rpm/runc
SHA256
1
0
Fork 0
forked from pool/runc
Code Pull Requests Activity
121 Commits 2 Branches 0 Tags 3.4 MiB
b553e39996
Commit Graph

121 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
b553e39996 Accepting request 913732 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/913732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=41
 2021-08-24 08:53:55 +00:00
Aleksa Sarai
cf1a13f90d Accepting request 913731 from home:cyphar:docker 
- Update to runc v1.0.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.2

  * Fixed a failure to set CPU quota period in some cases on cgroup v1.
  * Fixed the inability to start a container with the "adding seccomp filter
    rule for syscall ..." error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped.
  * Made release builds reproducible from now on.
  * Fixed a rare debug log race in runc init, which can result in occasional
    harmful "failed to decode ..." errors from runc run or exec.
  * Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.

OBS-URL: https://build.opensuse.org/request/show/913731
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=117
 2021-08-23 09:40:05 +00:00
Dominique Leuenberger
9065981863 Accepting request 907286 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/907286
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=40
 2021-07-20 13:38:40 +00:00
Aleksa Sarai
bb50268589 Accepting request 907285 from home:cyphar:docker 
- Update to runc v1.0.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.1

  * Fixed occasional runc exec/run failure ("interrupted system call") on an
    Azure volume.
  * Fixed "unable to find groups ... token too long" error with /etc/group
    containing lines longer than 64K characters.
  * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
    frozen. This is a regression in 1.0.0, not affecting runc itself but some
    of libcontainer users (e.g Kubernetes).
  * cgroupv2: bpf: Ignore inaccessible existing programs in case of
    permission error when handling replacement of existing bpf cgroup
    programs. This fixes a regression in 1.0.0, where some SELinux
    policies would block runc from being able to run entirely.
  * cgroup/systemd/v2: don't freeze cgroup on Set.
  * cgroup/systemd/v1: avoid unnecessary freeze on Set.

- Remove upstreamed patches:
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch

OBS-URL: https://build.opensuse.org/request/show/907285
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=116
 2021-07-20 09:40:45 +00:00
Dominique Leuenberger
19a7cb9c53 Accepting request 903381 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/903381
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=39
 2021-07-02 11:26:39 +00:00
Aleksa Sarai
5eef441a29 Accepting request 903380 from home:cyphar:docker 
Cherry-pick patch correctly so it applies cleanly...

OBS-URL: https://build.opensuse.org/request/show/903380
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=115
 2021-07-01 10:36:06 +00:00
Aleksa Sarai
608f0629ac Accepting request 903342 from home:cyphar:docker 
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
  with runc under openSUSE MicroOS's SELinux policy. boo#1187704
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch

OBS-URL: https://build.opensuse.org/request/show/903342
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=114
 2021-07-01 06:17:25 +00:00
Dirk Mueller
9e55180025 Accepting request 901272 from home:cyphar:docker 
- Update to runc v1.0.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0

  ! The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations).

  * cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers).
  * cgroupv2: correctly convert "number of IOs" statistics in a
    cgroupv1-compatible way.
  * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  * cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen.
  * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
  * cgroups/systemd: fixed returning "unit already exists" error from a systemd
    cgroup manager (regression in rc94)

  + cgroupv2: support SkipDevices with systemd driver
  + cgroup/systemd: return, not ignore, stop unit error from Destroy
  + Make "runc --version" output sane even when built with go get or
    otherwise outside of our build scripts.
  + cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update).
  + cgroup1: blkio: support BFQ weights.
  + cgroupv2: set per-device io weights if BFQ IO scheduler is available.

OBS-URL: https://build.opensuse.org/request/show/901272
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=113
 2021-06-22 06:34:42 +00:00
Dominique Leuenberger
c49fe8659d Accepting request 894286 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/894286
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=38
 2021-05-20 17:23:42 +00:00
Aleksa Sarai
c92ebea2d0 Accepting request 894285 from home:cyphar:docker 
- Update to runc v1.0.0~rc95. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95

  This release of runc contains a fix for CVE-2021-30465, and users are
  strongly recommended to update (especially if you are providing
  semi-limited access to spawn containers to untrusted users). bsc#1185405

OBS-URL: https://build.opensuse.org/request/show/894285
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=111
 2021-05-19 10:09:39 +00:00
Dominique Leuenberger
a69f721202 Accepting request 892392 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/892392
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=37
 2021-05-15 21:15:28 +00:00
Aleksa Sarai
e359b5cff1 Accepting request 892389 from home:cyphar:docker 
- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "chdir to cwd: permission denied" for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch

OBS-URL: https://build.opensuse.org/request/show/892389
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=109
 2021-05-12 08:08:56 +00:00
Dominique Leuenberger
11034395b8 Accepting request 888385 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/888385
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=36
 2021-04-27 19:34:09 +00:00
Aleksa Sarai
88d4373f4e Accepting request 888384 from home:cyphar:docker 
- Backport patch to fix build on SLE-12 ppc64le.
  + 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch

OBS-URL: https://build.opensuse.org/request/show/888384
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=107
 2021-04-26 08:00:58 +00:00
Dominique Leuenberger
136b10cf94 Accepting request 886967 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/886967
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=35
 2021-04-21 18:58:57 +00:00
Aleksa Sarai
0146fb1293 Accepting request 886957 from home:cyphar:docker 
Add new BZ reference.

OBS-URL: https://build.opensuse.org/request/show/886957
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=105
 2021-04-20 10:41:16 +00:00
Richard Brown
85c53b9d4c Accepting request 876335 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/876335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=34
 2021-03-03 17:34:50 +00:00
Aleksa Sarai
894e8e2368 Accepting request 876332 from home:cyphar:docker 
Add BZ reference.

OBS-URL: https://build.opensuse.org/request/show/876332
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=103
 2021-03-03 03:06:45 +00:00
Dominique Leuenberger
d64a9eb6c9 Accepting request 869059 from Virtualization:containers 
- Update to runc v1.0.0~rc93. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93
  * Cgroupv2 support is no longer considered experimental.
  * Mountinfo parsing code has been reworked significantly.
  * Special ENOSYS handling for seccomp profiles to avoid making new
	syscalls unusable for glibc.
  * Various rootless containers improvements.
  * The "selinux" and "apparmor" buildtags have been removed, and now all runc
    builds will have SELinux and AppArmor support enabled.
- Update to handle the docker-runc removal. bsc#1181677
- Modernise go building for runc now that it has go.mod.

OBS-URL: https://build.opensuse.org/request/show/869059
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=33
 2021-02-04 19:22:53 +00:00
Aleksa Sarai
f530b9f9ff Accepting request 869056 from home:cyphar:docker 
runc 1.0.0-rc93 update.

OBS-URL: https://build.opensuse.org/request/show/869056
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=101
 2021-02-04 00:26:20 +00:00
Aleksa Sarai
c589d24124 - Update to Docker 20.10.3-ce. See upstream changelog in the packaged 
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-21285 CVE-2021-21284
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
  the upstream runc package (it's stable enough and Docker no longer pins git
  versions). docker-libnetwork is so unstable that it doesn't have any
  versioning scheme and so it really doesn't make sense to maintain the project
  as a separate package. bsc#1181641 bsc#1181677

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=100
 2021-02-02 22:19:53 +00:00
Dominique Leuenberger
1e1da9e0a2 Accepting request 830453 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/830453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=32
 2020-08-31 14:47:44 +00:00
Aleksa Sarai
4aca013630 Accepting request 830206 from home:rhafer:branches:Virtualization:containers 
- Upgrade to runc v1.0.0~rc92 (bsc#1175821). Upstream changelog is
  available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
  * Updates to CRIU support.
  * Improvements to cgroupfs performance and correctness.

OBS-URL: https://build.opensuse.org/request/show/830206
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=98
 2020-08-29 09:35:30 +00:00
Dominique Leuenberger
c4e0835c2e Accepting request 818193 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/818193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=31
 2020-07-06 14:14:00 +00:00
Aleksa Sarai
7b244a9844 Accepting request 818188 from home:cyphar:docker 
- Upgrade to runc v1.0.0~rc91. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91

  * This release of runc has experimental support for cgroupv2-only systems.

- Remove upstreamed patches:
  - bsc1149954-0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
  - bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch

OBS-URL: https://build.opensuse.org/request/show/818188
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=96
 2020-07-02 01:50:30 +00:00
Dominique Leuenberger
74c0f964de Accepting request 804891 from Virtualization:containers 
- Backport https://github.com/opencontainers/runc/pull/2391 to help fix
  bsc#1168481.
  + bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch

OBS-URL: https://build.opensuse.org/request/show/804891
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=30
 2020-05-14 21:22:28 +00:00
Aleksa Sarai
923e7ff863 Accepting request 804873 from home:cyphar:docker 
- Backport https://github.com/opencontainers/runc/pull/2391 to help fix
  bsc#1168481.
  + bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch

OBS-URL: https://build.opensuse.org/request/show/804873
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=94
 2020-05-13 07:16:34 +00:00
Dominique Leuenberger
8c654ae3d8 Accepting request 793810 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/793810
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=29
 2020-04-15 17:53:41 +00:00
Aleksa Sarai
b91f4ecce0 Accepting request 793807 from home:rhafer:branches:Virtualization:containers 
- Renamed patch:
  0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
  to
  bsc1149954-0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch

- Added fix for bsc#1149954
  * 0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
    (cherry pick of https://github.com/opencontainers/runc/pull/1807)

OBS-URL: https://build.opensuse.org/request/show/793807
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=92
 2020-04-14 10:22:21 +00:00
Dominique Leuenberger
9aab460be0 Accepting request 769817 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/769817
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=28
 2020-02-06 12:19:01 +00:00
Aleksa Sarai
c8dec0e6fa Accepting request 766566 from home:iznogood:branches:Virtualization:containers 
- Change packagewide go version to be greater or equal to 1.10.

