From c5e4f537fed1588ca4025182abe2a34d1cef669b Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 12 Feb 2019 14:05:25 +0100
Subject: [PATCH] Update runc to 6635b4f (fix CVE-2019-5736)

- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
  https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
  https://github.com/opencontainers/runc/commit/28a697cce3e4f905dca700eda81d681a30eef9cd
  (NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f03698b69a7777b8d30b9c5897504f8704b87676)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: c7fca75c035ba0b750f46a9676a376f8e4409f15
Component: engine
---
 components/engine/hack/dockerfile/install/runc.installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/dockerfile/install/runc.installer b/components/engine/hack/dockerfile/install/runc.installer
index c6d28982f4..7b9548b527 100755
--- a/components/engine/hack/dockerfile/install/runc.installer
+++ b/components/engine/hack/dockerfile/install/runc.installer
@@ -4,7 +4,7 @@
 # The version of runc should match the version that is used by the containerd
 # version that is used. If you need to update runc, open a pull request in
 # the containerd project first, and update both after that is merged.
-RUNC_COMMIT=96ec2177ae841256168fcf76954f7177af9446eb
+RUNC_COMMIT=6635b4f0c6af3810594d2770f662f34ddc15b40d
 
 install_runc() {
 	# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting