc. All rights reserved.
+// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -18,6 +18,7 @@ var (
 	hdrArchMIPS64   archType = [...]byte{'0', '9', '\x00'}
 	hdrArchMIPS64le archType = [...]byte{'1', '0', '\x00'}
 	hdrArchS390x    archType = [...]byte{'1', '1', '\x00'}
+	hdrArchRISCV64  archType = [...]byte{'1', '2', '\x00'}
 )
 
 type archType [3]byte
@@ -36,6 +37,7 @@ func getSIFArch(arch string) archType {
 		"mips64":   hdrArchMIPS64,
 		"mips64le": hdrArchMIPS64le,
 		"s390x":    hdrArchS390x,
+		"riscv64":  hdrArchRISCV64,
 	}
 
 	t, ok := archMap[arch]
@@ -59,6 +61,7 @@ func (t archType) GoArch() string {
 		hdrArchMIPS64:   "mips64",
 		hdrArchMIPS64le: "mips64le",
 		hdrArchS390x:    "s390x",
+		hdrArchRISCV64:  "riscv64",
 	}
 
 	arch, ok := archMap[t]
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
index 1dadead21e..884430b810 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -194,3 +194,26 @@ func ioctlIfreqData(fd int, req uint, value *ifreqData) error {
 	// identical so pass *IfreqData directly.
 	return ioctlPtr(fd, req, unsafe.Pointer(value))
 }
+
+// IoctlKCMClone attaches a new file descriptor to a multiplexor by cloning an
+// existing KCM socket, returning a structure containing the file descriptor of
+// the new socket.
+func IoctlKCMClone(fd int) (*KCMClone, error) {
+	var info KCMClone
+	if err := ioctlPtr(fd, SIOCKCMCLONE, unsafe.Pointer(&info)); err != nil {
+		return nil, err
+	}
+
+	return &info, nil
+}
+
+// IoctlKCMAttach attaches a TCP socket and associated BPF program file
+// descriptor to a multiplexor.
+func IoctlKCMAttach(fd int, info KCMAttach) error {
+	return ioctlPtr(fd, SIOCKCMATTACH, unsafe.Pointer(&info))
+}
+
+// IoctlKCMUnattach unattaches a TCP socket file descriptor from a multiplexor.
+func IoctlKCMUnattach(fd int, info KCMUnattach) error {
+	return ioctlPtr(fd, SIOCKCMUNATTACH, unsafe.Pointer(&info))
+}
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index a47b035f9a..a037087481 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -205,6 +205,7 @@ struct ltchars {
 #include <linux/bpf.h>
 #include <linux/can.h>
 #include <linux/can/error.h>
+#include <linux/can/netlink.h>
 #include <linux/can/raw.h>
 #include <linux/capability.h>
 #include <linux/cryptouser.h>
@@ -231,6 +232,7 @@ struct ltchars {
 #include <linux/if_packet.h>
 #include <linux/if_xdp.h>
 #include <linux/input.h>
+#include <linux/kcm.h>
 #include <linux/kexec.h>
 #include <linux/keyctl.h>
 #include <linux/landlock.h>
@@ -503,6 +505,7 @@ ccflags="$@"
 		$2 ~ /^O?XTABS$/ ||
 		$2 ~ /^TC[IO](ON|OFF)$/ ||
 		$2 ~ /^IN_/ ||
+		$2 ~ /^KCM/ ||
 		$2 ~ /^LANDLOCK_/ ||
 		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
 		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
@@ -597,6 +600,7 @@ ccflags="$@"
 		$2 ~ /^DEVLINK_/ ||
 		$2 ~ /^ETHTOOL_/ ||
 		$2 ~ /^LWTUNNEL_IP/ ||
+		$2 ~ /^ITIMER_/ ||
 		$2 !~ "WMESGLEN" &&
 		$2 ~ /^W[A-Z0-9]+$/ ||
 		$2 ~/^PPPIOC/ ||
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index f432b0684b..5f28f8fded 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -14,6 +14,7 @@ package unix
 import (
 	"encoding/binary"
 	"syscall"
+	"time"
 	"unsafe"
 )
 
