This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.
changes included:
- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes 6635b4f0c6,
which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes fixes for user namespaces as well as a long standing bug
for running docker and containerd inside an lxc container.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This resolves logrus issues with containerd not being in sync with the
version runc is using.
This also updates the OCI runtime spec to v1.0.0
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This fixes the ugly build errors on Alpine Linux which the old version gave
from C type mismatches, and now gives a nice neat line of whales on build...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
