From 25858d621fc200b8ce7f2cfa0f1b2e4147102fc9 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Thu, 12 May 2022 13:38:47 +0200
Subject: [PATCH] update runc binary to v1.1.2

This is the second patch release of the runc 1.1 release branch. It
fixes CVE-2022-29162, a minor security issue (which appears to not be
exploitable) related to process capabilities.

This is a similar bug to the ones found and fixed in Docker and
containerd recently (CVE-2022-24769).

- A bug was found in runc where runc exec --cap executed processes with
  non-empty inheritable Linux process capabilities, creating an atypical Linux
  environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
- runc spec no longer sets any inheritable capabilities in the created
  example OCI spec (config.json) file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 script/setup/runc-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/script/setup/runc-version b/script/setup/runc-version
index 56130fb3a..0f1acbd56 100644
--- a/script/setup/runc-version
+++ b/script/setup/runc-version
@@ -1 +1 @@
-v1.1.1
+v1.1.2