github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-12 21:29:59 +00:00
Code Issues Projects Releases Wiki Activity
Files
v1.5.0
linuxkit/pkg/runc/Dockerfile
Christoph Ostarek c2b9970241 runc: bump to newest version 
This version includes a fix for CVE-2024-21626 which
allowed an attacker in bad circumstances to
"escape containerized environments".

See also https://access.redhat.com/security/cve/cve-2024-21626

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
2024-02-05 11:44:41 +01:00

36 lines
1.1 KiB
Docker
Raw Permalink Blame History

# Dockerfile to build linuxkit/runc for linuxkit
FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e as alpine
RUN \
apk add \
bash \
gcc \
git \
go \
libc-dev \
libseccomp-dev \
libseccomp-static \
linux-headers \
make \
&& true
ENV GOPATH=/go PATH=$PATH:/go/bin GO111MODULE=off
ENV RUNC_COMMIT=v1.1.12
RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
cd $GOPATH/src/github.com/opencontainers && \
git clone https://github.com/opencontainers/runc.git
WORKDIR $GOPATH/src/github.com/opencontainers/runc
RUN git checkout $RUNC_COMMIT
RUN make static BUILDTAGS="seccomp" EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\""
RUN cp runc /usr/bin/
RUN mkdir -p /etc/init.d && ln -s /usr/bin/service /etc/init.d/010-onboot
RUN mkdir -p /etc/shutdown.d && ln -s /usr/bin/service /etc/shutdown.d/010-onshutdown
FROM scratch
WORKDIR /
ENTRYPOINT []
COPY --from=alpine /usr/bin/runc /usr/bin/
COPY --from=alpine /etc/init.d/ /etc/init.d/
COPY --from=alpine /etc/shutdown.d/ /etc/shutdown.d/
COPY --from=alpine /etc/apk /etc/apk/
COPY --from=alpine /lib/apk /lib/apk/
Reference in New Issue View Git Blame Copy Permalink