Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

[18.06] backport #38573 "bump up runc" #146

Closed
wants to merge 1 commit into from
Closed

[18.06] backport #38573 "bump up runc" #146

wants to merge 1 commit into from

Conversation

AkihiroSuda
Copy link

moby#38573

Changes: opencontainers/runc@69663f0...12f6a99

Including critical security fix for runc run --no-pivot (DOCKER_RAMDISK=1): opencontainers/runc#1962

(NOTE: the vuln is attackable only when DOCKER_RAMDISK=1 is set && seccomp is disabled)

Signed-off-by: Akihiro Suda suda.akihiro@lab.ntt.co.jp

@AkihiroSuda
bump up runc
6fb0a05 
Changes: opencontainers/runc@69663f0...12f6a99

Including critical security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`): opencontainers/runc#1962

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
@AkihiroSuda
Copy link
Author

libcontainer vendor is kept as-is due to compilation failure:

08:01:57 Building: bundles/binary-daemon/dockerd-dev
08:02:34 # github.com/docker/docker/pkg/sysinfo
08:02:34 pkg/sysinfo/sysinfo_linux.go:230:40: not enough arguments in call to cgroups.FindCgroupMountpoint
08:02:34 	have (string)
08:02:34 	want (string, string)
08:02:48 # github.com/docker/docker/vendor/github.com/docker/libnetwork
08:02:48 vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go:47:12: undefined: configs.HookState

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@danijel202 danijel202 danijel202 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AkihiroSuda @danijel202