@@ -249,6 +250,13 @@ func Getwd() (wd string, err error) {
 	if n < 1 || n > len(buf) || buf[n-1] != 0 {
 		return "", EINVAL
 	}
+	// In some cases, Linux can return a path that starts with the
+	// "(unreachable)" prefix, which can potentially be a valid relative
+	// path. To work around that, return ENOENT if path is not absolute.
+	if buf[0] != '/' {
+		return "", ENOENT
+	}
+
 	return string(buf[0 : n-1]), nil
 }
 
@@ -2314,11 +2322,56 @@ type RemoteIovec struct {
 //sys	shmdt(addr uintptr) (err error)
 //sys	shmget(key int, size int, flag int) (id int, err error)
 
+//sys	getitimer(which int, currValue *Itimerval) (err error)
+//sys	setitimer(which int, newValue *Itimerval, oldValue *Itimerval) (err error)
+
+// MakeItimerval creates an Itimerval from interval and value durations.
+func MakeItimerval(interval, value time.Duration) Itimerval {
+	return Itimerval{
+		Interval: NsecToTimeval(interval.Nanoseconds()),
+		Value:    NsecToTimeval(value.Nanoseconds()),
+	}
+}
+
+// A value which may be passed to the which parameter for Getitimer and
+// Setitimer.
+type ItimerWhich int
+
+// Possible which values for Getitimer and Setitimer.
+const (
+	ItimerReal    ItimerWhich = ITIMER_REAL
+	ItimerVirtual ItimerWhich = ITIMER_VIRTUAL
+	ItimerProf    ItimerWhich = ITIMER_PROF
+)
+
+// Getitimer wraps getitimer(2) to return the current value of the timer
+// specified by which.
+func Getitimer(which ItimerWhich) (Itimerval, error) {
+	var it Itimerval
+	if err := getitimer(int(which), &it); err != nil {
+		return Itimerval{}, err
+	}
+
+	return it, nil
+}
+
+// Setitimer wraps setitimer(2) to arm or disarm the timer specified by which.
+// It returns the previous value of the timer.
+//
+// If the Itimerval argument is the zero value, the timer will be disarmed.
+func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) {
+	var prev Itimerval
+	if err := setitimer(int(which), &it, &prev); err != nil {
+		return Itimerval{}, err
+	}
+
+	return prev, nil
+}
+
 /*
  * Unimplemented
  */
 // AfsSyscall
-// Alarm
 // ArchPrctl
 // Brk
 // ClockNanosleep
@@ -2334,7 +2387,6 @@ type RemoteIovec struct {
 // GetMempolicy
 // GetRobustList
 // GetThreadArea
-// Getitimer
 // Getpmsg
 // IoCancel
 // IoDestroy
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index 5f757e8aa7..d44b8ad533 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -173,14 +173,6 @@ const (
 	_SENDMMSG    = 20
 )
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	fd, e := socketcall(_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0)
-	if e != 0 {
-		err = e
-	}
-	return
-}
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	fd, e := socketcall(_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	if e != 0 {
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
new file mode 100644
index 0000000000..08086ac6a4
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -0,0 +1,14 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
+// +build linux
+// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
+
+package unix
+
+// SYS_ALARM is not defined on arm or riscv, but is available for other GOARCH
+// values.
+
+//sys	Alarm(seconds uint) (remaining uint, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 4299125aa7..bd21d93bf8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -62,7 +62,6 @@ func Stat(path string, stat *Stat_t) (err error) {
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index 79edeb9cb1..343c91f6b3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -27,7 +27,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
 	return newoffset, nil
 }
 
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index 862890de29..8c56286848 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -66,7 +66,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 	return ENOSYS
 }
 
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 8932e34ad2..f0b138002c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -48,7 +48,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index 7821c25d9f..e6163c30fe 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -41,7 +41,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr,
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
 //sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index c5053a0f03..4740e80a8e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -43,7 +43,6 @@ import (
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
 //sys	Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 25786c4216..78bc9166ef 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -45,7 +45,6 @@ package unix
 //sys	Statfs(path string, buf *Statfs_t) (err error)
 //sys	Truncate(path string, length int64) (err error)
 //sys	Ustat(dev int, ubuf *Ustat_t) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 6f9f710414..3d6c4eb068 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -65,7 +65,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 	return ENOSYS
 }
 
