Changelog for
cri-o-1.10.6-6.2.x86_64.rpm :
Tue Dec 18 13:00:00 2018 jmassaguerplaAATTsuse.com
- Update go requirements to >= go1.10.6 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during \"go get -u\"
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in \"go get\" via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
Wed Nov 7 13:00:00 2018 Valentin Rothberg
- Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd
and the upstream unit file.
Fix bsc#1112980
Tue Jul 10 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.10.6:
* mask /proc/{acpi,keys}
bsc#1100838
* fix race between container create and cadvisor asking for info
Mon Jul 2 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.10.5:
* Reduce amount of logs being printed by default
* Update to latest ocicni
Wed Jun 27 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.10.4:
* network: Fix manage NetworkNS lifecycle
* sandbox_run: fix selinux relabel sharing
* container_create: more selinux relabel fixes
* container_create: correctly relabel mounts when asked
Mon Jun 18 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.10.3:
* container_portforward: add support for short pod IDs
* container_create: no privileged container if not privileged sandbox
* container_create: always mount sysfs as rw for privileged containers
* container_create: set rw for privileged containers
* conmon: on a flush error discard the iov buffer
Fri Jun 15 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.10.2:
* various improvements to conmon
* oci: avoid race on container stop
* image: Let size be calculated dynamically
* Add support for short IDs for exec and attach
* Make network namespace lifecycle management optional
* container_exec: Fix terminal setting for exec
* oci: Force kill the container process only if nothing else worked
* Add extra info to verbose requests to PodSandboxStatus
* Make conmon and crio share the same constants
* conmon: catch SIGTERM, SIGINT and SIQUIT
* Invalidate cache by building fresh one and replacing previous all at once
* Enable per pod PID namespace setting
* Make the /opt/cni mount rw
* conmon: add new option --version
* oci: Copy-edits for waitContainerStop chControl comment
* system container: add /var/tmp as RW
* container_status: expose LogPath as requested by the CRI
* container_create: only bind mount /etc/hosts if not provided by k8s
* kubernetes: Simplify and freshen the required-files table
* Report an warning when no stages are defined for a hook
Mon Jun 11 14:00:00 2018 vrothbergAATTsuse.com
- Use actual tag for v1.9.13. Upstream missed to set a tag and the
last revision mistakenly set it to v1.9.14-dev instead of v1.9.13.
Thu Jun 7 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.13:
* runtime_status: report correct network status
* container_status: expose LogPath as requested by the CRI
bsc#1095154
Tue Jun 5 14:00:00 2018 dcassanyAATTsuse.com
- Refactor %license usage to a simpler form
Mon Jun 4 14:00:00 2018 dcassanyAATTsuse.com
- Make use of %license macro
Fri May 4 14:00:00 2018 ndasAATTsuse.de
- use correct path for runc
Thu Apr 12 14:00:00 2018 fcastelliAATTsuse.com
- Put cri-o deamon under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
Wed Apr 11 14:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.11:
* oci: avoid race on container stop
* server/sandbox_stop: Pass context through StopAllPodSandboxes
* conmon: Add container ID to syslog
* Add logging support for base condition in debug
* Simplify filter block
* Specifying a filter with no filtering expressions is now idempotent
* Add methods for listing and fetching container stats
* Implement the stats for the image_fs_info command
* Return error for container exec
Thu Mar 15 13:00:00 2018 vrothbergAATTsuse.com
- Require cni and cni-plugins to enable container networking.
feature#crio
Thu Mar 15 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.10:
* conmon: Avoid strlen in logging path
* conmon: Remove info logs
* container_exec: Fix terminal setting for exec
Mon Mar 12 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.9:
* sandbox_stop: Call CNI stop before stopping pod infra container
Thu Mar 8 13:00:00 2018 vrothbergAATTsuse.com
- Remove the crio-shutdown.service. It does not have any effect when
shutting down crio and also isn\'t shipped on Fedora.
- crio-shutdown.service
Mon Mar 5 13:00:00 2018 vrothbergAATTsuse.com
- crio.conf: update default socket to /var/run/crio/crio.sock as suggested
by upstream.
