crun-1.6-bp155.1.6 RPM for ppc64le

From OpenSuSE Leap 15.5 for ppc64le

crun is a runtime for running OCI containers. It is built with libkrun support

Provides

• crun
• crun(ppc-64)

Requires

• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.27)(64bit)
• libc.so.6(GLIBC_2.28)(64bit)
• libcap.so.2()(64bit)
• libcriu.so.2()(64bit)
• libdl.so.2()(64bit)
• libdl.so.2(GLIBC_2.17)(64bit)
• libseccomp.so.2()(64bit)
• libsystemd.so.0()(64bit)
• libsystemd.so.0(LIBSYSTEMD_209)(64bit)
• libsystemd.so.0(LIBSYSTEMD_221)(64bit)
• libsystemd.so.0(LIBSYSTEMD_237)(64bit)
• libsystemd.so.0(LIBSYSTEMD_246)(64bit)
• libyajl.so.2()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1

License

GPL-2.0-or-later

Changelog

* Thu Sep 29 2022 Dario Faggioli <dfaggioli@suse.com>
  - Update to 1.6
    * runc compatibility: -v now prints the version string.
    * build: fix build with glibc 2.36.
    * container: drop intermediate userns custom feature.
    * cgroup: change the delegate cgroup semantic so that the cgroup
      is created in the container payload after the cgroup namespace
      is created.
    * seccomp: use helper process to send file descriptor to the listener
      socket. It enables to be notified on every syscall without hanging
      the main process.
    * linux: add a fallback to using kill(2) if pidfd_send_signal(2)
      fails with ENOSYS.
    * krun: add support for krun-sev.
    * wasmtime: always grant file system capability for workdir inside
      the container.
    * wasmtime: inherit arguments list from the handler instead of the
      current process.
    * wasmedge: use released wasmedge library instead of libwasmedge_c.so.
  - Update to 1.5
    * add mono based native .NET handler
    * new Wasmtime backend for running WebAssembly
    * add support for wasmedge 0.10 and dropping support for wasmedge 0.9.x
    * dropping support for experimental WasmEdgeProcess from wasmedge handler
    * honor process user's uid when setting the HOME environment variable
    * create the current working directory if it is missing in the container
    * fallback to using a tmpfs mount if umount of /sys and /proc fails
    * fallback to netlink to setup lo device
    * fix creating devices in the rootfs
    * fallback to using io.weight if io.bfq.weight doesn't exist
    * remove tun/tap from the default allow list
    * linux: devices mounts have noexec and nosuid
    * fix copyup of files from the container to the tmpfs
    * honor $PATH for newgidmap and newguidmap
    * krun: limit the number of vCPUs to 8
    * cgroup: add support for cpu.idle
* Mon May 09 2022 Frederic Crozat <fcrozat@suse.com>
  - Update to 1.4.5:
    + CRIU: add support for different manage cgroups modes.
    + linux: the hook processes inherit the crun process
      environment if there is no environment block specified in the
      OCI configuration.
    ° exec: fix double free when using --apparmor and
    - -process-label.
* Tue Apr 12 2022 Dario Faggioli <dfaggioli@suse.com>
  - It'd be nice to run the test suite with %check. It however, still
    does not work properly inside OBS workers. Add it commented and
    explain it
* Tue Apr 12 2022 Dario Faggioli <dfaggioli@suse.com>
  - switch to latest upstream version (1.4.4)
  - big jump from 0.21! Here's a short summary, for details,
    see: https://github.com/containers/crun/releases
    * 1.4.4
      wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
      Resolve symlinks in bind mounts when creating a user namespace.
      Fix CVE-2022-27650: exec does not set inheritable capabilities.
    * 1.4.3
      cgroup: avoid potential infinite loop when deleting a cgroup.
      support additional options for idmap mounts.
      open the source for a bind mount in the host.
    * 1.4.2
      CRIU: add pre-dump support.
      Fix running with a read-only /dev.
      Ignore EROFS when chowning standard stream files.
      Add validation for sysctls before applying them.
    * 1.4.1
      Fix check for an invalid path.
      Allow deleting a container while in created state.
      cgroup: do not set cpu limits if number of shares is set to 0.
    * 1.4
      wasm: support for running on kubernetes with containerd.
      linux: add support for recursive mount options.
      add support for idmapped mounts through a new mount option "idmap".
      linux: improve detection of /dev target.
      now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2.
      retry the openat2 syscall if it fails with EAGAIN.
      cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup.
      on new kernels, use setns with pidfd.
      attempt the chdir again with the specified user if it failed before changing credentials.
    * 1.3
      add support to natively build and run WebAssembly workload and WebAssembly containers.
