diff --git a/patch/0129-runc-Makefile-modify.patch b/patch/0129-runc-Makefile-modify.patch new file mode 100644 index 0000000000000000000000000000000000000000..90e2f36fb18bb4e65f323bd7277d999996461fb9 --- /dev/null +++ b/patch/0129-runc-Makefile-modify.patch @@ -0,0 +1,58 @@ +From 2445e4d3c1ba55f1592c5bc2295a0a497c10f08d Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Wed, 21 Sep 2022 15:29:27 +0800 +Subject: [PATCH] runc:Makefile modify + +Signed-off-by: zhongjiawei +--- + Makefile | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/Makefile b/Makefile +index b24c22b..c2f9b42 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,8 +10,7 @@ GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") + RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) + PROJECT := github.com/opencontainers/runc + BUILDTAGS := seccomp +-COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true) +-COMMIT := $(if $(shell git status --porcelain --untracked-files=no),"${COMMIT_NO}-dirty","${COMMIT_NO}") ++COMMIT := $(shell cat ./git-commit | head -c 40) + + MAN_DIR := $(CURDIR)/man/man8 + MAN_PAGES = $(shell ls $(MAN_DIR)/*.8) +@@ -40,10 +39,17 @@ recvtty: contrib/cmd/recvtty/recvtty + contrib/cmd/recvtty/recvtty: $(SOURCES) + go build -i -ldflags " -buildid=IdByIsula ${BEP_FLAG} -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty + ++LD_FLAGS='-buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=-Wl,-z,relro,-z,now \ ++ -X main.gitCommit=${COMMIT} -X main.version=${VERSION}' ++ + static: $(SOURCES) +- mkdir -p ${BEP_DIR} +- CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -buildid=IdByIsula -extldflags -static ${BEP_FLAG} -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o runc . +- CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -buildid=IdByIsula -extldflags -static ${BEP_FLAG} -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty ++ rm -rf /tmp/bep-runc && mkdir /tmp/bep-runc ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ go build -buildmode=pie -tags "$(BUILDTAGS) cgo static_build" -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc . + + release: + @flag_list=(seccomp selinux apparmor static); \ +@@ -83,6 +89,9 @@ man: + runcimage: + docker build -t $(RUNC_IMAGE) . + ++check: ++ go test -v ./libcontainer ++ + test: + make unittest integration rootlessintegration + +-- +2.30.0 + diff --git a/patch/0130-runc-add-logs.patch b/patch/0130-runc-add-logs.patch new file mode 100644 index 0000000000000000000000000000000000000000..438b4e8dc45f5d4ce5d4aa7b622a7dbcb0037845 --- /dev/null +++ b/patch/0130-runc-add-logs.patch @@ -0,0 +1,513 @@ +From 4714889cd6ab043a36e595d9bc2c4b077bd17c8f Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Wed, 21 Sep 2022 16:59:42 +0800 +Subject: [PATCH] runc: add logs + +Signed-off-by: zhongjiawei +--- + libcontainer/container_linux.go | 21 +++++++++ + libcontainer/factory_linux.go | 13 ++++-- + libcontainer/init_linux.go | 4 +- + libcontainer/logs/logs.go | 68 +++++++++++++++++++++++++++++ + libcontainer/nsenter/nsexec.c | 52 ++++++++++++++++++++-- + libcontainer/process_linux.go | 11 +++-- + libcontainer/setns_init_linux.go | 6 +++ + libcontainer/standard_init_linux.go | 18 ++++++-- + main.go | 6 ++- + main_unix.go | 11 +++++ + 10 files changed, 193 insertions(+), 17 deletions(-) + create mode 100644 libcontainer/logs/logs.go + +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go +index 7319286..7be84a6 100644 +--- a/libcontainer/container_linux.go ++++ b/libcontainer/container_linux.go +@@ -23,6 +23,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/criurpc" ++ "github.com/opencontainers/runc/libcontainer/logs" + "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/utils" + "github.com/syndtr/gocapability/capability" +@@ -309,6 +310,17 @@ func (c *linuxContainer) start(process *Process) error { + if err != nil { + return newSystemErrorWithCause(err, "creating new parent process") + } ++ ++ if logsDone := logs.ForwardLogs(); logsDone != nil { ++ defer func() { ++ select { ++ case <-logsDone: ++ case <-time.After(3 * time.Second): ++ logrus.Warnf("wait child close logfd timeout") ++ } ++ }() ++ } ++ + if err := parent.start(); err != nil { + printCgroupInfo(c.config.Cgroups.Path) + // terminate the process to ensure that it properly is reaped. +@@ -408,6 +420,9 @@ func (c *linuxContainer) newParentProcess(p *Process) (parentProcess, error) { + if err != nil { + return nil, newSystemErrorWithCause(err, "creating new init pipe") + } ++ if err := logs.InitLogPipe(); err != nil { ++ return nil, fmt.Errorf("Unable to create the log pipe: %s", err) ++ } + cmd, err := c.commandTemplate(p, childPipe) + if err != nil { + return nil, newSystemErrorWithCause(err, "creating new command template") +@@ -450,6 +465,12 @@ func (c *linuxContainer) commandTemplate(p *Process, childPipe *os.File) (*exec. + cmd.Env = append(cmd.Env, + fmt.Sprintf("_LIBCONTAINER_INITPIPE=%d", stdioFdCount+len(cmd.ExtraFiles)-1), + ) ++ ++ cmd.ExtraFiles = append(cmd.ExtraFiles, logs.ChildLogPipe) ++ cmd.Env = append(cmd.Env, ++ fmt.Sprintf("_LIBCONTAINER_LOGPIPE=%d", stdioFdCount+len(cmd.ExtraFiles)-1), ++ ) ++ + // NOTE: when running a container with no PID namespace and the parent process spawning the container is + // PID1 the pdeathsig is being delivered to the container's init process by the kernel for some reason + // even with the parent still running. +diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go +index fe9ce24..e4ef518 100644 +--- a/libcontainer/factory_linux.go ++++ b/libcontainer/factory_linux.go +@@ -4,15 +4,15 @@ package libcontainer + + import ( + "encoding/json" ++ "errors" + "fmt" ++ "io/ioutil" + "os" + "path/filepath" + "regexp" + "runtime/debug" + "strconv" + "syscall" +- "io/ioutil" +- "errors" + + "github.com/docker/docker/pkg/mount" + "github.com/opencontainers/runc/libcontainer/cgroups" +@@ -281,6 +281,11 @@ func (l *LinuxFactory) StartInitialization() (err error) { + defer consoleSocket.Close() + } + ++ logPipeFd, err2 := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) ++ if err2 != nil { ++ logPipeFd = 0 ++ } ++ + // clear the current process's environment to clean any libcontainer + // specific env vars. + os.Clearenv() +@@ -303,7 +308,7 @@ func (l *LinuxFactory) StartInitialization() (err error) { + } + }() + +- i, err := newContainerInit(it, pipe, consoleSocket, rootfd) ++ i, err := newContainerInit(it, pipe, consoleSocket, rootfd, logPipeFd) + if err != nil { + return err + } +@@ -346,7 +351,7 @@ func (l *LinuxFactory) updateStateCapabilites(compatState *CompatState, configPa + var memSize int64 = int64(memorySwappiness) + if memSize < 0 { + memSize = 0 +- var memUSize uint64 = uint64(memSize-1) ++ var memUSize uint64 = uint64(memSize - 1) + compatState.Config.Cgroups.MemorySwappiness = &memUSize + needUpdate = true + } +diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go +index ee632b4..e9a83e9 100644 +--- a/libcontainer/init_linux.go ++++ b/libcontainer/init_linux.go +@@ -66,7 +66,7 @@ type initer interface { + Init() error + } + +-func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, stateDirFD int) (initer, error) { ++func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, stateDirFD, logFd int) (initer, error) { + var config *initConfig + if err := json.NewDecoder(pipe).Decode(&config); err != nil { + return nil, err +@@ -81,6 +81,7 @@ func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, stateDi + pipe: pipe, + consoleSocket: consoleSocket, + config: config, ++ logFd: logFd, + }, nil + case initStandard: + return &linuxStandardInit{ +@@ -89,6 +90,7 @@ func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, stateDi + parentPid: syscall.Getppid(), + config: config, + stateDirFD: stateDirFD, ++ logFd: logFd, + }, nil + } + return nil, fmt.Errorf("unknown init type %q", t) +diff --git a/libcontainer/logs/logs.go b/libcontainer/logs/logs.go +new file mode 100644 +index 0000000..408a148 +--- /dev/null ++++ b/libcontainer/logs/logs.go +@@ -0,0 +1,68 @@ ++package logs ++ ++import ( ++ "bufio" ++ "encoding/json" ++ "os" ++ ++ "github.com/Sirupsen/logrus" ++) ++ ++var ( ++ ParentLogPipe *os.File ++ ChildLogPipe *os.File ++) ++ ++func InitLogPipe() error { ++ var err error ++ if ParentLogPipe == nil { ++ ParentLogPipe, ChildLogPipe, err = os.Pipe() ++ } ++ return err ++} ++ ++func CloseChild() { ++ if ChildLogPipe != nil { ++ ChildLogPipe.Close() ++ ChildLogPipe = nil ++ } ++} ++ ++func ForwardLogs() chan error { ++ done := make(chan error, 1) ++ if ParentLogPipe == nil { ++ close(done) ++ return done ++ } ++ ++ s := bufio.NewScanner(ParentLogPipe) ++ go func() { ++ for s.Scan() { ++ processEntry(s.Bytes()) ++ } ++ if err := ParentLogPipe.Close(); err != nil { ++ logrus.Errorf("error closing log source: %v", err) ++ } ++ // The only error we want to return is when reading from ++ // logPipe has failed. ++ done <- s.Err() ++ close(done) ++ }() ++ ++ return done ++} ++ ++func processEntry(text []byte) { ++ if len(text) == 0 { ++ return ++ } ++ var jl struct { ++ Level string `json:"level"` ++ Msg string `json:"msg"` ++ } ++ if err := json.Unmarshal(text, &jl); err != nil { ++ logrus.Errorf("failed to decode %q to json: %v", text, err) ++ return ++ } ++ logrus.Infof("log from child: %s", jl.Msg) ++} +diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c +index 4f73b1a..0075b6e 100644 +--- a/libcontainer/nsenter/nsexec.c ++++ b/libcontainer/nsenter/nsexec.c +@@ -77,6 +77,8 @@ struct nlconfig_t { + size_t oom_score_adj_len; + }; + ++int logfd; ++ + /* + * List of netlink message types sent to us as part of bootstrapping the init. + * These constants are defined in libcontainer/message_linux.go. +@@ -111,6 +113,26 @@ int setns(int fd, int nstype) + } + #endif + ++void write_log_with_info(const char *level, const char *function, int line, const char *format, ...) ++{ ++ static char message[1024]; ++ va_list args; ++ ++ if (logfd < 0 || level == NULL) ++ return; ++ ++ va_start(args, format); ++ if (vsnprintf(message, 1024, format, args) < 0) ++ return; ++ va_end(args); ++ ++ if (dprintf(logfd, "{\"level\":\"%s\", \"msg\": \"%s:%d %s\"}\n", level, function, line, message) < 0) ++ return; ++} ++ ++#define logerr(fmt, ...) \ ++ write_log_with_info("error", __FUNCTION__, __LINE__, fmt, ##__VA_ARGS__) ++ + /* XXX: This is ugly. */ + static int syncfd = -1; + +@@ -118,13 +140,13 @@ static int syncfd = -1; + #define bail(fmt, ...) \ + do { \ + int ret = __COUNTER__ + 1; \ +- fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__); \ ++ logerr("nsenter: " fmt ": %m", ##__VA_ARGS__); \ + if (syncfd >= 0) { \ + enum sync_t s = SYNC_ERR; \ + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) \ +- fprintf(stderr, "nsenter: failed: write(s)"); \ ++ logerr("nsenter: failed: write(s)"); \ + if (write(syncfd, &ret, sizeof(ret)) != sizeof(ret)) \ +- fprintf(stderr, "nsenter: failed: write(ret)"); \ ++ logerr("nsenter: failed: write(ret)"); \ + } \ + exit(ret); \ + } while(0) +@@ -259,6 +281,24 @@ static int initpipe(void) + return pipenum; + } + ++static void setup_logpipe(void) ++{ ++ char *logpipe, *endptr; ++ ++ logpipe = getenv("_LIBCONTAINER_LOGPIPE"); ++ if (logpipe == NULL || *logpipe == '\0') { ++ logfd = -1; ++ return; ++ } ++ ++ logfd = strtol(logpipe, &endptr, 10); ++ if (logpipe == endptr || *endptr != '\0') { ++ fprintf(stderr, "unable to parse _LIBCONTAINER_LOGPIPE, value: %s\n", logpipe); ++ /* It is too early to use bail */ ++ exit(1); ++ } ++} ++ + /* Returns the clone(2) flag for a namespace, given the name of a namespace. */ + static int nsflag(char *name) + { +@@ -442,6 +482,12 @@ void nsexec(void) + int sync_child_pipe[2], sync_grandchild_pipe[2]; + struct nlconfig_t config = {0}; + ++ /* ++ * Setup a pipe to send logs to the parent. This should happen ++ * first, because bail will use that pipe. ++ */ ++ setup_logpipe(); ++ + /* + * If we don't have an init pipe, just return to the go routine. + * We'll only get an init pipe for start or exec. +diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go +index 25fe30b..5cdc30c 100644 +--- a/libcontainer/process_linux.go ++++ b/libcontainer/process_linux.go +@@ -16,6 +16,7 @@ import ( + "github.com/Sirupsen/logrus" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" ++ "github.com/opencontainers/runc/libcontainer/logs" + "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/utils" + "golang.org/x/sys/unix" +@@ -73,6 +74,7 @@ func (p *setnsProcess) start() (err error) { + defer p.parentPipe.Close() + err = p.cmd.Start() + p.childPipe.Close() ++ logs.CloseChild() + if err != nil { + return newSystemErrorWithCause(err, "starting setns process") + } +@@ -135,7 +137,7 @@ func (p *setnsProcess) execSetns() error { + } + if !status.Success() { + p.cmd.Wait() +- return newSystemError(&exec.ExitError{ProcessState: status}) ++ return newSystemErrorWithCause(&exec.ExitError{ProcessState: status}, "getting setns process status") + } + var pid *pid + if err := json.NewDecoder(p.parentPipe).Decode(&pid); err != nil { +@@ -222,16 +224,16 @@ func (p *initProcess) execSetns() error { + status, err := p.cmd.Process.Wait() + if err != nil { + p.cmd.Wait() +- return err ++ return newSystemErrorWithCause(err, "waiting on setns process to finish") + } + if !status.Success() { + p.cmd.Wait() +- return &exec.ExitError{ProcessState: status} ++ return newSystemErrorWithCause(&exec.ExitError{ProcessState: status}, "getting setns process status") + } + var pid *pid + if err := json.NewDecoder(p.parentPipe).Decode(&pid); err != nil { + p.cmd.Wait() +- return err ++ return newSystemErrorWithCause(err, "reading pid from init pipe") + } + + // Clean up the zombie parent process +@@ -256,6 +258,7 @@ func (p *initProcess) start() error { + p.process.ops = p + p.childPipe.Close() + p.rootDir.Close() ++ logs.CloseChild() + if err != nil { + p.process.ops = nil + return newSystemErrorWithCause(err, "starting init process command") +diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go +index 48cc0ae..e6dfbba 100644 +--- a/libcontainer/setns_init_linux.go ++++ b/libcontainer/setns_init_linux.go +@@ -5,6 +5,7 @@ package libcontainer + import ( + "fmt" + "os" ++ "syscall" + + "github.com/opencontainers/runc/libcontainer/apparmor" + "github.com/opencontainers/runc/libcontainer/keys" +@@ -19,6 +20,7 @@ type linuxSetnsInit struct { + pipe *os.File + consoleSocket *os.File + config *initConfig ++ logFd int + } + + func (l *linuxSetnsInit) getSessionRingName() string { +@@ -59,5 +61,9 @@ func (l *linuxSetnsInit) Init() error { + if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil { + return err + } ++ if l.logFd != 0 { ++ syscall.Close(l.logFd) ++ } ++ + return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ()) + } +diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go +index b985180..b4945c3 100644 +--- a/libcontainer/standard_init_linux.go ++++ b/libcontainer/standard_init_linux.go +@@ -27,6 +27,7 @@ type linuxStandardInit struct { + parentPid int + stateDirFD int + config *initConfig ++ logFd int + } + + func (l *linuxStandardInit) getSessionRingParams() (string, uint32, uint32) { +@@ -181,6 +182,10 @@ func (l *linuxStandardInit) Init() error { + // close the pipe to signal that we have completed our init. + l.pipe.Close() + ++ if l.logFd != 0 { ++ syscall.Close(l.logFd) ++ } ++ + // wait for the fifo to be opened on the other side before + // exec'ing the users process. + ch := make(chan Error, 1) +@@ -222,13 +227,18 @@ func (l *linuxStandardInit) Init() error { + } + + func printCgroupInfo(path string) { ++ cgroupRoot := "/sys/fs/cgroup" + infoFileList := []string{ + "/proc/meminfo", + "/sys/fs/cgroup/memory/memory.stat", +- filepath.Join("/sys/fs/cgroup/files", path, "/files.limit"), +- filepath.Join("/sys/fs/cgroup/files", path, "/files.usage"), +- filepath.Join("/sys/fs/cgroup/memory", path, "/memory.stat"), +- filepath.Join("/sys/fs/cgroup/cpu", path, "/cpu.stat"), ++ filepath.Join(cgroupRoot, "files", path, "files.limit"), ++ filepath.Join(cgroupRoot, "files", path, "files.usage"), ++ filepath.Join(cgroupRoot, "pids", path, "pids.max"), ++ filepath.Join(cgroupRoot, "pids", path, "pids.current"), ++ filepath.Join(cgroupRoot, "memory", path, "memory.usage_in_bytes"), ++ filepath.Join(cgroupRoot, "memory", path, "memory.limit_in_bytes"), ++ filepath.Join(cgroupRoot, "memory", path, "memory.stat"), ++ filepath.Join(cgroupRoot, "cpu", path, "cpu.stat"), + } + for _, file := range infoFileList { + printFileContent(file) +diff --git a/main.go b/main.go +index 0476242..4141ec5 100644 +--- a/main.go ++++ b/main.go +@@ -10,7 +10,7 @@ import ( + "time" + + "github.com/Sirupsen/logrus" +- "github.com/Sirupsen/logrus/hooks/syslog" ++ logrus_syslog "github.com/Sirupsen/logrus/hooks/syslog" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/urfave/cli" + ) +@@ -118,6 +118,10 @@ func main() { + updateCommand, + } + app.Before = func(context *cli.Context) error { ++ if logrus.StandardLogger().Out != logrus.New().Out { ++ return nil ++ } ++ + if path := context.GlobalString("log"); path != "" { + f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND|os.O_SYNC, 0666) + if err != nil { +diff --git a/main_unix.go b/main_unix.go +index 56904e0..0479949 100644 +--- a/main_unix.go ++++ b/main_unix.go +@@ -6,7 +6,9 @@ import ( + "fmt" + "os" + "runtime" ++ "strconv" + ++ "github.com/Sirupsen/logrus" + "github.com/opencontainers/runc/libcontainer" + _ "github.com/opencontainers/runc/libcontainer/nsenter" + "github.com/urfave/cli" +@@ -16,6 +18,15 @@ func init() { + if len(os.Args) > 1 && os.Args[1] == "init" { + runtime.GOMAXPROCS(1) + runtime.LockOSThread() ++ ++ if initType := os.Getenv("_LIBCONTAINER_INITTYPE"); initType == "setns" { ++ logPipeFd, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) ++ if err != nil { ++ return ++ } ++ logrus.SetOutput(os.NewFile(uintptr(logPipeFd), "logpipe")) ++ logrus.SetFormatter(new(logrus.JSONFormatter)) ++ } + } + } + +-- +2.30.0 + diff --git a/runc-openeuler.spec b/runc-openeuler.spec index 9f143a99d7bcaa33919c8201ec8643b675dbdd10..00998ff78e66ff99775c2c8494129f007fccf907 100644 --- a/runc-openeuler.spec +++ b/runc-openeuler.spec @@ -2,7 +2,7 @@ Name: docker-runc Version: 1.0.0.rc3 -Release: 205 +Release: 206 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog +* Wed Sep 21 2022 zhongjiawei - 1.0.0.rc3-206 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify Makefile and add logs + * Tue Aug 9 2022 zhongjiawei - 1.0.0.rc3-205 - Type:bugfix - CVE:NA diff --git a/series.conf b/series.conf index 3c16f4299671591e823e3051ce86048d6042e93d..af420f278d55172bf8fb445a2e761fd143ba031f 100644 --- a/series.conf +++ b/series.conf @@ -120,3 +120,5 @@ 0126-runc-add-mount-destination-validation-fix-CVE-2021.patch 0127-runc-fix-systemd-cgroup-after-memory-type-changed.patch 0128-runc-fix-CVE-2022-29162.patch +0129-runc-Makefile-modify.patch +0130-runc-add-logs.patch