16 changed files with 513 additions and 207 deletions
--- a/.crun.metadata
+++ b/.crun.metadata
@ -1 +0,0 @@
 c79a414d0b980611ba929a7526b7b4c30c2b3b1d SOURCES/crun-0.18.tar.gz
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
 1
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/crun-0.18.tar.gz
+/*.tar.*
--- a/SOURCES/0001-revert-tests-build-init-always-statically.patch
+++ b/SOURCES/0001-revert-tests-build-init-always-statically.patch
@ -1,43 +0,0 @@
 From 320a7ec41342c95fd6bdc500cd207eb0ea5cda6a Mon Sep 17 00:00:00 2001
 From: Giuseppe Scrivano <gscrivan@redhat.com>
 Date: Fri, 19 Feb 2021 13:25:37 +0100
 Subject: [PATCH] Revert "tests: build init always statically"
 This reverts commit a0f322a49a10a014a447b505eda5923a8e6aff7c as it
 causes issues on RHEL 8.
 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 ---
 Makefile.am | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/Makefile.am b/Makefile.am
 index e39dc3b..2b8e18b 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -14,7 +14,7 @@ srpm: dist-gzip rpm/crun.spec
 	$(MAKE) -C $(WD) dist-gzip
 	rpmbuild -bs --define "_sourcedir $(WD)" --define "_specdir $(WD)" --define "_builddir $(WD)" --define "_srcrpmdir $(WD)" --define "_rpmdir $(WD)" --define "_buildrootdir $(WD)/.build" rpm/crun.spec
 -CLEANFILES = crun.spec tests/init
 +CLEANFILES = crun.spec
 lib_LTLIBRARIES = libcrun.la
@@ -79,9 +79,9 @@ noinst_PROGRAMS = tests/init $(UNIT_TESTS)
 TESTS_LDADD = libcrun_testing.a $(FOUND_LIBS)
 -tests/init: tests/init.c
 -	$(CC) -static-libgcc --static -o $@ $<
 -EXTRA_DIST += tests/init.c
 +tests_init_LDADD =
 +tests_init_LDFLAGS = -static-libgcc -all-static
 +tests_init_SOURCES = tests/init.c $(UNIT_TESTS)
 tests_tests_libcrun_utils_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
 tests_tests_libcrun_utils_SOURCES = tests/tests_libcrun_utils.c
 -- 
 2.29.2
--- a/SOURCES/0001-spec-do-not-set-inheritable-capabilities.patch
+++ b/SOURCES/0001-spec-do-not-set-inheritable-capabilities.patch
@ -1,30 +0,0 @@
 From ed485db1465d67f0215c27529c57a76a1daf5135 Mon Sep 17 00:00:00 2001
 From: Giuseppe Scrivano <gscrivan@redhat.com>
 Date: Mon, 28 Feb 2022 11:05:18 +0100
 Subject: [PATCH 1/2] spec: do not set inheritable capabilities
 Closes: CVE-2022-27650
 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 (cherry picked from commit b847d146d496c9d7beba166fd595488e85488562)
 ---
 src/libcrun/container.c | 3 ---
 1 file changed, 3 deletions(-)
 diff --git a/src/libcrun/container.c b/src/libcrun/container.c
 index d3fb017..1e3f3e6 100644
 --- a/src/libcrun/container.c
 +++ b/src/libcrun/container.c
@@ -128,9 +128,6 @@ static char spec_file[] = "\
 				\"CAP_NET_BIND_SERVICE\"\n\
 			],\n\
 			\"inheritable\": [\n\
 -				\"CAP_AUDIT_WRITE\",\n\
 -				\"CAP_KILL\",\n\
 -				\"CAP_NET_BIND_SERVICE\"\n\
 			],\n\
 			\"permitted\": [\n\
 				\"CAP_AUDIT_WRITE\",\n\
 -- 
 2.35.1
--- a/SOURCES/0002-exec-cap-do-not-set-inheritable-capabilities.patch
+++ b/SOURCES/0002-exec-cap-do-not-set-inheritable-capabilities.patch
@ -1,31 +0,0 @@
 From 21cb5a8c7bcc90c42743ffd15cd11a55bf66993d Mon Sep 17 00:00:00 2001
 From: Giuseppe Scrivano <gscrivan@redhat.com>
 Date: Mon, 28 Feb 2022 11:06:50 +0100
 Subject: [PATCH 2/2] exec: --cap do not set inheritable capabilities
 Closes: CVE-2022-27650
 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 (cherry picked from commit 1aeeed2e4fdeffb4875c0d0b439915894594c8c6)
 ---
 src/exec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/exec.c b/src/exec.c
 index bf6c05f..8c9862d 100644
 --- a/src/exec.c
 +++ b/src/exec.c
@@ -250,8 +250,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
           capabilities->effective = exec_options.cap;
           capabilities->effective_len = exec_options.cap_size;
 -          capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
 -          capabilities->inheritable_len = exec_options.cap_size;
 +          capabilities->inheritable = NULL;
