2023-11-07 11:34:07 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 1 07:25:46 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.10. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.10>.
|
|
|
|
|
|
2023-09-14 03:52:09 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 6 06:42:37 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.9. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.9>.
|
|
|
|
|
|
2023-07-19 16:09:53 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 19 14:04:08 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.8. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
|
|
|
|
|
|
2023-04-27 11:57:52 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 27 09:43:31 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.7. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
|
|
|
|
|
- Update runc.keyring to upstream version.
|
|
|
|
|
|
2023-04-12 06:25:25 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 12 04:17:29 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.6. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
|
|
|
|
|
|
2023-03-29 09:12:21 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 29 07:05:52 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.5. Upstream changelog is available from
|
|
|
|
|
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
|
2023-03-29 15:06:28 +02:00
|
|
|
|
|
|
|
|
|
Includes fixes for the following CVEs:
|
|
|
|
|
- CVE-2023-25809 bsc#1209884
|
|
|
|
|
- CVE-2023-27561 bsc#1208962
|
|
|
|
|
- CVE-2023-28642 bsc#1209888
|
2023-03-29 09:12:21 +02:00
|
|
|
|
|
2023-04-17 11:46:28 +02:00
|
|
|
|
* Fix the inability to use `/dev/null` when inside a container. bsc#1168481
|
2023-03-29 09:12:21 +02:00
|
|
|
|
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
|
2023-04-17 11:46:28 +02:00
|
|
|
|
(a regression in 1.1.1). bsc#1207004
|
2023-03-29 09:12:21 +02:00
|
|
|
|
* Fix rare runc exec/enter unshare error on older kernels.
|
|
|
|
|
* nsexec: Check for errors in `write_log()`.
|
|
|
|
|
|
2023-03-29 09:14:02 +02:00
|
|
|
|
- Drop version-specific Go requirement.
|
|
|
|
|
|
2022-09-02 14:28:01 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 31 13:00:31 UTC 2022 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.4. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
|
2022-09-21 02:34:33 +02:00
|
|
|
|
bsc#1202021
|
2022-09-02 14:28:01 +02:00
|
|
|
|
|
|
|
|
|
* Fix mounting via wrong proc fd. When the user and mount namespaces are
|
|
|
|
|
used, and the bind mount is followed by the cgroup mount in the spec,
|
|
|
|
|
the cgroup was mounted using the bind mount's mount fd.
|
|
|
|
|
* Switch kill() in libcontainer/nsenter to sane_kill().
|
|
|
|
|
* Fix "permission denied" error from runc run on noexec fs.
|
|
|
|
|
* Fix failed exec after systemctl daemon-reload. Due to a regression
|
|
|
|
|
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
|
|
|
|
|
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
|
|
|
|
|
(boo#1202821)
|
|
|
|
|
|
2022-06-09 02:28:16 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 9 00:22:16 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.3. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.3.
|
|
|
|
|
(Includes a fix for bsc#1200088.)
|
|
|
|
|
|
|
|
|
|
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
|
|
|
|
|
s390 and s390x. This solves the issue where syscalls the host kernel did not
|
|
|
|
|
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
|
|
|
|
|
code (this was due to how s390x does syscall multiplexing).
|
|
|
|
|
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
|
|
|
|
|
intended; this fix does not affect runc binary itself but is important for
|
|
|
|
|
libcontainer users such as Kubernetes.
|
|
|
|
|
* Inability to compile with recent clang due to an issue with duplicate
|
|
|
|
|
constants in libseccomp-golang.
|
|
|
|
|
* When using systemd cgroup driver, skip adding device paths that don't exist,
|
|
|
|
|
to stop systemd from emitting warnings about those paths.
|
|
|
|
|
* Socket activation was failing when more than 3 sockets were used.
|
|
|
|
|
* Various CI fixes.
|
|
|
|
|
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
|
|
|
|
|
* runc static binaries are now linked against libseccomp v2.5.4.
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
- bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
|
|
|
|
|
|
2022-05-23 05:15:57 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 23 03:02:32 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
|
|
|
|
|
with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
|
|
|
|
|
that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
|
|
|
|
|
+ bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 12 10:04:57 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
|
|
|
|
|
|
2022-03-29 05:37:10 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2022-05-12 01:03:17 +02:00
|
|
|
|
Wed May 11 22:43:51 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.2. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.2.
|
2022-05-23 05:24:41 +02:00
|
|
|
|
CVE-2022-29162 bsc#1199460
|
2022-05-12 01:03:17 +02:00
|
|
|
|
|
2022-05-23 05:24:41 +02:00
|
|
|
|
* A bug was found in runc where runc exec --cap executed processes with
|
|
|
|
|
non-empty inheritable Linux process capabilities, creating an atypical Linux
|
|
|
|
|
environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
|
|
|
|
|
CVE-2022-29162. bsc#1199460
|
|
|
|
|
* `runc spec` no longer sets any inheritable capabilities in the created
|
|
|
|
|
example OCI spec (`config.json`) file.
|
2022-05-12 01:03:17 +02:00
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2022-03-29 05:37:10 +02:00
|
|
|
|
Tue Mar 29 03:33:30 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.1. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.1.
|
|
|
|
|
|
|
|
|
|
* runc run/start can now run a container with read-only /dev in OCI spec,
|
|
|
|
|
rather than error out. (#3355)
|
|
|
|
|
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
|
|
|
|
|
libcontainer systemd v2 manager no longer errors out if one of the files
|
|
|
|
|
listed in /sys/kernel/cgroup/delegate do not exist in container's
|
|
|
|
|
cgroup. (#3387, #3404)
|
|
|
|
|
* Loosen OCI spec validation to avoid bogus "Intel RDT is not supported"
|
|
|
|
|
error. (#3406)
|
|
|
|
|
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
|
|
|
|
|
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
|
|
|
|
|
|
2022-01-17 23:51:56 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 17 07:15:26 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.0. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.0.
|
|
|
|
|
|
|
|
|
|
- libcontainer will now refuse to build without the nsenter package being
|
|
|
|
|
correctly compiled (specifically this requires CGO to be enabled). This
|
|
|
|
|
should avoid folks accidentally creating broken runc binaries (and
|
|
|
|
|
incorrectly importing our internal libraries into their projects). (#3331)
|
|
|
|
|
|
2021-12-14 06:24:53 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 14 05:04:21 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.1.0~rc1. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
|
|
|
|
|
|
|
|
|
|
+ Add support for RDMA cgroup added in Linux 4.11.
|
|
|
|
|
* runc exec now produces exit code of 255 when the exec failed.
|
|
|
|
|
This may help in distinguishing between runc exec failures
|
|
|
|
|
(such as invalid options, non-running container or non-existent
|
|
|
|
|
binary etc.) and failures of the command being executed.
|
|
|
|
|
+ runc run: new --keep option to skip removal exited containers artefacts.
|
|
|
|
|
This might be useful to check the state (e.g. of cgroup controllers) after
|
|
|
|
|
the container hasexited.
|
|
|
|
|
+ seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
|
|
|
|
|
(the latter is just an alias for SCMP_ACT_KILL).
|
|
|
|
|
+ seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
|
|
|
|
|
users to create sophisticated seccomp filters where syscalls can be
|
|
|
|
|
efficiently emulated by privileged processes on the host.
|
|
|
|
|
+ checkpoint/restore: add an option (--lsm-mount-context) to set
|
|
|
|
|
a different LSM mount context on restore.
|
|
|
|
|
+ intelrdt: support ClosID parameter.
|
|
|
|
|
+ runc exec --cgroup: an option to specify a (non-top) in-container cgroup
|
|
|
|
|
to use for the process being executed.
|
|
|
|
|
+ cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
|
|
|
|
|
machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
|
|
|
|
|
run/exec now adds the container to the appropriate cgroup under it).
|
|
|
|
|
+ sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
|
|
|
|
|
behaviour.
|
|
|
|
|
+ mounts: add support for bind-mounts which are inaccessible after switching
|
|
|
|
|
the user namespace. Note that this does not permit the container any
|
|
|
|
|
additional access to the host filesystem, it simply allows containers to
|
|
|
|
|
have bind-mounts configured for paths the user can access but have
|
|
|
|
|
restrictive access control settings for other users.
|
|
|
|
|
+ Add support for recursive mount attributes using mount_setattr(2). These
|
|
|
|
|
have the same names as the proposed mount(8) options -- just prepend r
|
|
|
|
|
to the option name (such as rro).
|
|
|
|
|
+ Add runc features subcommand to allow runc users to detect what features
|
|
|
|
|
runc has been built with. This includes critical information such as
|
|
|
|
|
supported mount flags, hook names, and so on. Note that the output of this
|
|
|
|
|
command is subject to change and will not be considered stable until runc
|
|
|
|
|
1.2 at the earliest. The runtime-spec specification for this feature is
|
|
|
|
|
being developed in opencontainers/runtime-spec#1130.
|
|
|
|
|
* system: improve performance of /proc/$pid/stat parsing.
|
|
|
|
|
* cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
|
|
|
|
|
the ownership of certain cgroup control files (as per
|
|
|
|
|
/sys/kernel/cgroup/delegate) to allow for proper deferral to the container
|
|
|
|
|
process.
|
|
|
|
|
* runc checkpoint/restore: fixed for containers with an external bind mount
|
|
|
|
|
which destination is a symlink.
|
|
|
|
|
* cgroup: improve openat2 handling for cgroup directory handle hardening.
|
|
|
|
|
runc delete -f now succeeds (rather than timing out) on a paused
|
|
|
|
|
container.
|
|
|
|
|
* runc run/start/exec now refuses a frozen cgroup (paused container in case of
|
|
|
|
|
exec). Users can disable this using --ignore-paused.
|
|
|
|
|
- Update version data embedded in binary to correctly include the git commit of
|
|
|
|
|
the release.
|
|
|
|
|
- Drop runc-rpmlintrc because we don't have runc-test anymore.
|
|
|
|
|
|
2021-12-06 05:44:55 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 6 04:38:25 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.3. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784
|
2022-06-10 11:28:15 +02:00
|
|
|
|
bsc#1193436
|
2021-12-06 05:44:55 +01:00
|
|
|
|
|
|
|
|
|
* A potential vulnerability was discovered in runc (related to an internal
|
|
|
|
|
usage of netlink), however upon further investigation we discovered that
|
|
|
|
|
while this bug was exploitable on the master branch of runc, no released
|
|
|
|
|
version of runc could be exploited using this bug. The exploit required
|
|
|
|
|
being able to create a netlink attribute with a length that would overflow a
|
|
|
|
|
uint16 but this was not possible in any released version of runc. For more
|
|
|
|
|
information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
|
|
|
|
|
|
|
|
|
|
Due to an abundance of caution we decided to do an emergency release with
|
|
|
|
|
this fix, but to reiterate we do not believe this vulnerability was
|
|
|
|
|
possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
|
|
|
|
|
discovering and reporting this vulnerability so quickly.
|
|
|
|
|
* Fixed inability to start a container with read-write bind mount of a
|
|
|
|
|
read-only fuse host mount.
|
|
|
|
|
* Fixed inability to start when read-only /dev in set in spec.
|
|
|
|
|
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
|
|
|
|
|
v2 is used with older systemd.
|
|
|
|
|
* Fixed returning error from GetStats when hugetlb is unsupported (which
|
|
|
|
|
causes excessive logging for kubernetes).
|
|
|
|
|
|
2021-08-23 11:40:05 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 23 09:35:05 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.2. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.2
|
|
|
|
|
|
|
|
|
|
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
|
|
|
|
|
* Fixed the inability to start a container with the "adding seccomp filter
|
|
|
|
|
rule for syscall ..." error, caused by redundant seccomp rules (i.e. those
|
|
|
|
|
that has action equal to the default one). Such redundant rules are now
|
|
|
|
|
skipped.
|
|
|
|
|
* Made release builds reproducible from now on.
|
|
|
|
|
* Fixed a rare debug log race in runc init, which can result in occasional
|
|
|
|
|
harmful "failed to decode ..." errors from runc run or exec.
|
|
|
|
|
* Fixed the check in cgroup v1 systemd manager if a container needs to be
|
|
|
|
|
frozen before Set, and add a setting to skip such freeze unconditionally.
|
|
|
|
|
The previous fix for that issue, done in runc 1.0.1, was not working.
|
|
|
|
|
|
2021-07-20 11:40:45 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jul 18 02:40:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.1. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.1
|
|
|
|
|
|
|
|
|
|
* Fixed occasional runc exec/run failure ("interrupted system call") on an
|
|
|
|
|
Azure volume.
|
|
|
|
|
* Fixed "unable to find groups ... token too long" error with /etc/group
|
|
|
|
|
containing lines longer than 64K characters.
|
|
|
|
|
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
|
|
|
|
|
frozen. This is a regression in 1.0.0, not affecting runc itself but some
|
|
|
|
|
of libcontainer users (e.g Kubernetes).
|
|
|
|
|
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
|
|
|
|
|
permission error when handling replacement of existing bpf cgroup
|
|
|
|
|
programs. This fixes a regression in 1.0.0, where some SELinux
|
|
|
|
|
policies would block runc from being able to run entirely.
|
|
|
|
|
* cgroup/systemd/v2: don't freeze cgroup on Set.
|
|
|
|
|
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
|
|
|
|
|
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
|
|
|
|
|
|
2021-07-01 08:17:25 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 1 03:39:56 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
|
|
|
|
|
with runc under openSUSE MicroOS's SELinux policy. boo#1187704
|
|
|
|
|
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
|
|
|
|
|
|
2021-06-22 08:34:42 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 1 11:00:30 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.0. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0
|
|
|
|
|
|
|
|
|
|
! The usage of relative paths for mountpoints will now produce a warning
|
|
|
|
|
(such configurations are outside of the spec, and in future runc will
|
|
|
|
|
produce an error when given such configurations).
|
|
|
|
|
|
|
|
|
|
* cgroupv2: devices: rework the filter generation to produce consistent
|
|
|
|
|
results with cgroupv1, and always clobber any existing eBPF
|
|
|
|
|
program(s) to fix runc update and avoid leaking eBPF programs
|
|
|
|
|
(resulting in errors when managing containers).
