Accepting request 910479 from home:polslinux:branches:Virtualization:containers

- Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called "krun". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags. OBS-URL: https://build.opensuse.org/request/show/910479 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
2021-08-06 12:28:15 +00:00 · 2021-08-06 12:28:15 +00:00 · 8c5623c25e
commit 8c5623c25e
parent 7a0d8e1bfc
4 changed files with 77 additions and 29 deletions
--- a/crun-0.18.tar.gz
+++ b/crun-0.18.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:913191076ceaca7d8809f776894bb37be9271de82c06a810697d6a8f4746e241
-size 1394857
--- a/crun-0.21.tar.gz
+++ b/crun-0.21.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:018c805c88a15cbd8341d00badd00c92de256bc585c46336be78f1ff9a5a3cf2
+size 1878109
--- a/crun.changes
+++ b/crun.changes
@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Wed Jul 28 11:56:01 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 0.21
+  - honor memory swappiness set to 0
+  - status: add fields for owner and created timestamp
+  - cgroup: lookup pids controller as well when the memory controller
+    is not available
+  - when compiled with krun, automatically use it if the current
+    executable file is called "krun".
+  - container: ignore error when resetting the SELinux label for the
+    keyring.
+  - container: call prestart hooks before rootfs is RO.
+  - cgroup: added support cleaning custom controllers on cgroupv1.
+  - spec: add support for --bundle.
+  - exec: add --no-new-privs.
+  - exec: add --process-label and --apparmor to change SELinux and
+    AppArmor labels.
+  - cgroup: kill procs in cgroup on EBUSY.
+  - cgroup: ignore devices errors when running in a user namespace.
+  - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
+  - seccomp: report correct action in error message.
+  - apply SELinux label to keyring.
+  - add custom annotation run.oci.delegate-cgroup.
+  - close_range fallbacks to close on EPERM.
+  - report error if the cgroup path was set and the cgroup could not be
+    joined.
+  - on exec, honor additional_gids from the process spec, not the
+    container definition.
+  - spec: add cgroup ns if on cgroup v2.
+  - systemd: support array of strings for cgroup annotation.
+  - join all the cgroup v1 controllers.
+  - raise a warning when newuidmap/newgidmap fail.
+  - handle eBPF access(dev_name, F_OK) call correctly.
+  - fix some memory leaks on errors when libcrun is used by a long
+    running process.
+  - fix the SELinux label for masked directories.
+  - support default seccomp errno value.
+  - fail if no default seccomp action specified.
+  - support OCI seccomp notify listener.
+  - improve OOM error messages.
+  - ignore unknown capabilities and raise a warning.
+  - always remount bind mounts to drop not requested mount flags.
+
 -------------------------------------------------------------------
 Tue Mar 23 17:52:10 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>

--- a/crun.spec
+++ b/crun.spec
@ -15,35 +15,36 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #

-Summary:	OCI runtime written in C
-Name:		crun
-Version:	0.18
-Release:	0
-Source0:	https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
-Source1:	crun-rpmlintrc
-License:	GPL-2.0-or-later
-URL:		https://github.com/containers/crun
-ExclusiveArch:	x86_64 aarch64
+
+Summary:        OCI runtime written in C
+Name:           crun
+Version:        0.21
+Release:        0
+Source0:        https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        crun-rpmlintrc
+License:        GPL-2.0-or-later
+URL:            https://github.com/containers/crun
+ExclusiveArch:  x86_64 aarch64
 # We always run autogen.sh
-BuildRequires:	autoconf
-BuildRequires:	automake
-BuildRequires:	gcc
-BuildRequires:	python
-BuildRequires:	git-core
-BuildRequires:	libcap-devel
-BuildRequires:	systemd-devel
-BuildRequires:	libyajl-devel
-BuildRequires:	libseccomp-devel
-BuildRequires:	libselinux-devel
-BuildRequires:	python3-libmount
-BuildRequires:	libtool
-BuildRequires:	go-md2man
-BuildRequires:	glibc-devel-static
-BuildRequires:	libkrun-devel >= 0.1.4	
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gcc
+BuildRequires:  git-core
+BuildRequires:  glibc-devel-static
+BuildRequires:  go-md2man
+BuildRequires:  libcap-devel
+BuildRequires:  libkrun-devel >= 0.1.4
+BuildRequires:  libseccomp-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  libtool
+BuildRequires:  libyajl-devel
+BuildRequires:  python
+BuildRequires:  python3-libmount
+BuildRequires:  systemd-devel
 %ifnarch %ix86
-BuildRequires:	criu-devel >= 3.15
+BuildRequires:  criu-devel >= 3.15
 %endif
-Requires:	libkrun0 >= 0.1.4
+Requires:       libkrun0 >= 0.1.4

 %description
 crun is a runtime for running OCI containers. It is built with libkrun support
@ -59,6 +60,8 @@ crun is a runtime for running OCI containers. It is built with libkrun support
 %install
 %make_install
 rm -rf %{buildroot}/%{_libdir}/lib*
+# allow easy krun usage with podman
+ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun

 %files
 %defattr(-,root,root)
@ -66,6 +69,7 @@ rm -rf %{buildroot}/%{_libdir}/lib*
 %doc README.md
 %doc SECURITY.md
 %{_bindir}/%{name}
+%{_bindir}/krun
 %{_mandir}/man1/*

 %changelog