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 6aa59cb270..89ce84a416 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -145,15 +145,6 @@ const (
 	netSendMMsg    = 20
 )
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (int, error) {
-	args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))}
-	fd, _, err := Syscall(SYS_SOCKETCALL, netAccept, uintptr(unsafe.Pointer(&args)), 0)
-	if err != 0 {
-		return 0, err
-	}
-	return int(fd), nil
-}
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (int, error) {
 	args := [4]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags)}
 	fd, _, err := Syscall(SYS_SOCKETCALL, netAccept4, uintptr(unsafe.Pointer(&args)), 0)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index bbe8d174f8..35bdb098c5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -42,7 +42,6 @@ package unix
 //sys	Statfs(path string, buf *Statfs_t) (err error)
 //sys	SyncFileRange(fd int, off int64, n int64, flags int) (err error)
 //sys	Truncate(path string, length int64) (err error)
-//sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
 //sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 4e54205861..bc7c9d0755 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -38,7 +38,8 @@ const (
 	AF_KEY                                      = 0xf
 	AF_LLC                                      = 0x1a
 	AF_LOCAL                                    = 0x1
-	AF_MAX                                      = 0x2d
+	AF_MAX                                      = 0x2e
+	AF_MCTP                                     = 0x2d
 	AF_MPLS                                     = 0x1c
 	AF_NETBEUI                                  = 0xd
 	AF_NETLINK                                  = 0x10
@@ -259,6 +260,17 @@ const (
 	BUS_USB                                     = 0x3
 	BUS_VIRTUAL                                 = 0x6
 	CAN_BCM                                     = 0x2
+	CAN_CTRLMODE_3_SAMPLES                      = 0x4
+	CAN_CTRLMODE_BERR_REPORTING                 = 0x10
+	CAN_CTRLMODE_CC_LEN8_DLC                    = 0x100
+	CAN_CTRLMODE_FD                             = 0x20
+	CAN_CTRLMODE_FD_NON_ISO                     = 0x80
+	CAN_CTRLMODE_LISTENONLY                     = 0x2
+	CAN_CTRLMODE_LOOPBACK                       = 0x1
+	CAN_CTRLMODE_ONE_SHOT                       = 0x8
+	CAN_CTRLMODE_PRESUME_ACK                    = 0x40
+	CAN_CTRLMODE_TDC_AUTO                       = 0x200
+	CAN_CTRLMODE_TDC_MANUAL                     = 0x400
 	CAN_EFF_FLAG                                = 0x80000000
 	CAN_EFF_ID_BITS                             = 0x1d
 	CAN_EFF_MASK                                = 0x1fffffff
@@ -336,6 +348,7 @@ const (
 	CAN_RTR_FLAG                                = 0x40000000
 	CAN_SFF_ID_BITS                             = 0xb
 	CAN_SFF_MASK                                = 0x7ff
+	CAN_TERMINATION_DISABLED                    = 0x0
 	CAN_TP16                                    = 0x3
 	CAN_TP20                                    = 0x4
 	CAP_AUDIT_CONTROL                           = 0x1e
@@ -1267,9 +1280,14 @@ const (
 	IP_XFRM_POLICY                              = 0x11
 	ISOFS_SUPER_MAGIC                           = 0x9660
 	ISTRIP                                      = 0x20
+	ITIMER_PROF                                 = 0x2
+	ITIMER_REAL                                 = 0x0
+	ITIMER_VIRTUAL                              = 0x1
 	IUTF8                                       = 0x4000
 	IXANY                                       = 0x800
 	JFFS2_SUPER_MAGIC                           = 0x72b6
+	KCMPROTO_CONNECTED                          = 0x0
+	KCM_RECV_DISABLE                            = 0x1
 	KEXEC_ARCH_386                              = 0x30000
 	KEXEC_ARCH_68K                              = 0x40000
 	KEXEC_ARCH_AARCH64                          = 0xb70000
@@ -2442,6 +2460,9 @@ const (
 	SIOCGSTAMPNS                                = 0x8907
 	SIOCGSTAMPNS_OLD                            = 0x8907
 	SIOCGSTAMP_OLD                              = 0x8906
+	SIOCKCMATTACH                               = 0x89e0
+	SIOCKCMCLONE                                = 0x89e2
+	SIOCKCMUNATTACH                             = 0x89e1
 	SIOCOUTQNSD                                 = 0x894b
 	SIOCPROTOPRIVATE                            = 0x89e0
 	SIOCRTMSG                                   = 0x890d
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 93edda4c49..30fa4055ec 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -2032,3 +2032,23 @@ func shmget(key int, size int, flag int) (id int, err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getitimer(which int, currValue *Itimerval) (err error) {
