Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump runc from v1.1.13 to v1.2.4 #171

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump runc from v1.1.13 to v1.2.4 #171

wants to merge 1 commit into from

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Sep 25, 2024
edited
Loading

v1.2.4

URL: Release v1.2.4

Description:

This is the fourth patch release of the 1.2.z release branch of runc. It
includes a fix for a regression introduced in 1.2.0 related to the
default device list.

  • Re-add tun/tap devices to built-in allowed devices lists.

    In runc 1.2.0 we removed these devices from the default allow-list
    (which were added seemingly by accident early in Docker's history) as
    a precaution in order to try to reduce the attack surface of device
    inodes available to most containers (#3468). At the time we thought
    that the vast majority of users using tun/tap would already be
    specifying what devices they need (such as by using --device with
    Docker/Podman) as opposed to doing the mknod manually, and thus
    there would've been no user-visible change.

    Unfortunately, it seems that this regressed a noticeable number of
    users (and not all higher-level tools provide easy ways to specify
    devices to allow) and so this change needed to be reverted. Users
    that do not need these devices are recommended to explicitly disable
    them by adding deny rules in their container configuration. (#4555,

Show more

#4556)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Commits
  • 6c52b3f VERSION: release v1.2.4
  • 5243eba Merge pull request #4556 from cyphar/1.2-readd-tuntap
  • 33ed43b [1.2] Re-add tun/tap to default device rules
  • 2dec17d Merge pull request #4554 from kolyshkin/1.2-4553
  • e9c9dad keyring: update @kolyshkin key expiry

@github-actions github-actions bot force-pushed the update-dependency-runc branch from 50dfaed to beb0c98 Compare September 25, 2024 14:31
@github-actions github-actions bot force-pushed the update-dependency-runc branch from beb0c98 to 9ff35bb Compare September 30, 2024 03:19
@github-actions github-actions bot force-pushed the update-dependency-runc branch from 9ff35bb to d51a452 Compare October 14, 2024 03:18
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.1.14 Bump runc from v1.1.13 to v1.1.15 Oct 14, 2024
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.1.15 Bump runc from v1.1.13 to v1.2.0 Oct 28, 2024
@github-actions github-actions bot force-pushed the update-dependency-runc branch from d51a452 to 3e90749 Compare October 28, 2024 03:19
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.2.0 Bump runc from v1.1.13 to v1.2.1 Nov 4, 2024
@github-actions github-actions bot force-pushed the update-dependency-runc branch from 3e90749 to 9717179 Compare November 4, 2024 03:19
@github-actions github-actions bot force-pushed the update-dependency-runc branch from 9717179 to 3d83910 Compare November 18, 2024 03:24
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.2.1 Bump runc from v1.1.13 to v1.2.2 Nov 18, 2024
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.2.2 Bump runc from v1.1.13 to v1.2.3 Dec 16, 2024
@github-actions github-actions bot force-pushed the update-dependency-runc branch from 3d83910 to d65cf4a Compare December 16, 2024 03:31
@github-actions github-actions bot changed the title Bump runc from v1.1.13 to v1.2.3 Bump runc from v1.1.13 to v1.2.4 Jan 13, 2025
@github-actions github-actions bot force-pushed the update-dependency-runc branch from d65cf4a to 1bdf1ec Compare January 13, 2025 03:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants