Accepting request 487329 from Virtualization:containers

1 OBS-URL: https://build.opensuse.org/request/show/487329 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=11
2017-04-17 08:26:20 +00:00 · 2017-04-17 08:26:20 +00:00 · e1aa70800a
commit e1aa70800a
parent df1e6f7536 3f88467bef
3 changed files with 45 additions and 3 deletions
--- a/ignore_cgroup2_mountpoint.patch
+++ b/ignore_cgroup2_mountpoint.patch
@ -0,0 +1,31 @@
+From e7b57cb042130edf86506d189734018edc3f2c18 Mon Sep 17 00:00:00 2001
+From: Mrunal Patel <mrunalp@gmail.com>
+Date: Tue, 10 Jan 2017 15:13:28 -0800
+Subject: [PATCH] Ignore cgroup2 mountpoints
+
+Our current cgroup parsing logic assumes cgroup v1 mounts
+so we should ignore cgroup2 mounts for now
+
+Backport: https://github.com/opencontainers/runc/pull/1266
+Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ libcontainer/cgroups/utils.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go
+index 8946dd5959e4..c6db0039e654 100644
+--- a/libcontainer/cgroups/utils.go
+++ b/libcontainer/cgroups/utils.go
+@@ -149,7 +149,7 @@ func getCgroupMountsHelper(ss map[string]bool, mi io.Reader, all bool) ([]Mount,
+ 		if sepIdx == -1 {
+ 			return nil, fmt.Errorf("invalid mountinfo format")
+ 		}
+-		if txt[sepIdx+3:sepIdx+9] != "cgroup" {
+		if txt[sepIdx+3:sepIdx+10] == "cgroup2" || txt[sepIdx+3:sepIdx+9] != "cgroup" {
+ 			continue
+ 		}
+ 		fields := strings.Split(txt, " ")
+-- 
+2.12.2
+
--- a/runc.changes
+++ b/runc.changes
@ -1,20 +1,27 @@
+-------------------------------------------------------------------
+Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com
+
+- fix bsc#1028113 - runc: make sure to ignore cgroup v2 mountpoints
+  This is a backport of https://github.com/opencontainers/runc/pull/1266
+  + ignore_cgroup2_mountpoint.patch
+
 -------------------------------------------------------------------
 Fri Feb 24 18:08:10 UTC 2017 - jmassaguerpla@suse.com

- update to docker-1.13.0 requirement 
+- update to docker-1.13.0 requirement

 -------------------------------------------------------------------
 Fri Jan 13 13:58:33 UTC 2017 - jmassaguerpla@suse.com

 - fix CVE-2016-9962 bsc#1012568 and applying the patch
  CVE-2016-9962.patch, because 1.12.6 partially fixes it (it contains
-  the first patch attached in bsc#1012568) 
+  the first patch attached in bsc#1012568)

 -------------------------------------------------------------------
 Mon Dec 19 12:49:38 UTC 2016 - jmassaguerpla@suse.com

 - update runc to the version used in docker 1.12.5 (bsc#1016307).
-  This fixes bsc#1015661 
+  This fixes bsc#1015661

 -------------------------------------------------------------------
 Mon Dec 19 12:17:07 UTC 2016 - asarai@suse.com
--- a/runc.spec
+++ b/runc.spec
@ -58,6 +58,7 @@ Group:          System/Management
 Url:            https://github.com/opencontainers/runc
 Source:         %{name}-git.%{git_version}.tar.xz
 Patch0:         CVE-2016-9962.patch
+Patch1:         ignore_cgroup2_mountpoint.patch
 BuildRequires:  fdupes
 %ifarch %go_arches
 BuildRequires:  go >= 1.5
@ -104,6 +105,9 @@ Test package for runc. It contains the source code and the tests.
 %prep
 %setup -q -n %{name}-git.%{git_version}
 %patch0 -p1
+%if 0%{?suse_version} > 1320
+%patch1 -p1
+%endif

 %build
 # Do not use symlinks. If you want to run the unit tests for this package at