p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update runc to 6635b4f (fix CVE-2019-5736)

Browse Source 
- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
  6635b4f0c6,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
  28a697cce3
  (NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f03698b69a7777b8d30b9c5897504f8704b87676)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: c7fca75c035ba0b750f46a9676a376f8e4409f15
Component: engine
This commit is contained in:
Sebastiaan van Stijn
2019-02-12 14:05:25 +01:00
parent 1f1e19daa1
commit c5e4f537fe
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/engine/hack/dockerfile/install/runc.installer
View File

@ -4,7 +4,7 @@
# The version of runc should match the version that is used by the containerd
# version that is used. If you need to update runc, open a pull request in
# the containerd project first, and update both after that is merged.
RUNC_COMMIT=96ec2177ae841256168fcf76954f7177af9446eb
RUNC_COMMIT=6635b4f0c6af3810594d2770f662f34ddc15b40d
install_runc() {
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting