From 8c5623c25ea225ebe7765099cadcd08a4a20efb693030ee8a82b32c94601db62 Mon Sep 17 00:00:00 2001
From: Dario Faggioli <dfaggioli@suse.com>
Date: Fri, 6 Aug 2021 12:28:15 +0000
Subject: [PATCH] Accepting request 910479 from
 home:polslinux:branches:Virtualization:containers

- Update to 0.21
  - honor memory swappiness set to 0
  - status: add fields for owner and created timestamp
  - cgroup: lookup pids controller as well when the memory controller
    is not available
  - when compiled with krun, automatically use it if the current
    executable file is called "krun".
  - container: ignore error when resetting the SELinux label for the
    keyring.
  - container: call prestart hooks before rootfs is RO.
  - cgroup: added support cleaning custom controllers on cgroupv1.
  - spec: add support for --bundle.
  - exec: add --no-new-privs.
  - exec: add --process-label and --apparmor to change SELinux and
    AppArmor labels.
  - cgroup: kill procs in cgroup on EBUSY.
  - cgroup: ignore devices errors when running in a user namespace.
  - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
  - seccomp: report correct action in error message.
  - apply SELinux label to keyring.
  - add custom annotation run.oci.delegate-cgroup.
  - close_range fallbacks to close on EPERM.
  - report error if the cgroup path was set and the cgroup could not be
    joined.
  - on exec, honor additional_gids from the process spec, not the
    container definition.
  - spec: add cgroup ns if on cgroup v2.
  - systemd: support array of strings for cgroup annotation.
  - join all the cgroup v1 controllers.
  - raise a warning when newuidmap/newgidmap fail.
  - handle eBPF access(dev_name, F_OK) call correctly.
  - fix some memory leaks on errors when libcrun is used by a long
    running process.
  - fix the SELinux label for masked directories.
  - support default seccomp errno value.
  - fail if no default seccomp action specified.
  - support OCI seccomp notify listener.
  - improve OOM error messages.
  - ignore unknown capabilities and raise a warning.
  - always remount bind mounts to drop not requested mount flags.

OBS-URL: https://build.opensuse.org/request/show/910479
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=5
---
 crun-0.18.tar.gz |  3 ---
 crun-0.21.tar.gz |  3 +++
 crun.changes     | 44 +++++++++++++++++++++++++++++++++++++
 crun.spec        | 56 ++++++++++++++++++++++++++----------------------
 4 files changed, 77 insertions(+), 29 deletions(-)
 delete mode 100644 crun-0.18.tar.gz
 create mode 100644 crun-0.21.tar.gz

diff --git a/crun-0.18.tar.gz b/crun-0.18.tar.gz
deleted file mode 100644
index 23c5795..0000000
--- a/crun-0.18.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:913191076ceaca7d8809f776894bb37be9271de82c06a810697d6a8f4746e241
-size 1394857
diff --git a/crun-0.21.tar.gz b/crun-0.21.tar.gz
new file mode 100644
index 0000000..aa951a5
--- /dev/null
+++ b/crun-0.21.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:018c805c88a15cbd8341d00badd00c92de256bc585c46336be78f1ff9a5a3cf2
+size 1878109
diff --git a/crun.changes b/crun.changes
index d16225b..8446f26 100644
--- a/crun.changes
+++ b/crun.changes
@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Wed Jul 28 11:56:01 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 0.21
+  - honor memory swappiness set to 0
+  - status: add fields for owner and created timestamp
+  - cgroup: lookup pids controller as well when the memory controller
+    is not available
+  - when compiled with krun, automatically use it if the current
+    executable file is called "krun".
+  - container: ignore error when resetting the SELinux label for the
+    keyring.
+  - container: call prestart hooks before rootfs is RO.
+  - cgroup: added support cleaning custom controllers on cgroupv1.
+  - spec: add support for --bundle.
+  - exec: add --no-new-privs.
+  - exec: add --process-label and --apparmor to change SELinux and
+    AppArmor labels.
+  - cgroup: kill procs in cgroup on EBUSY.
+  - cgroup: ignore devices errors when running in a user namespace.
+  - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
+  - seccomp: report correct action in error message.
+  - apply SELinux label to keyring.
+  - add custom annotation run.oci.delegate-cgroup.
+  - close_range fallbacks to close on EPERM.
+  - report error if the cgroup path was set and the cgroup could not be
+    joined.
+  - on exec, honor additional_gids from the process spec, not the
+    container definition.
+  - spec: add cgroup ns if on cgroup v2.
+  - systemd: support array of strings for cgroup annotation.
+  - join all the cgroup v1 controllers.
+  - raise a warning when newuidmap/newgidmap fail.
+  - handle eBPF access(dev_name, F_OK) call correctly.
+  - fix some memory leaks on errors when libcrun is used by a long
+    running process.
+  - fix the SELinux label for masked directories.
+  - support default seccomp errno value.
+  - fail if no default seccomp action specified.
+  - support OCI seccomp notify listener.
+  - improve OOM error messages.
+  - ignore unknown capabilities and raise a warning.
+  - always remount bind mounts to drop not requested mount flags.
+
 -------------------------------------------------------------------
 Tue Mar 23 17:52:10 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>
 