+	_, _, e1 := Syscall(SYS_GETITIMER, uintptr(which), uintptr(unsafe.Pointer(currValue)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setitimer(which int, newValue *Itimerval, oldValue *Itimerval) (err error) {
+	_, _, e1 := Syscall(SYS_SETITIMER, uintptr(which), uintptr(unsafe.Pointer(newValue)), uintptr(unsafe.Pointer(oldValue)))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index ff90c81e73..2fc6271f47 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go
+// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
@@ -524,3 +524,14 @@ func utimes(path string, times *[2]Timeval) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index fa7d3dbe4e..43d9f01281 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go
+// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
@@ -444,17 +444,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -691,3 +680,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 654f91530f..7df0cb1795 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -46,17 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e893f987f9..076e8f1c5b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -389,17 +389,6 @@ func Truncate(path string, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 6d15528853..7b3c847467 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go
+// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
@@ -344,17 +344,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -702,3 +691,14 @@ func setrlimit(resource int, rlim *rlimit32) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index 1e20d72df2..0d3c45fbdd 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go
+// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
@@ -399,17 +399,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -696,3 +685,14 @@ func stat(path string, st *stat_t) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index 82b5e2d9ed..cb46b2aaa2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -399,17 +399,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index a0440c1d43..21c9baa6ab 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go
+// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
@@ -344,17 +344,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -702,3 +691,14 @@ func setrlimit(resource int, rlim *rlimit32) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index 5864b9ca64..02b8f08871 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go
+// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
@@ -409,17 +409,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -707,3 +696,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index beeb49e342..ac8cb09ba3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go
+// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
@@ -475,17 +475,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -753,3 +742,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 53139b82c7..bd08d887a1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go
+// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
@@ -475,17 +475,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -753,3 +742,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 63b393b802..a834d21730 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -369,17 +369,6 @@ func Truncate(path string, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 202add37d1..9e462a96fb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go
+// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
@@ -533,3 +533,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 2ab268c343..96d340242c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go
+// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go syscall_linux_alarm.go
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
@@ -455,17 +455,6 @@ func Truncate(path string, length int64) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
 	r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
 	fd = int(r0)
@@ -697,3 +686,14 @@ func utimes(path string, times *[2]Timeval) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Alarm(seconds uint) (remaining uint, err error) {
+	r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0)
+	remaining = uint(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 66788f1568..cbf32f7189 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -24,6 +24,11 @@ type ItimerSpec struct {
 	Value    Timespec
 }
 
+type Itimerval struct {
+	Interval Timeval
+	Value    Timeval
+}
+
 const (
 	TIME_OK    = 0x0
 	TIME_INS   = 0x1
@@ -3766,6 +3771,8 @@ const (
 	ETHTOOL_A_TUNNEL_INFO_MAX                 = 0x2
 )
 
+const SPEED_UNKNOWN = -0x1
+
 type EthtoolDrvinfo struct {
 	Cmd          uint32
 	Driver       [32]byte
@@ -4065,3 +4072,91 @@ const (
 	NL_POLICY_TYPE_ATTR_MASK            = 0xc
 	NL_POLICY_TYPE_ATTR_MAX             = 0xc
 )
+
+type CANBitTiming struct {
+	Bitrate      uint32
+	Sample_point uint32
+	Tq           uint32
+	Prop_seg     uint32
+	Phase_seg1   uint32
+	Phase_seg2   uint32
+	Sjw          uint32
+	Brp          uint32
+}
+
+type CANBitTimingConst struct {
+	Name      [16]uint8
+	Tseg1_min uint32
+	Tseg1_max uint32
+	Tseg2_min uint32
+	Tseg2_max uint32
+	Sjw_max   uint32
+	Brp_min   uint32
+	Brp_max   uint32
+	Brp_inc   uint32
+}
+
+type CANClock struct {
+	Freq uint32
+}
+
+type CANBusErrorCounters struct {
+	Txerr uint16
+	Rxerr uint16
+}
+
+type CANCtrlMode struct {
+	Mask  uint32
+	Flags uint32
+}
+
+type CANDeviceStats struct {
+	Bus_error        uint32
+	Error_warning    uint32
+	Error_passive    uint32
+	Bus_off          uint32
+	Arbitration_lost uint32
+	Restarts         uint32
+}
+
+const (
+	CAN_STATE_ERROR_ACTIVE  = 0x0
+	CAN_STATE_ERROR_WARNING = 0x1
+	CAN_STATE_ERROR_PASSIVE = 0x2
+	CAN_STATE_BUS_OFF       = 0x3
+	CAN_STATE_STOPPED       = 0x4
+	CAN_STATE_SLEEPING      = 0x5
+	CAN_STATE_MAX           = 0x6
+)
+
+const (
+	IFLA_CAN_UNSPEC               = 0x0
+	IFLA_CAN_BITTIMING            = 0x1
+	IFLA_CAN_BITTIMING_CONST      = 0x2
+	IFLA_CAN_CLOCK                = 0x3
+	IFLA_CAN_STATE                = 0x4
+	IFLA_CAN_CTRLMODE             = 0x5
+	IFLA_CAN_RESTART_MS           = 0x6
+	IFLA_CAN_RESTART              = 0x7
+	IFLA_CAN_BERR_COUNTER         = 0x8
+	IFLA_CAN_DATA_BITTIMING       = 0x9
+	IFLA_CAN_DATA_BITTIMING_CONST = 0xa
+	IFLA_CAN_TERMINATION          = 0xb
+	IFLA_CAN_TERMINATION_CONST    = 0xc
+	IFLA_CAN_BITRATE_CONST        = 0xd
+	IFLA_CAN_DATA_BITRATE_CONST   = 0xe
+	IFLA_CAN_BITRATE_MAX          = 0xf
+)
+
+type KCMAttach struct {
+	Fd     int32
+	Bpf_fd int32
+}
+
+type KCMUnattach struct {
+	Fd int32
+}
+
+type KCMClone struct {
+	Fd int32
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 6358806106..c426c35763 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -210,8 +210,8 @@ type PtraceFpregs struct {
 }
 
 type PtracePer struct {
-	_             [0]uint64
-	_             [32]byte
+	Control_regs  [3]uint64
+	_             [8]byte
 	Starting_addr uint64
 	Ending_addr   uint64
 	Perc_atmid    uint16
diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go
index 6ff2792ee4..ae13ddac14 100644
--- a/vendor/google.golang.org/grpc/attributes/attributes.go
+++ b/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -69,7 +69,9 @@ func (a *Attributes) Value(key interface{}) interface{} {
 // bool' is implemented for a value in the attributes, it is called to
 // determine if the value matches the one stored in the other attributes.  If
 // Equal is not implemented, standard equality is used to determine if the two
-// values are equal.
+// values are equal. Note that some types (e.g. maps) aren't comparable by
+// default, so they must be wrapped in a struct, or in an alias type, with Equal
+// defined.
 func (a *Attributes) Equal(o *Attributes) bool {
 	if a == nil && o == nil {
 		return true
diff --git a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go
index 22a8f996a6..4fbed12565 100644
--- a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go
+++ b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go
@@ -18,11 +18,6 @@
 
 // Package insecure provides an implementation of the
 // credentials.TransportCredentials interface which disables transport security.
-//
-// Experimental
-//
-// Notice: This package is EXPERIMENTAL and may be changed or removed in a
-// later release.
 package insecure
 
 import (
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index 063f1e903c..c4bf09f9e9 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -272,7 +272,7 @@ func withBackoff(bs internalbackoff.Strategy) DialOption {
 	})
 }
 
