Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/opencontainers/runc from 1.1.0 to 1.1.4 #26

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 26, 2022

Bumps github.com/opencontainers/runc from 1.1.0 to 1.1.4.

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.4] - 2022-08-24

If you look for perfection, you'll never be content.

Fixed

  • Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. (#3511)
  • Switch kill() in libcontainer/nsenter to sane_kill(). (#3536)
  • Fix "permission denied" error from runc run on noexec fs. (#3541)
  • Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (#3554)
  • Various CI fixes. (#3538, #3558, #3562)

[1.1.3] - 2022-06-09

In the beginning there was nothing, which exploded.

Fixed

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return -EPERM despite the existence of the -ENOSYS stub code (this was due to how s390x does syscall multiplexing). (#3478)
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. (#3476)
  • Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. (#3477)
  • When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. (#3504)
  • Socket activation was failing when more than 3 sockets were used. (#3494)
  • Various CI fixes. (#3472, #3479)

Added

  • Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)

Changed

  • runc static binaries are now linked against libseccomp v2.5.4. (#3481)

[1.1.2] - 2022-05-11

I should think I'm going to be a perpetual student.

Security

  • A bug was found in runc where runc exec --cap executed processes with

... (truncated)

Commits
  • 5fd4c4d Release 1.1.4
  • 46a5a84 Merge pull request #3554 from kolyshkin/1.1-fix-dev-pts
  • 204c673 [1.1] fix failed exec after systemctl daemon-reload
  • 1c6dc76 Merge pull request #3562 from kolyshkin/1.1-ci-codespell-2.2
  • ec2efc2 ci: fix for codespell 2.2
  • 7c69bcc Merge pull request #3558 from kolyshkin/1.1-fix-cross-386
  • c778598 [1.1] ci/gha: fix cross-386 job vs go 1.19
  • b54084f Merge pull request #3541 from kolyshkin/1.1-exec-noexec
  • d83a861 Fix error from runc run on noexec fs
  • 69734b9 merge branch 'pr-3536' into release-1.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.0 to 1.1.4.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.4/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.1.0...v1.1.4)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants