8ddb4c4e95
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657
- opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
- opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
- opencontainers/runc#2029 Update dependencies
- opencontainers/runc#2034 Support for logging from children processes
- opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
- opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
- opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
- opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
- opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
- opencontainers/runc#2057 main: not reopen /dev/stderr
- closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
- closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
- closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
- opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
- opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
- opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
- opencontainers/runc#2074 Update dependency libseccomp-golang
- opencontainers/runc#2081 Bump CRIU to 3.12
- opencontainers/runc#2089 doc: First process in container needs `Init: true`
- opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
- closes opencontainers/runc#2093 HostDevices() race with older udevd versions
- opencontainers/runc#2098 man: fix man-pages
- opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
- opencontainers/runc#2107 Make get devices function public
- opencontainers/runc#2113 libcontainer: initial support for cgroups v2
- opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
- removes github.com/coreos/pkg as dependency
- opencontainers/runc#2117 Remove libcontainer detection for systemd features
- fixes opencontainers/runc#2117 Cache the systemd detection results
- opencontainers/runc#2119 libcontainer: update masked paths of /proc
- relates to moby/moby#36368 Add /proc/keys to masked paths
- relates to moby/moby#38299 Masked /proc/asound
- relates to moby/moby#37404 Add /proc/acpi to masked paths (CVE-2018-10892)
- opencontainers/runc#2122 nsenter: minor fixes
- opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
- opencontainers/runc#2125 cgroup: support mount of cgroup2
- opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
- opencontainers/runc#2129 Only allow proc mount if it is procfs
- addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| go-digest | ||
| image-spec | ||
| runc | ||
| runtime-spec | ||
| selinux | ||