Accepting request 1068319 from home:aboe76

- Update to 1.8.1
  * linux: idmapped mounts expect the same configuration as 
    the user namespace mappings. Before they were expecting the inverted
    mapping. It is a breaking change, but the behavior was aligned 
    to what runc will do as well.
  * krun: always allow /dev/kvm in the cgroup configuration.
  * handlers: disable exec for handlers that do not support it.
  * selinux: allow setting fscontext using a custom annotation.
  * cgroup: reset systemd unit if start fails.
  * cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
  * cgroup: always delete the cgroup on errors. 
    On some errors it could have been leaked before.
- changes from 1.8
  * linux: precreate devices on the host.
  * cgroup: support cpuset mounted with noprefix.
  * linux: mount the source cgroup if cgroupns=host.
  * libcrun: don't clone self from read-only mount.
  * build: fix build without dlfcn.h.
  * linux: set PR_SET_DUMPABLE.
  * utils: fix applying AppArmor profile.
  * linux: write setgroups=deny when mapping a single uid/gid.
  * cgroup: fix enter cgroupv1 mount on RHEL 7.

OBS-URL: https://build.opensuse.org/request/show/1068319
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=20

crun-1.7.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f669ecd3d1895dcaa8425eabb707c06eb3bdb5ae5201a50a423c3cace36c4a05
-size 1929797

crun-1.7.2.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmOGYmUACgkQZ+OPeoui
-F3J5iggAoxDcRafahpWyUShQ8S23jOPnhSmgUW9CM1RTQ5IgPUpUCgbhH1nLKerZ
-+jBWb0A1p+by+63Uhd/tnf9SHlkc0GvfjoYigP3Qr+CwPPp/+YrZujlMyZeYrY+7
-L8tP9A6NocVfAmNQhcX7ubOMFXDlYb1b0khnZItlg3+608OvRnwwlHCkcarhBgIs
-U56fE6O+ezKW8rh+mlv/NpJ+YiMS29xm0SwGeTt0vc5Oe1eENc5LZPvTNXwLToUT
-Eqa0g3rAWF301+TaBL988J8LsNXHTDQKWgwqP3pH5YPLRWtu3E2BX+qGJ+6aT3GY
-28s1Ma9soWadeUznqR1FKIBPa5MQmA==
-=dSw0
------END PGP SIGNATURE-----

crun-1.8.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c7f01be3afb45453429a88dc6c541f2fed13e186cc2e30c91f7c2eef039602fc
+size 1661369

crun-1.8.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmP8iFgACgkQZ+OPeoui
+F3KHxQgAk7ZFn/k7Vqx1iYj1Osg9VoVV9cwMtcpat9Bef43hHm94TPL3d88RhmTl
+3nRdKdU3MUjeL+jkJvZ0GHcNuSvjQZePGaiY0W913X8qxjzXu2HyHCCdPmGP8t1m
+OMMpR08vsdI7rSaC+1yWMGLaHAT/eE7Z8G54WUxdndtuUIh+6aZr6w7gXs/D80cq
+I/DK+k/S4jV6o4vK6oKFrQajF0dyVJ2MQmyLAlWglv1/HOC2LoH692bRIQ2DF6wo
+hchKgnvEy18kWnAic3sF6qD6dSvl+4S/Nexo9Pg2YV2k84tvlN6x920Xij+M0AfO
+Rp7Ed+4Bv9Ya7v4n4pFnUmNzWLHmAQ==
+=3bFX
+-----END PGP SIGNATURE-----

crun.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Tue Feb 28 20:14:52 UTC 2023 - Niels Abspoel <aboe76@gmail.com>
+
+- Update to 1.8.1
+  * linux: idmapped mounts expect the same configuration as 
+    the user namespace mappings. Before they were expecting the inverted
+    mapping. It is a breaking change, but the behavior was aligned 
+    to what runc will do as well.
+  * krun: always allow /dev/kvm in the cgroup configuration.
+  * handlers: disable exec for handlers that do not support it.
+  * selinux: allow setting fscontext using a custom annotation.
+  * cgroup: reset systemd unit if start fails.
+  * cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
+  * cgroup: always delete the cgroup on errors. 
+    On some errors it could have been leaked before.
+
+- changes from 1.8
+  * linux: precreate devices on the host.
+  * cgroup: support cpuset mounted with noprefix.
+  * linux: mount the source cgroup if cgroupns=host.
+  * libcrun: don't clone self from read-only mount.
+  * build: fix build without dlfcn.h.
+  * linux: set PR_SET_DUMPABLE.
+  * utils: fix applying AppArmor profile.
+  * linux: write setgroups=deny when mapping a single uid/gid.
+  * cgroup: fix enter cgroupv1 mount on RHEL 7.
+
 -------------------------------------------------------------------
 Wed Dec  7 09:24:19 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
 

crun.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package crun
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 Summary:        OCI runtime written in C
 License:        GPL-2.0-or-later
 Name:           crun
-Version:        1.7.2
+Version:        1.8.1
 Release:        0
 Source0:        https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz.asc