 +          capabilities->inheritable_len = 0;
           capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
           capabilities->bounding_len = exec_options.cap_size;
 -- 
 2.35.1
--- a/SPECS/crun.spec
+++ b/SPECS/crun.spec
@ -1,101 +0,0 @@
 Summary: OCI runtime written in C
 Name: crun
 Version: 0.18
 Release: 3%{?dist}
 Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0: 0001-revert-tests-build-init-always-statically.patch
 Patch1: 0001-spec-do-not-set-inheritable-capabilities.patch
 Patch2: 0002-exec-cap-do-not-set-inheritable-capabilities.patch
 License: GPLv2+
 URL: https://github.com/containers/crun
 # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
 ExclusiveArch: %{go_arches}
 # We always run autogen.sh
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gcc
 BuildRequires: python3
 BuildRequires: git
 BuildRequires: libcap-devel
 BuildRequires: systemd-devel
 BuildRequires: yajl-devel
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
 BuildRequires: python3-libmount
 BuildRequires: libtool
 BuildRequires: go-md2man
 Provides: oci-runtime = 2
 %description
 crun is a runtime for running OCI containers
 %prep
 %autosetup -Sgit -n %{name}-%{version}
 %build
 export CFLAGS="%{optflags} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
 ./autogen.sh
 %configure --disable-silent-rules
 %make_build
 %install
 %make_install
 rm -rf $RPM_BUILD_ROOT/usr/lib*
 %files
 %license COPYING
 %{_bindir}/%{name}
 %{_mandir}/man1/*
 %changelog
 * Tue Apr 05 2022 Jindrich Novy <jnovy@redhat.com> - 0.18-3
 - fix CVE-2022-27650
 - Related: #2061390
 * Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-2
 - allow to build without glibc-static (thanks to Giuseppe Scrivano)
 - Related: #1883490
 * Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-1
 - update to https://github.com/containers/crun/releases/tag/0.18
 - Related: #1883490
 * Fri Jan 22 2021 Jindrich Novy <jnovy@redhat.com> - 0.17-1
 - update to https://github.com/containers/crun/releases/tag/0.17
 - Related: #1883490
 * Thu Dec 03 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-2
 - exclude i686 because of build failures
 - Related: #1883490
 * Wed Nov 25 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-1
 - update to https://github.com/containers/crun/releases/tag/0.16
 - Related: #1883490
 * Wed Nov 04 2020 Jindrich Novy <jnovy@redhat.com> - 0.15.1-1
 - update to https://github.com/containers/crun/releases/tag/0.15.1
 - Related: #1883490
 * Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-2
 - synchronize with stream-container-tools-rhel8
 - Related: #1883490
 * Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-1
 - synchronize with stream-container-tools-rhel8
 - Related: #1883490
 * Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-2
 - use proper CFLAGS
 - Related: #1821193
 * Wed Jul 08 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-1
 - update to https://github.com/containers/crun/releases/tag/v0.14.1
 - Related: #1821193
 * Thu Jul 02 2020 Jindrich Novy <jnovy@redhat.com> - 0.14-1
 - update to https://github.com/containers/crun/releases/tag/v0.14
 - Related: #1821193
 * Tue Jun 16 2020 Giuseppe Scrivano <gscrivan@redhat.com> - 0.13-1
 - initial import
--- a/crun.spec
+++ b/crun.spec
@ -0,0 +1,159 @@
 %global krun_opts %{nil}
 %global wasmedge_opts %{nil}
 %global yajl_opts %{nil}
 %if %{defined copr_username}
 %define copr_build 1
 %endif
 # krun and wasm support only on aarch64 and x86_64
 %ifarch aarch64 || x86_64
 # Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
 # build issues on copr
 %if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10)
 %global wasm_support 1
 %global wasmedge_support 1
 %global wasmedge_opts --with-wasmedge
 %endif
 # krun only exists on fedora
 %if %{defined fedora}
 %global krun_support 1
 %global krun_opts --with-libkrun
 %endif
 %endif
 %if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10)
 %global system_yajl 1
 %else
 %global yajl_opts --enable-embedded-yajl
 %endif
 Summary: OCI runtime written in C
 Name: crun
 %if %{defined copr_build}
 Epoch: 102
 %endif
 # DO NOT TOUCH the Version string!
 # The TRUE source of this specfile is:
 # https://github.com/containers/crun/blob/main/rpm/crun.spec
 # If that's what you're reading, Version must be 0, and will be updated by Packit for
 # copr and koji builds.
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
 Version: 1.19.1
 Release: 1%{?dist}
 URL: https://github.com/containers/%{name}
 Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst
 License: GPL-2.0-only
 %if %{defined golang_arches_future}
 ExclusiveArch: %{golang_arches_future}
 %else
 ExclusiveArch: aarch64 ppc64le riscv64 s390x x86_64
 %endif
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gcc
 BuildRequires: git-core
 BuildRequires: gperf
 BuildRequires: libcap-devel
 %if %{defined krun_support}
 BuildRequires: libkrun-devel
 %endif
 BuildRequires: systemd-devel
 %if %{defined system_yajl}
 BuildRequires: yajl-devel
 %endif
 BuildRequires: libseccomp-devel
 BuildRequires: python3-libmount
 BuildRequires: libtool
 BuildRequires: protobuf-c-devel
 %ifnarch riscv64
 BuildRequires: criu-devel >= 3.17.1-2
 Recommends: criu >= 3.17.1
 Recommends: criu-libs
 %endif
 %if %{defined wasmedge_support}
 BuildRequires: wasmedge-devel
 %endif
 BuildRequires: python
 Provides: oci-runtime
 %description
 %{name} is a OCI runtime
 %if %{defined krun_support}
 %package krun
 Summary: %{name} with libkrun support
 Requires: libkrun
 Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
 Provides: krun = %{?epoch:%{epoch}:}%{version}-%{release}
 %description krun
 krun is a symlink to the %{name} binary, with libkrun as an additional dependency.
 %endif
 %if %{defined wasm_support}
 %package wasm
 Summary: %{name} with wasm support
 Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
 # wasm packages are not present on RHEL yet and are currently a PITA to test
 # Best to only include wasmedge as weak dep on rhel
 %if %{defined fedora}
 Requires: wasm-library
 %endif
 Recommends: wasmedge
 %description wasm
 %{name}-wasm is a symlink to the %{name} binary, with wasm as an additional dependency.
 %endif
 %prep
 %autosetup -Sgit -n %{name}-%{version}
 %build
 export CFLAGS="%{optflags} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
 export LDFLAGS="%{build_ldflags}"
 ./autogen.sh
 ./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts}
 %make_build
 %install
 %make_install prefix=%{_prefix}
 rm -rf %{buildroot}%{_prefix}/lib*
 %files
 %license COPYING
 %{_bindir}/%{name}
 %{_mandir}/man1/%{name}.1.gz
 %if %{defined krun_support}
 %files krun
 %license COPYING
 %{_bindir}/krun
 %{_mandir}/man1/krun.1.gz
 %endif
 %if %{defined wasm_support}
 %files wasm
 %license COPYING
 %{_bindir}/%{name}-wasm
 %endif
 %changelog
 * Thu Jan 02 2025 Jindrich Novy <jnovy@redhat.com> - 1.19.1-1
 - update to https://github.com/containers/crun/releases/tag/1.19.1
 - Related: RHEL-60277
 * Wed Dec 11 2024 Jindrich Novy <jnovy@redhat.com> - 1.19-2
 - Add missing CFLAGS and LDFLAGS for annocheck/hardening
 - Related: RHEL-60277
 * Mon Dec 09 2024 Jindrich Novy <jnovy@redhat.com> - 1.19-1
 - update to https://github.com/containers/crun/releases/tag/1.19
 - Related: RHEL-60277
 * Mon Nov 25 2024 Jindrich Novy <jnovy@redhat.com> - 1.18.2-1
 - update to https://github.com/containers/crun/releases/tag/1.18.2
 - Related: RHEL-60277
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,15 @@