-// WithBlock returns a DialOption which makes caller of Dial blocks until the
+// WithBlock returns a DialOption which makes callers of Dial block until the
 // underlying connection is up. Without this, Dial returns immediately and
 // connecting the server happens in background.
 func WithBlock() DialOption {
@@ -304,7 +304,7 @@ func WithReturnConnectionError() DialOption {
 // WithCredentialsBundle or WithPerRPCCredentials) which require transport
 // security is incompatible and will cause grpc.Dial() to fail.
 //
-// Deprecated: use insecure.NewCredentials() instead.
+// Deprecated: use WithTransportCredentials and insecure.NewCredentials() instead.
 // Will be supported throughout 1.x.
 func WithInsecure() DialOption {
 	return newFuncDialOption(func(o *dialOptions) {
diff --git a/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
index 34098bb8eb..7c1f664090 100644
--- a/vendor/google.golang.org/grpc/grpclog/loggerv2.go
+++ b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
@@ -248,12 +248,12 @@ func (g *loggerT) V(l int) bool {
 // later release.
 type DepthLoggerV2 interface {
 	LoggerV2
-	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	InfoDepth(depth int, args ...interface{})
-	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	WarningDepth(depth int, args ...interface{})
-	// ErrorDetph logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	ErrorDepth(depth int, args ...interface{})
-	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	FatalDepth(depth int, args ...interface{})
 }
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
index 93522d716d..9bad03cec6 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
@@ -42,6 +42,7 @@ const (
 	aggregateAndDNSSupportEnv    = "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER"
 	rbacSupportEnv               = "GRPC_XDS_EXPERIMENTAL_RBAC"
 	federationEnv                = "GRPC_EXPERIMENTAL_XDS_FEDERATION"
+	rlsInXDSEnv                  = "GRPC_EXPERIMENTAL_XDS_RLS_LB"
 
 	c2pResolverTestOnlyTrafficDirectorURIEnv = "GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI"
 )
@@ -85,6 +86,12 @@ var (
 	// XDSFederation indicates whether federation support is enabled.
 	XDSFederation = strings.EqualFold(os.Getenv(federationEnv), "true")
 
+	// XDSRLS indicates whether processing of Cluster Specifier plugins and
+	// support for the RLS CLuster Specifier is enabled, which can be enabled by
+	// setting the environment variable "GRPC_EXPERIMENTAL_XDS_RLS_LB" to
+	// "true".
+	XDSRLS = strings.EqualFold(os.Getenv(rlsInXDSEnv), "true")
+
 	// C2PResolverTestOnlyTrafficDirectorURI is the TD URI for testing.
 	C2PResolverTestOnlyTrafficDirectorURI = os.Getenv(c2pResolverTestOnlyTrafficDirectorURIEnv)
 )
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
index e6f975cbf6..30a3b4258f 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
@@ -115,12 +115,12 @@ type LoggerV2 interface {
 // Notice: This type is EXPERIMENTAL and may be changed or removed in a
 // later release.
 type DepthLoggerV2 interface {
-	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	InfoDepth(depth int, args ...interface{})
-	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	WarningDepth(depth int, args ...interface{})
-	// ErrorDetph logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	ErrorDepth(depth int, args ...interface{})
-	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Print.
+	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
 	FatalDepth(depth int, args ...interface{})
 }
diff --git a/vendor/google.golang.org/grpc/internal/grpcutil/regex.go b/vendor/google.golang.org/grpc/internal/grpcutil/regex.go
index 2810a8ba2f..7a092b2b80 100644
--- a/vendor/google.golang.org/grpc/internal/grpcutil/regex.go
+++ b/vendor/google.golang.org/grpc/internal/grpcutil/regex.go
@@ -20,9 +20,12 @@ package grpcutil
 
 import "regexp"
 
