From f0f1bfca0746d3b81dab1e11fb8db389401cc8a3 Mon Sep 17 00:00:00 2001
From: Samuel Karp <samuelkarp@google.com>
Date: Mon, 7 Oct 2024 15:40:04 -0700
Subject: [PATCH] update runc binary to 1.1.15

diff: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15

Release notes:

- The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs. (#4391)
- On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace. (#2404, #4425)
- In order to fix performance issues in the "lightweight" bindfd protection
  against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases. (#4392, #2532)

Signed-off-by: Samuel Karp <samuelkarp@google.com>
---
 script/setup/runc-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/script/setup/runc-version b/script/setup/runc-version
index 6a99dbb7f..95ff739af 100644
--- a/script/setup/runc-version
+++ b/script/setup/runc-version
@@ -1 +1 @@
-v1.1.14
+v1.1.15