packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120 Commits 1 Branch 0 Tags
Commit Graph

40 Commits

Author SHA1 Message Date
zhongjiawei
9a49713a9c runc:fix can't set cpuset-cpus and cpuset-mems at the same time 
(cherry picked from commit 970358fda95448452400a3c1f6da54250db5ee61)
 2024-09-30 09:40:40 +08:00
Song Zhang
db968d3370 runc: fix CVE-2024-45310 
Signed-off-by: Song Zhang <zhangsong34@huawei.com>
(cherry picked from commit ab4cc0729c31453147018b290e97d51db51f3c13)
 2024-09-10 16:43:45 +08:00
zhongjiawei
5da2b9b8b4 runc:format log instead panic when procError missing payload 2024-08-30 15:57:57 +08:00
zhongjiawei
5830d26ed0 runc:do not support set umask through native.umask 2024-07-11 20:18:51 +08:00
zhongjiawei
a5834ad5f1 runc:sync some patches 2024-06-19 17:16:51 +08:00
zhaixiaojuan
5fc3d80af7 Add loongarch64 seccomp support 2024-06-15 14:45:20 +08:00
zhongjiawei
6ac02f87e4 runc:fix apply failed for patch of fix CVE-2024-3154 2024-05-23 19:17:12 +08:00
zhongjiawei
8b7a5cd853 runc:sync some patches 2024-02-22 19:51:33 +08:00
zhongjiawei
9c6558c88f runc:sync some patches 2023-12-21 19:41:49 +08:00
zhongjiawei
b028fdbfb9 runc:runc delete don't proceed in case of errors 2023-12-08 16:29:51 +08:00
zhongjiawei
4968fb28cd runc:delete do not ignore error from destroy 2023-12-04 14:31:16 +08:00
zhongjiawei
9262b5e859 runc:fix update rt-runtime-us and rt-period-us failed 2023-10-24 16:01:44 +08:00
zhongjiawei
57204b8d5b runc:handle kmem.limit_in_bytes removal 2023-10-12 15:45:14 +08:00
zhongjiawei
8feee0899f runc:fix init error return logic 2023-09-18 15:43:50 +08:00
zhongjiawei
8b9d61acfb runc:remove bindfd logic entirely 2023-09-12 10:55:40 +08:00
zhongjiawei
e6be706e79 runc:modify patch for 1.1.8 2023-07-28 09:46:10 +08:00
zhongjiawei
8a63d08b9d runc:sync some patches 2023-06-21 16:27:12 +08:00
zhongjiawei
32c785c209 runc:modify runc make command to satisfy the compile options 2023-06-09 11:20:29 +08:00
zhongjiawei
66dc1f0009 runc:fix /sys/fs/cgroup mounts and Prohibit /proc and /sys to be symlinks 2023-04-04 14:32:06 +08:00
zhongjiawei
24c3117ee9 runc:libcontainer: skip chown of /dev/null caused by fd redirection 2023-03-21 20:05:09 +08:00
zhaozhen
2a4953bb4b add loongarch64 support for runc 2023-03-16 17:42:51 +08:00
zhongjiawei
31b4d61040 runc:make runc spec compatible 1.0.0.rc3 
1.adapt DisableOOMKiller, OOMScoreAdj position adjustment.
2.adapt to BlackIO json parsing field change modification.
 2023-02-09 16:48:00 +08:00
zhongjiawei
3d57a4060e runc:modify linuxcontainer startime uint64 type tobe string 2023-01-17 15:21:17 +08:00
zhongjiawei
cc832e086a runc:support specify umask 2022-12-17 14:20:46 +08:00
zhongjiawei
8318951e31 runc: runc log forward to syslog 2022-11-07 19:44:59 +08:00
zhong-jiawei-1
99b2a44578 runc:patch round to runc 1.1.3 2022-11-04 11:42:04 +08:00
zhongjiawei
b6e8f99009 runc: fix systemd cgroup after memory type changed 2022-08-16 19:56:53 +08:00
zhongjiawei
c24ea62da1 runc: change Umask to 0022 2022-08-09 20:29:45 +08:00
cenhuilin
e7614429c9 runc: fix connect container failed when reading partially written state.json content 2022-07-20 01:34:49 +00:00
songyanting
e48716dd7e sync patches 
patch/0126-runc-add-check-in-spec.patch
patch/0127-runc-add-mount-destination-validation-fix-CVE-2021.patch
patch/0128-runc-optimize-nsexec-logging.patch
patch/0129-runc-improve-log-for-debugging.patch
patch/0130-runc-fix-cgroup-info-print-error.patch
 2022-01-26 22:59:29 +08:00
xiadanni
2f6befc1d9 runc:build security options 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:18:36 +08:00
xiadanni
86bbece715 runc: sync bugfix 
1. add cpu and memory info when print cgroup info
2. fix freezing race

Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:10:23 +08:00
yangyanchao
356cf9ad42 runc:sys:add symbol for riscv64 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-15 14:52:48 +08:00
xiadanni
573b34b3bb runc: don't deny all devices when update cgroup resource 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-11-25 15:42:31 +08:00
xiadanni
450a0907cf runc: fix permission denied 
reason: when exec as root and config.Cwd is not owned by root,
exec will fail because root doesn't have the caps.

Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-09 16:02:37 +08:00
xiadanni1
ab5af31922 runc: use git-commit to store commit ID 
Change-Id: Ib43bafb0ec680082520d85530ef783b68bc08671
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-06-12 01:19:00 +08:00
xiadanni1
1029fc9d1c rootfs: do not permit /proc mounts to non-directories 
mount(2) will blindly follow symlinks, which is a problem because it
allows a malicious container to trick runc into mounting /proc to an
entirely different location (and thus within the attacker's control for
a rename-exchange attack).

This is just a hotfix (to "stop the bleeding"), and the more complete
fix would be finish libpathrs and port runc to it (to avoid these types
of attacks entirely, and defend against a variety of other /proc-related
attacks). It can be bypased by someone having "/" be a volume controlled
by another container.

Fixes: CVE-2019-19921
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-04-15 17:01:50 +08:00
xiadanni1
e85c7e153b runc:Pass back the pid of runc:[1:CHILD] so we can wait on it 
reason:This allows the libcontainer to automatically clean up
runc:[1:CHILD] processes created as part of nsenter.

Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
 2020-03-20 21:31:32 +08:00
Grooooot
ba3d1f2aa6 runc: sync patches 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-03-05 19:34:03 +08:00
openeuler-iSula
5904ba4dcf runc: package init 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:34:20 +08:00