rpms
/
runc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import runc-1.0.0-64.rc9.module+el8.2.0+5169+e8b0c9ba

This commit is contained in:
CentOS Sources 2020-01-21 18:19:40 -05:00 committed by Stepan Oksanichenko
parent f02a625f6d
commit f67a56f707
5 changed files with 43 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/runc-425e105.tar.gz SOURCES/runc-d736ef1.tar.gz

2
.runc.metadata
View File

@ -1 +1 @@
cfbe1abc984f5b0be1413475f888e39304b265ae SOURCES/runc-425e105.tar.gz 812dbd873389db38f03438166784aee998146d30 SOURCES/runc-d736ef1.tar.gz

32
SOURCES/1807.patch
View File

@ -1,4 +1,4 @@
From e3b37893afa498ef6254cc9d94c159b12e04d0b0 Mon Sep 17 00:00:00 2001 From 3d99c51e1b38a440804a55c9f314f62cc50b8902 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com> From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 25 May 2018 18:04:06 +0200 Date: Fri, 25 May 2018 18:04:06 +0200
Subject: [PATCH] sd-notify: do not hang when NOTIFY_SOCKET is used with create Subject: [PATCH] sd-notify: do not hang when NOTIFY_SOCKET is used with create
@ -10,21 +10,20 @@ still accessible from the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
--- ---
notify_socket.go | 113 ++++++++++++++++++++++++++++++++++------------- notify_socket.go | 112 ++++++++++++++++++++++++++++++++++-------------
signals.go | 4 +- signals.go | 4 +-
start.go | 13 +++++- start.go | 13 +++++-
utils_linux.go | 12 ++++- utils_linux.go | 12 ++++-
4 files changed, 106 insertions(+), 36 deletions(-) 4 files changed, 105 insertions(+), 36 deletions(-)
diff --git a/notify_socket.go b/notify_socket.go diff --git a/notify_socket.go b/notify_socket.go
index b890b5b1c..286ce1ddd 100644 index e7453c62..d961453a 100644
--- a/notify_socket.go --- a/notify_socket.go
+++ b/notify_socket.go +++ b/notify_socket.go
@@ -6,11 +6,14 @@ import ( @@ -7,11 +7,13 @@ import (
"bytes"
"fmt" "fmt"
"net" "net"
+ "os" "os"
+ "path" + "path"
"path/filepath" "path/filepath"
+ "strconv" + "strconv"
@ -37,7 +36,7 @@ index b890b5b1c..286ce1ddd 100644
"github.com/urfave/cli" "github.com/urfave/cli"
) )
@@ -26,12 +29,12 @@ func newNotifySocket(context *cli.Context, notifySocketHost string, id string) * @@ -27,12 +29,12 @@ func newNotifySocket(context *cli.Context, notifySocketHost string, id string) *
} }
root := filepath.Join(context.GlobalString("root"), id) root := filepath.Join(context.GlobalString("root"), id)
@ -52,7 +51,7 @@ index b890b5b1c..286ce1ddd 100644
} }
return notifySocket return notifySocket
@@ -43,13 +46,19 @@ func (s *notifySocket) Close() error { @@ -44,13 +46,19 @@ func (s *notifySocket) Close() error {
// If systemd is supporting sd_notify protocol, this function will add support // If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container. // for sd_notify protocol from within the container.
@ -76,7 +75,7 @@ index b890b5b1c..286ce1ddd 100644
addr := net.UnixAddr{ addr := net.UnixAddr{
Name: s.socketPath, Name: s.socketPath,
Net: "unixgram", Net: "unixgram",
@@ -64,45 +73,89 @@ func (s *notifySocket) setupSocket() error { @@ -71,45 +79,89 @@ func (s *notifySocket) setupSocket() error {
return nil return nil
} }
@ -189,7 +188,7 @@ index b890b5b1c..286ce1ddd 100644
} }
} }
diff --git a/signals.go b/signals.go diff --git a/signals.go b/signals.go
index b67f65a03..dd25e094c 100644 index b67f65a0..dd25e094 100644
--- a/signals.go --- a/signals.go
+++ b/signals.go +++ b/signals.go
@@ -70,6 +70,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach @@ -70,6 +70,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
@ -211,7 +210,7 @@ index b67f65a03..dd25e094c 100644
} }
} }
diff --git a/start.go b/start.go diff --git a/start.go b/start.go
index 2bb698b20..3a1769a43 100644 index 2bb698b2..3a1769a4 100644
--- a/start.go --- a/start.go
+++ b/start.go +++ b/start.go
@@ -3,6 +3,7 @@ package main @@ -3,6 +3,7 @@ package main
@ -242,10 +241,10 @@ index 2bb698b20..3a1769a43 100644
return errors.New("cannot start a container that has stopped") return errors.New("cannot start a container that has stopped")
case libcontainer.Running: case libcontainer.Running:
diff --git a/utils_linux.go b/utils_linux.go diff --git a/utils_linux.go b/utils_linux.go
index ce50db145..670c0fcba 100644 index 984e6b0f..46c26246 100644
--- a/utils_linux.go --- a/utils_linux.go
+++ b/utils_linux.go +++ b/utils_linux.go
@@ -406,7 +406,9 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp @@ -408,7 +408,9 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
notifySocket := newNotifySocket(context, os.Getenv("NOTIFY_SOCKET"), id) notifySocket := newNotifySocket(context, os.Getenv("NOTIFY_SOCKET"), id)
if notifySocket != nil { if notifySocket != nil {
@ -256,7 +255,7 @@ index ce50db145..670c0fcba 100644
} }
container, err := createContainer(context, id, spec) container, err := createContainer(context, id, spec)
@@ -415,10 +417,16 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp @@ -417,10 +419,16 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
} }
if notifySocket != nil { if notifySocket != nil {
@ -274,3 +273,6 @@ index ce50db145..670c0fcba 100644
} }
// Support on-demand socket activation by passing file descriptors into the container init process. // Support on-demand socket activation by passing file descriptors into the container init process.
--
2.21.0