      allow to specify sub-cgroup for exec.
      chown std streams if they are not a TTY.
      attach the correct streams if the container is suspended and restored multiple times.
      fix race condition when enabling controllers on cgroup v2.
    * 1.2
      exec: fix regression in 1.1 where containers are being wrongly reported as paused.
      criu: add support for external ipc, uts and time namespaces.
    * 1.1
      cgroup: use cgroup.kill when available.
      exec: refuse to exec in a paused container/cgroup.
      container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing.
      criu: Add support for external PID namespace.
      criu: fix save of external descriptors.
      utils: retry openat2 on EAGAIN.
    * 1.0
      cgroup: chown the current container cgroup to root in the container.
      linux: treat pidfd_open failures EINVAL as ESRCH.
      cgroup: add support for setting memory.use_hierarchy on cgroup v1.
      Makefile.am: fix link error when using directly libcrun.
      Fix symlink target mangling for tmpcopyup targets.
  - fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself)
  - update and fixup dependencies
* Tue Nov 02 2021 Dario Faggioli <dfaggioli@suse.com>
  - Add libprotobuf-c-devel as an explicit dependency, for fixing
    the build;
  - Get rid of rpmlintrc, as it's no longer needed.
* Mon Aug 23 2021 Dario Faggioli <dfaggioli@suse.com>
  - make libkrun support conditional, so we can have crun (without
    libkrun, of course) on all arches, which may help with
    bsc#1188914.
* Fri Aug 06 2021 Frederic Crozat <fcrozat@suse.com>
  - Drop libkrun-dlopen.patch and adapt to libkrun new package name,
    it is a plugin, not a regular shared library.
* Fri Aug 06 2021 Frederic Crozat <fcrozat@suse.com>
  - Add libkrun-dlopen.patch: use soname when dlopening libkrun.
* Wed Jul 28 2021 Paolo Stivanin <info@paolostivanin.com>
  - Update to 0.21
    - honor memory swappiness set to 0
    - status: add fields for owner and created timestamp
    - cgroup: lookup pids controller as well when the memory controller
      is not available
    - when compiled with krun, automatically use it if the current
      executable file is called "krun".
    - container: ignore error when resetting the SELinux label for the
      keyring.
    - container: call prestart hooks before rootfs is RO.
    - cgroup: added support cleaning custom controllers on cgroupv1.
    - spec: add support for --bundle.
    - exec: add --no-new-privs.
    - exec: add --process-label and --apparmor to change SELinux and
      AppArmor labels.
    - cgroup: kill procs in cgroup on EBUSY.
    - cgroup: ignore devices errors when running in a user namespace.
    - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
    - seccomp: report correct action in error message.
    - apply SELinux label to keyring.
    - add custom annotation run.oci.delegate-cgroup.
    - close_range fallbacks to close on EPERM.
    - report error if the cgroup path was set and the cgroup could not be
      joined.
    - on exec, honor additional_gids from the process spec, not the
      container definition.
    - spec: add cgroup ns if on cgroup v2.
    - systemd: support array of strings for cgroup annotation.
    - join all the cgroup v1 controllers.
    - raise a warning when newuidmap/newgidmap fail.
    - handle eBPF access(dev_name, F_OK) call correctly.
    - fix some memory leaks on errors when libcrun is used by a long
      running process.
    - fix the SELinux label for masked directories.
    - support default seccomp errno value.
    - fail if no default seccomp action specified.
    - support OCI seccomp notify listener.
    - improve OOM error messages.
    - ignore unknown capabilities and raise a warning.
    - always remount bind mounts to drop not requested mount flags.
* Tue Mar 23 2021 Dario Faggioli <dfaggioli@suse.com>
  - Add a mention to crun-rpmlintrc in the spec file
* Fri Mar 19 2021 Dario Faggioli <dfaggioli@suse.com>
  - Since we're building with libkrun support, let's enable only the
    arch-es for which we do have libkrun
* Sat Mar 13 2021 Dario Faggioli <dfaggioli@suse.com>
  - Suppress the (false positive) rpmlint warning
* Sat Mar 13 2021 Dario Faggioli <dfaggioli@suse.com>
  - Some fixes to the spec file (add some %doc, remove unused macros, etc)
* Thu Mar 11 2021 Dario Faggioli <dfaggioli@suse.com>
  - Initial package for 0.18
    Based on the package by Giuseppe Scrivano <gscrivan@redhat.com>

Files

/usr/bin/crun
/usr/share/doc/packages/crun
/usr/share/doc/packages/crun/README.md
/usr/share/doc/packages/crun/SECURITY.md
/usr/share/licenses/crun
/usr/share/licenses/crun/COPYING
/usr/share/man/man1/crun.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Mar 9 13:15:26 2025