update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30#3081
Merged
crosbymichael merged 1 commit intocontainerd:masterfrom Mar 7, 2019
Merged
update runc to 2b18fe1d885ee5083ef9f0838fee39b62d653e30#3081crosbymichael merged 1 commit intocontainerd:masterfrom
crosbymichael merged 1 commit intocontainerd:masterfrom
Conversation
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <[email protected]>
Member
Author
|
ping @kolyshkin ptal |
Member
Author
|
Note that those changes are in the runc binary (not the vendored code), but the runc version guidelines in this repository describe that the binary should have the same version as is used in |
Codecov Report
@@ Coverage Diff @@
## master #3081 +/- ##
=======================================
Coverage 43.54% 43.54%
=======================================
Files 103 103
Lines 11015 11015
=======================================
Hits 4796 4796
Misses 5483 5483
Partials 736 736
Continue to review full report at Codecov.
|
Member
|
LGTM |
Member
|
Needs to be cherry picked to 1.2 |
Member
Author
|
yup, working on that (1.1 also uses the same version, so I'll pick it there as well) |
Member
|
ok, thanks |
This was referenced Mar 7, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
full diff: opencontainers/runc@6635b4f...2b18fe1
This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.
changes included:
Signed-off-by: Sebastiaan van Stijn [email protected]