pool/crun
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
04c387a024
crun/crun.spec

112 lines
2.8 KiB
RPMSpec
Raw Normal View History

Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
#
# spec file for package crun
#
Accepting request 1141976 from home:amanzini:branches:Virtualization:containers - update to 1.14: * build: drop dependency on libgcrypt. Use blake3 to compute the cache key. * cpuset: don't clobber parent cgroup value when writing the cpuset value. * linux: force umask(0). It ensures that the mknodat syscall is not affected by the umask of the calling process, allowing file permissions to be set as specified in the OCI configuration. * ebpf: do not require MEMLOCK for eBPF programs. This requirement was relaxed in Linux 5.11. - update to 1.13: * src: use O_CLOEXEC for all open/openat calls * cgroup v1: use "max" when pids limit < 0. * improve error message when idmap mount fails because the underlying file system has no support for it. * libcrun: fix compilation when building without libseccomp and libcap. * fix relative idmapped mount when using the custom annotation. OBS-URL: https://build.opensuse.org/request/show/1141976 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=41
2024-01-31 15:07:20 +01:00
# Copyright (c) 2024 SUSE LLC
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Accepting request 1123539 from home:dirkmueller:Factory - update to 1.11.1: * force a remount operation with bind mounts from the host to correctly set all the mount flags. * cgroup: honor cpu burst. * systemd: set CPUQuota and CPUPeriod on the scope cgroup. * linux: append tmpfs mode if missing for mounts. This is the same behavior of runc. * cgroup: always use the user session for rootless. * support for Intel Resource Director Technology (RDT). * new mount option "copy-symlink". When provided for a mount, if the source is a symlink, then it is copied in the container instead of attempting a mount. * linux: open mounts before setgroups if in a userns. This solves a problem where a directory that was previously accessible to the user, become inaccessible after setgroups causing the bind mount to fail. * linux: idmapped mounts expect the same configuration as mapping. It is a breaking change, but the behavior was aligned * cgroup: always delete the cgroup on errors. ° exec: fix double free when using --apparmor and OBS-URL: https://build.opensuse.org/request/show/1123539 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=37
2023-11-15 15:03:26 +01:00
Accepting request 1117136 from home:dancermak:branches:Virtualization:containers New upstream release 1.9.2 OBS-URL: https://build.opensuse.org/request/show/1117136 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=35
2023-10-13 08:54:47 +02:00
%ifarch x86_64 aarch64
Accepting request 1109036 from home:avicenzi:wasm Enable WasmEdge OBS-URL: https://build.opensuse.org/request/show/1109036 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=29
2023-09-07 14:59:30 +02:00
%define with_wasmedge 1
Accepting request 1117136 from home:dancermak:branches:Virtualization:containers New upstream release 1.9.2 OBS-URL: https://build.opensuse.org/request/show/1117136 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=35
2023-10-13 08:54:47 +02:00
%else
%define with_wasmedge 0
%endif
Accepting request 1109036 from home:avicenzi:wasm Enable WasmEdge OBS-URL: https://build.opensuse.org/request/show/1109036 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=29
2023-09-07 14:59:30 +02:00
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
Name: crun
Accepting request 1178752 from home:dfaggioli:devel:Virtualization - New upstream release 1.15 * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. * release: build s390x binaries using musl libc. * features: add support for potentiallyUnsafeConfigAnnotations. * handlers: add option to load wasi-nn plugin for wasmedge. * linux: fix "harden chdir()" security measure. The previous check was not correct. * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. OBS-URL: https://build.opensuse.org/request/show/1178752 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=45
2024-06-05 15:32:09 +02:00
Version: 1.15
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
Release: 0
