beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update runc to 6635b4f (fix CVE-2019-5736)

Browse source 
- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
  6635b4f0c6,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
  28a697cce3
  (NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2019-02-12 14:05:25 +01:00
parent 6800954050
commit f03698b69a
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/dockerfile/install/runc.installer
View file

@ -4,7 +4,7 @@
# The version of runc should match the version that is used by the containerd
# version that is used. If you need to update runc, open a pull request in
# the containerd project first, and update both after that is merged.
RUNC_COMMIT=96ec2177ae841256168fcf76954f7177af9446eb
RUNC_COMMIT=6635b4f0c6af3810594d2770f662f34ddc15b40d
install_runc() {
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting