Skip to content


You can find the source of this version on GitHub at cloudfoundry-incubator/guardian-release. It was created based on the commit f5fbbf1e.

Release Notes

Patches runC to address a security vulnerability (CVE-2016-9962). Garden never runs user processes as pid 1 (which the mentioned exploit relies on) and enables apparmor (which prevents ptrace), but the patch also works around a kernel mis-ordering of operations that could very briefly expose an fd in a container.


You can reference this release in your deployment manifest from the releases section:

- name: "garden-runc"
  version: "1.1.1"
  url: ""
  sha1: "51e30c6c80bb6a8bc247212bb37d0510a243d0af"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 51e30c6c80bb6a8bc247212bb37d0510a243d0af \