automemlimit icon indicating copy to clipboard operation
automemlimit copied to clipboard
verified publisher icon KimMachineGun

Replace github.com/containerd/cgroups/v3/ with something with less dependencies

Open hikhvar opened this issue 1 year ago • 0 comments

Hello,

first of all thank you for this great library!

When including this in our applications, I discovered that this module has a lot of transitive dependencies. Most of those are coming from the github.com/containerd/cgroups/v3 module. I understand that this was ready to use and battle tested. However, including this centrally in all applications introduce a number of transitive dependcies we don't need, increasing the attack surface for supply chain attacks.

What do you thing of implementing an own cgroups package like https://github.com/uber-go/automaxprocs did? I can try that if you think this is worthwile in the long run.

 go mod why github.com/frankban/quicktest
# github.com/frankban/quicktest
/*some internal package not to be disclosed*/
github.com/KimMachineGun/automemlimit/memlimit
github.com/containerd/cgroups/v3/cgroup2
github.com/cilium/ebpf
github.com/cilium/ebpf.test
github.com/frankban/quicktest

hikhvar avatar Jul 08 '24 04:07 hikhvar