packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
35 Commits 1 Branch 0 Tags
Commit Graph

35 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
songyanting
e48716dd7e sync patches 
patch/0126-runc-add-check-in-spec.patch
patch/0127-runc-add-mount-destination-validation-fix-CVE-2021.patch
patch/0128-runc-optimize-nsexec-logging.patch
patch/0129-runc-improve-log-for-debugging.patch
patch/0130-runc-fix-cgroup-info-print-error.patch
 2022-01-26 22:59:29 +08:00
openeuler-ci-bot
6170e0b05c !38 change the spec file name to be the same as the repo name 
From: @chen-jan
Reviewed-by: @jianminw
Signed-off-by: @jianminw
 2021-11-08 01:08:18 +00:00
chen-jan
4ad86f2160 change the spec file name to be the same as the repo name 2021-10-26 02:00:35 +00:00
openeuler-ci-bot
6705d3781b !25 runc: do not use -i in go build 
From: @Vanient
Reviewed-by: 
Signed-off-by:
 2021-03-22 09:15:28 +08:00
xiadanni
ba84bf6e44 runc: do not use -i in go build 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-19 15:18:20 +08:00
openeuler-ci-bot
d166469c4b !22 runc:build security options 
From: @Vanient
Reviewed-by: @jing-rui,@caihaomin
Signed-off-by: @caihaomin
 2021-03-18 15:13:19 +08:00
xiadanni
2f6befc1d9 runc:build security options 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:18:36 +08:00
xiadanni
86bbece715 runc: sync bugfix 
1. add cpu and memory info when print cgroup info
2. fix freezing race

Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:10:23 +08:00
openeuler-ci-bot
8f2504f874 !19 runc:sys:add symbol for riscv64 
From: @riscv-spare
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-01-14 16:43:29 +08:00
rv_spare
c4bc0d77ce !1 runc:sys:add symbol for riscv64 
Merge pull request !1 from 杨演超/master
 2020-12-15 14:54:21 +08:00
yangyanchao
356cf9ad42 runc:sys:add symbol for riscv64 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-15 14:52:48 +08:00
openeuler-ci-bot
80fe4319cf !13 runc: don't deny all devices when update cgroup resource 
From: @Vanient
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-11-25 17:25:37 +08:00
xiadanni
573b34b3bb runc: don't deny all devices when update cgroup resource 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-11-25 15:42:31 +08:00
openeuler-ci-bot
64b427019f !10 runc: fix apply patch fail 
From: @Vanient
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-09-15 17:15:17 +08:00
xiadanni
a95af96b2a runc: fix apply patch fail 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-09-15 09:38:24 +08:00
openeuler-ci-bot
24528c2b42 !9 runc: fix SOURCE0 addr 
From: @Vanient
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-09-14 20:17:24 +08:00
xiadanni
621cb0a06f runc: fix SOURCE0 addr 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-09-14 15:12:34 +08:00
openeuler-ci-bot
01bdeee494 !8 runc: fix permission denied 
Merge pull request !8 from Vanient/master
 2020-07-10 17:04:40 +08:00
xiadanni
450a0907cf runc: fix permission denied 
reason: when exec as root and config.Cwd is not owned by root,
exec will fail because root doesn't have the caps.

Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-09 16:02:37 +08:00
openeuler-ci-bot
e532736168 !7 runc: add yaml file in package 
Merge pull request !7 from Vanient/master
 2020-07-07 14:16:08 +08:00
xiadanni
5a188f2c87 runc: add yaml file in package 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-06 10:21:54 +08:00
openeuler-ci-bot
2c74c3d91e !6 runc: use git-commit to store commit ID 
Merge pull request !6 from Vanient/master
 2020-06-15 15:45:49 +08:00
xiadanni1
ab5af31922 runc: use git-commit to store commit ID 
Change-Id: Ib43bafb0ec680082520d85530ef783b68bc08671
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-06-12 01:19:00 +08:00
openeuler-ci-bot
438be5f0d9 !5 add runc-openeuler.yaml 
Merge pull request !5 from 成子晗/master
 2020-05-09 19:23:32 +08:00
chengzihan2
79b5a220be add runc-openeuler.yaml 2020-05-06 16:36:00 +08:00
openeuler-ci-bot
5d0b0c9450 !4 rootfs: do not permit /proc mounts to non-directories 
Merge pull request !4 from Vanient/master
 2020-04-26 15:56:39 +08:00
xiadanni1
1029fc9d1c rootfs: do not permit /proc mounts to non-directories 
mount(2) will blindly follow symlinks, which is a problem because it
allows a malicious container to trick runc into mounting /proc to an
entirely different location (and thus within the attacker's control for
a rename-exchange attack).

This is just a hotfix (to "stop the bleeding"), and the more complete
fix would be finish libpathrs and port runc to it (to avoid these types
of attacks entirely, and defend against a variety of other /proc-related
attacks). It can be bypased by someone having "/" be a volume controlled
by another container.

Fixes: CVE-2019-19921
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-04-15 17:01:50 +08:00
openeuler-ci-bot
fabf83fd21 !3 runc:Pass back the pid of runc:[1:CHILD] so we can wait on it 
Merge pull request !3 from Grooooot/master
 2020-03-20 15:19:42 +08:00
xiadanni1
e85c7e153b runc:Pass back the pid of runc:[1:CHILD] so we can wait on it 
reason:This allows the libcontainer to automatically clean up
runc:[1:CHILD] processes created as part of nsenter.

Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
 2020-03-20 21:31:32 +08:00
openeuler-ci-bot
8f8796634d !2 runc: add patches 
Merge pull request !2 from Grooooot/master
 2020-03-06 17:28:36 +08:00
Grooooot
ba3d1f2aa6 runc: sync patches 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-03-05 19:34:03 +08:00
dogsheng
33edf12965 modify 2019-12-29 19:03:52 +08:00
openeuler-ci-bot
b862929a21 !1 runc: package init 
Merge pull request !1 from Grooooot/master
 2019-12-29 16:36:17 +08:00
openeuler-iSula
5904ba4dcf runc: package init 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:34:20 +08:00
openeuler-ci-bot
83e4e22447 Initial commit 2019-12-29 14:46:19 +08:00