beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update runc binary to v1.1.2

Browse source 
This is the second patch release of the runc 1.1 release branch. It
fixes CVE-2022-29162, a minor security issue (which appears to not be
exploitable) related to process capabilities.

This is a similar bug to the ones found and fixed in Docker and
containerd recently (CVE-2022-24769).

- A bug was found in runc where runc exec --cap executed processes with
  non-empty inheritable Linux process capabilities, creating an atypical Linux
  environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
- runc spec no longer sets any inheritable capabilities in the created
  example OCI spec (config.json) file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-05-12 13:51:12 +02:00
parent 7c69b6dc08
commit bc0fd3f617
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/dockerfile/install/runc.installer
View file

@ -9,7 +9,7 @@ set -e
# the containerd project first, and update both after that is merged.
#
# When updating RUNC_VERSION, consider updating runc in vendor.mod accordingly
: "${RUNC_VERSION:=v1.1.1}"
: "${RUNC_VERSION:=v1.1.2}"
install_runc() {
RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"