- update to 1.8.3: * update: initialize the rt limits only on cgroup v1. * lua bindings for libcrun. * wasmedge: add current directory to preopen paths. * linux: inherit parent mount flags when making a path masked. * libcrun: custom annotation to set the scheduler for the container process. * cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1. * cgroup: initialize rt limits when using systemd. * tty: chown the tty to the exec user instead of the user specified to create the container. * cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=22
2023-03-28 12:28:50 +02:00
Summary: OCI runtime written in C
License: GPL-2.0-or-later
URL: https://github.com/containers/crun
Accepting request 1178752 from home:dfaggioli:devel:Virtualization - New upstream release 1.15 * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. * release: build s390x binaries using musl libc. * features: add support for potentiallyUnsafeConfigAnnotations. * handlers: add option to load wasi-nn plugin for wasmedge. * linux: fix "harden chdir()" security measure. The previous check was not correct. * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. OBS-URL: https://build.opensuse.org/request/show/1178752 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=45
2024-06-05 15:32:09 +02:00
Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
- add keyring for GPG validation OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=23
2023-03-28 12:29:57 +02:00
Source2: crun.keyring
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
# We always run autogen.sh
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
Accepting request 969577 from home:dfaggioli:Virtualization - It'd be nice to run the test suite with %check. It however, still does not work properly inside OBS workers. Add it commented (and explain it in a comment) - switch to latest upstream version (1.4.4) - big jump from 0.21! Here's a short summary, for details, see: https://github.com/containers/crun/releases * 1.4.4 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Resolve symlinks in bind mounts when creating a user namespace. Fix CVE-2022-27650: exec does not set inheritable capabilities. * 1.4.3 cgroup: avoid potential infinite loop when deleting a cgroup. support additional options for idmap mounts. open the source for a bind mount in the host. * 1.4.2 CRIU: add pre-dump support. Fix running with a read-only /dev. Ignore EROFS when chowning standard stream files. Add validation for sysctls before applying them. * 1.4.1 Fix check for an invalid path. Allow deleting a container while in created state. cgroup: do not set cpu limits if number of shares is set to 0. * 1.4 wasm: support for running on kubernetes with containerd. linux: add support for recursive mount options. add support for idmapped mounts through a new mount option "idmap". linux: improve detection of /dev target. now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. retry the openat2 syscall if it fails with EAGAIN. cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. on new kernels, use setns with pidfd. attempt the chdir again with the specified user if it failed before changing credentials. * 1.3 add support to natively build and run WebAssembly workload and WebAssembly containers. allow to specify sub-cgroup for exec. chown std streams if they are not a TTY. attach the correct streams if the container is suspended and restored multiple times. fix race condition when enabling controllers on cgroup v2. * 1.2 exec: fix regression in 1.1 where containers are being wrongly reported as paused. criu: add support for external ipc, uts and time namespaces. * 1.1 cgroup: use cgroup.kill when available. exec: refuse to exec in a paused container/cgroup. container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. criu: Add support for external PID namespace. criu: fix save of external descriptors. utils: retry openat2 on EAGAIN. * 1.0 cgroup: chown the current container cgroup to root in the container. linux: treat pidfd_open failures EINVAL as ESRCH. cgroup: add support for setting memory.use_hierarchy on cgroup v1. Makefile.am: fix link error when using directly libcrun. Fix symlink target mangling for tmpcopyup targets. - fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself) - update and fixup dependencies OBS-URL: https://build.opensuse.org/request/show/969577 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=11
2022-04-13 00:04:19 +02:00
BuildRequires: gettext
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
BuildRequires: glibc-devel-static
BuildRequires: go-md2man
BuildRequires: libcap-devel