diff --git a/crun.spec b/crun.spec
index b42726e..bf246ad 100644
--- a/crun.spec
+++ b/crun.spec
@@ -15,35 +15,36 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
-Summary:	OCI runtime written in C
-Name:		crun
-Version:	0.18
-Release:	0
-Source0:	https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
-Source1:	crun-rpmlintrc
-License:	GPL-2.0-or-later
-URL:		https://github.com/containers/crun
-ExclusiveArch:	x86_64 aarch64
+
+Summary:        OCI runtime written in C
+Name:           crun
+Version:        0.21
+Release:        0
+Source0:        https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        crun-rpmlintrc
+License:        GPL-2.0-or-later
+URL:            https://github.com/containers/crun
+ExclusiveArch:  x86_64 aarch64
 # We always run autogen.sh
-BuildRequires:	autoconf
-BuildRequires:	automake
-BuildRequires:	gcc
-BuildRequires:	python
-BuildRequires:	git-core
-BuildRequires:	libcap-devel
-BuildRequires:	systemd-devel
-BuildRequires:	libyajl-devel
-BuildRequires:	libseccomp-devel
-BuildRequires:	libselinux-devel
-BuildRequires:	python3-libmount
-BuildRequires:	libtool
-BuildRequires:	go-md2man
-BuildRequires:	glibc-devel-static
-BuildRequires:	libkrun-devel >= 0.1.4	
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gcc
+BuildRequires:  git-core
+BuildRequires:  glibc-devel-static
+BuildRequires:  go-md2man
+BuildRequires:  libcap-devel
+BuildRequires:  libkrun-devel >= 0.1.4
+BuildRequires:  libseccomp-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  libtool
+BuildRequires:  libyajl-devel
+BuildRequires:  python
+BuildRequires:  python3-libmount
+BuildRequires:  systemd-devel
 %ifnarch %ix86
-BuildRequires:	criu-devel >= 3.15
+BuildRequires:  criu-devel >= 3.15
 %endif
-Requires:	libkrun0 >= 0.1.4
+Requires:       libkrun0 >= 0.1.4
 
 %description
 crun is a runtime for running OCI containers. It is built with libkrun support
@@ -59,6 +60,8 @@ crun is a runtime for running OCI containers. It is built with libkrun support
 %install
 %make_install
 rm -rf %{buildroot}/%{_libdir}/lib*
+# allow easy krun usage with podman
+ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun
 
 %files
 %defattr(-,root,root)
@@ -66,6 +69,7 @@ rm -rf %{buildroot}/%{_libdir}/lib*
 %doc README.md
 %doc SECURITY.md
 %{_bindir}/%{name}
+%{_bindir}/krun
 %{_mandir}/man1/*
 
 %changelog