Vendor after merging erikh/image:kube-fix

Based on https://github.com/projectatomic/skopeo/pull/289 by Erik
Hollensbe <github@hollensbe.org>

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c

@@ -424,6 +424,11 @@ void nsexec(void)
 	if (pipenum == -1)
 		return;
 
+	/* make the process non-dumpable */
+	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) {
+		bail("failed to set process as non-dumpable");
+	}
+
 	/* Parse all of the netlink configuration. */
 	nl_parse(pipenum, &config);
 

vendor/github.com/opencontainers/runc/libcontainer/user/user.go

@@ -343,7 +343,7 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 			if len(groups) > 0 {
 				// First match wins, even if there's more than one matching entry.
 				user.Gid = groups[0].Gid
-			} else if groupArg != "" {
+			} else {
 				// If we can't find a group with the given name, the only other valid
 				// option is if it's a numeric group name with no associated entry in group.
 

vendor/github.com/opencontainers/runc/libcontainer/utils/cmsg.go

@@ -32,7 +32,7 @@ import (
 
 // RecvFd waits for a file descriptor to be sent over the given AF_UNIX
 // socket. The file name of the remote file descriptor will be recreated
-// locally (it is sent as non-auxilliary data in the same payload).
+// locally (it is sent as non-auxiliary data in the same payload).
 func RecvFd(socket *os.File) (*os.File, error) {
 	file, err := C.recvfd(C.int(socket.Fd()))
 	if err != nil {
@@ -44,7 +44,7 @@ func RecvFd(socket *os.File) (*os.File, error) {
 
 // SendFd sends a file descriptor over the given AF_UNIX socket. In
 // addition, the file.Name() of the given file will also be sent as
-// non-auxilliary data in the same payload (allowing to send contextual
+// non-auxiliary data in the same payload (allowing to send contextual
 // information for a file descriptor).
 func SendFd(socket, file *os.File) error {
 	var cfile C.struct_file_t