garden-runc/1.1.1
You can find the source of this version on GitHub at cloudfoundry/garden-runc-release. It was created based on the commit f5fbbf1e.
Release Notes¶
- Verified with grootfs-release v0.7.0
Patches runC to address a security vulnerability (CVE-2016-9962). Garden never runs user processes as pid 1 (which the mentioned exploit relies on) and enables apparmor (which prevents ptrace), but the patch also works around a kernel mis-ordering of operations that could very briefly expose an fd in a container.
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: garden-runc
version: "1.1.1"
url: "https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1"
sha1: sha256:
Or upload it to your director with the upload-release command:
bosh upload-release --sha1=sha256: \
"https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1"