Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.1.4 #54

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 26, 2022

Bumps github.com/opencontainers/runc from 1.0.2 to 1.1.4.

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1 -- "A plan depends as much upon execution as it does upon concept."

This release only contains very minor changes from v1.1.0-rc.1 and is the first release of the 1.1.y release series of runc. We do not plan to make any new releases of the 1.0.y release series of runc, so users are strongly encouraged to update to 1.1.0.

Changed:

  • libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331)

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to the following people who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

runc 1.1-rc1 -- "He who controls the spice controls the universe."

This release is the first release candidate for the next minor release following runc 1.0. It contains all of the bugfixes included in runc 1.0 patch releases (up to and including 1.0.3).

A fair few new features have been added, and several features have been deprecated (with plans for removal in runc 1.2). At the moment we only plan to do a single release candidate for runc 1.1, and once 1.1.0 is released we will not continue updating the 1.0.z runc branch.

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.4] - 2022-08-24

If you look for perfection, you'll never be content.

Fixed

  • Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. (#3511)
  • Switch kill() in libcontainer/nsenter to sane_kill(). (#3536)
  • Fix "permission denied" error from runc run on noexec fs. (#3541)
  • Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (#3554)
  • Various CI fixes. (#3538, #3558, #3562)

[1.1.3] - 2022-06-09

In the beginning there was nothing, which exploded.

Fixed

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return -EPERM despite the existence of the -ENOSYS stub code (this was due to how s390x does syscall multiplexing). (#3478)
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. (#3476)
  • Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. (#3477)
  • When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. (#3504)
  • Socket activation was failing when more than 3 sockets were used. (#3494)
  • Various CI fixes. (#3472, #3479)

Added

  • Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)

Changed

  • runc static binaries are now linked against libseccomp v2.5.4. (#3481)

[1.1.2] - 2022-05-11

I should think I'm going to be a perpetual student.

Security

  • A bug was found in runc where runc exec --cap executed processes with

... (truncated)

Commits
  • 5fd4c4d Release 1.1.4
  • 46a5a84 Merge pull request #3554 from kolyshkin/1.1-fix-dev-pts
  • 204c673 [1.1] fix failed exec after systemctl daemon-reload
  • 1c6dc76 Merge pull request #3562 from kolyshkin/1.1-ci-codespell-2.2
  • ec2efc2 ci: fix for codespell 2.2
  • 7c69bcc Merge pull request #3558 from kolyshkin/1.1-fix-cross-386
  • c778598 [1.1] ci/gha: fix cross-386 job vs go 1.19
  • b54084f Merge pull request #3541 from kolyshkin/1.1-exec-noexec
  • d83a861 Fix error from runc run on noexec fs
  • 69734b9 merge branch 'pr-3536' into release-1.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.2 to 1.1.4.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.4/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.0.2...v1.1.4)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants