Comparing changes
Open a pull request
- 14 commits
- 23 files changed
- 7 contributors
Commits on Jan 6, 2025
-
Signed-off-by: Aleksa Sarai <[email protected]>
Commits on Jan 7, 2025
-
merge #4581 into opencontainers/runc:release-1.2
Aleksa Sarai (2): VERSION: back to development VERSION: release v1.2.4 LGTMs: lifubang kolyshkin
Commits on Feb 5, 2025
-
As of [1], criu requires uuid library. [1]: checkpoint-restore/criu@9a2b7d6 Signed-off-by: Kir Kolyshkin <[email protected]> (cherry picked from commit f414b53) Signed-off-by: Kir Kolyshkin <[email protected]>
-
merge #4611 into opencontainers/runc:release-1.2
Kir Kolyshkin (1): CI: fix criu-dev compile LGTMs: rata cyphar
-
deps: update to github.com/cyphar/[email protected]
This release includes a minor breaking API change that requires us to rework the types of our wrappers, but there is no practical behaviour change. Signed-off-by: Aleksa Sarai <[email protected]> (cherry picked from commit 70e500e) Signed-off-by: Kir Kolyshkin <[email protected]>
-
Merge pull request #4608 from kolyshkin/1.2-4590
[1.2] deps: update to github.com/cyphar/[email protected]
-
libct/cg/sd: set the DeviceAllow property before DevicePolicy
Every unit created by runc need daemon reload since systemd v230. This breaks support for NVIDIA GPUs, see #3708 (comment) A workaround is to set DeviceAllow before DevicePolicy. Also: - add a test case (which fails before the fix) by @kolyshkin - better explain why we need empty DeviceAllow (by @cyphar) Fixes 4568. Reported-by: Jian Wen <[email protected]> Co-authored-by: Jian Wen <[email protected]> Co-authored-by: Aleksa Sarai <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]> (cherry picked from commit d84388a) Signed-off-by: Kir Kolyshkin <[email protected]>
3 people committedFeb 5, 2025
Commits on Feb 7, 2025
-
libc/int/userns: add build tag to C file
This fixes k3s cross-compilation on Windows, broken by commit 1912d59 ("*: actually support joining a userns with a new container"). [@kolyshkin: commit message] Fixes: 1912d59 Signed-off-by: Brad Davidson <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]> (cherry picked from commit ccb589b) Signed-off-by: Kir Kolyshkin <[email protected]>
-
Merge pull request #4615 from kolyshkin/1.2-4612
[1.2] libct/cg/sd: set the DeviceAllow property before DevicePolicy
-
Merge pull request #4619 from kolyshkin/1.2-4616
[1.2] libc/int/userns: add build tag to C file
Commits on Feb 13, 2025
-
build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0
There is a security patch for CVE-2024-45338 in this version. Ref: GHSA-w32m-9786-jp63 Signed-off-by: lifubang <[email protected]>
-
Merge pull request #4632 from lifubang/1.2-bump-xnet-to-0.33.0
[1.2] build(deps): bump golang.org/x/net from 0.24.0 to 0.33.0
-
release: explicitly set --keyserver in release signing scripts
On my machine, the --recv-keys steps to get upstream keys started producing errors recently, and even setting a default keyserver in the global gpg configuration doesn't seem to help: + gpg --homedir=/tmp/runc-sign-tmpkeyring.qm0IP6 --no-default-keyring --keyring=seccomp.keyring --recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099 gpg: keybox '/tmp/runc-sign-tmpkeyring.qm0IP6/seccomp.keyring' created gpg: keyserver receive failed: No keyserver available So just explicitly specify a reputable keyserver. Ideally we would use an .onion-address keyserver to avoid potential targeted attacks but not everybody runs a Tor proxy on their machine. Signed-off-by: Aleksa Sarai <[email protected]> (cherry picked from commit 26cfe14) Signed-off-by: Kir Kolyshkin <[email protected]> -
Signed-off-by: Kir Kolyshkin <[email protected]>
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v1.2.4...v1.2.5