diff --git a/git-commit b/git-commit index 4243ba8..cfa9df3 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -90276301321bbf6ef9a2ea85b06d3e2cf0ccb7bd +d35711ce9c5492f1455036424a306c2a5b2d3735 diff --git a/patch/0001-runc-add-timeout-for-syscall.Exec.patch b/patch/0001-runc-add-timeout-for-syscall.Exec.patch index 0cbe332..be8338c 100644 --- a/patch/0001-runc-add-timeout-for-syscall.Exec.patch +++ b/patch/0001-runc-add-timeout-for-syscall.Exec.patch @@ -1,8 +1,12 @@ From 37103dc157e2946d688e8076b5b500ac11403863 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 15:30:32 +0800 +From: yangshukui +Date: Tue, 18 Apr 2017 19:35:30 +0800 Subject: [PATCH] runc:add timeout for syscall.Exec +Openat will be blocked until the fifo on the other side is opened, but in some +abnomal scenario(e.g. containerd is killed), Openat maybe be blocked all the time. + +Signed-off-by: yangshukui --- libcontainer/standard_init_linux.go | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/patch/0002-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch b/patch/0002-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch index 047facb..ca965e1 100644 --- a/patch/0002-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch +++ b/patch/0002-runc-update-state-eariler-to-avoid-cgroup-leak-when-.patch @@ -1,6 +1,6 @@ From 4af918d51e8cca1da7780b1fe7419f22077fb9fe Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 15:55:56 +0800 +From: Deng Guangxing +Date: Wed, 6 Sep 2017 15:04:47 +0800 Subject: [PATCH] runc: update state eariler to avoid cgroup leak when process failed diff --git a/patch/0003-runc-print-cgroup-info-if-cpuset-missing-occurs.patch b/patch/0003-runc-print-cgroup-info-if-cpuset-missing-occurs.patch index 32ca4dd..3e254fc 100644 --- a/patch/0003-runc-print-cgroup-info-if-cpuset-missing-occurs.patch +++ b/patch/0003-runc-print-cgroup-info-if-cpuset-missing-occurs.patch @@ -1,8 +1,13 @@ From 6cb95facf78e07863b671adf6f3073101babe896 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 16:12:50 +0800 +From: dengguangxing +Date: Thu, 18 Jan 2018 11:47:04 +0800 Subject: [PATCH] runc: print cgroup info if cpuset missing occurs +[Changelog]: print cgroup info if cpuset missing occurs +[Author]:Shukui Yang + +Change-Id: I3f8af2b57b441f5f2b4d38cb89d6826a7f24e24b +Signed-off-by: dengguangxing --- libcontainer/cgroups/fs/cpuset.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/patch/0004-runc-add-more-specific-log-for-hooks.patch b/patch/0004-runc-add-more-specific-log-for-hooks.patch index 96aa324..2b40fb6 100644 --- a/patch/0004-runc-add-more-specific-log-for-hooks.patch +++ b/patch/0004-runc-add-more-specific-log-for-hooks.patch @@ -1,8 +1,13 @@ From 2795e097bcd1842e750abf3af22a5ee69a702400 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 16:16:50 +0800 +From: dengguangxing +Date: Mon, 22 Jan 2018 20:27:37 +0800 Subject: [PATCH] runc: add more specific log for hooks +[Changelog]: add more specific log for hooks +[Author]:Shukui Yang + +Change-Id: I317232b42a5fd6bc16773fe4aa0a376d8b9b6806 +Signed-off-by: dengguangxing --- libcontainer/configs/config.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/patch/0005-runc-reduce-max-number-of-retries-to-10.patch b/patch/0005-runc-reduce-max-number-of-retries-to-10.patch index 5b80444..3721cd1 100644 --- a/patch/0005-runc-reduce-max-number-of-retries-to-10.patch +++ b/patch/0005-runc-reduce-max-number-of-retries-to-10.patch @@ -1,8 +1,13 @@ From d055603a252ab9cf6b36b5369045ebf4a384c5b8 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 16:27:44 +0800 +From: liruilin4 +Date: Mon, 9 Jul 2018 12:02:33 +0800 Subject: [PATCH] runc: reduce max number of retries to 10 +[Changelog]:when killing containers in D state, now runc will do +100 retries, which leads that containerd blocks for 10 seconds. +[Author]:Ruilin Li + +Change-Id: I1e08ef23ad065f5e3b88506726530187d2ccc797 --- delete.go | 4 ++-- init.go | 2 ++ diff --git a/patch/0006-runc-ignore-exec.fifo-removing-not-exist-error.patch b/patch/0006-runc-ignore-exec.fifo-removing-not-exist-error.patch index 3aca81c..46ef327 100644 --- a/patch/0006-runc-ignore-exec.fifo-removing-not-exist-error.patch +++ b/patch/0006-runc-ignore-exec.fifo-removing-not-exist-error.patch @@ -1,8 +1,11 @@ From 5516836a74e12756161cd3a6ef7e05c7e89c378c Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 16:40:27 +0800 +From: panwenxiang +Date: Wed, 22 Aug 2018 17:06:01 +0800 Subject: [PATCH] runc: ignore exec.fifo removing not exist error +[Changelog]:cherry-pick from vtwrse <4af7ee1635962fe3bd86ac87064fdcd7e60c1135> +Change-Id: I34a30672fb92c974965b3a53cfb8ccc75932e6d8 +Signed-off-by: jiangpengfei9 --- libcontainer/container_linux.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/patch/0007-runc-Add-file-fds-limit.patch b/patch/0007-runc-Add-file-fds-limit.patch index a088d8f..66b0f58 100644 --- a/patch/0007-runc-Add-file-fds-limit.patch +++ b/patch/0007-runc-Add-file-fds-limit.patch @@ -1,8 +1,16 @@ From becb372e9a80ba49dd742f130478e93f17e27329 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 16:48:05 +0800 +From: yangshukui +Date: Mon, 18 Sep 2017 17:25:30 +0800 Subject: [PATCH] runc:Add file fds limit +With the patch(https://lwn.net/Articles/604129/),we can limit the +num of open files in container. +Conflicts: + events.go + vendor/github.com/opencontainers/runtime-spec/specs-go/config.go + +Change-Id: I8264c0dd398227ebbd95b7dd9dae4688d76dee9b +Signed-off-by: yangshukui --- events.go | 3 + libcontainer/cgroups/fs/files.go | 79 +++++++++++++++++++ diff --git a/patch/0008-runc-runc-logs-forwarding-to-syslog.patch b/patch/0008-runc-runc-logs-forwarding-to-syslog.patch index 2500da7..e969131 100644 --- a/patch/0008-runc-runc-logs-forwarding-to-syslog.patch +++ b/patch/0008-runc-runc-logs-forwarding-to-syslog.patch @@ -1,8 +1,16 @@ From 10536f71def2026279285999779023d98f505e56 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 17:20:38 +0800 +From: panwenxing +Date: Fri, 19 Oct 2018 15:00:34 +0800 Subject: [PATCH] runc: runc logs forwarding to syslog +reason:runc logs forwarding to syslog and using the config "--log-level" to control the number of logs + +Change-Id: Ia93f6f5c56131ea8558c4b7b7e5c4bec827a1bad + +Conflicts: + libcontainer/container_linux.go + libcontainer/process_linux.go + libcontainer/state_linux.go --- create.go | 2 +- libcontainer/configs/config.go | 70 +++++++++--- diff --git a/patch/0009-runc-support-namespaced-kernel-params-can-be-changed.patch b/patch/0009-runc-support-namespaced-kernel-params-can-be-changed.patch index afb0d50..e7dd20a 100644 --- a/patch/0009-runc-support-namespaced-kernel-params-can-be-changed.patch +++ b/patch/0009-runc-support-namespaced-kernel-params-can-be-changed.patch @@ -1,9 +1,19 @@ From 0d04d291e8b9dcee0fcdf4b757e41d0e77b1491f Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 17:25:43 +0800 +From: zhangsong34 +Date: Fri, 19 Oct 2018 10:53:33 +0800 Subject: [PATCH] runc:support namespaced kernel params can be changed in system container +reason:support namespaced kernel files can be written in container, +when docker run a system container specify '--ns-change-opt' param, +net or ipc namespaced kernel params can be changed in this container. + +Conflicts: + libcontainer/rootfs_linux.go + script/runc-euleros.spec + +Change-Id: I051b274117abd9745a27577e14a23c906ff7cca3 +Signed-off-by: jingrui --- libcontainer/rootfs_linux.go | 26 ++++++++++++++++++++++++++ libcontainer/standard_init_linux.go | 7 +++++++ diff --git a/patch/0010-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch b/patch/0010-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch index 6fce0e3..7b97816 100644 --- a/patch/0010-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch +++ b/patch/0010-runc-make-hooks-log-more-userful-and-fix-syslog-hook.patch @@ -1,8 +1,12 @@ From 8b9b5e2615b1952a062f09476c53ff0a536df1ac Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 19:15:52 +0800 +From: panwenxing +Date: Sat, 3 Nov 2018 12:42:49 +0800 Subject: [PATCH] runc:make hooks log more userful and fix syslog hook bug +reason:changed some log infomation. + +Change-Id: Ib6cda4b8a0ef3a441c45f6c435fe11430f8eada8 +Signed-off-by: panwenxiang --- libcontainer/configs/config.go | 17 ++++++++++++++--- main.go | 26 ++++++++++++++++++++++++-- diff --git a/patch/0011-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch b/patch/0011-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch index 05bdff8..4fd4153 100644 --- a/patch/0011-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch +++ b/patch/0011-runc-do-not-setup-sysctl-in-runc-when-userns-enable.patch @@ -1,8 +1,14 @@ From 8094649c861a0b6ca408caa38611f3e235378206 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 19:25:06 +0800 +From: zhangsong34 +Date: Mon, 5 Mar 2018 21:15:15 +0800 Subject: [PATCH] runc:do not setup sysctl in runc when userns enable +reason:when userns enabled, runc will run as normal user, it has +no rights to setup sysctl even the ipcns sysctl. let docker-hooks do this job. + +Change-Id: Ia77b8c1bf4255973736f04c0962eae722ed9683e +Signed-off-by: gus.gao +Signed-off-by: zhangsong34 --- libcontainer/standard_init_linux.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/patch/0012-runc-support-set-seccomp-priority.patch b/patch/0012-runc-support-set-seccomp-priority.patch index ab190d7..10e11b8 100644 --- a/patch/0012-runc-support-set-seccomp-priority.patch +++ b/patch/0012-runc-support-set-seccomp-priority.patch @@ -1,8 +1,13 @@ From 3e1db51b4dc547a7c9bfd251357e2661dc773952 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 19:39:28 +0800 +From: zhangsong34 +Date: Wed, 30 Jan 2019 15:33:44 +0800 Subject: [PATCH] runc: support set seccomp priority +reason:support set seccomp priority + +Change-Id: I73ea0ca4ce5dc7af975c62b56edbae03f9721e76 +Signed-off-by: gus.gao +Signed-off-by: zhangsong34 --- libcontainer/configs/config.go | 1 + libcontainer/seccomp/seccomp_linux.go | 2 +- diff --git a/patch/0013-runc-do-not-kill-container-if-poststart-hooks-execut.patch b/patch/0013-runc-do-not-kill-container-if-poststart-hooks-execut.patch index 1d0d04e..4da6f42 100644 --- a/patch/0013-runc-do-not-kill-container-if-poststart-hooks-execut.patch +++ b/patch/0013-runc-do-not-kill-container-if-poststart-hooks-execut.patch @@ -1,8 +1,12 @@ From 0cbdce649f9086adc2e8c50734d37c2d31b45234 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 24 Jul 2023 20:31:00 +0800 +From: zhangsong34 +Date: Wed, 13 Mar 2019 15:40:12 +0800 Subject: [PATCH] runc:do not kill container if poststart hooks execute failed +reason:do not kill container if poststart hooks execute failed. + +Change-Id: Ieb1e1e7eeefe4bbd3cdb38fbba5a2a003297a5b3 +Signed-off-by: zhangsong34 --- libcontainer/container_linux.