Bumping runc to last release-1.0. Upstream based on commit df3cc4955002b5057fba92f1fd8b6fd94af3eb0b Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@...> --- ...-GOBUILDFLAGS-for-runc-and-remove-r

Fixes below CVEs: * CVE-2020-15257 * CVE-2021-21334 * CVE-2021-32760 * CVE-2021-41103 * CVE-2022-23648 Based on commit cd6feb72b84aab9655af6c8c0774a180ea2a4f60 Signed-off-by: Hugo SIMELIERE <hsimelier

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@...> --- .../runc/files/CVE-2022-29162.patch | 123 ++++++++++++++++++ recipes-containers/runc/runc-docker_git.bb | 1 + .../runc/runc-opencontainers

Do NOT merge this patch. This revert-type patch is only an indication that the original patch on master-next should be dropped. A follow-up patch to master-next will be sent to add policy.json to cont

skopeo rdepends on it, and skopeo has been extended to native and nativesdk, so container-host-config needs also be extended. Signed-off-by: Chen Qi <Qi.Chen@...> --- .../container-host-config/contain

The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG. In this way, meta-selinux dependency could be removed. Signed-off-by: Chen

* don't export CGO_CFLAGS/CGO_CXXFLAGS like the previous version didn't before: https://git.yoctoproject.org/meta-virtualization/commit/?id=aceed7bf95cc8a42c8f470d8edf3c6f03d49da00 * both docker-moby

I was testing the meta-virtualization/recipes-demo/images/ app-container. I was able to build the container. But I am not sure where the image is created and how we run the image using docker commands

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, met

ostree is in meta-oe, libseccomp is in oe-core. So remove these two. Signed-off-by: Chen Qi <Qi.Chen@...> --- README | 2 -- 1 file changed, 2 deletions(-) diff --git a/README b/README index 1c75f4a..7

When deploying a simple workload using 'kubectl appy -f', we met the following error. Failed to inspect image "ubuntu:latest": rpc error: code = Unknown desc = short-name "ubuntu:latest" did not resol

We met the following error when using cri-o with k8s. [ERROR ImagePull]: failed to pull image registry.k8s.io/etcd:3.5.6-0: rpc error: code = Unknown desc = open /etc/containers/policy.json: no such f

The old crio.conf file can cause cri-o start failure. The error message is as below. validating runtime config: runtime validation: failed to \ translate monitor fields for runtime runc: cgroupfs mana

crio.service now reports the following error messages: level=error msg="Writing clean shutdown supported file: \ open /var/lib/crio/clean.shutdown.supported: no such file or directory" level=error msg

ostree is in meta-oe, libseccomp is in oe-core and libselinux is now made optional, so update README accordingly. Signed-off-by: Chen Qi <Qi.Chen@...> --- README | 8 -------- 1 file changed, 8 deletio

libseccomp is not in oe-core. There's no need to check meta-security any more. Signed-off-by: Chen Qi <Qi.Chen@...> --- recipes-containers/cri-o/cri-o_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 d

The local irqbalanced.service was written long before when there wasn't one in upstream. Then upstream created temporary runtime directory /run/irqbalance in its irqbalanced.service, but no one did th

From: Bruce Ashfield <bruce.ashfield@...> Bumping containerd to version v1.6.12-2-gccfc27e30, which comprises the following commits: 3595dd04b fix: check for tmpfs when evaluating if userxattr should

k3s is using a lot of SRC_URIs and some of them have corrsponding recipe in meta-virt, which are used by k8s. These components' SRC_URIs are better to be kept in sync, because this avoids two local gi