packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
35 Commits 1 Branch 0 Tags
Commit Graph

13 Commits

Author SHA1 Message Date
zhongjiawei
f10afe6ca0 runc:seccomp prepend ENOSYS stub to all filters 
(cherry picked from commit cb1523689363ae4b80817985491fe63c57d280da)
 2023-02-13 16:07:52 +08:00
zhongjiawei
c6a37443f6 runc:Make sure signalAllProcesses is invoked in the function of destroy when container shares pid namespace 
(cherry picked from commit 3326e834bbf67755d59ca84907d4501a9026ce94)
 2023-02-13 15:46:34 +08:00
zhongjiawei
5916602ab1 runc:support specify umask 
(cherry picked from commit 7e96bb54af880bf5b77775882f4abfc111e9d0b8)
 2022-12-17 15:14:21 +08:00
zhongjiawei
93ee628b45 runc: add build security option and improve log for debugging 
(cherry picked from commit 65aec810e278bfb123ebac28a3500d5a993e4b69)
 2022-09-22 09:11:04 +08:00
zhongjiawei
1624a11dcd runc: change Umask to 0022 2022-08-09 17:16:50 +08:00
Vanient
5ca67e3066 runc:do not set inheritable capabilities(fix CVE-2022-29162) 
Signed-off-by: Vanient <xiadanni1@huawei.com>
 2022-06-06 20:46:23 +08:00
xiadanni
22caaf6e10 runc:fix systemd cgroup after memory type changed 
upstream from
acaf6897f5

Signed-off-by: xiadanni <xiadanni1@huawei.com>
(cherry picked from commit c4884fd0a7ccc1b4b8851dd77df646529dd73e6b)
 2021-08-09 11:44:43 +08:00
xiadanni
e026adfb26 runc:add mount destination validation(fix CVE-2021-30465) 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-06-04 12:46:21 +08:00
xiadanni
d7cca0cc8f runc:sync bugfix and bump version 
Signed-off-by: xiadanni <xiadanni1@huawei.com>

Conflicts:
	runc-openeuler.spec
 2021-03-05 11:36:07 +08:00
xiadanni
874ff09e56 runc: update patches 
0118-runc-don-t-deny-all-devices-when-update-cgroup-resou.patch
0119-runc-rootfs-do-not-permit-proc-mounts-to-no.patch
0120-runc-fix-permission-denied.patch

Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-11-25 19:49:16 +08:00
xiadanni1
e85c7e153b runc:Pass back the pid of runc:[1:CHILD] so we can wait on it 
reason:This allows the libcontainer to automatically clean up
runc:[1:CHILD] processes created as part of nsenter.

Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
 2020-03-20 21:31:32 +08:00
Grooooot
ba3d1f2aa6 runc: sync patches 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-03-05 19:34:03 +08:00
openeuler-iSula
5904ba4dcf runc: package init 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:34:20 +08:00