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/patch/0014-runc-add-sysctl-kernel.pid_max-to-whitelist.patch b/patch/0014-runc-add-sysctl-kernel.pid_max-to-whitelist.patch index ee5d12d..4f1c7e3 100644 --- a/patch/0014-runc-add-sysctl-kernel.pid_max-to-whitelist.patch +++ b/patch/0014-runc-add-sysctl-kernel.pid_max-to-whitelist.patch @@ -1,8 +1,11 @@ From 318779ab775bfe878cac0636c9e610b9951e1335 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Tue, 25 Jul 2023 19:53:00 +0800 +From: zhangsong34 +Date: Mon, 6 May 2019 19:29:40 +0800 Subject: [PATCH] runc:add sysctl kernel.pid_max to whitelist +reason:add sysctl kernel.pid_max to whitelist + +Signed-off-by: zhangsong34 --- libcontainer/configs/validate/validator.go | 1 + 1 file changed, 1 insertion(+) diff --git a/patch/0015-runc-disable-core-dump-during-exec.patch b/patch/0015-runc-disable-core-dump-during-exec.patch index e457504..29e2199 100644 --- a/patch/0015-runc-disable-core-dump-during-exec.patch +++ b/patch/0015-runc-disable-core-dump-during-exec.patch @@ -1,8 +1,10 @@ From d98901af66768560f0e352db72bb32d216aa9040 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 11:04:05 +0800 +From: jingrui +Date: Mon, 8 Jul 2019 19:49:24 +0800 Subject: [PATCH] runc:disable core dump during exec +Change-Id: If649738854616c1f448a148aef1f2cc414715616 +Signed-off-by: jingrui --- libcontainer/process_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/patch/0016-runc-fix-exec-problem-caused-by-libseccomp-updating.patch b/patch/0016-runc-fix-exec-problem-caused-by-libseccomp-updating.patch index 222fa1e..958b376 100644 --- a/patch/0016-runc-fix-exec-problem-caused-by-libseccomp-updating.patch +++ b/patch/0016-runc-fix-exec-problem-caused-by-libseccomp-updating.patch @@ -1,6 +1,6 @@ From 92c51d606acb92a5fb58eed2d238ad3cb2c69291 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 11:11:23 +0800 +From: xiadanni1 +Date: Tue, 20 Aug 2019 02:40:45 +0800 Subject: [PATCH] runc:fix exec problem caused by libseccomp updating reason: libseccomp updating causes runc exec performance diff --git a/patch/0017-runc-add-log-message-for-cgroup-file-check.patch b/patch/0017-runc-add-log-message-for-cgroup-file-check.patch index c395981..3086479 100644 --- a/patch/0017-runc-add-log-message-for-cgroup-file-check.patch +++ b/patch/0017-runc-add-log-message-for-cgroup-file-check.patch @@ -1,8 +1,14 @@ From 436b642d42680fd76903307748df0237e8cd0cd1 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 11:21:06 +0800 +From: zhangtianyang +Date: Fri, 18 Oct 2019 19:59:21 +0800 Subject: [PATCH] runc:add log message for cgroup file check +reason:docker report "no such file" when try to write cpuset.mems, +not sure weather is deleted or not generated by kernel. so add +cgroup file check messages for further maintainance. + +Change-Id: I4c835f62547b0404a9cffeda643fe028f1b4aa0f +Signed-off-by: zhangtianyang --- libcontainer/cgroups/file.go | 7 ++++++- libcontainer/cgroups/fs/cpuset.go | 31 +++++++++++++++++++++++-------- diff --git a/patch/0019-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch