[release/1.6] update runc binary to v1.1.3#7036
Merged
mikebrow merged 1 commit intocontainerd:release/1.6from Jun 9, 2022
Merged
[release/1.6] update runc binary to v1.1.3#7036mikebrow merged 1 commit intocontainerd:release/1.6from
mikebrow merged 1 commit intocontainerd:release/1.6from
Conversation
full diff: opencontainers/runc@v1.1.2...v1.1.3 This is the third release of the 1.1.z series of runc, and contains various minor improvements and bugfixes. - Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). - Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. - Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. - When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. - Socket activation was failing when more than 3 sockets were used. - Various CI fixes. - Allow to bind mount `/proc/sys/kernel/ns_last_pid` to inside container. - runc static binaries are now linked against libseccomp v2.5.4. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 0167e55) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
samuelkarp
approved these changes
Jun 9, 2022
dcantah
approved these changes
Jun 9, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
full diff: opencontainers/runc@v1.1.2...v1.1.3
This is the third release of the 1.1.z series of runc, and contains
various minor improvements and bugfixes.
-ENOSYSstub now correctly handles multiplexed syscalls ons390 and s390x. This solves the issue where syscalls the host kernel did not
support would return
-EPERMdespite the existence of the-ENOSYSstubcode (this was due to how s390x does syscall multiplexing).
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
constants in libseccomp-golang.
to stop systemd from emitting warnings about those paths.
/proc/sys/kernel/ns_last_pidto inside container.(cherry picked from commit 0167e55)