|
|
|
|
|
* cgroupv2: correctly convert "number of IOs" statistics in a
|
|
|
|
|
cgroupv1-compatible way.
|
|
|
|
|
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
|
|
|
|
|
* cgroupv2: wait for freeze to finish before returning from the freezing
|
|
|
|
|
code, optimize the method for checking whether a cgroup is frozen.
|
|
|
|
|
* cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
|
|
|
|
|
* cgroups/systemd: fixed returning "unit already exists" error from a systemd
|
|
|
|
|
cgroup manager (regression in rc94)
|
|
|
|
|
|
|
|
|
|
+ cgroupv2: support SkipDevices with systemd driver
|
|
|
|
|
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
|
|
|
|
|
+ Make "runc --version" output sane even when built with go get or
|
|
|
|
|
otherwise outside of our build scripts.
|
|
|
|
|
+ cgroups: set SkipDevices during runc update (so we don't modify
|
|
|
|
|
cgroups at all during runc update).
|
|
|
|
|
+ cgroup1: blkio: support BFQ weights.
|
|
|
|
|
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
|
|
|
|
|
|
2021-05-19 12:09:39 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 19 10:00:00 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.0~rc95. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
|
|
|
|
|
|
|
|
|
|
This release of runc contains a fix for CVE-2021-30465, and users are
|
|
|
|
|
strongly recommended to update (especially if you are providing
|
|
|
|
|
semi-limited access to spawn containers to untrusted users). bsc#1185405
|
|
|
|
|
|
2021-05-12 10:08:56 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 12 08:03:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.0~rc94. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
|
|
|
|
|
Breaking Changes:
|
|
|
|
|
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
|
|
|
|
|
been effectively deprecated by the kernel. Users should make use of regular
|
|
|
|
|
memory cgroup controls.
|
|
|
|
|
Regression Fixes:
|
|
|
|
|
* seccomp: fix 32-bit compilation errors
|
|
|
|
|
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
|
|
|
|
|
* runc start: fix "chdir to cwd: permission denied" for some setups
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
|
|
|
|
|
|
2021-04-26 10:00:58 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 26 07:54:54 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Backport patch to fix build on SLE-12 ppc64le.
|
|
|
|
|
+ 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
|
|
|
|
|
|
2021-02-04 01:26:20 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 3 04:09:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.0~rc93. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93
|
2021-04-20 12:41:16 +02:00
|
|
|
|
bsc#1182451 bsc#1184962
|
2021-02-04 01:26:20 +01:00
|
|
|
|
|
|
|
|
|
* Cgroupv2 support is no longer considered experimental.
|
|
|
|
|
* Mountinfo parsing code has been reworked significantly.
|
|
|
|
|
* Special ENOSYS handling for seccomp profiles to avoid making new
|
2021-05-12 10:08:56 +02:00
|
|
|
|
syscalls unusable for glibc.
|
2021-02-04 01:26:20 +01:00
|
|
|
|
* Various rootless containers improvements.
|
|
|
|
|
* The "selinux" and "apparmor" buildtags have been removed, and now all runc
|
|
|
|
|
builds will have SELinux and AppArmor support enabled.
|
|
|
|
|
|
2021-02-02 23:19:53 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 2 05:53:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to handle the docker-runc removal. bsc#1181677
|
|
|
|
|
- Modernise go building for runc now that it has go.mod.
|
|
|
|
|
|
2020-08-29 11:35:30 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 28 07:38:29 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
|
|
2021-02-04 01:26:20 +01:00
|
|
|
|
- Upgrade to runc v1.0.0~rc92 (bsc#1175821). Upstream changelog is available
|
|
|
|
|
from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
|
2020-08-29 11:35:30 +02:00
|
|
|
|
|
|
|
|
|
* Updates to CRIU support.
|
|
|
|
|
* Improvements to cgroupfs performance and correctness.
|
|
|
|
|
|
2020-07-02 03:50:30 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 2 01:24:49 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc91. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
|
|
|
|
|
|
|
|
|
|
* This release of runc has experimental support for cgroupv2-only systems.
|
|
|
|
|
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
- bsc1149954-0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
|
|
|
- bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 25 22:34:03 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Switch to Go 1.13 for build.
|
|
|
|
|
|
2020-05-13 09:16:34 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 13 06:49:44 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Backport https://github.com/opencontainers/runc/pull/2391 to help fix
|
|
|
|
|
bsc#1168481.
|
|
|
|
|
+ bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch
|
|
|
|
|
|
2020-04-14 12:22:21 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 14 10:16:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
|
|
|
|
|
|
- Renamed patch:
|
|
|
|
|
0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
|
|
|
to
|
|
|
|
|
bsc1149954-0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 18 08:57:34 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
|
|
|
|
|
|
- Added fix for bsc#1149954
|
|
|
|
|
* 0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
|
|
|
(cherry pick of https://github.com/opencontainers/runc/pull/1807)
|
|
|
|
|
|
2020-01-24 04:07:47 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 23 17:18:05 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc10. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc10
|
|
|
|
|
- Drop upstreamed patches:
|
|
|
|
|
- CVE-2019-19921.patch
|
|
|
|
|
|
2020-02-04 03:30:22 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 21 22:10:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Change packagewide go version to be greater or equal to 1.10.
