diff --git a/base/runc/Dockerfile b/base/runc/Dockerfile index 487161aaf..c3bdd9b59 100644 --- a/base/runc/Dockerfile +++ b/base/runc/Dockerfile @@ -10,7 +10,7 @@ RUN \ linux-headers \ make \ && true -ENV RUNC_COMMIT=31980a53ae7887b2c8f8715d13c3eb486c27b6cf +ENV RUNC_COMMIT=ef9a4b315558d31eae520725ff67383c2f79c3cb RUN mkdir -p $GOPATH/src/github.com/opencontainers && \ cd $GOPATH/src/github.com/opencontainers && \ git clone https://github.com/opencontainers/runc.git diff --git a/examples/gcp.yml b/examples/gcp.yml index 5388bd0ef..524ba5986 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/examples/sshd.yml b/examples/sshd.yml index 3ffcba5b6..b40fb9218 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/examples/vmware.yml b/examples/vmware.yml index ec55b9cc4..0e26d8b1f 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=tty0 page_poison=1" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/moby.yml b/moby.yml index 890409b82..68f0b6e10 100644 --- a/moby.yml +++ b/moby.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/pkg/init/Makefile b/pkg/init/Makefile index 2c098009e..363940806 100644 --- a/pkg/init/Makefile +++ b/pkg/init/Makefile @@ -1,7 +1,7 @@ CONTAINERD_IMAGE=mobylinux/containerd:a688df6aee1e3700eb8d54dbc81070361df397a2@sha256:59ee3da05fe4dad4fbecff582c86fc30ce75e19a225eeeb07e203c9cc36fe34f CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr usr/bin/dist -RUNC_IMAGE=mobylinux/runc:94c54debf9a3ebb6d31311bdddb881ea07486dcd@sha256:13cabc1017c6448498e74bae9892ebc9dbad9e5d68f7df6b3855a15522e3a86b +RUNC_IMAGE=mobylinux/runc:45884ad2bfad045cbf35f2b78b4c82f75fb19854@sha256:d7c4576405f2318d329f538f847927018d4e8497d7968bd3323ff047e2ffe257 RUNC_BINARY=usr/bin/runc C_COMPILE=mobylinux/c-compile:81a6bd8ff45d769b60a2ee1acdaccda11ab835c8@sha256:eac250997a3b9784d3285a03c0c8311d4ca6fb63dc75164c987411ba93006487 diff --git a/src/cmd/moby/config.go b/src/cmd/moby/config.go index 0f19c0514..de0966bff 100644 --- a/src/cmd/moby/config.go +++ b/src/cmd/moby/config.go @@ -51,7 +51,7 @@ type MobyImage struct { ReadOnly bool `yaml:"read_only"` } -const riddler = "mobylinux/riddler:2b4051422b155f659019f9e3fef8cca04e153f5c@sha256:f4bb0c39f1e5c636ed52ebd3ed8ec447ca6c0dc554ffb5784cbeff423ac70d34" +const riddler = "mobylinux/riddler:decf6c9e24b579175a038a76f9721e7aca507abd@sha256:9d24a7c48204b94b5d76cc3d6cf70f779d87d08d8a893169292c98d0e19ab579" // NewConfig parses a config file func NewConfig(config []byte) (*Moby, error) { diff --git a/test/ltp/test-ltp.yml b/test/ltp/test-ltp.yml index 90357b49c..ab8261c96 100644 --- a/test/ltp/test-ltp.yml +++ b/test/ltp/test-ltp.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: ltp image: "mobylinux/test-ltp-20170116:fdca2d1bb019b1d51e722e6032c82c7933d4b870" diff --git a/test/test.yml b/test/test.yml index 7d6ce45fd..e077eda33 100644 --- a/test/test.yml +++ b/test/test.yml @@ -1,7 +1,7 @@ kernel: image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: binfmt image: "mobylinux/binfmt:bdb754f25a5d851b4f5f8d185a43dfcbb3c22d01" diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml index 1b52c3c89..a150616cc 100644 --- a/test/virtsock/test-virtsock-server.yml +++ b/test/virtsock/test-virtsock-server.yml @@ -5,7 +5,7 @@ kernel: # image: "mobylinux/kernel:4.9.14-0" image: "mobylinux/kernel:4.9.x" cmdline: "console=ttyS0 page_poison=1" -init: "mobylinux/init:83b229223adbdd5ae38f39b4754e61b951529664" +init: "mobylinux/init:00c3a5bbfd9794f4a3187fcc4a9f0c826c46d474" system: - name: sysctl image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" diff --git a/tools/riddler/riddler.sh b/tools/riddler/riddler.sh index 594601b69..44935f526 100755 --- a/tools/riddler/riddler.sh +++ b/tools/riddler/riddler.sh @@ -42,7 +42,8 @@ cat config.json.orig | \ jq 'del (.linux.resources.memory.swappiness)' | \ jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \ jq 'if .root.readonly==true then .mounts = (.mounts|map(if .destination=="/dev" then .options |= .+ ["ro"] else . end)) else . end' | \ - jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' \ + jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' | \ + jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, ambient: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \ > config.json cat config.json