Skip to content

update runc binary to v1.1.10 #9358

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmcgowan merged 1 commit into from
Nov 13, 2023
Merged

update runc binary to v1.1.10 #9358

dmcgowan merged 1 commit into from
Nov 13, 2023

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Nov 13, 2023

This is the tenth (and most likely final) patch release in the 1.1.z release branch of runc. It mainly fixes a few issues in cgroups, and a umask-related issue in tmpcopyup.

  • Add support for hugetlb.<pagesize>.rsvd limiting and accounting. Fixes the issue of postgres failing when hugepage limits are set.
  • Fixed permissions of a newly created directories to not depend on the value of umask in tmpcopyup feature implementation.
  • libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes (fixes the compatibility with Linux kernel 6.1+).
  • Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb configuration. This issue is not a security issue because it requires a malicious config.json, which is outside of our threat model.

@thaJeztah
update runc binary to v1.1.10
274a162 
- full diff: opencontainers/runc@v1.1.9...v1.1.10
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.10

This is the tenth (and most likely final) patch release in the 1.1.z
release branch of runc. It mainly fixes a few issues in cgroups, and a
umask-related issue in tmpcopyup.

- Add support for `hugetlb.<pagesize>.rsvd` limiting and accounting.
  Fixes the issue of postgres failing when hugepage limits are set.
- Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation.
- libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes`
  (fixes the compatibility with Linux kernel 6.1+).
- Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added cherry-pick/1.6.x cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Nov 13, 2023
This was referenced Nov 13, 2023
Merged
Merged
@thaJeztah thaJeztah added cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch and removed cherry-pick/1.6.x cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Nov 13, 2023
@dmcgowan dmcgowan added this pull request to the merge queue Nov 13, 2023
Merged via the queue into containerd:main with commit 276dce8 Nov 13, 2023
@thaJeztah thaJeztah deleted the bump_runc_binary_1.1.10 branch November 14, 2023 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@estesp estesp estesp approved these changes

@henry118 henry118 henry118 approved these changes

@akhilerm akhilerm akhilerm approved these changes

Assignees

No one assigned

Labels

cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@thaJeztah @dmcgowan @estesp @henry118 @akhilerm