containerd

Author SHA1 Message Date

Author	SHA1	Message	Date
Sebastiaan van Stijn	bc6ac08784	update opencontainers/runc v1.0.0-rc7 full diff: `2b18fe1d88`...v1.0.0-rc7 changes included: - opencontainers/runc#2012 Need to setup labeling of kernel keyrings - opencontainers/runc#2014 Add $RUNC_USE_SYSTEMD to run tests using systemd cgroup driver - opencontainers/runc#2015 Use getenv not secure_getenv - fixes opencontainers/runc#2013 build fails with musl libc - opencontainers/runc#2023 Fixes regression causing zombie runc:[1:CHILD] processes Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-03-28 21:42:17 +01:00
Sebastiaan van Stijn	b8d40b3535	update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-03-07 21:30:26 +01:00
Sebastiaan van Stijn	14eaad0cd9	Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736) Includes `6635b4f0c6`, which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-02-11 15:18:59 +01:00

Sebastiaan van Stijn

bc6ac08784

update opencontainers/runc v1.0.0-rc7

full diff: 2b18fe1d88...v1.0.0-rc7

changes included:

- opencontainers/runc#2012 Need to setup labeling of kernel keyrings
- opencontainers/runc#2014 Add $RUNC_USE_SYSTEMD to run tests using systemd cgroup driver
- opencontainers/runc#2015 Use getenv not secure_getenv
  - fixes opencontainers/runc#2013 build fails with musl libc
- opencontainers/runc#2023 Fixes regression causing zombie runc:[1:CHILD] processes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2019-03-28 21:42:17 +01:00

Sebastiaan van Stijn

b8d40b3535

update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30

This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.

changes included:

- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2019-03-07 21:30:26 +01:00

Sebastiaan van Stijn

14eaad0cd9

Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)

Includes 6635b4f0c6,
which fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2019-02-11 15:18:59 +01:00

3 Commits