runc:fix CVE-2024-3154
Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
This commit is contained in:
zhongjiawei
parent
8d08b8b575
commit
4f785bbeec
@ -1 +1 @@
|
|||||||
8fc687c6fb64e110866466035e90c718d58f2c7f
|
d40eb8bbaaf0365a8d2468625474125181b65c83
|
||||||
|
|||||||
47
patch/0039-runc-fix-CVE-2024-3154.patch
Normal file
47
patch/0039-runc-fix-CVE-2024-3154.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 3107921b5e32c860e476fe413dcd70174dd38401 Mon Sep 17 00:00:00 2001
|
||||||
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||||
|
Date: Thu, 23 May 2024 19:15:34 +0800
|
||||||
|
Subject: [PATCH] features: implement returning
|
||||||
|
potentiallyUnsafeConfigAnnotations list
|
||||||
|
|
||||||
|
---
|
||||||
|
features.go | 5 +++++
|
||||||
|
types/features/features.go | 6 ++++++
|
||||||
|
2 files changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/features.go b/features.go
|
||||||
|
index c9cd15c..7f76e7a 100644
|
||||||
|
--- a/features.go
|
||||||
|
+++ b/features.go
|
||||||
|
@@ -55,6 +55,11 @@ var featuresCommand = cli.Command{
|
||||||
|
Enabled: &tru,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
+ PotentiallyUnsafeConfigAnnotations: []string{
|
||||||
|
+ "bundle",
|
||||||
|
+ "org.systemd.property.", // prefix form
|
||||||
|
+ "org.criu.config",
|
||||||
|
+ },
|
||||||
|
}
|
||||||
|
|
||||||
|
if seccomp.Enabled {
|
||||||
|
diff --git a/types/features/features.go b/types/features/features.go
|
||||||
|
index c6269ca..8b467f7 100644
|
||||||
|
--- a/types/features/features.go
|
||||||
|
+++ b/types/features/features.go
|
||||||
|
@@ -25,6 +25,12 @@ type Features struct {
|
||||||
|
// Annotations contains implementation-specific annotation strings,
|
||||||
|
// such as the implementation version, and third-party extensions.
|
||||||
|
Annotations map[string]string `json:"annotations,omitempty"`
|
||||||
|
+
|
||||||
|
+ // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations
|
||||||
|
+ // that may appear in `config.json`.
|
||||||
|
+ //
|
||||||
|
+ // A value that ends with "." is interpreted as a prefix of annotations.
|
||||||
|
+ PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Linux is specific to Linux.
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: runc
|
Name: runc
|
||||||
Version: 1.1.8
|
Version: 1.1.8
|
||||||
Release: 13
|
Release: 14
|
||||||
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
|
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
|
|||||||
%{_bindir}/runc
|
%{_bindir}/runc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 24 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-14
|
||||||
|
- Type:CVE
|
||||||
|
- CVE:CVE-2024-3154
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2024-3154
|
||||||
|
|
||||||
* Thu Feb 22 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-13
|
* Thu Feb 22 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-13
|
||||||
- Type:bugfix
|
- Type:bugfix
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
@ -35,3 +35,4 @@ patch/0035-runc-Fix-undefined-behavior.patch
|
|||||||
patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch
|
patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch
|
||||||
patch/0037-runc-fix-CVE-2024-21626.patch
|
patch/0037-runc-fix-CVE-2024-21626.patch
|
||||||
patch/0038-runc-check-cmd-exist.patch
|
patch/0038-runc-check-cmd-exist.patch
|
||||||
|
patch/0039-runc-fix-CVE-2024-3154.patch
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user