diff --git a/git-commit b/git-commit index 0facadba6b73ffc26c9415a58900c325cd230522..6f86182479afc88cef3a660a207bba7e10df62bc 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -288b7252b0db60842f5d7e1b9716c84c98f4ea30 +f96899740a738303176d8f2d08881d42eadc2ee0 diff --git a/patch/0042-runc-fix-a-data-race.patch b/patch/0042-runc-fix-a-data-race.patch new file mode 100644 index 0000000000000000000000000000000000000000..2a42c4f9f970daac36dc48416489b49f4d0b9ee2 --- /dev/null +++ b/patch/0042-runc-fix-a-data-race.patch @@ -0,0 +1,26 @@ +From d1ef3ab619c7743d389fc882ec65df38d140fc08 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Mon, 17 Jun 2024 23:22:39 +0800 +Subject: [PATCH] libct/config: fix a data race + +Reference:https://github.com/opencontainers/runc/commit/c342872276d4a3d5f662684115e282cbb20bf227 +--- + libcontainer/configs/config.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go +index f85ade3f..c9ecc3cb 100644 +--- a/libcontainer/configs/config.go ++++ b/libcontainer/configs/config.go +@@ -455,7 +455,7 @@ func (c Command) Run(s *specs.State) error { + return err + case <-timerCh: + cmd.Process.Kill() +- cmd.Wait() ++ <-errC + return fmt.Errorf("hook ran past specified timeout of %.1fs", c.Timeout.Seconds()) + case <-timeAfter: + if c.Timeout != nil { +-- +2.33.0 + diff --git a/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch b/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch new file mode 100644 index 0000000000000000000000000000000000000000..5528a6fd71af9a4c4689f6259dd91d70f7d8e1d9 --- /dev/null +++ b/patch/0043-runc-do-not-support-set-umask-through-native.umask.patch @@ -0,0 +1,48 @@ +From 19a4209a82132f930fe55cbb2255eb453b465e56 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 11 Jul 2024 20:18:01 +0800 +Subject: [PATCH] runc:do not support set umask through native.umask + +Signed-off-by: zhongjiawei +--- + libcontainer/rootfs_linux.go | 6 ------ + libcontainer/setns_init_linux.go | 6 ------ + 2 files changed, 12 deletions(-) + +diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go +index c42e388..499d753 100644 +--- a/libcontainer/rootfs_linux.go ++++ b/libcontainer/rootfs_linux.go +@@ -192,12 +192,6 @@ func finalizeRootfs(config *configs.Config) (err error) { + } else { + unix.Umask(0o022) + } +- umask := utils.SearchLabels(config.Labels, "native.umask") +- if umask == "normal" { +- unix.Umask(0o022) +- } else { +- unix.Umask(0o027) +- } + return nil + } + +diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go +index f1dcab6..d8cdfdf 100644 +--- a/libcontainer/setns_init_linux.go ++++ b/libcontainer/setns_init_linux.go +@@ -56,12 +56,6 @@ func (l *linuxSetnsInit) Init() error { + return err + } + } +- umask := utils.SearchLabels(l.config.Config.Labels, "native.umask") +- if umask == "normal" { +- unix.Umask(0o022) +- } else { +- unix.Umask(0o027) +- } + if l.config.NoNewPrivileges { + if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { + return err +-- +2.33.0 + diff --git a/runc.spec b/runc.spec index 5bc1c198055fe1a63269ffddc20ab6c688200fe5..fe9b51e12606e53aaa89adc15411a520df2db078 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ Name: runc Version: 1.1.8 -Release: 16 +Release: 17 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -57,6 +57,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog +* Mon Jul 15 2024 zhongjiawei - 1.1.8-17 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync some patches + * Fri Jun 14 2024 zhaixiaojuan - 1.1.8-16 - Type:bugfix - CVE:NA diff --git a/series.conf b/series.conf index 97b90acfa0f6976745e864ea19a49db3c5a6d5db..9546ca366256f0c514ae15b05fbd3e0fb81323aa 100644 --- a/series.conf +++ b/series.conf @@ -37,3 +37,5 @@ patch/0037-runc-fix-CVE-2024-21626.patch patch/0038-runc-check-cmd-exist.patch patch/0039-runc-fix-CVE-2024-3154.patch patch/0040-add-loongarch64-seccomp-support.patch +patch/0042-runc-fix-a-data-race.patch +patch/0043-runc-do-not-support-set-umask-through-native.umask.patch