contrib: remove deprecated memfd-bind binary

This was a really ugly hack to try to reduce the impact of our original
set of CVE-2019-5736 mitigations, but unfortunately had too many caveats
to its use to ever be really useful. In addition, it was completely
obsoleted by the migration to using an detached overlayfs mount in
commit 515f09f ("dmz: use overlayfs to write-protect /proc/self/exe
if possible").

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

Author: cyphar

.gitignore

@@ -1,7 +1,6 @@
 vendor/pkg
 /runc
 /runc-*
-/contrib/cmd/memfd-bind/memfd-bind
 /tests/cmd/_bin
 man/man8
 release

CHANGELOG.md

@@ -41,6 +41,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - `libcontainer/devices.Type`
     - `libcontainer/devices.Rule`
 
+### Removed ###
+- The `memfd-bind` helper binary has been removed, as it has never been
+  particularly useful and was completely obsoleted by the changes to
+  `/proc/self/exe` sealing we introduced in runc [1.2.0][]. (#5141)
+
 ## [1.4.0] - 2025-11-27
 
 > 路漫漫其修远兮，吾将上下而求索！

Makefile

@@ -77,11 +77,7 @@ runc-bin:
 	$(GO_BUILD) -o runc .
 
 .PHONY: all
-all: runc memfd-bind
-
-.PHONY: memfd-bind
-memfd-bind:
-	$(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@
+all: runc
 
 TESTBINDIR := tests/cmd/_bin
 $(TESTBINDIR):
@@ -96,7 +92,6 @@ $(TESTBINS): $(TESTBINDIR)
 .PHONY: clean
 clean:
 	rm -f runc runc-*
-	rm -f contrib/cmd/memfd-bind/memfd-bind
 	rm -fr $(TESTBINDIR)
 	sudo rm -rf release
 	rm -rf man/man8