Accepting request 928761 from home:dfaggioli:Virtualization - Add libprotobuf-c-devel as an explicit dependency, for fixing the build; - Get rid of rpmlintrc, as it's no longer needed. OBS-URL: https://build.opensuse.org/request/show/928761 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=10
2021-11-08 16:11:43 +01:00
BuildRequires: libprotobuf-c-devel
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
BuildRequires: libseccomp-devel
BuildRequires: libtool
BuildRequires: libyajl-devel
Accepting request 969577 from home:dfaggioli:Virtualization - It'd be nice to run the test suite with %check. It however, still does not work properly inside OBS workers. Add it commented (and explain it in a comment) - switch to latest upstream version (1.4.4) - big jump from 0.21! Here's a short summary, for details, see: https://github.com/containers/crun/releases * 1.4.4 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Resolve symlinks in bind mounts when creating a user namespace. Fix CVE-2022-27650: exec does not set inheritable capabilities. * 1.4.3 cgroup: avoid potential infinite loop when deleting a cgroup. support additional options for idmap mounts. open the source for a bind mount in the host. * 1.4.2 CRIU: add pre-dump support. Fix running with a read-only /dev. Ignore EROFS when chowning standard stream files. Add validation for sysctls before applying them. * 1.4.1 Fix check for an invalid path. Allow deleting a container while in created state. cgroup: do not set cpu limits if number of shares is set to 0. * 1.4 wasm: support for running on kubernetes with containerd. linux: add support for recursive mount options. add support for idmapped mounts through a new mount option "idmap". linux: improve detection of /dev target. now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. retry the openat2 syscall if it fails with EAGAIN. cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. on new kernels, use setns with pidfd. attempt the chdir again with the specified user if it failed before changing credentials. * 1.3 add support to natively build and run WebAssembly workload and WebAssembly containers. allow to specify sub-cgroup for exec. chown std streams if they are not a TTY. attach the correct streams if the container is suspended and restored multiple times. fix race condition when enabling controllers on cgroup v2. * 1.2 exec: fix regression in 1.1 where containers are being wrongly reported as paused. criu: add support for external ipc, uts and time namespaces. * 1.1 cgroup: use cgroup.kill when available. exec: refuse to exec in a paused container/cgroup. container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. criu: Add support for external PID namespace. criu: fix save of external descriptors. utils: retry openat2 on EAGAIN. * 1.0 cgroup: chown the current container cgroup to root in the container. linux: treat pidfd_open failures EINVAL as ESRCH. cgroup: add support for setting memory.use_hierarchy on cgroup v1. Makefile.am: fix link error when using directly libcrun. Fix symlink target mangling for tmpcopyup targets. - fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself) - update and fixup dependencies OBS-URL: https://build.opensuse.org/request/show/969577 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=11
2022-04-13 00:04:19 +02:00
BuildRequires: make
BuildRequires: python3
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
BuildRequires: python3-libmount
BuildRequires: systemd-devel
- update to 1.8.3: * update: initialize the rt limits only on cgroup v1. * lua bindings for libcrun. * wasmedge: add current directory to preopen paths. * linux: inherit parent mount flags when making a path masked. * libcrun: custom annotation to set the scheduler for the container process. * cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1. * cgroup: initialize rt limits when using systemd. * tty: chown the tty to the exec user instead of the user specified to create the container. * cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=22
2023-03-28 12:28:50 +02:00
%ifnarch %{ix86}
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
BuildRequires: criu-devel >= 3.15
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%endif
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%ifarch x86_64 aarch64
Accepting request 1007882 from home:dfaggioli:Virtualization - Update the libkrun dependency to the new libkrun1 library and devel package OBS-URL: https://build.opensuse.org/request/show/1007882 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=17
2022-10-05 18:03:26 +02:00
