Skip to content

garden-runc/1.1.1

You can find the source of this version on GitHub at cloudfoundry/garden-runc-release. It was created based on the commit f5fbbf1e.

Release Notes

Patches runC to address a security vulnerability (CVE-2016-9962). Garden never runs user processes as pid 1 (which the mentioned exploit relies on) and enables apparmor (which prevents ptrace), but the patch also works around a kernel mis-ordering of operations that could very briefly expose an fd in a container.

Usage

You can reference this release in your deployment manifest from the releases section:

- name: "garden-runc"
  version: "1.1.1"
  url: "https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1"
  sha1: "6e50e37efbfbfcfa803d5d87a7a85a3073f69243"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 6e50e37efbfbfcfa803d5d87a7a85a3073f69243 \
  "https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1"

Jobs

Packages