pool/runc
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f76f27fb03
runc/runc.spec
Aleksa Sarai f76f27fb03 Accepting request 935874 from home:cyphar:docker 
- Update to runc v1.0.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784

  * A potential vulnerability was discovered in runc (related to an internal
    usage of netlink), however upon further investigation we discovered that
    while this bug was exploitable on the master branch of runc, no released
    version of runc could be exploited using this bug. The exploit required
    being able to create a netlink attribute with a length that would overflow a
    uint16 but this was not possible in any released version of runc. For more
    information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.

    Due to an abundance of caution we decided to do an emergency release with
    this fix, but to reiterate we do not believe this vulnerability was
    possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
    discovering and reporting this vulnerability so quickly.
  * Fixed inability to start a container with read-write bind mount of a
    read-only fuse host mount.
  * Fixed inability to start when read-only /dev in set in spec.
  * Fixed not removing sub-cgroups upon container delete, when rootless cgroup
    v2 is used with older systemd.
  * Fixed returning error from GetStats when hugetlb is unsupported (which
    causes excessive logging for kubernetes).

OBS-URL: https://build.opensuse.org/request/show/935874
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=118
2021-12-06 04:44:55 +00:00

96 lines
3.4 KiB
RPMSpec
Raw Blame History

#
# spec file for package runc
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# nodebuginfo
# MANUAL: Make sure you update this each time you update runc.
%define git_version 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7
# Package-wide golang version
%define go_version 1.16
%define project github.com/opencontainers/runc
Name: runc
Version: 1.0.3
%define _version 1.0.3
Release: 0
Summary: Tool for spawning and running OCI containers
License: Apache-2.0
Group: System/Management
URL: https://github.com/opencontainers/runc
Source0: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{_version}.tar.xz
Source1: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc
Source2: runc.keyring
Source3: runc-rpmlintrc
BuildRequires: fdupes
BuildRequires: go-go-md2man
# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
# for 'golang(API) >= 1.x' here, so just require 1.x exactly. bsc#1172608
BuildRequires: go%{go_version}
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
Recommends: criu
# There used to be a docker-runc package which was specifically for Docker.
# Since Docker now tracks upstream more consistently, we use the same package
# but we need to obsolete the old one. bsc#1181677
Obsoletes: docker-runc < %{version}
Provides: docker-runc = %{version}
# KUBIC-SPECIFIC: There used to be a kubic-specific docker-runc package, but
# now it's been merged into the one package. bsc#1181677
Obsoletes: docker-runc-kubic < %{version}
Provides: docker-runc-kubic = %{version}
Obsoletes: docker-runc = 0.1.1+gitr2819_50a19c6
Obsoletes: docker-runc_50a19c6
%description
runc is a CLI tool for spawning and running containers according to the OCI
specification. It is designed to be as minimal as possible, and is the workhorse
of Docker. It was originally designed to be a replacement for LXC within Docker,
and has grown to become a separate project entirely.
%prep
%setup -q -n %{name}-%{_version}
%build
# build runc
make BUILDTAGS="seccomp" COMMIT_NO="%{git_version}" runc
# build man pages
man/md2man-all.sh
%install
# We install to /usr/sbin/runc as per upstream and create a symlink in /usr/bin
# for rootless tools.
install -D -m0755 %{name} %{buildroot}%{_sbindir}/%{name}
install -m0755 -d %{buildroot}%{_bindir}
ln -s %{_sbindir}/%{name} %{buildroot}%{_bindir}/%{name}
# Man pages.
install -d -m0755 %{buildroot}%{_mandir}/man8
install -m0644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8
%fdupes %{buildroot}
%files
%defattr(-,root,root)
%doc README.md
%license LICENSE
%{_sbindir}/%{name}
%{_bindir}/%{name}
%{_mandir}/man8/runc*.8.gz
%changelog
Reference in New Issue View Git Blame Copy Permalink