diff options
author | Sebastiaan van Stijn <github@gone.nl> | 2023-04-13 19:43:05 +0200 |
---|---|---|
committer | Sebastiaan van Stijn <github@gone.nl> | 2023-05-05 20:59:10 +0200 |
commit | b73d5f066d278f3feb7a5a91d71e1d21f73ddfa9 (patch) | |
tree | 18f88c53e974879ee6dbaff71c39ab420c16d574 | |
parent | 3275e2a936789f19f9e7c5371ae3451579821968 (diff) | |
download | docker-b73d5f066d278f3feb7a5a91d71e1d21f73ddfa9.tar.gz |
update runc binary to v1.1.6
release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.6
full diff: https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.6
This is the sixth patch release in the 1.1.z series of runc, which fixes
a series of cgroup-related issues.
Note that this release can no longer be built from sources using Go
1.16. Using a latest maintained Go 1.20.x or Go 1.19.x release is
recommended. Go 1.17 can still be used.
- systemd cgroup v1 and v2 drivers were deliberately ignoring UnitExist error
from systemd while trying to create a systemd unit, which in some scenarios
may result in a container not being added to the proper systemd unit and
cgroup.
- systemd cgroup v2 driver was incorrectly translating cpuset range from spec's
resources.cpu.cpus to systemd unit property (AllowedCPUs) in case of more
than 8 CPUs, resulting in the wrong AllowedCPUs setting.
- systemd cgroup v1 driver was prefixing container's cgroup path with the path
of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup.
- runc run/start may return "permission denied" error when starting a rootless
container when the file to be executed does not have executable bit set for
the user, not taking the CAP_DAC_OVERRIDE capability into account. This is
a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1
- cgroup v1 drivers are now aware of misc controller.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d0efca893b9ddb6864f1408f55b898441cbd7ec3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
-rwxr-xr-x | hack/dockerfile/install/runc.installer | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer index 0926d201f8..8a910a425e 100755 --- a/hack/dockerfile/install/runc.installer +++ b/hack/dockerfile/install/runc.installer @@ -9,7 +9,7 @@ set -e # the containerd project first, and update both after that is merged. # # When updating RUNC_VERSION, consider updating runc in vendor.conf accordingly -: "${RUNC_VERSION:=v1.1.5}" +: "${RUNC_VERSION:=v1.1.6}" install_runc() { RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}" |