-// FullMatchWithRegex returns whether the full string matches the regex provided.
-func FullMatchWithRegex(re *regexp.Regexp, string string) bool {
+// FullMatchWithRegex returns whether the full text matches the regex provided.
+func FullMatchWithRegex(re *regexp.Regexp, text string) bool {
+	if len(text) == 0 {
+		return re.MatchString(text)
+	}
 	re.Longest()
-	rem := re.FindString(string)
-	return len(rem) == len(string)
+	rem := re.FindString(text)
+	return len(rem) == len(text)
 }
diff --git a/vendor/google.golang.org/grpc/regenerate.sh b/vendor/google.golang.org/grpc/regenerate.sh
index a0a71aae96..58c802f8ae 100644
--- a/vendor/google.golang.org/grpc/regenerate.sh
+++ b/vendor/google.golang.org/grpc/regenerate.sh
@@ -76,7 +76,21 @@ SOURCES=(
 # These options of the form 'Mfoo.proto=bar' instruct the codegen to use an
 # import path of 'bar' in the generated code when 'foo.proto' is imported in
 # one of the sources.
-OPTS=Mgrpc/service_config/service_config.proto=/internal/proto/grpc_service_config,Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core
+#
+# Note that the protos listed here are all for testing purposes. All protos to
+# be used externally should have a go_package option (and they don't need to be
+# listed here).
+OPTS=Mgrpc/service_config/service_config.proto=/internal/proto/grpc_service_config,\
+Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core,\
+Mgrpc/testing/benchmark_service.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/stats.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/report_qps_scenario_service.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/messages.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/worker_service.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/control.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/test.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/payloads.proto=google.golang.org/grpc/interop/grpc_testing,\
+Mgrpc/testing/empty.proto=google.golang.org/grpc/interop/grpc_testing
 
 for src in ${SOURCES[@]}; do
   echo "protoc ${src}"
@@ -85,7 +99,6 @@ for src in ${SOURCES[@]}; do
     -I${WORKDIR}/grpc-proto \
     -I${WORKDIR}/googleapis \
     -I${WORKDIR}/protobuf/src \
-    -I${WORKDIR}/istio \
     ${src}
 done
 
@@ -96,7 +109,6 @@ for src in ${LEGACY_SOURCES[@]}; do
     -I${WORKDIR}/grpc-proto \
     -I${WORKDIR}/googleapis \
     -I${WORKDIR}/protobuf/src \
-    -I${WORKDIR}/istio \
     ${src}
 done
 
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 8ef0958797..9d3fd73da9 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.43.0"
+const Version = "1.44.1-dev"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 398a116bf3..631dc16679 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -65,9 +65,9 @@ github.com/containernetworking/cni/pkg/types/create
 github.com/containernetworking/cni/pkg/types/internal
 github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/version
-# github.com/containernetworking/plugins v1.0.1
+# github.com/containernetworking/plugins v1.1.1
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/common v0.47.5
+# github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests
 github.com/containers/common/libnetwork/cni
@@ -98,7 +98,7 @@ github.com/containers/common/pkg/timetype
 github.com/containers/common/pkg/umask
 github.com/containers/common/pkg/util
 github.com/containers/common/version
-# github.com/containers/image/v5 v5.20.0
+# github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
 github.com/containers/image/v5/directory/explicitfilepath
@@ -167,7 +167,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7
 github.com/containers/ocicrypt/spec
 github.com/containers/ocicrypt/utils
 github.com/containers/ocicrypt/utils/keyprovider
-# github.com/containers/storage v1.39.0
+# github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9
 github.com/containers/storage
 github.com/containers/storage/drivers
 github.com/containers/storage/drivers/aufs
@@ -282,7 +282,7 @@ github.com/fsnotify/fsnotify
 github.com/fsouza/go-dockerclient
 # github.com/ghodss/yaml v1.0.0
 github.com/ghodss/yaml
-# github.com/godbus/dbus/v5 v5.0.6
+# github.com/godbus/dbus/v5 v5.1.0
 github.com/godbus/dbus/v5
 # github.com/gogo/protobuf v1.3.2
 github.com/gogo/protobuf/gogoproto
@@ -466,7 +466,7 @@ github.com/stefanberger/go-pkcs11uri
 # github.com/stretchr/testify v1.7.1
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
-# github.com/sylabs/sif/v2 v2.3.2
+# github.com/sylabs/sif/v2 v2.4.2
 github.com/sylabs/sif/v2/pkg/sif
 # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 github.com/syndtr/gocapability/capability
@@ -541,7 +541,7 @@ golang.org/x/net/trace
 # golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27
+# golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
 golang.org/x/sys/internal/unsafeheader
@@ -571,9 +571,9 @@ golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
-# google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa
+# google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.43.0
+# google.golang.org/grpc v1.44.0
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff