You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
diff: opencontainers/runc@v1.1.14...v1.1.15
Release notes:
- The -ENOSYS seccomp stub is now always generated for the native
architecture that runc is running on. This is needed to work around some
arguably specification-incompliant behaviour from Docker on architectures
such as ppc64le, where the allowed architecture list is set to null. This
ensures that we always generate at least one -ENOSYS stub for the native
architecture even with these weird configs. (containerd#4391)
- On a system with older kernel, reading /proc/self/mountinfo may skip some
entries, as a consequence runc may not properly set mount propagation,
causing container mounts leak onto the host mount namespace. (containerd#2404, containerd#4425)
- In order to fix performance issues in the "lightweight" bindfd protection
against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
has been removed. runc now creates a binary copy in all cases. (containerd#4392, containerd#2532)
Signed-off-by: Samuel Karp <[email protected]>
0 commit comments