cgroups

package

Go to main page

Versions in this module

v1

v1.2.3

Dec 10, 2024

v1.2.2

Nov 15, 2024

v1.2.1

Nov 1, 2024

v1.2.0

Oct 21, 2024

Changes in this version

+ var DevicesSetV1 func(path string, r *configs.Resources) error

+ var DevicesSetV2 func(path string, r *configs.Resources) error

+ var ErrDevicesUnsupported = errors.New("cgroup manager is not configured to set device rules")

+ var ErrRootless = errors.New("cgroup manager can not access cgroup (rootless container)")

+ func WriteFileByLine(dir, file, data string) error

type BlkioStats

+ PSI *PSIStats

type CpuStats

+ PSI *PSIStats

type MemoryStats

+ PSI *PSIStats

+ type MiscStats struct

+ Events uint64

+ Usage uint64

+ type PSIData struct

+ Avg10 float64

+ Avg300 float64

+ Avg60 float64

+ Total uint64

+ type PSIStats struct

+ Full PSIData

+ Some PSIData

type Stats

+ MiscStats map[string]MiscStats

v1.2.0-rc.3

Sep 3, 2024

v1.2.0-rc.2

Jun 26, 2024 GO-2024-3110

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.2.0-rc.1

Apr 3, 2024 GO-2024-3110

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.15

Oct 4, 2024

v1.1.14

Sep 3, 2024

v1.1.13

Jun 13, 2024 GO-2024-3110

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.12

Jan 23, 2024 GO-2024-3110

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.11

Jan 2, 2024 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

Changes in this version

type MemoryStats

+ SwapOnlyUsage MemoryData

v1.1.10

Nov 1, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.9

Aug 10, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.8

Jul 19, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.7

Apr 26, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.6

Apr 11, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.5

Mar 29, 2023 GO-2024-2491 +1 more

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.4

Aug 24, 2022 GO-2023-1627 +4 more

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.3

Jun 8, 2022 GO-2023-1627 +4 more

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.2

May 5, 2022 GO-2023-1627 +4 more

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.1

Mar 28, 2022 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.1.0

Jan 17, 2022 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

Changes in this version

+ const CgroupProcesses — darwin/amd64, js/wasm, windows/amd64

+ func ConvertBlkIOToIOWeightValue(blkIoWeight uint16) uint64 — darwin/amd64, js/wasm, windows/amd64

+ func ConvertCPUSharesToCgroupV2Value(cpuShares uint64) uint64 — darwin/amd64, js/wasm, windows/amd64

+ func ConvertMemorySwapToCgroupV2Value(memorySwap, memory int64) (int64, error) — darwin/amd64, js/wasm, windows/amd64

+ func EnterPid(cgroupPaths map[string]string, pid int) error — darwin/amd64, js/wasm, windows/amd64

+ func GetAllPids(path string) ([]int, error) — darwin/amd64, js/wasm, windows/amd64

+ func GetAllSubsystems() ([]string, error) — darwin/amd64, js/wasm, windows/amd64

+ func GetPids(dir string) ([]int, error) — darwin/amd64, js/wasm, windows/amd64

+ func HugePageSizes() []string

+ func IsCgroup2HybridMode() bool

+ func IsCgroup2UnifiedMode() bool — darwin/amd64, js/wasm, windows/amd64

+ func ParseCgroupFile(path string) (map[string]string, error) — darwin/amd64, js/wasm, windows/amd64

+ func PathExists(path string) bool — darwin/amd64, js/wasm, windows/amd64

+ func RemovePath(path string) error — darwin/amd64, js/wasm, windows/amd64

+ func RemovePaths(paths map[string]string) (err error) — darwin/amd64, js/wasm, windows/amd64

+ func WriteCgroupProc(dir string, pid int) error — darwin/amd64, js/wasm, windows/amd64

+ type BlkioStatEntry struct — darwin/amd64, js/wasm, windows/amd64

+ Major uint64

+ Minor uint64

+ Op string

+ Value uint64

+ type BlkioStats struct — darwin/amd64, js/wasm, windows/amd64

+ IoMergedRecursive []BlkioStatEntry

+ IoQueuedRecursive []BlkioStatEntry

+ IoServiceBytesRecursive []BlkioStatEntry

+ IoServiceTimeRecursive []BlkioStatEntry

+ IoServicedRecursive []BlkioStatEntry

+ IoTimeRecursive []BlkioStatEntry

+ IoWaitTimeRecursive []BlkioStatEntry

+ SectorsRecursive []BlkioStatEntry

+ type CPUSetStats struct — darwin/amd64, js/wasm, windows/amd64

+ CPUExclusive uint64

+ CPUs []uint16

+ MemExclusive uint64

+ MemHardwall uint64

+ MemoryMigrate uint64

+ MemoryPressure uint64

+ MemorySpreadPage uint64

+ MemorySpreadSlab uint64

+ Mems []uint16

+ SchedLoadBalance uint64

+ SchedRelaxDomainLevel int64

+ type CpuStats struct — darwin/amd64, js/wasm, windows/amd64

+ CpuUsage CpuUsage

+ ThrottlingData ThrottlingData

+ type CpuUsage struct — darwin/amd64, js/wasm, windows/amd64

+ PercpuUsage []uint64

+ PercpuUsageInKernelmode []uint64

+ PercpuUsageInUsermode []uint64

+ TotalUsage uint64

+ UsageInKernelmode uint64

+ UsageInUsermode uint64

+ type HugetlbStats struct — darwin/amd64, js/wasm, windows/amd64

+ Failcnt uint64

+ MaxUsage uint64

+ Usage uint64

+ type Manager interface — darwin/amd64, js/wasm, windows/amd64

+ Apply func(pid int) error

+ Destroy func() error

+ Exists func() bool

+ Freeze func(state configs.FreezerState) error

+ GetAllPids func() ([]int, error)

+ GetCgroups func() (*configs.Cgroup, error)

+ GetFreezerState func() (configs.FreezerState, error)

+ GetPaths func() map[string]string

+ GetPids func() ([]int, error)

+ GetStats func() (*Stats, error)

+ OOMKillCount func() (uint64, error)

+ Path func(string) string

+ Set func(r *configs.Resources) error

+ type MemoryData struct — darwin/amd64, js/wasm, windows/amd64

+ Failcnt uint64

+ Limit uint64

+ MaxUsage uint64

+ Usage uint64

+ type MemoryStats struct — darwin/amd64, js/wasm, windows/amd64

+ Cache uint64

+ KernelTCPUsage MemoryData

+ KernelUsage MemoryData

+ PageUsageByNUMA PageUsageByNUMA

+ Stats map[string]uint64

+ SwapUsage MemoryData

+ Usage MemoryData

+ UseHierarchy bool

+ type Mount struct — darwin/amd64, js/wasm, windows/amd64

+ Mountpoint string

+ Root string

+ Subsystems []string

+ func GetCgroupMounts(all bool) ([]Mount, error)

+ func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error)

+ type PageStats struct — darwin/amd64, js/wasm, windows/amd64

+ Nodes map[uint8]uint64

+ Total uint64

+ type PageUsageByNUMA struct — darwin/amd64, js/wasm, windows/amd64

+ Hierarchical PageUsageByNUMAInner

+ type PageUsageByNUMAInner struct — darwin/amd64, js/wasm, windows/amd64

+ Anon PageStats

+ File PageStats

+ Total PageStats

+ Unevictable PageStats

+ type PidsStats struct — darwin/amd64, js/wasm, windows/amd64

+ Current uint64

+ Limit uint64

+ type RdmaEntry struct

+ Device string

+ HcaHandles uint32

+ HcaObjects uint32

+ type RdmaStats struct

+ RdmaCurrent []RdmaEntry

+ RdmaLimit []RdmaEntry

+ type Stats struct — darwin/amd64, js/wasm, windows/amd64

+ BlkioStats BlkioStats

+ CPUSetStats CPUSetStats

+ CpuStats CpuStats

+ HugetlbStats map[string]HugetlbStats

+ MemoryStats MemoryStats

+ PidsStats PidsStats

+ RdmaStats RdmaStats

+ func NewStats() *Stats

+ type ThrottlingData struct — darwin/amd64, js/wasm, windows/amd64

+ Periods uint64

+ ThrottledPeriods uint64

+ ThrottledTime uint64

v1.1.0-rc.1

Dec 14, 2021 GO-2022-0274 +6 more

GO-2022-0274: Namespace restriction bypass in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.3

Dec 3, 2021 GO-2022-0274 +6 more

GO-2022-0274: Namespace restriction bypass in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.2

Aug 20, 2021 GO-2022-0274 +6 more

GO-2022-0274: Namespace restriction bypass in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.1

