diff --git a/.gitignore b/.gitignore index 675b156..b3ca221 100644 --- a/.gitignore +++ b/.gitignore @@ -210,3 +210,7 @@ /skopeo-12ab19f.tar.gz /skopeo-bbd800f.tar.gz /skopeo-77293ff.tar.gz +/skopeo-8151b89.tar.gz +/skopeo-44beab6.tar.gz +/skopeo-6dabefa.tar.gz +/skopeo-d8bc8b6.tar.gz diff --git a/containers.conf b/containers.conf index acae3dc..1abf943 100644 --- a/containers.conf +++ b/containers.conf @@ -60,6 +60,7 @@ # the default capabilities defined in the container engine will be added. # default_capabilities = [ + "AUDIT_WRITE", "CHOWN", "DAC_OVERRIDE", "FOWNER", @@ -69,6 +70,7 @@ default_capabilities = [ "SETGID", "SETPCAP", "SETUID", + "SYS_CHROOT" ] # A list of sysctls to be set in containers by default, @@ -76,7 +78,7 @@ default_capabilities = [ # for example:"net.ipv4.ping_group_range = 0 1000". # default_sysctls = [ - "net.ipv4.ping_group_range=0 65536", + "net.ipv4.ping_group_range=0 1", ] # A list of ulimits to be set in containers by default, specified as diff --git a/seccomp.json b/seccomp.json index 9b537db..07cdd6c 100644 --- a/seccomp.json +++ b/seccomp.json @@ -101,7 +101,6 @@ "fchdir", "fchmod", "fchmodat", - "fchmodat2", "fchown", "fchown32", "fchownat", diff --git a/skopeo.spec b/skopeo.spec index c2f125d..878b8e5 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -28,7 +28,7 @@ %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global git0 https://%{import_path} -%global commit0 77293ff9c42a9c8d3db36a6c02fe26c70b232ec9 +%global commit0 d8bc8b62e90912db24d090a1eca8b4fa46cba084 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag @@ -45,8 +45,8 @@ Epoch: 1 %else Epoch: 2 %endif -Version: 1.1.1 -Release: 47.dev.git%{shortcommit0}%{?dist} +Version: 1.2.1 +Release: 4.dev.git%{shortcommit0}%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -447,6 +447,30 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Fri Oct 2 2020 RH Container Bot - 1:1.2.1-4.dev.gitd8bc8b6 +- autobuilt d8bc8b6 + +* Wed Sep 30 2020 RH Container Bot - 1:1.2.1-3.dev.git6dabefa +- autobuilt 6dabefa + +* Fri Sep 25 2020 RH Container Bot - 1:1.2.1-2.dev.git44beab6 +- bump to 1.2.1 +- autobuilt 44beab6 + +* Fri Sep 25 2020 Dan Walsh - 1:1.1.1-51.dev.git5d5756c +- Modify the range of groups used in net.ipv4.ping_group_range to be 1 so that +- it will work more easily with User Namespaces +- Also turn back on AUDIT_WRITE until seccomp.json file is fixed + +* Mon Sep 21 18:12:41 UTC 2020 RH Container Bot - 1:1.1.1-50.dev.git8151b89 +- autobuilt 8151b89 + +* Mon Sep 21 2020 Dan Walsh - 1:1.1.1-49.dev.git5d5756c +- Add SYS_CHROOT back into default capabilities + +* Mon Sep 21 2020 Dan Walsh - 1:1.1.1-48.dev.git5d5756c +- Remove fchmodat2 from seccomp.json (This syscall does not exist yet) + * Fri Sep 18 20:12:04 UTC 2020 RH Container Bot - 1:1.1.1-47.dev.git77293ff - autobuilt 77293ff diff --git a/sources b/sources index 559ba08..5b466dd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (skopeo-77293ff.tar.gz) = 7ebcca67cff46e846407d15556a310988dc47640c2b0faee2b73a7c44ec78601debdba322020d6c388d1b338c2432944c4972614b42337e80b308d31520ec917 +SHA512 (skopeo-d8bc8b6.tar.gz) = 04c3fcb4a61df01aad6fb2c938009524cce3476759d868c75b24641013a998db3c7f8a910b2a350f84d74c1bc5471fc20c5ea7939175faa25dccf17353d57823