ibuildthecloud
commented
5 years ago @steved Thanks for this. Let me review and see if we can release this quickly.
Closed steved closed 5 years ago
ibuildthecloud
commented
5 years ago @steved Thanks for this. Let me review and see if we can release this quickly.
We have some hosts that are pre-memfd_create backport versions of kernel 3.x still. The upstream runc patch has support for using a tempfile instead of memfd, which I backported here. I also added a macro to be able to explicitly toggle so that binaries can be created with that feature explicitly off.
https://github.com/rancher/runc-cve/compare/release-v1.12.6...steved:release-v1.12.6 https://github.com/rancher/runc-cve/compare/release-v1.13.1...steved:release-v1.13.1 https://github.com/rancher/runc-cve/compare/release-v17.03.2...steved:release-v17.03.2 https://github.com/rancher/runc-cve/compare/release-v17.06.2...steved:release-v17.06.2 https://github.com/rancher/runc-cve/compare/release-v17.09.1...steved:release-v17.09.1 https://github.com/rancher/runc-cve/compare/release-v17.12.1...steved:release-v17.12.1 https://github.com/rancher/runc-cve/compare/release-v18.03.1...steved:release-v18.03.1 https://github.com/rancher/runc-cve/compare/release-v18.06.1...steved:release-v18.06.1