From ec5c9e06e39a4e6d29700f4ca5376773fae57fa0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 21:52:50 +0100 Subject: [PATCH] Dockerfile: update runc binary to v1.2.3 This is the third patch release of the 1.2.z release branch of runc. It primarily fixes some minor regressions introduced in 1.2.0. - Fixed a regression in use of securejoin.MkdirAll, where multiple runc processes racing to create the same mountpoint in a shared rootfs would result in spurious EEXIST errors. In particular, this regression caused issues with BuildKit. - Fixed a regression in eBPF support for pre-5.6 kernels after upgrading Cilium's eBPF library version to 0.16 in runc. full diff: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3 release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.3 Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- hack/dockerfile/install/runc.installer | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1d22228906..3129efe8bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -290,7 +290,7 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc. # that is used. If you need to update runc, open a pull request in the containerd # project first, and update both after that is merged. When updating RUNC_VERSION, # consider updating runc in vendor.mod accordingly. -ARG RUNC_VERSION=v1.2.2 +ARG RUNC_VERSION=v1.2.3 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD FROM base AS runc-build diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer index 34de2598b7..f41a2eff15 100755 --- a/hack/dockerfile/install/runc.installer +++ b/hack/dockerfile/install/runc.installer @@ -9,7 +9,7 @@ set -e # the containerd project first, and update both after that is merged. # # When updating RUNC_VERSION, consider updating runc in vendor.mod accordingly -: "${RUNC_VERSION:=v1.2.2}" +: "${RUNC_VERSION:=v1.2.3}" install_runc() { RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"