Commit Graph

2813 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
0e9a66d35a logger/journald: remove journald_compat (for systemd < 209)
This was added in 6cdc4ba6cd in 2016, likely
because at the time we were still building for CentOS 6 and Ubuntu 14.04.

All currently supported distros appear to be on _at least_ 219 now, so it looks
safe to remove this;

```bash
docker run -it --rm centos:7

yum install -y systemd-devel

pkg-config 'libsystemd >= 209' && echo "OK" || echo "KO"
OK

pkg-config --print-provides 'libsystemd'
libsystemd = 219

pkg-config --print-provides 'libsystemd-journal'
libsystemd-journal = 219
```

And on a `debian:buster` (old stable)

```bash
docker run -it --rm debian:buster

apt-get update && apt-get install -y libsystemd-dev pkg-config

pkg-config 'libsystemd >= 209' && echo "OK" || echo "KO"
OK

pkg-config --print-provides 'libsystemd'
libsystemd = 241

pkg-config --print-provides 'libsystemd-journal'
Package libsystemd-journal was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd-journal.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libsystemd-journal' found
```

OpenSUSE leap (I think that's built for s390x)

```bash
docker run -it --rm docker.io/opensuse/leap:15

zypper install -y systemd-devel

pkg-config 'libsystemd >= 209' && echo "OK" || echo "KO"
OK

pkg-config --print-provides 'libsystemd'
libsystemd = 246

pkg-config --print-provides 'libsystemd-journal'
Package libsystemd-journal was not found in the pkg-config search path.
Perhaps you should add the directory containing `libsystemd-journal.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libsystemd-journal' found
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-20 18:48:00 +02:00
Tianon Gravi
d7f2e47224 Merge pull request #43764 from thaJeztah/build_no_checksums
hack: don't generate checksums for individual binaries
2022-07-05 13:29:57 -07:00
Sebastiaan van Stijn
a98bd75256 Merge pull request #43765 from thaJeztah/update_golangci_lint
Dockerfile: update golangci-lint to v1.46.2, replace golint with revive
2022-07-05 10:46:45 +02:00
Sebastiaan van Stijn
71e2aa78e4 hack: don't generate checksums for individual binaries
The script to build (static)binaries also generated checksums for all binaries
and scripts included. These checksums were not used, and not included when
releasing packages (which are a `tar.gz` for which a separate checksum would
be generated).

Removing these checksums, as they're unused, and complicated using these
artifacts for packagers (who would have to exclude them after building).

Before this:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy
    ├── docker-proxy.md5
    ├── docker-proxy.sha256
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── dockerd.md5
    ├── dockerd.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 36 files
```

After this:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── ctr
    ├── docker-init
    ├── docker-proxy
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless.sh
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── runc
    └── vpnkit

1 directory, 12 files
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 13:23:00 +02:00
Sebastiaan van Stijn
1cab8eda24 replace golint with revive, as it's deprecated
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:54 +02:00
Sebastiaan van Stijn
65e1adc219 Dockerfile: update golangci-lint to v1.46.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:30 +02:00
Sebastiaan van Stijn
d6f9b4d73b hack: remove version from binaries, and remove symlinks
There may have been some historic reason for doing this, but I couldn't find
a practical use for building the (some) binaries with a version (default: "dev")
included, only to use a symlink to refer to the actual binary.

This patch removes the "${VERSION}" from the binary names in bundles, and
removes the code that created symlinks for them.

