From acbad31dcd022ddd6ea73187c0d85ad0af6476bb Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 10 Jan 2017 17:50:43 -0800 Subject: [PATCH] vendor: update runc to 2f7393a4 Signed-off-by: Tonis Tiigi --- hack/dockerfile/binaries-commits | 2 +- vendor.conf | 2 +- .../opencontainers/runc/libcontainer/nsenter/nsexec.c | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) mode change 100644 => 100755 hack/dockerfile/binaries-commits diff --git a/hack/dockerfile/binaries-commits b/hack/dockerfile/binaries-commits old mode 100644 new mode 100755 index 0e9611209a..80185a2228 --- a/hack/dockerfile/binaries-commits +++ b/hack/dockerfile/binaries-commits @@ -1,7 +1,7 @@ #!/bin/sh TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a -RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7 +RUNC_COMMIT=2f7393a47307a16f8cee44a37b262e8b81021e3e CONTAINERD_COMMIT=03e5862ec0d8d3b3f750e19fca3ee367e13c090e TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574 LIBNETWORK_COMMIT=0f534354b813003a754606689722fe253101bc4e diff --git a/vendor.conf b/vendor.conf index afb4d44f0a..4474736760 100644 --- a/vendor.conf +++ b/vendor.conf @@ -59,7 +59,7 @@ github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f github.com/docker/go v1.5.1-1-1-gbaf439e github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c -github.com/opencontainers/runc 51371867a01c467f08af739783b8beafc15 # libcontainer +github.com/opencontainers/runc 2f7393a47307a16f8cee44a37b262e8b81021e3e https://github.com/docker/runc.git # libcontainer github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c index c80f8e600f..5b680d0ba9 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c +++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c @@ -435,6 +435,11 @@ void nsexec(void) if (pipenum == -1) return; + /* make the process non-dumpable */ + if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) { + bail("failed to set process as non-dumpable"); + } + /* Parse all of the netlink configuration. */ nl_parse(pipenum, &config);