github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
f0f1bfca07
containerd/script
History
Samuel Karp f0f1bfca07
update runc binary to 1.1.15 
diff: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15

Release notes:

- The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs. (#4391)
- On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace. (#2404, #4425)
- In order to fix performance issues in the "lightweight" bindfd protection
  against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases. (#4392, #2532)

Signed-off-by: Samuel Karp <samuelkarp@google.com>
2024-10-07 15:41:26 -07:00
..
setup update runc binary to 1.1.15 2024-10-07 15:41:26 -07:00
test add use systemd cgroup e2e 2024-10-03 00:37:29 +08:00
critest.sh add use systemd cgroup e2e 2024-10-03 00:37:29 +08:00
go-test-fuzz.sh Fix typos 2023-10-16 22:14:09 +08:00
resize-vagrant-root.sh CI: update Rocky Linux to 8.8 2023-08-08 18:58:24 +09:00
verify-go-modules.sh fix verify-vendor if go.mod does not contain replace rules 2022-05-27 12:57:12 +02:00