From 4b4ef42785cb7c13a2d247687e2cbbf96f95f3f7 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 24 Jan 2020 16:27:54 +0900 Subject: [PATCH] update runc binary to v1.0.0-rc10 (CVE-2019-19921) Notable changes: * Fix CVE-2019-19921 (Volume mount race condition with shared mounts): https://github.com/opencontainers/runc/pull/2207 * Fix exec FIFO race: https://github.com/opencontainers/runc/pull/2185 * Basic support for cgroup v2. Almost feature-complete, but still missing support for systemd mode in rootless. See also https://github.com/opencontainers/runc/issues/2209 for the known issues. Full changes: https://github.com/opencontainers/runc/compare/v1.0.0-rc9...v1.0.0-rc10 Signed-off-by: Akihiro Suda (cherry picked from commit cd43c1d1ac81a37dc8f9aad16d33949df80ac5b9) Signed-off-by: Sebastiaan van Stijn Upstream-commit: 3bd1759f804a53d15685e22eab7d609bb1fa556b Component: engine --- components/engine/hack/dockerfile/install/runc.installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/hack/dockerfile/install/runc.installer b/components/engine/hack/dockerfile/install/runc.installer index 4b5dd4189c5..d4d187da612 100755 --- a/components/engine/hack/dockerfile/install/runc.installer +++ b/components/engine/hack/dockerfile/install/runc.installer @@ -4,7 +4,7 @@ # The version of runc should match the version that is used by the containerd # version that is used. If you need to update runc, open a pull request in # the containerd project first, and update both after that is merged. -RUNC_COMMIT=d736ef14f0288d6993a1845745d6756cfc9ddd5a # v1.0.0-rc9 +RUNC_COMMIT=dc9208a3303feef5b3839f4323d9beb36df0a9dd # v1.0.0-rc10 install_runc() { # If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting