Skip to content

@dmcgowan dmcgowan released this Apr 5, 2019

Welcome to the v1.2.6 release of containerd!

The sixth patch release for containerd 1.2 contains fixes
for the containerd client, the CRI plugin and containerd io
and mount handling.

It whitelists 2 new syscalls in the default seccomp profile,
and also updates CNI to v0.7.5 to include the fix for CVE-2019-9946.

All these changes are noted below.

Notable Updates

  • Allow overriding package name in containerd --version output. #3098
  • Add 2 new syscalls io_pgetevents and statx in the default seccomp whitelist. #3113 #3115
  • Fix a bug that custom containerd cgroup path does not work in containerd 1.2.5. #3143
  • Fix a bug in the containerd client that WithAllCapabilities applies incomplete capability list. #3147
  • Fix a bug that container output can be incomplete when stdout and stderr are pointed to the same file. #3118
  • Fix a bug that containerd can't properly handle space in mount point path. 3161
  • cri: fix a bug that containers being gracefully stopped are SIGKILLed when kubelet is restarted. cri#1098
  • cri: Fix a bug that pod UTS namespace is used for host network. cri#1111
  • cri: Update CNI plugins to v0.7.5 for CVE-2019-9946.
  • Update cri to eb926cd79d3bac188dcc4ed7694fc9298f8831be. #3174
  • Update runc to v1.0.0-rc7-6-g029124da #3183 to fix potential container start failure on non-SELinux system. runc#2030

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Lantao Liu
  • Sebastiaan van Stijn
  • Michael Crosby
  • Phil Estes
  • Derek McGowan
  • Peter Wagner
  • Akihiro Suda
  • Avi Kivity

Changes

  • 894b81a4b8 Merge pull request #3180 from Random-Liu/1.2.6-release-note
  • 4be9af65b9 Prepare 1.2.6 containerd release.
  • 9d87dddaec Merge pull request #3183 from thaJeztah/1.2_bump_runc
  • e01177391d bump runc to 029124da (v1.0.0-rc7-6-g029124da)
  • 7f8cf855a0 Merge pull request #3174 from Random-Liu/update-cri-release-1.2
  • 7c1ca26e2d Update cri to eb926cd79d3bac188dcc4ed7694fc9298f8831be
  • 02fd892d59 Merge pull request #3164 from Random-Liu/update-cri-release-1.2
  • 67def02025 Update cri to ffd9a66034aee582db04cf4c59e9b2262fd4fc59.
  • f2702c52a9 Merge pull request #3161 from thaJeztah/1.2_backport_fix_parseinfofile_parsing
  • f8d644ddc0 Use pkg/errors for all errors
  • 50cb294d08 fix parseInfoFile does not handle spaces in filenames
  • 0d58ce1a2b Merge pull request #3154 from thaJeztah/1.2_backport_issue_3118
  • 76d1f3e692 runtime: guard Close() until both streams are complete
  • 5236247ada runtime: log IO error when copying output streams
  • 5066e517ff Merge pull request #3147 from Random-Liu/cherrypick-#3137-release-1.2
  • de1b991122 Fix race and panic.
  • 667ff6a451 Merge pull request #3143 from thaJeztah/1.2_backport_bump_cgroups
  • 7f8deb37ed Merge pull request #3141 from thaJeztah/1.2_backport_bump_runc_v1.0.0-rc7
  • 1e75661aed bump containerd/cgroups 4994991857f9b0ae8dc439551e8bebdbb4bf66c1
  • 16a56020e6 update opencontainers/runc v1.0.0-rc7
  • 6d14516877 Merge pull request #3113 from thaJeztah/1.2_backport_whitelist_statx
  • c9042ae5b5 Merge pull request #3115 from thaJeztah/1.2_backport_whitelist_io_pgetevents
  • 2c2a86b019 seccomp: whitelist io_pgetevents
  • b0a8b6dd0b seccomp: whitelist statx syscall
  • 5296db1b90 Merge pull request #3098 from thaJeztah/1.2_backport_override_package_name
  • 7700a82a47 Makefile: allow overriding package name

Changes from containerd/cgroups

  • 4994991 Merge pull request #79 from crosbymichael/load-none
  • 453efe3 Return ErrCgroupDeleted when no subsystems

Changes from containerd/cri

  • eb926cd7 Merge pull request #1115 from thaJeztah/1.2_backport_bump_selinux
  • c04ec48d bump opencontainers/selinux v1.2.1
  • 24a507b3 bump opencontainers/selinux to v1.2
  • ffd9a660 Merge pull request #1111 from Random-Liu/cherrypick-#1102-release-1.2
  • 83d24561 No UTS namespace for hostnetwork.
  • b2937694 Merge pull request #1109 from Random-Liu/cherrypick-#1108-release-1.2
  • 8ec2da6d Update CNI to v0.7.5.
  • 267a8caf Merge pull request #1104 from Random-Liu/cherrypick-#1099-release-1.2
  • 03eae981 Do not SIGKILL container if container stop is cancelled.
  • 4bfcd93a Merge pull request #1097 from Random-Liu/cherrypick-#1083-release-1.2
  • b3eab098 Support docker 18.09 in the test script.
  • 087738ab Merge pull request #1091 from Random-Liu/update-containerd-release-1.2
  • befeac30 Update containerd to v1.2.5.

Dependency Changes

Previous release can be found at v1.2.5

  • github.com/containerd/cgroups dbea6f2bd41658b84b00417ceefa416b979cbf10 -> 4994991857f9b0ae8dc439551e8bebdbb4bf66c1
  • github.com/containerd/cri a92c40017473cbe0239ce180125f12669757e44f -> eb926cd79d3bac188dcc4ed7694fc9298f8831be
  • github.com/containernetworking/plugins v0.7.0 -> v0.7.5
  • github.com/opencontainers/runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30 -> 029124da7af7360afa781a0234d1b083550f797c
  • github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a -> v1.2.1
Assets 3
You can’t perform that action at this time.