|
|
|
|
|
|
2020-01-17 04:34:42 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 17 03:02:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update CVE-2019-19921 patch to match upstream PR.
|
|
|
|
|
* CVE-2019-19921.patch
|
|
|
|
|
|
2020-01-14 05:49:43 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 14 04:44:36 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
2020-01-15 15:07:23 +01:00
|
|
|
|
- Add backported fix for CVE-2019-19921. bsc#1160452
|
2020-01-14 05:49:43 +01:00
|
|
|
|
+ CVE-2019-19921.patch
|
|
|
|
|
|
2019-10-05 13:52:50 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Oct 5 11:40:13 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc9. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc9
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
- CVE-2019-16884.patch
|
|
|
|
|
|
2019-09-26 17:15:16 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 26 14:54:07 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
2019-09-28 13:41:04 +02:00
|
|
|
|
- Add backported fix for CVE-2019-16884. bsc#1152308
|
2019-09-26 17:15:16 +02:00
|
|
|
|
+ CVE-2019-16884.patch
|
|
|
|
|
- Add runc-rpmlintrc to drop runc-test rpmlint warnings.
|
|
|
|
|
|
2019-04-29 14:05:18 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 29 11:56:21 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc8. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc8
|
|
|
|
|
- Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).
|
|
|
|
|
- Remove upstreamed patches:
|
|
|
|
|
- CVE-2019-5736.patch
|
|
|
|
|
|
2019-02-12 15:09:26 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 6 08:10:47 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Add fix for CVE-2019-5736 (effectively copying /proc/self/exe during re-exec
|
|
|
|
|
to avoid write attacks to the host runc binary). bsc#1121967
|
|
|
|
|
+ CVE-2019-5736.patch
|
|
|
|
|
|
2018-12-13 08:54:13 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2018-12-20 12:15:05 +01:00
|
|
|
|
Wed Dec 19 19:55:11 UTC 2018 - clee@suse.com
|
|
|
|
|
|
|
|
|
|
- Update go requirements to >= go1.10 to fix
|
|
|
|
|
* bsc#1118897 CVE-2018-16873
|
|
|
|
|
go#29230 cmd/go: remote command execution during "go get -u"
|
|
|
|
|
* bsc#1118898 CVE-2018-16874
|
|
|
|
|
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
|
|
|
|
|
* bsc#1118899 CVE-2018-16875
|
2019-02-12 15:09:26 +01:00
|
|
|
|
go#29233 crypto/x509: CPU denial of service
|
|
|
|
|
|
2018-12-20 12:15:05 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2018-12-13 08:54:13 +01:00
|
|
|
|
Thu Dec 13 04:34:25 UTC 2018 - dorf@suse.com
|
|
|
|
|
|
|
|
|
|
- Require golang = 1.10.
|
|
|
|
|
|
2018-11-29 16:15:50 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 29 09:10:09 UTC 2018 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6
|
|
|
|
|
|
2018-10-31 16:30:13 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 31 14:01:03 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
|
|
|
|
|
|
- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.
|
|
|
|
|
|
2018-06-05 09:46:42 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2018-06-13 17:25:29 +02:00
|
|
|
|
Wed Jun 13 12:59:09 UTC 2018 - dcassany@suse.com
|
|
|
|
|
|
2018-11-29 16:15:50 +01:00
|
|
|
|
- Make use of %license macro
|
2018-06-13 17:25:29 +02:00
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2018-06-05 09:46:42 +02:00
|
|
|
|
Tue Jun 5 06:38:40 UTC 2018 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Remove 'go test' from %check section, as it has only ever caused us problems
|
|
|
|
|
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
|
|
|
|
|
testing has been far more useful. boo#1095817
|
|
|
|
|
|
2018-02-27 18:41:09 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 27 17:18:32 UTC 2018 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Upgrade to runc v1.0.0~rc5. Upstream changelog is available from
|
|
|
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc5
|
|
|
|
|
- Remove patch now merged upstream.
|
|
|
|
|
- bsc1053532-0001-makefile-drop-usage-of-install.patch
|
|
|
|
|
|
2017-08-19 15:24:20 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 17 04:39:56 UTC 2017 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Use .tar.xz provided by upstream, as well as include the keyring to allow
|
|
|
|
|
full provenance of the source.
|
|
|
|
|
|
2017-08-16 21:16:32 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Aug 13 14:25:32 UTC 2017 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Use the upstream Makefile, to ensure that we always include the version
|
|
|
|
|
information in runc. This was confusing users (and Docker). bsc#1053532
|
|
|
|
|
- Add a backported patch to fix a Makefile bug.
|
|
|
|
|
https://github.com/opencontainers/runc/pull/1555
|
|
|
|
|
+ bsc1053532-0001-makefile-drop-usage-of-install.patch
|
|
|
|
|
|
2017-08-11 15:51:29 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 10 17:14:02 UTC 2017 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to runc v1.0.0-rc4. Upstream changelog:
|
|
|
|
|
+ runc now supports v1.0.0 of the OCI runtime specification. #1527
|
|
|
|
|
+ Rootless containers support has been released. The current state of
|
|
|
|
|
this feature is that it only supports single-{uid,gid} mappings as an
|
|
|
|
|
unprivileged user, and cgroups are completely unsupported. Work is
|
|
|
|
|
being done to improve this. #774
|
|
|
|
|
+ Rather than relying on CRIU version nnumbers, actually check if the
|
|
|
|
|
system supports pre-dumping. #1371
|
|
|
|
|
+ Allow the PIDs cgroup limit to be updated. #1423
|
|
|
|
|
+ Add support for checkpoint/restore of containers with orphaned PTYs
|
|
|
|
|
(which is effectively all containers with terminal=true). #1355
|
|
|
|
|
+ Permit prestart hooks to modify the cgroup configuration of a
|
|
|
|
|
container. #1239
|
|
|
|
|
+ Add support for a wide variety of mount options. #1460
|
|
|
|
|
+ Expose memory.use_hierarchy in MemoryStats. #1378
|
|
|
|
|
* Fix incorrect handling of systems without the freezer cgroup. #1387
|
|
|
|
|
* Many, many changes to switch away from Go's "syscall" stdlib to
|
|
|
|
|
"golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
|
|
|
|
|
#1478 #1491 #1482 #1504 #1519 #1530
|
|
|
|
|
* Set cgroup resources when restoring a container. #1399
|
|
|
|
|
* Switch back to using /sbin as the installation directory. #1406
|
|
|
|
|
* Remove the arbitrary container ID length restriction. #1435
|
|
|
|
|
* Make container force deletion ignore non-existent containers. #1451
|
|
|
|
|
* Improve handling of arbitrary cgroup mount locations when populating
|
|
|
|
|
cpuset. #1372
|
|
|
|
|
* Make the SaneTerminal interface public. #1479
|
|
|
|
|
* Fix cases where runc would report a container to be in a "Running"
|
|
|
|
|
state if the init was a zombie or dead. #1489
|
|
|
|
|
* Do not set supplementary groups for numeric users. #1450
|
|
|
|
|
* Fix various issues with the "owner" field in runc-list. #1516
|
|
|
|
|
* Many other miscellaneous fixes, some of which were made by first-time
|
|
|
|
|
contributors. Thanks, and welcome to the project! #1406 #1400 #1365
|
|
|
|
|
#1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
|
|
|
|
|
#1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533
|
|
|
|
|
- Remove any semblance of non-Linux support. #1502
|
|
|
|
|
- We no longer use shfmt for testing. #1510
|
|
|
|
|
|
2017-08-11 14:10:02 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
|
|
|
|
|
- Cleanup seccomp builds similar to bsc#1028638
|
|
|
|
|
- Remove the usage of 'cp -r' to reduce noise in the build logs.
|
|
|
|
|
|
2017-05-04 21:02:51 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2017-07-10 13:39:32 +02:00
|
|
|
|
Thu Jul 6 17:14:17 UTC 2017 - thipp@suse.de
|
|
|
|
|
|
|
|
|
|
- switch to opencontainers/runc master branch
|
2017-08-11 14:10:02 +02:00
|
|
|
|
- remove CVE-2016-9962.patch
|
2017-07-10 13:39:32 +02:00
|
|
|
|
- stop providing docker-runc
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2017-05-04 21:02:51 +02:00
|
|
|
|
Thu May 4 19:04:49 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-08-11 14:10:02 +02:00
|
|
|
|
- fix the golang requirement to 1.7 to the subpackages
|
2017-05-04 21:02:51 +02:00
|
|
|
|
|
2017-05-04 20:33:34 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 2 15:49:41 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-08-11 14:10:02 +02:00
|
|
|
|
- fix golang requirement to 1.7
|
2017-05-04 20:33:34 +02:00
|
|
|
|
|
2017-04-28 18:29:38 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- Substitute %__-type macro indirections
|
|
|
|
|
|
2017-04-20 12:54:06 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 13 16:34:03 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-08-11 14:10:02 +02:00
|
|
|
|
- update version to the one required by docker-17.04.0-ce (bsc#1034053)
|
2017-04-20 12:54:06 +02:00
|
|
|
|
remove ignore_cgroup2_mountpoint.patch . This is already included in
|
|
|
|
|
the upstream source code.
|
|
|
|
|
|
2017-04-20 12:25:40 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 12 09:55:28 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-08-11 14:10:02 +02:00
|
|
|
|
- Make sure this is being built with go 1.7
|
2017-04-20 12:25:40 +02:00
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 11 15:37:36 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- remove the go_arches macro because we are using go1.7 which
|
2017-08-11 14:10:02 +02:00
|
|
|
|
is available in all archs
|
2017-04-20 12:25:40 +02:00
|
|
|
|
|
2017-04-11 11:56:51 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-04-11 14:14:17 +02:00
|
|
|
|
- fix bsc#1028113 - runc: make sure to ignore cgroup v2 mountpoints
|
|
|
|
|
This is a backport of https://github.com/opencontainers/runc/pull/1266
|
|
|
|
|
+ ignore_cgroup2_mountpoint.patch
|
2017-04-11 11:56:51 +02:00
|
|
|
|
|
2017-03-05 04:07:20 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 24 18:08:10 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
2017-04-11 14:14:17 +02:00
|
|
|
|
- update to docker-1.13.0 requirement
|
2017-03-05 04:07:20 +01:00
|
|
|
|
|
2017-01-13 18:01:54 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 13 13:58:33 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- fix CVE-2016-9962 bsc#1012568 and applying the patch
|
|
|
|
|
CVE-2016-9962.patch, because 1.12.6 partially fixes it (it contains
|
2017-04-11 14:14:17 +02:00
|
|
|
|
the first patch attached in bsc#1012568)
|
2017-01-13 18:01:54 +01:00
|
|
|
|
|
2016-12-19 15:01:37 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 19 12:49:38 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- update runc to the version used in docker 1.12.5 (bsc#1016307).
|
2017-04-11 14:14:17 +02:00
|
|
|
|
This fixes bsc#1015661
|
2016-12-19 15:01:37 +01:00
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 19 12:17:07 UTC 2016 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- For the moment, we have to switch to using Docker's fork of runC. This *will*
|
|
|
|
|
be solved properly by creating a new package purely for Docker's runC fork,
|
|
|
|
|
because it's quite silly to tie OCI project releases to Docker's vendoring
|
|
|
|
|
scheme. Once this is fixed, this package will be switch to being purely-OCI.
|
|
|
|
|
|
2016-12-19 09:39:07 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 16 17:05:37 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
2016-12-19 15:01:37 +01:00
|
|
|
|
- add the /usr/bin/docker-run symlink to partially fix bsc#1015661
|
2016-12-19 09:39:07 +01:00
|
|
|
|
|
2016-11-24 13:49:13 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 24 11:05:41 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- fix version by adding a revision "counter" so that it will always
|
|
|
|
|
increase
|
|
|
|
|
|
2016-12-19 15:01:37 +01:00
|
|
|
|
fix bsc#1009961
|
2016-11-24 13:49:13 +01:00
|
|
|
|
|
2016-10-24 12:56:10 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 13 11:04:27 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
2016-12-19 15:01:37 +01:00
|
|
|
|
- update to 02f8fa7 because that is the needed version for docker 1.12.1 (bsc#1004490)
|
2016-10-24 12:56:10 +02:00
|
|
|
|
|
2016-09-23 16:37:04 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 21 05:13:26 UTC 2016 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- Run fdupes.
|
|
|
|
|
|
2016-09-19 14:08:36 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 19 11:57:45 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- fix go_arches definition: use global instead of define, otherwise
|
2016-12-19 15:01:37 +01:00
|
|
|
|
it fails to build
|
2016-09-19 14:08:36 +02:00
|
|
|
|
|
2016-08-26 12:03:29 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 26 08:59:54 UTC 2016 - asarai@suse.com
|
|
|
|
|
|
|
|
|
|
- Remove docker-runc symlink because it's been fixed within the Docker
|
|
|
|
|
package. bsc#978260
|
|
|
|
|
|
2016-08-25 19:13:43 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 25 17:02:33 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- Create a symlink /usr/sbin/docker-runc -> /usr/sbin/docker
|
2016-08-26 12:03:29 +02:00
|
|
|
|
Docker expects this symlink to exist bsc#978260
|
2016-08-25 19:13:43 +02:00
|
|
|
|
|
2016-08-25 18:01:03 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 25 15:56:00 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- Remove GOPATH at the end of the GOPATH assignment
|
|
|
|
|
cause GOPATH is empty and if we do that, we get the path ""
|
2016-08-26 12:03:29 +02:00
|
|
|
|
appended, which causes gcc6-go to complain
|
2016-08-25 18:01:03 +02:00
|
|
|
|
|
2016-08-24 14:34:21 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 24 12:27:57 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
|
|
|
|
- add go_arches in project configuration: this way, we can use the
|
|
|
|
|
same spec file but decide in the project configuration if to
|
2016-08-26 12:03:29 +02:00
|
|
|
|
use gc-go or gcc-go for some archs.