 --- !Policy
 product_versions:
  - fedora-*
 decision_context:
  - bodhi_update_push_stable
  - bodhi_update_push_testing
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 --- !Policy
 product_versions:
  - rhel-*
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/plans/main.fmf
+++ b/plans/main.fmf
@ -0,0 +1,29 @@
 discover:
    how: fmf
 execute:
    how: tmt
 prepare:
    - how: feature
      epel: enabled
    - when: initiator == packit
      because: "We need to test with updated packages from rhcontainerbot/podman-next copr"
      how: shell
      script: |
        sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo
        dnf -y upgrade --allowerasing
 /upstream:
    summary: Run crun specific Podman system tests on upstream PRs
    discover+:
        filter: tag:upstream
    adjust+:
        - enabled: false
          when: initiator is not defined or initiator != packit
 /downstream:
    summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs
    discover+:
        filter: tag:downstream
    adjust+:
        - enabled: false
          when: initiator == packit
--- a/1
+++ b/1
@ -0,0 +1 @@
 SHA512 (crun-1.19.1.tar.zst) = 4122b6474a1da4c17d781e0ccf2f97a89cbddd4bfca1bca55b4cb15b11bef03f9101b00a921dc6dbcac43be3661a64d61bb7ddfd750672b5bf85561df13cc7a8
--- a/tests/tmt/podman/system-test.fmf
+++ b/tests/tmt/podman/system-test.fmf
@ -0,0 +1,15 @@
 require:
    - bats
    - conmon
    - crun
    - make
    - podman-tests
 adjust:
    duration: 10m
    when: arch == aarch64
 /system_test:
    tag: [ upstream, downstream ]
    summary: Run crun specific Podman tests
    test: bash ./system-test.sh
--- a/tests/tmt/podman/system-test.sh
+++ b/tests/tmt/podman/system-test.sh
@ -0,0 +1,16 @@
 #!/usr/bin/env bash
 set -exo pipefail
 if [[ "$(id -u)" -ne 0 ]];then
    echo "Please run this script as superuser"
    exit 1
 fi
 cat /etc/redhat-release
 rpm -q conmon containers-common crun podman podman-tests
 # Run crun specific podman tests
 bats -t /usr/share/podman/test/system/030-run.bats
 bats -t /usr/share/podman/test/system/075-exec.bats
 bats -t /usr/share/podman/test/system/280-update.bats
--- a/tests/tmt/sanity/config.json
+++ b/tests/tmt/sanity/config.json
@ -0,0 +1,180 @@
 {
 	"ociVersion": "1.0.0",
 	"process": {
 		"terminal": false,
 		"user": {
 			"uid": 0,
 			"gid": 0
 		},
 		"args": [
 			"sleep", "10"
 		],
 		"env": [
 			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 			"TERM=xterm"
 		],
 		"cwd": "/",
 		"capabilities": {
 			"bounding": [
 				"CAP_AUDIT_WRITE",
 				"CAP_KILL",
 				"CAP_NET_BIND_SERVICE"
 			],
 			"effective": [
 				"CAP_AUDIT_WRITE",
 				"CAP_KILL",
 				"CAP_NET_BIND_SERVICE"
 			],
 			"inheritable": [
 			],
 			"permitted": [
 				"CAP_AUDIT_WRITE",
 				"CAP_KILL",
 				"CAP_NET_BIND_SERVICE"
 			],
 			"ambient": [
 				"CAP_AUDIT_WRITE",
 				"CAP_KILL",
 				"CAP_NET_BIND_SERVICE"
 			]
 		},
 		"rlimits": [
 			{
 				"type": "RLIMIT_NOFILE",
 				"hard": 1024,
 				"soft": 1024
 			}
 		],
 		"noNewPrivileges": true
 	},
 	"root": {
 		"path": "rootfs",
 		"readonly": true
 	},
 	"hostname": "crun",
 	"mounts": [
 		{
 			"destination": "/proc",
 			"type": "proc",
 			"source": "proc"
 		},
 		{
 			"destination": "/dev",
 			"type": "tmpfs",
 			"source": "tmpfs",
 			"options": [
 				"nosuid",
 				"strictatime",
 				"mode=755",
 				"size=65536k"
 			]
 		},
 		{
 			"destination": "/dev/pts",
 			"type": "devpts",
 			"source": "devpts",
 			"options": [
 				"nosuid",
 				"noexec",
