From 717a46a1f55bdfcbc2e35fb0fd6f9d23fafb0d8570073ba74908b60e03376c2f Mon Sep 17 00:00:00 2001 From: Dario Faggioli Date: Thu, 2 Mar 2023 13:39:37 +0000 Subject: [PATCH] Accepting request 1068319 from home:aboe76 - Update to 1.8.1 * linux: idmapped mounts expect the same configuration as the user namespace mappings. Before they were expecting the inverted mapping. It is a breaking change, but the behavior was aligned to what runc will do as well. * krun: always allow /dev/kvm in the cgroup configuration. * handlers: disable exec for handlers that do not support it. * selinux: allow setting fscontext using a custom annotation. * cgroup: reset systemd unit if start fails. * cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1. * cgroup: always delete the cgroup on errors. On some errors it could have been leaked before. - changes from 1.8 * linux: precreate devices on the host. * cgroup: support cpuset mounted with noprefix. * linux: mount the source cgroup if cgroupns=host. * libcrun: don't clone self from read-only mount. * build: fix build without dlfcn.h. * linux: set PR_SET_DUMPABLE. * utils: fix applying AppArmor profile. * linux: write setgroups=deny when mapping a single uid/gid. * cgroup: fix enter cgroupv1 mount on RHEL 7. OBS-URL: https://build.opensuse.org/request/show/1068319 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=20 --- crun-1.7.2.tar.gz | 3 --- crun-1.7.2.tar.gz.asc | 11 ----------- crun-1.8.1.tar.gz | 3 +++ crun-1.8.1.tar.gz.asc | 11 +++++++++++ crun.changes | 27 +++++++++++++++++++++++++++ crun.spec | 4 ++-- 6 files changed, 43 insertions(+), 16 deletions(-) delete mode 100644 crun-1.7.2.tar.gz delete mode 100644 crun-1.7.2.tar.gz.asc create mode 100644 crun-1.8.1.tar.gz create mode 100644 crun-1.8.1.tar.gz.asc diff --git a/crun-1.7.2.tar.gz b/crun-1.7.2.tar.gz deleted file mode 100644 index adb345c..0000000 --- a/crun-1.7.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f669ecd3d1895dcaa8425eabb707c06eb3bdb5ae5201a50a423c3cace36c4a05 -size 1929797 diff --git a/crun-1.7.2.tar.gz.asc b/crun-1.7.2.tar.gz.asc deleted file mode 100644 index dee436f..0000000 --- a/crun-1.7.2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmOGYmUACgkQZ+OPeoui -F3J5iggAoxDcRafahpWyUShQ8S23jOPnhSmgUW9CM1RTQ5IgPUpUCgbhH1nLKerZ -+jBWb0A1p+by+63Uhd/tnf9SHlkc0GvfjoYigP3Qr+CwPPp/+YrZujlMyZeYrY+7 -L8tP9A6NocVfAmNQhcX7ubOMFXDlYb1b0khnZItlg3+608OvRnwwlHCkcarhBgIs -U56fE6O+ezKW8rh+mlv/NpJ+YiMS29xm0SwGeTt0vc5Oe1eENc5LZPvTNXwLToUT -Eqa0g3rAWF301+TaBL988J8LsNXHTDQKWgwqP3pH5YPLRWtu3E2BX+qGJ+6aT3GY -28s1Ma9soWadeUznqR1FKIBPa5MQmA== -=dSw0 ------END PGP SIGNATURE----- diff --git a/crun-1.8.1.tar.gz b/crun-1.8.1.tar.gz new file mode 100644 index 0000000..4c6823e --- /dev/null +++ b/crun-1.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c7f01be3afb45453429a88dc6c541f2fed13e186cc2e30c91f7c2eef039602fc +size 1661369 diff --git a/crun-1.8.1.tar.gz.asc b/crun-1.8.1.tar.gz.asc new file mode 100644 index 0000000..8ec3b36 --- /dev/null +++ b/crun-1.8.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmP8iFgACgkQZ+OPeoui +F3KHxQgAk7ZFn/k7Vqx1iYj1Osg9VoVV9cwMtcpat9Bef43hHm94TPL3d88RhmTl +3nRdKdU3MUjeL+jkJvZ0GHcNuSvjQZePGaiY0W913X8qxjzXu2HyHCCdPmGP8t1m +OMMpR08vsdI7rSaC+1yWMGLaHAT/eE7Z8G54WUxdndtuUIh+6aZr6w7gXs/D80cq +I/DK+k/S4jV6o4vK6oKFrQajF0dyVJ2MQmyLAlWglv1/HOC2LoH692bRIQ2DF6wo +hchKgnvEy18kWnAic3sF6qD6dSvl+4S/Nexo9Pg2YV2k84tvlN6x920Xij+M0AfO +Rp7Ed+4Bv9Ya7v4n4pFnUmNzWLHmAQ== +=3bFX +-----END PGP SIGNATURE----- diff --git a/crun.changes b/crun.changes index b03f03b..d9ed442 100644 --- a/crun.changes +++ b/crun.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Feb 28 20:14:52 UTC 2023 - Niels Abspoel + +- Update to 1.8.1 + * linux: idmapped mounts expect the same configuration as + the user namespace mappings. Before they were expecting the inverted + mapping. It is a breaking change, but the behavior was aligned + to what runc will do as well. + * krun: always allow /dev/kvm in the cgroup configuration. + * handlers: disable exec for handlers that do not support it. + * selinux: allow setting fscontext using a custom annotation. + * cgroup: reset systemd unit if start fails. + * cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1. + * cgroup: always delete the cgroup on errors. + On some errors it could have been leaked before. + +- changes from 1.8 + * linux: precreate devices on the host. + * cgroup: support cpuset mounted with noprefix. + * linux: mount the source cgroup if cgroupns=host. + * libcrun: don't clone self from read-only mount. + * build: fix build without dlfcn.h. + * linux: set PR_SET_DUMPABLE. + * utils: fix applying AppArmor profile. + * linux: write setgroups=deny when mapping a single uid/gid. + * cgroup: fix enter cgroupv1 mount on RHEL 7. + ------------------------------------------------------------------- Wed Dec 7 09:24:19 UTC 2022 - Frederic Crozat diff --git a/crun.spec b/crun.spec index 22fd4f9..e791a0d 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ # # spec file for package crun # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ Summary: OCI runtime written in C License: GPL-2.0-or-later Name: crun -Version: 1.7.2 +Version: 1.8.1 Release: 0 Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz Source1: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz.asc