BuildRequires: libkrun-devel
Requires: libkrun1
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%endif
Accepting request 1109036 from home:avicenzi:wasm Enable WasmEdge OBS-URL: https://build.opensuse.org/request/show/1109036 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=29
2023-09-07 14:59:30 +02:00
%if %with_wasmedge
BuildRequires: wasmedge-devel
%endif
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%description
crun is a runtime for running OCI containers. It is built with libkrun support
%prep
Accepting request 910491 from home:fcrozat:branches:Virtualization:containers - Add libkrun-dlopen.patch: use soname when dlopening libkrun. OBS-URL: https://build.opensuse.org/request/show/910491 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=6
2021-08-06 14:46:50 +02:00
%autosetup -p1
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%build
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%ifarch x86_64 aarch64
export LIBKRUN="--with-libkrun"
%endif
Accepting request 1109036 from home:avicenzi:wasm Enable WasmEdge OBS-URL: https://build.opensuse.org/request/show/1109036 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=29
2023-09-07 14:59:30 +02:00
%if %with_wasmedge
export WASMEDGE="--with-wasmedge"
%endif
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
./autogen.sh
Accepting request 1109036 from home:avicenzi:wasm Enable WasmEdge OBS-URL: https://build.opensuse.org/request/show/1109036 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=29
2023-09-07 14:59:30 +02:00
%configure --disable-silent-rules $LIBKRUN $WASMEDGE CFLAGS='-I %{_includedir}/libseccomp'
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%make_build
Accepting request 969577 from home:dfaggioli:Virtualization - It'd be nice to run the test suite with %check. It however, still does not work properly inside OBS workers. Add it commented (and explain it in a comment) - switch to latest upstream version (1.4.4) - big jump from 0.21! Here's a short summary, for details, see: https://github.com/containers/crun/releases * 1.4.4 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Resolve symlinks in bind mounts when creating a user namespace. Fix CVE-2022-27650: exec does not set inheritable capabilities. * 1.4.3 cgroup: avoid potential infinite loop when deleting a cgroup. support additional options for idmap mounts. open the source for a bind mount in the host. * 1.4.2 CRIU: add pre-dump support. Fix running with a read-only /dev. Ignore EROFS when chowning standard stream files. Add validation for sysctls before applying them. * 1.4.1 Fix check for an invalid path. Allow deleting a container while in created state. cgroup: do not set cpu limits if number of shares is set to 0. * 1.4 wasm: support for running on kubernetes with containerd. linux: add support for recursive mount options. add support for idmapped mounts through a new mount option "idmap". linux: improve detection of /dev target. now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. retry the openat2 syscall if it fails with EAGAIN. cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. on new kernels, use setns with pidfd. attempt the chdir again with the specified user if it failed before changing credentials. * 1.3 add support to natively build and run WebAssembly workload and WebAssembly containers. allow to specify sub-cgroup for exec. chown std streams if they are not a TTY. attach the correct streams if the container is suspended and restored multiple times. fix race condition when enabling controllers on cgroup v2. * 1.2 exec: fix regression in 1.1 where containers are being wrongly reported as paused. criu: add support for external ipc, uts and time namespaces. * 1.1 cgroup: use cgroup.kill when available. exec: refuse to exec in a paused container/cgroup. container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. criu: Add support for external PID namespace. criu: fix save of external descriptors. utils: retry openat2 on EAGAIN. * 1.0 cgroup: chown the current container cgroup to root in the container. linux: treat pidfd_open failures EINVAL as ESRCH. cgroup: add support for setting memory.use_hierarchy on cgroup v1. Makefile.am: fix link error when using directly libcrun. Fix symlink target mangling for tmpcopyup targets. - fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself) - update and fixup dependencies OBS-URL: https://build.opensuse.org/request/show/969577 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=11
