Merge pull request #30044 from tonistiigi/update-runc-113

[v1.13] vendor: update runc to 2f7393a4

hack/dockerfile/binaries-commits

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
-RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7
+RUNC_COMMIT=2f7393a47307a16f8cee44a37b262e8b81021e3e
 CONTAINERD_COMMIT=03e5862ec0d8d3b3f750e19fca3ee367e13c090e
 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
 LIBNETWORK_COMMIT=0f534354b813003a754606689722fe253101bc4e

vendor.conf

@@ -59,7 +59,7 @@ github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
 github.com/docker/go v1.5.1-1-1-gbaf439e
 github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
 
-github.com/opencontainers/runc 51371867a01c467f08af739783b8beafc15 # libcontainer
+github.com/opencontainers/runc 2f7393a47307a16f8cee44a37b262e8b81021e3e https://github.com/docker/runc.git # libcontainer
 github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)

vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c

@@ -435,6 +435,11 @@ void nsexec(void)
 	if (pipenum == -1)
 		return;
 
+	/* make the process non-dumpable */
+	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) {
+		bail("failed to set process as non-dumpable");
+	}
+
 	/* Parse all of the netlink configuration. */
 	nl_parse(pipenum, &config);