search

rancher / runc-cve

CVE patches for legacy runc packaged with Docker
70 stars 15 forks source link

patch for docker 17.3.02-ce on centos7.4 not working #15

Open luzhongming opened 5 years ago

luzhongming commented 5 years ago

OS: CentOS7.4 Kernel: 3.10.0-693.21.1.el7.x86_64 Docker version: Docker version 17.03.2-ce, build f5ec1e2 Patch package: runc-v17.03.2-amd64-no-memfd_create

After replacing the original docker-runc with runc-v17.03.2-amd64-no-memfd_create,trying to run a test container but failed:

docker run -it --rm busybox:latest echo ok

failed with following messages: docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:245: running exec setns process for init caused \"exit status 17\"".

revert the docker-runc to the original one no errors.

niusmallnan commented 5 years ago

@luzhongming Please try this: https://github.com/rancher/runc-cve/issues/10#issuecomment-463959258

4admin2root commented 5 years ago

the same for me with os: centos 7.2 kernel: 3.10.0-327.28.3.el7.x86_64

with centos 7.5, it works