Bump to opencontainers/runc new version - v1.0.0-rc10 #1383
Conversation
|
Hi @dims. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/ok-to-test |
|
/lgtm (if green) |
|
@dims needs signature |
We have a new release of runc ( opencontainers/runc#2217 ). This release has a fix for a race condition we are struggling with in kubernetes (especially CI jobs) which was fixed in opencontainers/runc#2185 The v1.0.0-rc10 includes the fix for CVE-2019-19921 as well. The full diff upstream is here: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Signed-off-by: Davanum Srinivas <[email protected]>
|
@mikebrow DONE! thanks. |
There was a problem hiding this comment.
probably need to check if we need to also pull in these two runc vendor updates to move up to rc10
https://github.com/opencontainers/runc/blame/master/vendor.conf#L9
https://github.com/opencontainers/runc/blame/master/vendor.conf#L31
the change in vendoring included no code-changes, so the new dependency wouldn't be needed. the version of github.com/opencontainers/selinux indeed looks behind in the vendor.conf though |
|
@thaJeztah want me to bump |
|
Would probably make sense to include it here; the updated version has an additional fix for a CVE. I'm not sure if that code change is actually used in this repository, but to take away any doubt it might be good to include it here (can be a separate commit). Changes between the current version used here and the version that runc uses; opencontainers/selinux@3a1f366...5215b18 (side note: noticing that that version was not yet tagged as a release, I opened a request to tag a new version of that package: opencontainers/selinux#61) |
|
@thaJeztah Done! |
opencontainers/selinux/issues/61 has a request for a new release Here's the full diff: opencontainers/selinux@3a1f366...5215b18 Signed-off-by: Davanum Srinivas <[email protected]>
Notable changes: * Fix CVE-2019-19921 (Volume mount race condition with shared mounts): opencontainers/runc#2207 * Fix exec FIFO race: opencontainers/runc#2185 * Basic support for cgroup v2. Almost feature-complete, but still missing support for systemd mode in rootless. See also opencontainers/runc#2209 for the known issues. Full changes: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Also updates go-selinux: opencontainers/selinux@3a1f366...5215b18 (See containerd/cri#1383 (comment)) Signed-off-by: Akihiro Suda <[email protected]>
|
@mikebrow @AkihiroSuda all CI jobs green, 2 LGTM(s). Is there a bot that merges stuff or one of the maintainers? thanks in advance! |
Notable changes: * Fix CVE-2019-19921 (Volume mount race condition with shared mounts): opencontainers/runc#2207 * Fix exec FIFO race: opencontainers/runc#2185 * Basic support for cgroup v2. Almost feature-complete, but still missing support for systemd mode in rootless. See also opencontainers/runc#2209 for the known issues. Full changes: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Also updates go-selinux: opencontainers/selinux@3a1f366...5215b18 (See containerd/cri#1383 (comment)) Signed-off-by: Akihiro Suda <[email protected]> Upstream-commit: 6d6808090736ac76e908e78aa6894f5586c7d243 Component: engine
Notable changes: * Fix CVE-2019-19921 (Volume mount race condition with shared mounts): opencontainers/runc#2207 * Fix exec FIFO race: opencontainers/runc#2185 * Basic support for cgroup v2. Almost feature-complete, but still missing support for systemd mode in rootless. See also opencontainers/runc#2209 for the known issues. Full changes: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Also updates go-selinux: opencontainers/selinux@3a1f366...5215b18 (See containerd/cri#1383 (comment)) Signed-off-by: Akihiro Suda <[email protected]> (cherry picked from commit 6d68080) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Notable changes: * Fix CVE-2019-19921 (Volume mount race condition with shared mounts): opencontainers/runc#2207 * Fix exec FIFO race: opencontainers/runc#2185 * Basic support for cgroup v2. Almost feature-complete, but still missing support for systemd mode in rootless. See also opencontainers/runc#2209 for the known issues. Full changes: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Also updates go-selinux: opencontainers/selinux@3a1f366...5215b18 (See containerd/cri#1383 (comment)) Signed-off-by: Akihiro Suda <[email protected]> (cherry picked from commit 6d6808090736ac76e908e78aa6894f5586c7d243) Signed-off-by: Sebastiaan van Stijn <[email protected]> Upstream-commit: d3dab1f618d6e8c81d0704ac4e93bb2843c2dadf Component: engine
We have a new release of runc ( opencontainers/runc#2217 ). This release
has a fix for a race condition we are struggling with in kubernetes
(especially CI jobs) which was fixed in opencontainers/runc#2185
The v1.0.0-rc10 includes the fix for CVE-2019-16884 as well. The full
diff upstream is here:
opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10
Signed-off-by: Davanum Srinivas <[email protected]>