Mon Mar 5 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.8:
* system_containers: Update mounts
* execsync: Set terminal to true when we pass -t to conmon
* Make network namespace pinning optional
* Add context to net ns symlink removal errors
* Make the /opt/cni mount rw
* sandbox_stop: close/remove the netns _after_ stopping the containers
* sandbox net: set netns closed after actaully closing it
Mon Mar 5 13:00:00 2018 vrothbergAATTsuse.com
- Configuration files should generally be tagged as %config(noreplace) in order
to keep the modified config files and to avoid losing data when the package
is being updated.
Sat Mar 3 13:00:00 2018 vrothbergAATTsuse.com
- Remove empty filter rule from cri-o-rpmlintrc, which was mistakenly
masking a few warnings, some of which have been fixed, others need
to be filtered. conmon and pause are not compiled with -fpie anymore
to align with what upstream does; linking fails when done properly.
Fri Mar 2 13:00:00 2018 fcastelliAATTsuse.com
- Update minimum version of the Go compiler required
Fri Mar 2 13:00:00 2018 fcastelliAATTsuse.com
- Add missing runtime dependencies: socat, iptables, iproute
Wed Feb 28 13:00:00 2018 vrothbergAATTsuse.com
- Change the installation path of conmon and pause from
/usr/lib/crio to /usr/lib/crio/bin in order to align with upstream
requirements.
- Update crio.conf to the reflect the new path of conmon and set the correct
path of CNI plugins (i.e., /usr/lib/cni).
Tue Feb 20 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.6:
* vendor: update c/image to handle text/plain from registries
Fixes cases where text/plain s1 schemes are mistakenly converted
to MIME.
Sun Feb 18 13:00:00 2018 jengelhAATTinai.de
- Let description say what the package really does.
Fri Feb 16 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.5:
* system container: add /var/tmp as RW
* container_create: correctly set user
* imageService: cache information about images
* image: Add lock around image cache access
Fri Feb 16 13:00:00 2018 vrothbergAATTsuse.com
- Cleanup version-update related changelogs to only keep log entries of
changes that are visible and important to the user, and the project.
Mon Feb 12 13:00:00 2018 vrothbergAATTsuse.com
- Add requirements to libcontainers-{common,image,storage}.
- Run spec-cleaner on cri-o.spec.
Mon Feb 12 13:00:00 2018 vrothbergAATTsuse.com
- Update cri-o to v1.9.3:
* Be more diligent about cleaning up failed-to-create containers
* Use crictl instead of crioctl in image integration tests
* Handle truncated IDs in imageService.ResolveNames()
* Switch to ImageServer.UntagImage in RemoveImage handler
* Return image references from the storage package
* storage: API fixups
Fri Feb 9 13:00:00 2018 vrothbergAATTsuse.com
- Use golang-packaging macro for binary stripping.
- Use -buildmode=pie for compilation.
- The update to 1.9.0+ removes the crioctl binary. The crictl binary from
cri-tools should be used instead.
- Update cri-o to v1.9.2:
* sandbox: fix sandbox logPath when crio restarts
* Adapt to recent containers/image API updates
* container_create: only bind mount /etc/hosts if not provided by k8s
* container_attach: Ensure ctl file is closed
* lib,oci: drop stateLock when possible
* container_exec: fix terminal true process json
* container_create: fix apparmor from container config
* container_create: correctly set image and kube envs
* oci: do not append conmon env to container process
* container_exec: use process file with runc exec
* drop crioctl source code
* conmon: Add support for partial/newline log tags
* image_pull: fix image resolver
* Add /proc/scsi to masked paths
* replace crioctl with crictl
* replace crioctl in e2e with crictl
* Move crio default sock to /var/run/crio/crio.sock
* container_create: set the seccomp profile in the container object
Mon Feb 5 13:00:00 2018 vrothbergAATTsuse.com
- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
Thu Feb 1 13:00:00 2018 vrothbergAATTsuse.com
- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowedv
because you cannot make hardlinks between certain partitions.
Wed Jan 31 13:00:00 2018 vrothbergAATTsuse.com
- Source the cri-o-rpmlintrc the spec file.
Tue Jan 30 13:00:00 2018 vrothbergAATTsuse.com
- Add cri-o package: CRI-O is meant to provide an integration path between OCI
conformant runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of
CRI-O is tied to the scope of the CRI.