b/patch/0019-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch index bf37af8..bb49255 100644 --- a/patch/0019-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch +++ b/patch/0019-runc-support-set-cpuset.prefer_cpus-using-cpuset-cpu.patch @@ -1,8 +1,12 @@ From da50f7d9ddf912a6e4ad8714e5aff01e85c09b21 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 11:37:21 +0800 +From: Vanient +Date: Sat, 7 May 2022 09:39:57 +0800 Subject: [PATCH] runc:support set cpuset.prefer_cpus using --cpuset-cpus +we need to set cpuset.prefer_cpus for performance. Using "+" as +separator, the cpuset value after separator is the prefer_cpus value. + +Signed-off-by: Vanient --- libcontainer/cgroups/fs/cpuset.go | 118 +++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 4 deletions(-) diff --git a/patch/0020-runc-add-DT-for-cpuset.preferred_cpus-setting.patch b/patch/0020-runc-add-DT-for-cpuset.preferred_cpus-setting.patch index af0dcd4..5d499e0 100644 --- a/patch/0020-runc-add-DT-for-cpuset.preferred_cpus-setting.patch +++ b/patch/0020-runc-add-DT-for-cpuset.preferred_cpus-setting.patch @@ -1,6 +1,6 @@ From 8071a31f5fd66638bda75d371f62d6df9155b00b Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 14:18:00 +0800 +From: Vanient +Date: Mon, 9 May 2022 20:32:24 +0800 Subject: [PATCH] runc:add DT for cpuset.preferred_cpus setting --- diff --git a/patch/0023-runc-support-specify-umask.patch b/patch/0023-runc-support-specify-umask.patch index c1cfb33..90b5632 100644 --- a/patch/0023-runc-support-specify-umask.patch +++ b/patch/0023-runc-support-specify-umask.patch @@ -1,8 +1,22 @@ From 7746fa7839dc6780379cb732c7122efaa07834f7 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 26 Jul 2023 15:37:48 +0800 +From: wangfengtu +Date: Fri, 21 Dec 2018 15:02:16 +0800 Subject: [PATCH] runc:support specify umask +reason:support specify umask. +Umask can be 0022 or 0027(default) by specify umask when +start container by command `docker create/run` or start +daemon by command `dockerd`. For example: +$ dockerd --annotation native.umask=normal +$ dockerd --annotation native.umask=secure +$ docker run --exec-opt native.umask=normal +$ docker run --exec-opt native.umask=secure +`normal` reparent umask is 0022, `secure` +reparent umask is 0027. + +Change-Id: I49166759ad42dca0ac1f9755f85592e93951c249 +Signed-off-by: lujingxiao +Signed-off-by: wangfengtu --- libcontainer/rootfs_linux.go | 6 ++++++ libcontainer/setns_init_linux.go | 7 +++++++ diff --git a/patch/0027-runc-libct-fix-shared-pidns-detection.patch b/patch/0027-runc-libct-fix-shared-pidns-detection.patch index a69d0a0..e9e8e8d 100644 --- a/patch/0027-runc-libct-fix-shared-pidns-detection.patch +++ b/patch/0027-runc-libct-fix-shared-pidns-detection.patch @@ -1,5 +1,5 @@ From 43126d0dca0b76f8c07cff1d09c5fc013d5c3450 Mon Sep 17 00:00:00 2001 -From: zhongjiawei +From: Kir Kolyshkin Date: Wed, 26 Jul 2023 16:52:56 +0800 Subject: [PATCH] libct: fix shared pidns detection diff --git a/runc.spec b/runc.spec index e4aa35d..52068dc 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ Name: docker-runc Version: 1.1.8 -Release: 2 +Release: 3 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -54,7 +54,13 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog -* Wed July 26 2023 vegbir - 1.1.8-2 +* Wed Sep 6 2023 zhongjiawei - 1.1.8-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify and complement patch information + +* Wed July 26 2023 zhongjiawei - 1.1.8-2 - Type:bugfix - ID:NA - SUG:NA