diff --git a/crun-0.18.tar.gz b/crun-0.18.tar.gz deleted file mode 100644 index 23c5795..0000000 --- a/crun-0.18.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:913191076ceaca7d8809f776894bb37be9271de82c06a810697d6a8f4746e241 -size 1394857 diff --git a/crun-0.21.tar.gz b/crun-0.21.tar.gz new file mode 100644 index 0000000..aa951a5 --- /dev/null +++ b/crun-0.21.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:018c805c88a15cbd8341d00badd00c92de256bc585c46336be78f1ff9a5a3cf2 +size 1878109 diff --git a/crun.changes b/crun.changes index d16225b..22c6908 100644 --- a/crun.changes +++ b/crun.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Fri Aug 6 09:55:53 UTC 2021 - Frederic Crozat + +- Add libkrun-dlopen.patch: use soname when dlopening libkrun. + +------------------------------------------------------------------- +Wed Jul 28 11:56:01 UTC 2021 - Paolo Stivanin + +- Update to 0.21 + - honor memory swappiness set to 0 + - status: add fields for owner and created timestamp + - cgroup: lookup pids controller as well when the memory controller + is not available + - when compiled with krun, automatically use it if the current + executable file is called "krun". + - container: ignore error when resetting the SELinux label for the + keyring. + - container: call prestart hooks before rootfs is RO. + - cgroup: added support cleaning custom controllers on cgroupv1. + - spec: add support for --bundle. + - exec: add --no-new-privs. + - exec: add --process-label and --apparmor to change SELinux and + AppArmor labels. + - cgroup: kill procs in cgroup on EBUSY. + - cgroup: ignore devices errors when running in a user namespace. + - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. + - seccomp: report correct action in error message. + - apply SELinux label to keyring. + - add custom annotation run.oci.delegate-cgroup. + - close_range fallbacks to close on EPERM. + - report error if the cgroup path was set and the cgroup could not be + joined. + - on exec, honor additional_gids from the process spec, not the + container definition. + - spec: add cgroup ns if on cgroup v2. + - systemd: support array of strings for cgroup annotation. + - join all the cgroup v1 controllers. + - raise a warning when newuidmap/newgidmap fail. + - handle eBPF access(dev_name, F_OK) call correctly. + - fix some memory leaks on errors when libcrun is used by a long + running process. + - fix the SELinux label for masked directories. + - support default seccomp errno value. + - fail if no default seccomp action specified. + - support OCI seccomp notify listener. + - improve OOM error messages. + - ignore unknown capabilities and raise a warning. + - always remount bind mounts to drop not requested mount flags. + ------------------------------------------------------------------- Tue Mar 23 17:52:10 UTC 2021 - Dario Faggioli diff --git a/crun.spec b/crun.spec index b42726e..467eb70 100644 --- a/crun.spec +++ b/crun.spec @@ -15,41 +15,44 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -Summary: OCI runtime written in C -Name: crun -Version: 0.18 -Release: 0 -Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz -Source1: crun-rpmlintrc -License: GPL-2.0-or-later -URL: https://github.com/containers/crun -ExclusiveArch: x86_64 aarch64 + +Summary: OCI runtime written in C +License: GPL-2.0-or-later +Name: crun +Version: 0.21 +Release: 0 +Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: crun-rpmlintrc +# PATCH-FIX-OPENSUSE libkrun-dlopen.patch fcrozat@suse.com -- use soname when dlopening libkrun +Patch0: libkrun-dlopen.patch +URL: https://github.com/containers/crun +ExclusiveArch: x86_64 aarch64 # We always run autogen.sh -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: gcc -BuildRequires: python -BuildRequires: git-core -BuildRequires: libcap-devel -BuildRequires: systemd-devel -BuildRequires: libyajl-devel -BuildRequires: libseccomp-devel -BuildRequires: libselinux-devel -BuildRequires: python3-libmount -BuildRequires: libtool -BuildRequires: go-md2man -BuildRequires: glibc-devel-static -BuildRequires: libkrun-devel >= 0.1.4 +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: git-core +BuildRequires: glibc-devel-static +BuildRequires: go-md2man +BuildRequires: libcap-devel +BuildRequires: libkrun-devel >= 0.1.4 +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: libtool +BuildRequires: libyajl-devel +BuildRequires: python +BuildRequires: python3-libmount +BuildRequires: systemd-devel %ifnarch %ix86 -BuildRequires: criu-devel >= 3.15 +BuildRequires: criu-devel >= 3.15 %endif -Requires: libkrun0 >= 0.1.4 +Requires: libkrun0 >= 0.1.4 %description crun is a runtime for running OCI containers. It is built with libkrun support %prep -%autosetup +%autosetup -p1 %build ./autogen.sh @@ -59,6 +62,8 @@ crun is a runtime for running OCI containers. It is built with libkrun support %install %make_install rm -rf %{buildroot}/%{_libdir}/lib* +# allow easy krun usage with podman +ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun %files %defattr(-,root,root) @@ -66,6 +71,7 @@ rm -rf %{buildroot}/%{_libdir}/lib* %doc README.md %doc SECURITY.md %{_bindir}/%{name} +%{_bindir}/krun %{_mandir}/man1/* %changelog diff --git a/libkrun-dlopen.patch b/libkrun-dlopen.patch new file mode 100644 index 0000000..ae8838b --- /dev/null +++ b/libkrun-dlopen.patch @@ -0,0 +1,16 @@ +Index: crun-0.18/src/libcrun/container.c +=================================================================== +--- crun-0.18.orig/src/libcrun/container.c 2021-02-18 16:25:28.000000000 +0100 ++++ crun-0.18/src/libcrun/container.c 2021-08-06 11:54:48.798850933 +0200 +@@ -712,9 +712,9 @@ + #endif + + #if HAVE_DLOPEN && HAVE_LIBKRUN +- handle = dlopen ("libkrun.so", RTLD_NOW); ++ handle = dlopen ("libkrun.so.0", RTLD_NOW); + if (handle == NULL) +- return crun_make_error (err, 0, "could not load `libkrun.so`: %s", dlerror ()); ++ return crun_make_error (err, 0, "could not load `libkrun.so.0`: %s", dlerror ()); + + args->exec_func = libkrun_do_exec; + args->exec_func_arg = handle;