2022-04-13 00:04:19 +02:00
# TODO:
# - it would be nice to enable the test-suite, but seems to behave (and fail!)
# differently when run inside of an OBS worker, with respect to when it's
# run manually on the host... Need to investigate more.
Accepting request 1117136 from home:dancermak:branches:Virtualization:containers New upstream release 1.9.2 OBS-URL: https://build.opensuse.org/request/show/1117136 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=35
2023-10-13 08:54:47 +02:00
%dnl %check
Accepting request 969577 from home:dfaggioli:Virtualization - It'd be nice to run the test suite with %check. It however, still does not work properly inside OBS workers. Add it commented (and explain it in a comment) - switch to latest upstream version (1.4.4) - big jump from 0.21! Here's a short summary, for details, see: https://github.com/containers/crun/releases * 1.4.4 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Resolve symlinks in bind mounts when creating a user namespace. Fix CVE-2022-27650: exec does not set inheritable capabilities. * 1.4.3 cgroup: avoid potential infinite loop when deleting a cgroup. support additional options for idmap mounts. open the source for a bind mount in the host. * 1.4.2 CRIU: add pre-dump support. Fix running with a read-only /dev. Ignore EROFS when chowning standard stream files. Add validation for sysctls before applying them. * 1.4.1 Fix check for an invalid path. Allow deleting a container while in created state. cgroup: do not set cpu limits if number of shares is set to 0. * 1.4 wasm: support for running on kubernetes with containerd. linux: add support for recursive mount options. add support for idmapped mounts through a new mount option "idmap". linux: improve detection of /dev target. now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. retry the openat2 syscall if it fails with EAGAIN. cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. on new kernels, use setns with pidfd. attempt the chdir again with the specified user if it failed before changing credentials. * 1.3 add support to natively build and run WebAssembly workload and WebAssembly containers. allow to specify sub-cgroup for exec. chown std streams if they are not a TTY. attach the correct streams if the container is suspended and restored multiple times. fix race condition when enabling controllers on cgroup v2. * 1.2 exec: fix regression in 1.1 where containers are being wrongly reported as paused. criu: add support for external ipc, uts and time namespaces. * 1.1 cgroup: use cgroup.kill when available. exec: refuse to exec in a paused container/cgroup. container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. criu: Add support for external PID namespace. criu: fix save of external descriptors. utils: retry openat2 on EAGAIN. * 1.0 cgroup: chown the current container cgroup to root in the container. linux: treat pidfd_open failures EINVAL as ESRCH. cgroup: add support for setting memory.use_hierarchy on cgroup v1. Makefile.am: fix link error when using directly libcrun. Fix symlink target mangling for tmpcopyup targets. - fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself) - update and fixup dependencies OBS-URL: https://build.opensuse.org/request/show/969577 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=11
2022-04-13 00:04:19 +02:00
#make test-suite.log
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%install
%make_install
rm -rf %{buildroot}/%{_libdir}/lib*
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%ifarch x86_64 aarch64
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
# allow easy krun usage with podman
ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%endif
Accepting request 1116918 from home:avicenzi:wasm Add crun-wasm symlink OBS-URL: https://build.opensuse.org/request/show/1116918 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=33
2023-10-11 13:41:55 +02:00
%if %with_wasmedge
# platform 'wasi/wasm' requires crun-wasm
ln -s %{_bindir}/crun %{buildroot}%{_bindir}/crun-wasm
%endif
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%files
%license COPYING
%doc README.md
%doc SECURITY.md
%{_bindir}/%{name}
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%ifarch x86_64 aarch64
Accepting request 910479 from home:polslinux:branches:Virtualization:containers - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 14:28:15 +02:00
%{_bindir}/krun
Accepting request 914070 from home:dfaggioli:branches:Virtualization:containers - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914. OBS-URL: https://build.opensuse.org/request/show/914070 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=9
2021-08-24 19:32:43 +02:00
%endif
Accepting request 1116918 from home:avicenzi:wasm Add crun-wasm symlink OBS-URL: https://build.opensuse.org/request/show/1116918 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=33
2023-10-11 13:41:55 +02:00
%if %with_wasmedge
%{_bindir}/crun-wasm
%endif
Accepting request 878678 from home:dfaggioli:Virtualization crun is a fast and low-memory footprint OCI Container Runtime fully written in C. In this package, it is built with the support for libkrun enabled. This means that it will be possible to run containers as lightweight VMs, directly from podman (see here: https://copr.fedorainfracloud.org/coprs/slp/crun-krun/) OBS-URL: https://build.opensuse.org/request/show/878678 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=1
2021-03-18 09:21:20 +01:00
%{_mandir}/man1/*
%changelog
Reference in New Issue Copy Permalink