runc:fix CVE-2024-3154
Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
This commit is contained in:
zhongjiawei
parent
8d08b8b575
commit
4f785bbeec
@ -1 +1 @@
|
||||
8fc687c6fb64e110866466035e90c718d58f2c7f
|
||||
d40eb8bbaaf0365a8d2468625474125181b65c83
|
||||
|
||||
47
patch/0039-runc-fix-CVE-2024-3154.patch
Normal file
47
patch/0039-runc-fix-CVE-2024-3154.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 3107921b5e32c860e476fe413dcd70174dd38401 Mon Sep 17 00:00:00 2001
|
||||
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||
Date: Thu, 23 May 2024 19:15:34 +0800
|
||||
Subject: [PATCH] features: implement returning
|
||||
potentiallyUnsafeConfigAnnotations list
|
||||
|
||||
---
|
||||
features.go | 5 +++++
|
||||
types/features/features.go | 6 ++++++
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/features.go b/features.go
|
||||
index c9cd15c..7f76e7a 100644
|
||||
--- a/features.go
|
||||
+++ b/features.go
|
||||
@@ -55,6 +55,11 @@ var featuresCommand = cli.Command{
|
||||
Enabled: &tru,
|
||||
},
|
||||
},
|
||||
+ PotentiallyUnsafeConfigAnnotations: []string{
|
||||
+ "bundle",
|
||||
+ "org.systemd.property.", // prefix form
|
||||
+ "org.criu.config",
|
||||
+ },
|
||||
}
|
||||
|
||||
if seccomp.Enabled {
|
||||
diff --git a/types/features/features.go b/types/features/features.go
|
||||
index c6269ca..8b467f7 100644
|
||||
--- a/types/features/features.go
|
||||
+++ b/types/features/features.go
|
||||
@@ -25,6 +25,12 @@ type Features struct {
|
||||
// Annotations contains implementation-specific annotation strings,
|
||||
// such as the implementation version, and third-party extensions.
|
||||
Annotations map[string]string `json:"annotations,omitempty"`
|
||||
+
|
||||
+ // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations
|
||||
+ // that may appear in `config.json`.
|
||||
+ //
|
||||
+ // A value that ends with "." is interpreted as a prefix of annotations.
|
||||
+ PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"`
|
||||
}
|
||||
|
||||
// Linux is specific to Linux.
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: runc
|
||||
Version: 1.1.8
|
||||
Release: 13
|
||||
Release: 14
|
||||
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
|
||||
|
||||
License: ASL 2.0
|
||||
@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
|
||||
%{_bindir}/runc
|
||||
|
||||
%changelog
|
||||
* Fri May 24 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-14
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-3154
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-3154
|
||||
|
||||
* Thu Feb 22 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-13
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
@ -35,3 +35,4 @@ patch/0035-runc-Fix-undefined-behavior.patch
|
||||
patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch
|
||||
patch/0037-runc-fix-CVE-2024-21626.patch
|
||||
patch/0038-runc-check-cmd-exist.patch
|
||||
patch/0039-runc-fix-CVE-2024-3154.patch
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user