Skip to content

Commit

Permalink
update runc binary to 1.1.15
Browse files Browse the repository at this point in the history 
diff: opencontainers/runc@v1.1.14...v1.1.15

Release notes:

- The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs. (containerd#4391)
- On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace. (containerd#2404, containerd#4425)
- In order to fix performance issues in the "lightweight" bindfd protection
  against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases. (containerd#4392, containerd#2532)

Signed-off-by: Samuel Karp <[email protected]>
  • Loading branch information
@samuelkarp
samuelkarp authored and k8s-infra-cherrypick-robot committed Oct 8, 2024
1 parent 06c29ea commit 113a9f1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion script/setup/runc-version
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.1.14
v1.1.15

0 comments on commit 113a9f1

Please sign in to comment.