release: / 1.1.1

Github source: f5fbbf1e or master branch

Patches runC to address a security vulnerability (CVE-2016-9962). Garden never runs user processes as pid 1 (which the mentioned exploit relies on) and enables apparmor (which prevents ptrace), but the patch also works around a kernel mis-ordering of operations that could very briefly expose an fd in a container.

Upload this release version to the Director:

$ bosh upload-release --sha1 6e50e37efbfbfcfa803d5d87a7a85a3073f69243

Modify deployment manifest to use this release in addition to any other used releases:

- name: garden-runc
  version: "1.1.1"

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 6e50e37efbfbfcfa803d5d87a7a85a3073f69243 release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O

# or with wget...
$ wget --content-disposition