Jul 16, 2021 GO-2022-0274 +6 more

GO-2022-0274: Namespace restriction bypass in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0

Jun 17, 2021 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

Changes in this version

+ const CgroupNamePrefix

+ const CgroupProcesses — linux/amd64

+ var ErrV1NoUnified = errors.New("invalid configuration: cannot use unified on cgroup v1")

+ var TestMode bool

+ func ConvertBlkIOToIOWeightValue(blkIoWeight uint16) uint64 — linux/amd64

+ func ConvertCPUSharesToCgroupV2Value(cpuShares uint64) uint64 — linux/amd64

+ func ConvertMemorySwapToCgroupV2Value(memorySwap, memory int64) (int64, error) — linux/amd64

+ func FindCgroupMountpoint(cgroupPath, subsystem string) (string, error) — darwin/amd64, js/wasm, windows/amd64

+ func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, error) — darwin/amd64, js/wasm, windows/amd64

+ func GetInitCgroup(subsystem string) (string, error)

+ func GetInitCgroupPath(subsystem string) (string, error)

+ func GetOwnCgroup(subsystem string) (string, error)

+ func GetOwnCgroupPath(subsystem string) (string, error)

+ func IsCgroup2UnifiedMode() bool — linux/amd64

+ func IsNotFound(err error) bool — darwin/amd64, js/wasm, windows/amd64

+ func NewNotFoundError(sub string) error — darwin/amd64, js/wasm, windows/amd64

+ func OpenFile(dir, file string, flags int) (*os.File, error)

+ func ReadFile(dir, file string) (string, error)

+ func RemovePath(path string) error — linux/amd64

+ func WriteCgroupProc(dir string, pid int) error — linux/amd64

+ func WriteFile(dir, file, data string) error

+ type CPUSetStats struct — linux/amd64

+ CPUExclusive uint64

+ CPUs []uint16

+ MemExclusive uint64

+ MemHardwall uint64

+ MemoryMigrate uint64

+ MemoryPressure uint64

+ MemorySpreadPage uint64

+ MemorySpreadSlab uint64

+ Mems []uint16

+ SchedLoadBalance uint64

+ SchedRelaxDomainLevel int64

type CpuUsage — linux/amd64

+ PercpuUsageInKernelmode []uint64

+ PercpuUsageInUsermode []uint64

type Manager — linux/amd64

+ Exists func() bool

+ GetCgroups func() (*configs.Cgroup, error)

+ GetFreezerState func() (configs.FreezerState, error)

+ OOMKillCount func() (uint64, error)

+ Path func(string) string

type MemoryStats — linux/amd64

+ PageUsageByNUMA PageUsageByNUMA

+ UseHierarchy bool

type Mount — linux/amd64

+ func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error)

+ type NotFoundError struct — darwin/amd64, js/wasm, windows/amd64

+ Subsystem string

+ func (e *NotFoundError) Error() string

+ type PageStats struct — linux/amd64

+ Nodes map[uint8]uint64

+ Total uint64

+ type PageUsageByNUMA struct — linux/amd64

+ Hierarchical PageUsageByNUMAInner

+ type PageUsageByNUMAInner struct — linux/amd64

+ Anon PageStats

+ File PageStats

+ Total PageStats

+ Unevictable PageStats

type Stats — linux/amd64

+ CPUSetStats CPUSetStats

v1.0.0-rc95

May 19, 2021 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2023-1627: Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc94

May 10, 2021 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc93

Feb 3, 2021 GO-2022-0452 +5 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-2491: Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc92

Aug 5, 2020 GO-2022-0452 +4 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc91

Jun 30, 2020 GO-2022-0452 +4 more

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc90

Jan 22, 2020 GO-2022-0396 +5 more

GO-2022-0396: devices resource list treated as a blacklist by default in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc9

Sep 30, 2019 GO-2021-0087 +6 more

GO-2021-0087: Race condition in github.com/opencontainers/runc

GO-2022-0396: devices resource list treated as a blacklist by default in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc8

Apr 24, 2019 GO-2021-0085 +7 more

GO-2021-0085: Authorization bypass in github.com/opencontainers/runc

GO-2021-0087: Race condition in github.com/opencontainers/runc

GO-2022-0396: devices resource list treated as a blacklist by default in github.com/opencontainers/runc

GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc

GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc

GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc

GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc

GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc

v1.0.0-rc7

Mar 28, 2019 GO-2021-0085 +7 more