Commit Graph

16 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 5468092784
vendor: opencontainers/runc v1.0.0-rc92
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc10...v1.0.0-rc92

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:56 +02:00
Sebastiaan van Stijn 52ec986b5a
vendor: docker/docker 78e6ffd279b627ebba046b9675ff4849091d9cc3
full diff: aaf470eca7...78e6ffd279

- Add DefaultAddressPools to Info
- Configure shims from runtime config
- pkg/archive: use containerd/sys to detect UserNamespaces
    - removes github.com/opencontainers/runc/libcontainer/system dependency
- pkg/archive: Don't use init() to set unpigz path

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-20 20:01:27 +02:00
Sebastiaan van Stijn cf3f902df4
update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to #36368 Add /proc/keys to masked paths
      - relates to #38299 Masked /proc/asound
      - relates to #37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:27 +01:00
Sebastiaan van Stijn 058f4337a4
bump opencontainers/runc v1.0.0-rc7-6-g029124da
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:27 +02:00
Sebastiaan van Stijn e06dedf365
bump containerd, runc and dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:22:00 +01:00
Sebastiaan van Stijn f353eeb544
Update containerd to 1.2.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-02 13:30:55 +01:00
Sebastiaan van Stijn 5f6d5c7328 Bump docker and dependencies
Updates docker/docker to 1436dc8f8d0f6f60b6e335fbd918d6b22ee6574d,
matching 18.06.0-rc1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-04 01:14:40 +00:00
Vincent Demeester b1065767cd
Bump moby version (and its dependencies)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 11:26:10 +02:00
Sebastiaan van Stijn e17a680f01
bump runc to 6c55f98695e902427906eed2c799e566e3d3dfb5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-20 17:58:11 +01:00
Sebastiaan van Stijn 8707bde082
Update runc and image-spec
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-24 02:10:17 -08:00
Sebastiaan van Stijn 669b8507be
Bump runc to b2567b37d7b75eb4cf325b77297b140ea686ce8f
To match what's used in Moby

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-06 11:09:36 -08:00
Sebastiaan van Stijn 98dbfeee76
bump moby/moby and dependencies to 14ce1f1cf48e9859223c6311de58aec4dc0f046c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-29 17:44:49 +02:00
Simon Ferquel a0113c3a44 updated vendoring
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-09-01 19:41:06 -04:00
Daniel Nephin 8edd2dd3df Remove unused vendor.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-29 13:22:17 -04:00
Tibor Vass b141fa3799 update vendor.conf
Signed-off-by: Tibor Vass <tibor@docker.com>
2017-05-03 19:27:10 -07:00
Daniel Nephin 6686ada6a4 Add vendor
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:12:58 -04:00