runc
runc is a CLI tool for spawning and running containers according to the OCI
specification. It is designed to be as minimal as possible, and is the workhorse
of Docker. It was originally designed to be a replacement for LXC within Docker,
and has grown to become a separate project entirely.
- Links to Virtualization:containers / runc
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:cyphar:docker/runc && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_link | 0000000133 133 Bytes | |
runc-1.0.3.tar.xz | 0001415820 1.35 MB | |
runc-1.0.3.tar.xz.asc | 0000000854 854 Bytes | |
runc-rpmlintrc | 0000000141 141 Bytes | |
runc.changes | 0000025813 25.2 KB | |
runc.keyring | 0000004164 4.07 KB | |
runc.spec | 0000003462 3.38 KB |
Revision 50 (latest revision is 101)
- Update to runc v1.0.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784 * A potential vulnerability was discovered in runc (related to an internal usage of netlink), however upon further investigation we discovered that while this bug was exploitable on the master branch of runc, no released version of runc could be exploited using this bug. The exploit required being able to create a netlink attribute with a length that would overflow a uint16 but this was not possible in any released version of runc. For more information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784. Due to an abundance of caution we decided to do an emergency release with this fix, but to reiterate we do not believe this vulnerability was possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability so quickly. * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes).
Comments 0