diff --git a/ignore_cgroup2_mountpoint.patch b/ignore_cgroup2_mountpoint.patch new file mode 100644 index 0000000..87017d6 --- /dev/null +++ b/ignore_cgroup2_mountpoint.patch @@ -0,0 +1,31 @@ +From e7b57cb042130edf86506d189734018edc3f2c18 Mon Sep 17 00:00:00 2001 +From: Mrunal Patel +Date: Tue, 10 Jan 2017 15:13:28 -0800 +Subject: [PATCH] Ignore cgroup2 mountpoints + +Our current cgroup parsing logic assumes cgroup v1 mounts +so we should ignore cgroup2 mounts for now + +Backport: https://github.com/opencontainers/runc/pull/1266 +Signed-off-by: Mrunal Patel +Signed-off-by: Aleksa Sarai +--- + libcontainer/cgroups/utils.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go +index 8946dd5959e4..c6db0039e654 100644 +--- a/libcontainer/cgroups/utils.go ++++ b/libcontainer/cgroups/utils.go +@@ -149,7 +149,7 @@ func getCgroupMountsHelper(ss map[string]bool, mi io.Reader, all bool) ([]Mount, + if sepIdx == -1 { + return nil, fmt.Errorf("invalid mountinfo format") + } +- if txt[sepIdx+3:sepIdx+9] != "cgroup" { ++ if txt[sepIdx+3:sepIdx+10] == "cgroup2" || txt[sepIdx+3:sepIdx+9] != "cgroup" { + continue + } + fields := strings.Split(txt, " ") +-- +2.12.2 + diff --git a/runc.changes b/runc.changes index 191af06..9469145 100644 --- a/runc.changes +++ b/runc.changes @@ -1,20 +1,27 @@ +------------------------------------------------------------------- +Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com + +- fix bsc#1028113 - runc: make sure to ignore cgroup v2 mountpoints + This is a backport of https://github.com/opencontainers/runc/pull/1266 + + ignore_cgroup2_mountpoint.patch + ------------------------------------------------------------------- Fri Feb 24 18:08:10 UTC 2017 - jmassaguerpla@suse.com -- update to docker-1.13.0 requirement +- update to docker-1.13.0 requirement ------------------------------------------------------------------- Fri Jan 13 13:58:33 UTC 2017 - jmassaguerpla@suse.com - fix CVE-2016-9962 bsc#1012568 and applying the patch CVE-2016-9962.patch, because 1.12.6 partially fixes it (it contains - the first patch attached in bsc#1012568) + the first patch attached in bsc#1012568) ------------------------------------------------------------------- Mon Dec 19 12:49:38 UTC 2016 - jmassaguerpla@suse.com - update runc to the version used in docker 1.12.5 (bsc#1016307). - This fixes bsc#1015661 + This fixes bsc#1015661 ------------------------------------------------------------------- Mon Dec 19 12:17:07 UTC 2016 - asarai@suse.com diff --git a/runc.spec b/runc.spec index bbc552c..9458375 100644 --- a/runc.spec +++ b/runc.spec @@ -58,6 +58,7 @@ Group: System/Management Url: https://github.com/opencontainers/runc Source: %{name}-git.%{git_version}.tar.xz Patch0: CVE-2016-9962.patch +Patch1: ignore_cgroup2_mountpoint.patch BuildRequires: fdupes %ifarch %go_arches BuildRequires: go >= 1.5 @@ -104,6 +105,9 @@ Test package for runc. It contains the source code and the tests. %prep %setup -q -n %{name}-git.%{git_version} %patch0 -p1 +%if 0%{?suse_version} > 1320 +%patch1 -p1 +%endif %build # Do not use symlinks. If you want to run the unit tests for this package at