Update to runc ef9a4b315558d31eae520725ff67383c2f79c3cb

This is compatible with containerd 8353da59c6ae7e1933aac2228df23541ef8b163f which was picked up by d2caae4c1a. This required jiggering with riddler output some more to update to new OCI config.json format for capabilities. Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2025-09-01 15:08:33 +00:00 · 2017-04-03 16:40:10 +01:00
parent 684ea64c73
commit 709402d780
11 changed files with 12 additions and 11 deletions
--- a/tools/riddler/riddler.sh
+++ b/tools/riddler/riddler.sh
@@ -42,7 +42,8 @@ cat config.json.orig | \
  jq 'del (.linux.resources.memory.swappiness)' | \
  jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \
  jq 'if .root.readonly==true then .mounts = (.mounts|map(if .destination=="/dev" then .options |= .+ ["ro"] else . end)) else . end' | \
-  jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' \
+  jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' | \
+  jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, ambient: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \
  > config.json

 cat config.json