|
2016-08-24 14:34:21 +02:00
|
|
|
|
|
2016-08-23 17:12:47 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 18 10:35:29 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
|
|
2016-08-26 12:03:29 +02:00
|
|
|
|
- use gcc6-go instead of gcc5-go (bsc#988408)
|
2016-08-23 17:12:47 +02:00
|
|
|
|
- build ppc64le with gc-go because this version builds with gc-go 1.6
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 18 10:34:29 UTC 2016 - cbrauner@suse.de
|
|
|
|
|
|
|
|
|
|
- bump git commit id to the one required by docker v1.12.0 (bsc#995058)
|
|
|
|
|
- run unit tests during package build
|
|
|
|
|
- remove seccomp-use-pkg-config.patch
|
|
|
|
|
The patch is now upstream.
|
|
|
|
|
- remove GO_BUILD_FLAGS macro and substitute with BUILDFLAGS env variable to
|
|
|
|
|
allow for easier string appending.
|
|
|
|
|
- only run unit test on architectures that provide the go list and go test tools
|
|
|
|
|
|
2016-08-17 12:45:55 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 17 10:29:15 UTC 2016 - cbrauner@suse.de
|
|
|
|
|
|
|
|
|
|
- Add runc-test package which contains the source code and the test. This
|
|
|
|
|
package will be used to run the integration tests.
|
|
|
|
|
- Simplify package build and check sections: Instead of symlinking we default to
|
|
|
|
|
cp -avr. go list gets confused by symlinks hence, we need to copy the source
|
|
|
|
|
code anyway if we want to run unit tests during package build at some point.
|
|
|
|
|
|
2016-04-29 11:35:10 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 29 09:03:24 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
2016-07-20 10:35:48 +02:00
|
|
|
|
* Update to runC 0.1.1. (bsc#989566 FATE#320763) Changelog from upstream:
|
2016-04-29 11:35:10 +02:00
|
|
|
|
|
|
|
|
|
This release includes a bug fix for adding the selinux mount label in the specification.
|
|
|
|
|
|
2016-04-19 12:00:18 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 19 09:59:05 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Don't use gcc-go for aarch64, since gc has grown support for it and is more
|
|
|
|
|
stable.
|
|
|
|
|
|
2016-04-15 12:47:01 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 15 10:46:04 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Disable seccomp entirely for aarch64 builds, since it is not provided on all
|
|
|
|
|
SUSE platforms.
|
|
|
|
|
|
2016-03-30 16:18:58 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2016-04-13 14:11:46 +02:00
|
|
|
|
Wed Apr 13 12:03:09 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Update to runC 0.1.0. Changelog from upstream:
|
|
|
|
|
|
|
|
|
|
This release updates runc to the OCI runtime specification v0.5.0 and includes
|
|
|
|
|
various fixes and features.
|
|
|
|
|
|
|
|
|
|
Features:
|
|
|
|
|
+ cgroups: pid limits and stats
|
|
|
|
|
+ cgroups: kmem stats
|
|
|
|
|
+ systemd cgroup support
|
|
|
|
|
+ libcontainer specconv package
|
|
|
|
|
+ no pivot root option
|
|
|
|
|
+ numeric ids are treated as uid/gid
|
|
|
|
|
+ hook improvements
|
|
|
|
|
|
|
|
|
|
Bug Fixes:
|
|
|
|
|
* log flushing
|
|
|
|
|
* atomic pid file creation
|
|
|
|
|
* init error recovery
|
|
|
|
|
* seccomp logging removed
|
|
|
|
|
* delete container on aborted start
|
|
|
|
|
* /dev bind mount handling
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2016-03-30 16:18:58 +02:00
|
|
|
|
Wed Mar 30 14:18:18 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Install to /usr/sbin. https://github.com/opencontainers/runc/pull/702
|
|
|
|
|
|
2016-03-27 17:19:30 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 27 14:50:32 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Added runC man pages.
|
|
|
|
|
* Recommended criu, since it's required for the checkpoint and restore
|
|
|
|
|
functionality.
|
|
|
|
|
|
2016-03-27 12:15:05 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 27 10:14:32 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Small updates to method of compilation to better match Makefile.
|
|
|
|
|
|
2016-03-21 13:15:39 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 21 12:04:59 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* Make compilation work on gcc-go only systems (ppc and s390).
|
|
|
|
|
|
2016-03-21 09:36:29 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 21 08:24:02 UTC 2016 - asarai@suse.de
|
|
|
|
|
|
|
|
|
|
* initial import of runC 0.0.9
|
|
|
|
|
* add patch seccomp-use-pkg-config.patch which allows us to build runC, since
|
|
|
|
|
they assume that the seccomp.h file lives at /usr/include/seccomp.h.
|
|
|
|
|
|