 				"newinstance",
 				"ptmxmode=0666",
 				"mode=0620",
 				"gid=5"
 			]
 		},
 		{
 			"destination": "/dev/shm",
 			"type": "tmpfs",
 			"source": "shm",
 			"options": [
 				"nosuid",
 				"noexec",
 				"nodev",
 				"mode=1777",
 				"size=65536k"
 			]
 		},
 		{
 			"destination": "/dev/mqueue",
 			"type": "mqueue",
 			"source": "mqueue",
 			"options": [
 				"nosuid",
 				"noexec",
 				"nodev"
 			]
 		},
 		{
 			"destination": "/sys",
 			"type": "sysfs",
 			"source": "sysfs",
 			"options": [
 				"nosuid",
 				"noexec",
 				"nodev",
 				"ro"
 			]
 		},
 		{
 			"destination": "/sys/fs/cgroup",
 			"type": "cgroup",
 			"source": "cgroup",
 			"options": [
 				"nosuid",
 				"noexec",
 				"nodev",
 				"relatime",
 				"ro"
 			]
 		}
 	],
 	"linux": {
 		"resources": {
 			"devices": [
 				{
 					"allow": false,
 					"access": "rwm"
 				}
 			]
 		},
 		"namespaces": [
 			{
 				"type": "pid"
 			},
 			{
 				"type": "network"
 			},
 			{
 				"type": "ipc"
 			},
 			{
 				"type": "uts"
 			},
 			{
 				"type": "cgroup"
 			},
 			{
 				"type": "mount"
 			}
 		],
 		"maskedPaths": [
 			"/proc/acpi",
 			"/proc/asound",
 			"/proc/kcore",
 			"/proc/keys",
 			"/proc/latency_stats",
 			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
 			"/sys/firmware",
 			"/proc/scsi"
 		],
 		"readonlyPaths": [
 			"/proc/bus",
 			"/proc/fs",
 			"/proc/irq",
 			"/proc/sys",
 			"/proc/sysrq-trigger"
 		]
 	}
 }
--- a/tests/tmt/sanity/main.fmf
+++ b/tests/tmt/sanity/main.fmf
@ -0,0 +1,5 @@
 require: [crun, podman]
 summary: Sanity test for crun
 tag: ['upstream', 'downstream']
 test: bash ./runtest.sh
 duration: 10m
--- a/tests/tmt/sanity/runtest.sh
+++ b/tests/tmt/sanity/runtest.sh
@ -0,0 +1,91 @@
 #!/usr/bin/env bash
 set -exo pipefail
 TEMPDIR=$(mktemp -d)
 TESTIMG="quay.io/libpod/busybox"
 CNAME="mycont-$RANDOM"
 cat /etc/redhat-release
 uname -r
 rpm -q crun criu
 crun --version
 [ $? -ne 0 ] && exit 1
 crun features
 [ $? -ne 0 ] && exit 1
 crun list
 [ $? -ne 0 ] && exit 1
 # create the top most bundle and rootfs directory
 mkdir -p $TEMPDIR/rootfs
 # export busybox via podman into the rootfs directory
 podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf -
 [ $? -ne 0 ] && exit 1
 # use existing spec
 cp ./config.json $TEMPDIR
 ls $TEMPDIR
 cd $TEMPDIR
 crun create $CNAME
 [ $? -ne 0 ] && exit 1
 crun list
 [ $? -ne 0 ] && exit 1
 crun start $CNAME
 [ $? -ne 0 ] && exit 1
 crun list
 [ $? -ne 0 ] && exit 1
 crun state $CNAME
 [ $? -ne 0 ] && exit 1
 crun ps $CNAME
 [ $? -ne 0 ] && exit 1
 ret=$(crun exec $CNAME pwd)
 [ $? -ne 0 ] || [ $ret != '/' ] && exit 1
 crun pause $CNAME
 [ $? -ne 0 ] && exit 1
 crun state $CNAME
 [ $? -ne 0 ] && exit 1
 crun resume $CNAME
 [ $? -ne 0 ] && exit 1
 crun state $CNAME
 [ $? -ne 0 ] && exit 1
 ret=$(crun exec $CNAME pwd)
 [ $? -ne 0 ] || [ $ret != '/' ] && exit 1
 crun delete --force $CNAME
 [ $? -ne 0 ] && exit 1
 crun list
 [ $? -ne 0 ] && exit 1
 crun run $CNAME &
 [ $? -ne 0 ] && exit 1
 crun list
 [ $? -ne 0 ] && exit 1
 # make sure the container is running state
 sleep 2
 ret=$(crun exec $CNAME echo 'ok')
 [ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1
 crun kill $CNAME
 [ $? -ne 0 ] && exit 1
 exit 0
		`@ -1 +0,0 @@`
			`c79a414d0b980611ba929a7526b7b4c30c2b3b1d SOURCES/crun-0.18.tar.gz`
		`@ -0,0 +1 @@`
							`SHA512 (crun-1.19.1.tar.zst) = 4122b6474a1da4c17d781e0ccf2f97a89cbddd4bfca1bca55b4cb15b11bef03f9101b00a921dc6dbcac43be3661a64d61bb7ddfd750672b5bf85561df13cc7a8`