updates the vendoring from the latest commit of the ambiguous-manifest-moby-20.10
branch in our fork.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was added in 7a9cb29fb9,
but appears to be unused, so removing it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3994e0ce7855b0dc845c558304e4c1e7a89f0929)
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
The Linux kernel never sets the Inheritable capability flag to anything
other than empty. Moby should have the same behavior, and leave it to
userspace code within the container to set a non-empty value if desired.
Reported-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 0d9a37d0c2)
Signed-off-by: Samuel Karp <skarp@amazon.com>
Welcome to the v1.5.10 release of containerd!
The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648][1]
and other issues.
Notable Updates
- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims
- Handle sigint/sigterm in shimv2
- Use readonly mount to read user/group info
[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
[2]: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c8f0a0c99)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 3b5fac462d / docker 1.10 removed support
for the LXC runtime, and removed the corresponding fields from the API (v1.22).
This patch removes the `HostConfig.LxcConf` field from the API documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 839e2ecc1b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 3b5fac462d / docker 1.10 removed support
for the LXC runtime, and removed the corresponding fields from the API (v1.22).
This patch removes the `HostConfig.LxcConf` field from the swagger definition.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 75a1ad0c9f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This takes the changes from 1a933e113d and
834272f978, and applies them to older API
versions in the docs directory (which are used for the actual documentation).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2145f3ba2c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).
go1.16.14 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, net/http/httptest,
and testing packages. See the Go 1.16.14 milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.16.14+label%3ACherryPickApproved
full diff: https://github.com/golang/go/compare/go1.16.13...go1.16.14
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go:101:63: SA9002: file mode '700' evaluates to 01274; did you mean '0700'? (staticcheck)
if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 700, currentID); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f9fb5d4f25)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 58f99e93b7...distribution:v2.8.0
(taking my own fork for the diff link, as the samuelkarp fork didn't have a reference to the upstream)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
To match the name in Go
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ebd709f80c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
To match the name in Go
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 24a43d934c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
