From 2dfb7c02b16471c23ef8d0c8b0ede686560e4d2c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 Nov 2018 11:31:56 +0100 Subject: Dockerfile, .cirrus.yml: update runc commit we need to inherit this change from runc. commit 869add33186caff4a22e3e11a7472a2d48d77889: rootless: fix running with /proc/self/setgroups set to deny This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b when the user namespace was configured without a privileged helper. To allow a single mapping in an user namespace, it is necessary to set /proc/self/setgroups to "deny". For a simple reproducer, the user namespace can be created with "unshare -r". Signed-off-by: Giuseppe Scrivano --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Dockerfile') diff --git a/Dockerfile b/Dockerfile index 3eb7b0a07..e1d7b4649 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,7 +52,7 @@ ADD . /go/src/github.com/containers/libpod RUN set -x && cd /go/src/github.com/containers/libpod && make install.libseccomp.sudo # Install runc -ENV RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d +ENV RUNC_COMMIT 869add33186caff4a22e3e11a7472a2d48d77889 RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ -- cgit v1.2.3-54-g00ecf