OBS-URL: https://build.opensuse.org/request/show/766566
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=90
 2020-02-04 02:30:22 +00:00
Dominique Leuenberger
e71fb241d7 Accepting request 766725 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/766725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=27
 2020-01-30 08:30:55 +00:00
Aleksa Sarai
9a57dbdc64 Accepting request 766724 from home:cyphar:docker 
runc 1.0.0-rc10 update

OBS-URL: https://build.opensuse.org/request/show/766724
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=88
 2020-01-24 03:07:47 +00:00
Dominique Leuenberger
0e18ab7717 Accepting request 765105 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/765105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=26
 2020-01-23 15:07:57 +00:00
Aleksa Sarai
8a0d82c468 Accepting request 765103 from home:cyphar:docker 
- Update CVE-2019-19921 patch to match upstream PR.
  * CVE-2019-19921.patch

OBS-URL: https://build.opensuse.org/request/show/765103
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=86
 2020-01-17 03:34:42 +00:00
Dominique Leuenberger
fc1984a25f Accepting request 764685 from Virtualization:containers 
CVE-2019-19921

OBS-URL: https://build.opensuse.org/request/show/764685
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=25
 2020-01-16 17:19:36 +00:00
Aleksa Sarai
8fefd473fa Accepting request 764682 from home:cyphar:docker 
Add bug reference for CVE-2019-19921.

OBS-URL: https://build.opensuse.org/request/show/764682
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=84
 2020-01-15 14:07:23 +00:00
Aleksa Sarai
01dc9f6ec0 Accepting request 764148 from home:cyphar:docker 
- Add backported fix for CVE-2019-19921.
  + CVE-2019-19921.patch

OBS-URL: https://build.opensuse.org/request/show/764148
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=83
 2020-01-14 04:49:43 +00:00
Dominique Leuenberger
5a2b279580 Accepting request 735405 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/735405
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=24
 2019-10-10 09:50:05 +00:00
Aleksa Sarai
9c821cca87 Accepting request 735404 from home:cyphar:containers:maint 
- Upgrade to runc v1.0.0~rc9. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc9
- Remove upstreamed patches:
  - CVE-2019-16884.patch

OBS-URL: https://build.opensuse.org/request/show/735404
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=81
 2019-10-05 11:52:50 +00:00
Aleksa Sarai
2606526c7c Accepting request 733834 from home:cyphar:containers:maint 
Add reference to bsc#1152308.

OBS-URL: https://build.opensuse.org/request/show/733834
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=80
 2019-09-28 11:41:04 +00:00
Aleksa Sarai
c2791cd3be Fix From: line for CVE-2019-16884. 
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=79
 2019-09-27 20:22:13 +00:00
Aleksa Sarai
53bd0f1302 Accepting request 733753 from home:cyphar:containers:maint 
Add /proc/self/fd protections to CVE-2019-16884.patch.

OBS-URL: https://build.opensuse.org/request/show/733753
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=78
 2019-09-27 20:18:17 +00:00
Aleksa Sarai
c0cf07af42 Accepting request 733530 from home:cyphar:containers:maint 
Fix CVE patch.

OBS-URL: https://build.opensuse.org/request/show/733530
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=77
 2019-09-27 03:17:22 +00:00
Aleksa Sarai
1a94d9d340 Accepting request 733478 from home:cyphar:containers:maint 
- Add backported fix for CVE-2019-16884.
  + CVE-2019-16884.patch
- Add runc-rpmlintrc to drop runc-test rpmlint warnings.

OBS-URL: https://build.opensuse.org/request/show/733478
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=76
 2019-09-26 15:15:16 +00:00
Dominique Leuenberger
0eb4f05040 Accepting request 699413 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/699413
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=23
 2019-05-02 17:14:41 +00:00
Aleksa Sarai
67c52ee2aa Accepting request 699412 from home:cyphar:runc 
- Upgrade to runc v1.0.0~rc8. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc8
- Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).
- Remove upstreamed patches:
  - CVE-2019-5736.patch

OBS-URL: https://build.opensuse.org/request/show/699412
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=74
 2019-04-29 12:05:18 +00:00
Stephan Kulow
c5c186118b Accepting request 674113 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/674113
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=22
 2019-02-24 16:03:54 +00:00
Aleksa Sarai
68bddaf3ee Accepting request 674111 from home:cyphar:cve-2019-5736 
- Add fix for CVE-2019-5736 (effectively copying /proc/self/exe during re-exec
  to avoid write attacks to the host runc binary). bsc#1121967
  + CVE-2019-5736.patch

OBS-URL: https://build.opensuse.org/request/show/674111
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=72
 2019-02-12 14:09:26 +00:00
Dominique Leuenberger
c07367038d Accepting request 660263 from Virtualization:containers 
OBS-URL: https://build.opensuse.org/request/show/660263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=21
 2018-12-26 23:25:07 +00:00