Accepting request 1123539 from home:dirkmueller:Factory

- update to 1.11.1:
  * force a remount operation with bind mounts from the host to
    correctly set all the mount flags.
  * cgroup: honor cpu burst.
  * systemd: set CPUQuota and CPUPeriod on the scope cgroup.
  * linux: append tmpfs mode if missing for mounts.  This is the
    same behavior of runc.
  * cgroup: always use the user session for rootless.
  * support for Intel Resource Director Technology (RDT).
  * new mount option "copy-symlink".  When provided for a mount,
    if the source is a symlink, then it is copied in the container
    instead of attempting a mount.
  * linux: open mounts before setgroups if in a userns.  This
    solves a problem where a directory that was previously
    accessible to the user, become inaccessible after setgroups
    causing the bind mount to fail.

  * linux: idmapped mounts expect the same configuration as
    mapping. It is a breaking change, but the behavior was aligned
  * cgroup: always delete the cgroup on errors.
  ° exec: fix double free when using --apparmor and

OBS-URL: https://build.opensuse.org/request/show/1123539
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=37

crun-1.11.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9543b6fb097f4c9adab6818d4fdac6fcfbafda23a8052013c6ee9d599ef7675f
+size 738000

crun-1.11.1.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmVAEK4ACgkQZ+OPeoui
+F3K+qgf/etpSKes+uEJm6pQCr3Lrl9qrVcfZzlhdEZNrgsRb+6KvTBFMiYfL0Q5T
+dfsnmr9V3xZpKOWLKNXntKU7ezCgqbeQB0AO5iFZnVMIbGbg0LIE6YrQj1wkxgM0
+W/QVJSIJANRRJ8L6kWRgVIlxSp4xfNAP+o1pL+Lt7i+zveJqx9Jv730hPQJ9ncCL
+tGkjLCk7AfAVHzzxMZXMM2oOwIUbLhKpamSe6H1ZVWFog+v03UMrZUVglWd/jjGX
+3dMMzzD0kidRS8s/AOdGCSm3qAcZYeynvetvbgbfZlXys/ewKADkrJ3OuaOF0UOH
+ZLcvhoGZQ3mlOp0N0UqAl/an4V88cw==
+=llI0
+-----END PGP SIGNATURE-----

crun-1.9.2.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0df37442265fc39b6aabd29a00240ff0ebd3baee872d2b2f62d8e72b1e646de0
-size 732544

crun-1.9.2.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmUUlnUACgkQZ+OPeoui
-F3I3Rgf9HBoaXaDHsoXUkhgfZO0PDQ0myxHTYleQrJBNzv5ySqqPBa2gefFBDZ/a
-YLcxDIxtWAudprhiRYKuTTiaHLs4CGwcfsk3f3HrhjR2m9KVpCFU6qLcNruMq+8+
-5ygmpxQjrUWzLXR3QgWIXCE8oekSHtylY3R/YorlvX2/2VMVEWxxpesA2DJlDXKw
-6IGlCw5QiDVy0V2DpFNAwihgAC5OTtGctZDnO5LpikOPtK6d+QWEzowk5YCD8YMi
-qp5nhEpvFNKCjo0UDbj0KAiJbWizndPp5oCDvwpKRrLhu8J9Ix3jh3jB2Ka3ETwB
-YY592KqjnAtUSUa2+MSTtb8/O9VYRQ==
-=LJO0
------END PGP SIGNATURE-----

crun.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Mon Nov  6 10:19:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.11.1:
+  * force a remount operation with bind mounts from the host to
+    correctly set all the mount flags.
+  * cgroup: honor cpu burst.
+  * systemd: set CPUQuota and CPUPeriod on the scope cgroup.
+  * linux: append tmpfs mode if missing for mounts.  This is the
+    same behavior of runc.
+  * cgroup: always use the user session for rootless.
+  * support for Intel Resource Director Technology (RDT).
+  * new mount option "copy-symlink".  When provided for a mount,
+    if the source is a symlink, then it is copied in the container
+    instead of attempting a mount.
+  * linux: open mounts before setgroups if in a userns.  This
+    solves a problem where a directory that was previously
+    accessible to the user, become inaccessible after setgroups
+    causing the bind mount to fail.
+
 -------------------------------------------------------------------
 Thu Oct 12 08:02:18 UTC 2023 - Dan Čermák <dcermak@suse.com>
 
@@ -114,16 +134,16 @@ Tue Mar 28 10:27:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
 Tue Feb 28 20:14:52 UTC 2023 - Niels Abspoel <aboe76@gmail.com>
 
 - Update to 1.8.1
-  * linux: idmapped mounts expect the same configuration as 
+  * linux: idmapped mounts expect the same configuration as
     the user namespace mappings. Before they were expecting the inverted
-    mapping. It is a breaking change, but the behavior was aligned 
+    mapping. It is a breaking change, but the behavior was aligned
     to what runc will do as well.
   * krun: always allow /dev/kvm in the cgroup configuration.
   * handlers: disable exec for handlers that do not support it.
   * selinux: allow setting fscontext using a custom annotation.
   * cgroup: reset systemd unit if start fails.
   * cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
-  * cgroup: always delete the cgroup on errors. 
+  * cgroup: always delete the cgroup on errors.
     On some errors it could have been leaked before.
 
 - changes from 1.8
@@ -227,7 +247,7 @@ Mon May  9 12:43:12 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
   + linux: the hook processes inherit the crun process
     environment if there is no environment block specified in the
     OCI configuration.
-  ° exec: fix double free when using --apparmor and 
+  ° exec: fix double free when using --apparmor and
     --process-label.
 
 -------------------------------------------------------------------

crun.spec

@@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
 %ifarch x86_64 aarch64
 %define with_wasmedge 1
 %else
@@ -22,7 +23,7 @@
 %endif
 
 Name:           crun
-Version:        1.9.2
+Version:        1.11.1
 Release:        0
 Summary:        OCI runtime written in C
 License:        GPL-2.0-or-later