packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
89 Commits 1 Branch 0 Tags
Commit Graph

33 Commits

Author SHA1 Message Date
zhongjiawei
4377e4eac8 runc:Set temporary single CPU affinity before cgroup cpuset transition 2024-06-19 17:13:23 +08:00
zhongjiawei
7468edaaff runc:fix CVE-2024-3154 
(cherry picked from commit 4066efdeea131fd2ceb9830f5bf1a4320a4be161)
 2024-05-24 10:58:02 +08:00
zhongjiawei
30124a2822 runc:check runc exist 
(cherry picked from commit 8f7bee2bdd549dbff8e3d0cf006aa44a911bb1a2)
 2024-02-06 15:10:59 +08:00
zhongjiawei
28bc3cb4d1 runc:fix CVE-2024-21626 
(cherry picked from commit 73e8818d6150f9404434dd9e19c5a07fe3e1496d)
 2024-02-01 18:57:51 +08:00
zhongjiawei
e93fcb5f5a runc:symc some patches 
(cherry picked from commit 6b3b6fb7d12f8699fd427a6001bf78e0937e1984)
 2023-12-22 10:51:30 +08:00
zhongjiawei
a72a7c731b runc:runc delete don't proceed in case of errors 
(cherry picked from commit 86bc5d68c9d4114df4198cfc629b9e792fd609e2)
 2023-12-08 17:05:26 +08:00
zhongjiawei
91878f3688 runc:delete do not ignore error from destroy 
(cherry picked from commit cac08d4b0d7e584cebf403e6635799c6e6617086)
 2023-12-04 16:38:13 +08:00
zhongjiawei
5f98ac951a runc:fix update rt-runtime-us and rt-period-us failed 
(cherry picked from commit 8ea12dd106966f2a1cfc9884c6813781448116a8)
 2023-10-25 14:34:42 +08:00
zhongjiawei
203590fd46 runc:handle kmem.limit_in_bytes removal 
(cherry picked from commit b8961922aca361cc2a6cab04b0ca583f4f59533e)
 2023-10-12 17:16:13 +08:00
zhongjiawei
26bd3e8e1c runc:fix init error return logic 
(cherry picked from commit 435221ff67d08acd4177fc6e6727c0d118823e2b)
 2023-09-18 17:11:44 +08:00
zhongjiawei
768c6b8364 runc:sync some patches 
(cherry picked from commit 69042095379851738f3e634c4fa0376c09a5b88c)
 2023-06-25 14:47:36 +08:00
zhongjiawei
ce5a6de744 runc:modify runc make command to satisfy the compile options 
(cherry picked from commit e0e4251b85b4e05e8e9a6998bcd30204677923ba)
 2023-06-09 12:01:59 +08:00
zhongjiawei
4849985802 runc:fix /sys/fs/cgroup mounts and Prohibit /proc and /sys to be symlinks 
(cherry picked from commit bd0c7cabf5f8b41db2b1d87666e9e24d0b05f146)
 2023-04-04 16:34:49 +08:00
zhongjiawei
93ca397220 runc:libcontainer: skip chown of /dev/null caused by fd redirection 
(cherry picked from commit 681e820ba8f00eaa61dd364ec66570d3232dad62)
 2023-03-22 09:32:20 +08:00
zhongjiawei
a48f2c8c5a runc:make runc spec compatible 1.0.0.rc3 
1.adapt DisableOOMKiller, OOMScoreAdj position adjustment.
2.adapt to BlackIO json parsing field change modification.

(cherry picked from commit 31b4d61040e150dd61fd9e93fd52efc90bb8668b)
 2023-02-09 17:19:30 +08:00
zhongjiawei
5a27decb32 runc:modify linuxcontainer startime uint64 type tobe string 
(cherry picked from commit 3d57a4060efff460a195cf6570db2cf4c139d112)
 2023-01-28 08:56:07 +08:00
zhongjiawei
5fee2ff802 runc: upgrade runc verison to 1.1.3 
(cherry picked from commit 43a94523cb5d1db7aa39fd12d8c240861502ff92)
 2023-01-10 20:39:35 +08:00
zhongjiawei
be10cb22b5 runc:support specify umask 
(cherry picked from commit c5cdeab8a2b07388511f394336c92bf28b45e095)
 2022-12-17 15:14:20 +08:00
zhongjiawei
f5df9173bd runc:support set cpuset.perfer 
(cherry picked from commit 085ea0a6ceac80d9cf3ea78a3ee291ffd1c15ea8)
 2022-12-15 16:59:56 +08:00
wang--ge
cca0b15ead add errnoRet in Syscall struct 2022-11-21 16:45:17 +08:00
zhongjiawei
3c8ead62cb runc: add CGO security build option 
(cherry picked from commit d41500546fb8a067524de22860724b0fd7d163fd)
 2022-09-22 14:49:18 +08:00
zhongjiawei
159dba5287 runc: sync bugfix modify 2022-08-16 20:39:20 +08:00
zhongjiawei
42e9bee538 runc : sync from 22.03-LTS 2022-08-09 14:53:38 +08:00
xiadanni
2f6befc1d9 runc:build security options 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:18:36 +08:00
xiadanni
86bbece715 runc: sync bugfix 
1. add cpu and memory info when print cgroup info
2. fix freezing race

Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2021-03-18 11:10:23 +08:00
yangyanchao
356cf9ad42 runc:sys:add symbol for riscv64 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-15 14:52:48 +08:00
xiadanni
573b34b3bb runc: don't deny all devices when update cgroup resource 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-11-25 15:42:31 +08:00
xiadanni
450a0907cf runc: fix permission denied 
reason: when exec as root and config.Cwd is not owned by root,
exec will fail because root doesn't have the caps.

Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-09 16:02:37 +08:00
xiadanni1
ab5af31922 runc: use git-commit to store commit ID 
Change-Id: Ib43bafb0ec680082520d85530ef783b68bc08671
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-06-12 01:19:00 +08:00
xiadanni1
1029fc9d1c rootfs: do not permit /proc mounts to non-directories 
mount(2) will blindly follow symlinks, which is a problem because it
allows a malicious container to trick runc into mounting /proc to an
entirely different location (and thus within the attacker's control for
a rename-exchange attack).

This is just a hotfix (to "stop the bleeding"), and the more complete
fix would be finish libpathrs and port runc to it (to avoid these types
of attacks entirely, and defend against a variety of other /proc-related
attacks). It can be bypased by someone having "/" be a volume controlled
by another container.

Fixes: CVE-2019-19921
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 2020-04-15 17:01:50 +08:00
xiadanni1
e85c7e153b runc:Pass back the pid of runc:[1:CHILD] so we can wait on it 
reason:This allows the libcontainer to automatically clean up
runc:[1:CHILD] processes created as part of nsenter.

Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
 2020-03-20 21:31:32 +08:00
Grooooot
ba3d1f2aa6 runc: sync patches 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-03-05 19:34:03 +08:00
openeuler-iSula
5904ba4dcf runc: package init 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:34:20 +08:00