1
SOURCES/99-containers.conf
View File

@ -1 +0,0 @@
fs.may_detach_mounts=1

32
SPECS/runc.spec
View File

@ -11,8 +11,8 @@
%if 0%{?rhel} > 7 && ! 0%{?fedora} %if 0%{?rhel} > 7 && ! 0%{?fedora}
%define gobuild(o:) \ %define gobuild(o:) \
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
%endif # distro %endif
%global provider github %global provider github
%global provider_tld com %global provider_tld com
@ -21,21 +21,19 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -
# https://github.com/opencontainers/runc # https://github.com/opencontainers/runc
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
%global git0 https://%{import_path} %global git0 https://%{import_path}
%global commit0 425e105d5a03fabd737a126ad93d62a9eeede87f %global commit0 d736ef14f0288d6993a1845745d6756cfc9ddd5a
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Name: %{repo} Name: %{repo}
Version: 1.0.0 Version: 1.0.0
Release: 60.rc8%{?dist} Release: 64.rc9%{?dist}
Summary: CLI for running Open Containers Summary: CLI for running Open Containers
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source1: 99-containers.conf
Patch0: 1807.patch Patch0: 1807.patch
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. BuildRequires: golang >= 1.12.12-4
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2
BuildRequires: git BuildRequires: git
BuildRequires: go-md2man BuildRequires: go-md2man
BuildRequires: libseccomp-devel BuildRequires: libseccomp-devel
@ -61,7 +59,7 @@ popd
pushd GOPATH/src/%{import_path} pushd GOPATH/src/%{import_path}
export GOPATH=%{gopath}:$(pwd)/GOPATH export GOPATH=%{gopath}:$(pwd)/GOPATH
export BUILDTAGS="selinux seccomp" export BUILDTAGS="selinux seccomp"
%gobuild -o %{name} %{import_path} %gobuild -o %{name} %{import_path}
pushd man pushd man
./md2man-all.sh ./md2man-all.sh
@ -91,6 +89,24 @@ install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash
%{_datadir}/bash-completion/completions/%{name} %{_datadir}/bash-completion/completions/%{name}
%changelog %changelog
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-64.rc9
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25139
* Mon Dec 09 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-63.rc9
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25139
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-62.rc9
- rebuild because of CVE-2019-9512 and CVE-2019-9514
- Resolves: #1766331, #1766303
* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-61.rc9
- update to runc 1.0.0-rc9 release
- amend golang deps
- fixes CVE-2019-16884
- Resolves: #1759651
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8 * Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8
- Resolves: #1721247 - enable fips mode - Resolves: #1721247 - enable fips mode