Before this patch:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy -> docker-proxy-22.06.0-beta.1
    ├── docker-proxy-22.06.0-beta.1
    ├── docker-proxy-22.06.0-beta.1.md5
    ├── docker-proxy-22.06.0-beta.1.sha256
    ├── dockerd -> dockerd-22.06.0-beta.1
    ├── dockerd-22.06.0-beta.1
    ├── dockerd-22.06.0-beta.1.md5
    ├── dockerd-22.06.0-beta.1.sha256
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 38 files
```

After this patch:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy
    ├── docker-proxy.md5
    ├── docker-proxy.sha256
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── dockerd.md5
    ├── dockerd.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 36 files
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-02 16:57:51 +02:00
Sebastiaan van Stijn
58e1f8d0b5 Merge pull request #43682 from crazy-max/split-test-suites
ci(integration-cli): split test suites in a matrix
2022-06-22 23:22:43 +02:00
CrazyMax
ca8b659a06 ci(integration-cli): move integration-cli run to make script
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-06-17 10:59:05 +02:00
CrazyMax
1887d85e21 ci(integration-cli): dynamically split tests in matrix
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-06-17 10:59:04 +02:00
CrazyMax
7ed823ead9 validation: temporarily allows changes in integration-cli
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-06-17 10:58:55 +02:00
Cory Snider
cf6058941c Dockerfile: add crun to dev image
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-06-10 17:25:10 -04:00
Sebastiaan van Stijn
9ccedde970 Merge pull request #43695 from AkihiroSuda/remove-io.containerd.runtime.v1.linux
daemon: remove support for deprecated `io.containerd.runtime.v1.linux`
2022-06-07 17:29:54 +02:00
Sebastiaan van Stijn
a7e3182757 update containerd binary to v1.6.6
Welcome to the v1.6.6 release of containerd!

The sixth patch release for containerd 1.6 includes a fix for
[CVE-2022-31030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030).

Notable Updates

- Fix ExecSync handler to cap console output size ([GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf))

full diff: https://github.com/containerd/containerd/compare/v1.6.5...v1.6.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-06 22:38:36 +02:00
Akihiro Suda
c3eefab550 hack: remove error_on_leaked_containerd_shims
The function does not support containerd-shim-runc-v2 (io.containerd.runc.v2)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-06-05 18:41:44 +09:00
Akihiro Suda
1fcd9f73d4 hack: stop installing containerd-shim (io.containerd.runtime.v1.linux)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-06-05 18:41:44 +09:00
Sebastiaan van Stijn
a747cd3702 update containerd binary to v1.6.5
Welcome to the v1.6.5 release of containerd!

The fifth patch release for containerd 1.6 includes a few fixes and updated
version of runc.

Notable Updates

- Fix for older CNI plugins not reporting version
- Fix mount path handling for CRI plugin on Windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-04 22:28:42 +02:00
Sebastiaan van Stijn
e3c14acd33 Jenkinsfile: remove Windows stages
These are now running in GitHub actions, so we no longer need to
run them in Jenkins.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-31 22:14:15 +02:00
Sebastiaan van Stijn
235f86270d Merge pull request #43479 from crazy-max/gha-win-tests
ci: github action workflow for windows
2022-05-23 11:54:32 +02:00
CrazyMax
493d3ca0c3 fix docker-proxy not statically linked
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-20 13:54:37 +02:00
CrazyMax
15ed58ffb5 ci(windows): upload coverage to codecov
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-20 10:12:10 +02:00
CrazyMax
3b157dc3b6 integration-cli: fix test rogue certs
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-05-19 10:54:31 +02:00
Tianon Gravi
c9e19a2aa1 Remove "seccomp" build tag
Similar to the (now removed) `apparmor` build tag, this build-time toggle existed for users who needed to build without the `libseccomp` library.  That's no longer necessary, and given the importance of seccomp to the overall default security profile of Docker containers, it makes sense that any binary built for Linux should support (and use by default) seccomp if the underlying host does.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2022-05-12 14:48:35 -07:00
Sebastiaan van Stijn
bc0fd3f617 update runc binary to v1.1.2
This is the second patch release of the runc 1.1 release branch. It
fixes CVE-2022-29162, a minor security issue (which appears to not be
exploitable) related to process capabilities.

This is a similar bug to the ones found and fixed in Docker and
containerd recently (CVE-2022-24769).

- A bug was found in runc where runc exec --cap executed processes with
  non-empty inheritable Linux process capabilities, creating an atypical Linux
  environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
- runc spec no longer sets any inheritable capabilities in the created
  example OCI spec (config.json) file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-12 13:51:12 +02:00
Sebastiaan van Stijn
219374e2cd Merge pull request #43275 from kponichtera/43274-delve-debugger
Added Delve debugger to the development container
2022-05-10 18:34:45 +02:00
Konrad Ponichtera
4573cd9c30 Improved readability of the run hack script
Signed-off-by: Konrad Ponichtera <konpon96@gmail.com>
2022-05-10 11:57:39 +02:00
Sebastiaan van Stijn
6e376e32d8 update containerd binary to v1.6.4
Notable Updates

- Update go-cni to fix teardown regression
- Fix broken SELinux relabeling for Kubernetes volume mounts

full diff: https://github.com/containerd/containerd/compare/v1.6.3...v1.6.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-04 10:58:08 +02:00
Sebastiaan van Stijn
ff197417fa api: swagger: move ContainerCreateResponse to definitions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-28 22:39:16 +02:00
Sebastiaan van Stijn
a9be008f00 update containerd binary to v1.6.3
Release notes:

Welcome to the v1.6.3 release of containerd!

The third patch release for containerd 1.6 includes various fixes and updates.

Notable Updates

- Fix panic when configuring tracing plugin
- Improve image pull performance in CRI plugin
- Check for duplicate nspath
- Fix deadlock in cgroup metrics collector
- Mount devmapper xfs file system with "nouuid" option
- Make the temp mount as ready only in container WithVolumes
- Fix deadlock from leaving transaction open in native snapshotter
- Monitor OOMKill events to prevent missing container events

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-27 09:55:12 +02:00
Konrad Ponichtera
7d328ea1d6 Added Delve debugger to the development container (including instructions in the contribution guide).
Signed-off-by: Konrad Ponichtera <konpon96@gmail.com>
2022-04-26 20:14:06 +02:00
Sebastiaan van Stijn
cd635e465d api: swagger: move VolumeListResponse to definitions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-21 19:49:53 +02:00
Sebastiaan van Stijn
f19ef20a44 api: move types.Volume to volume.Volume
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-21 19:49:50 +02:00
CrazyMax
1efda78f2b use go-winres for windows build and cleanup autogen and winresources
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-14 19:52:36 +02:00
CrazyMax
fd2143e0b0 use go-winres for cross to create Windows resources
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-14 19:52:35 +02:00
Sebastiaan van Stijn
61404de7df Merge pull request #43474 from crazy-max/fix-cross
fix cross compilation for arm platforms
2022-04-14 18:40:44 +02:00
Sebastiaan van Stijn
5f89a6a78e pkg/urlutil: deprecate, and move to builder/remotecontext/urlutil
pkg/urlutil (despite its poorly chosen name) is not really intended as a generic
utility to handle URLs, and should only be used by the builder to handle (remote)
build contexts.

- IsURL() only does a very rudimentary check for http(s):// prefixes, without any
  other validation, but due to its name may give incorrect expectations.
- IsGitURL() is written specifically with docker build remote git contexts in
  mind, and has handling for backward-compatibility, where strings that are
  not URLs, but start with "github.com/" are accepted.

Because of the above, this patch:

- moves the package inside builder/remotecontext, close to where it's intended
  to be used (ideally this would be part of build/remotecontext itself, but this
  package imports many other dependencies, which would introduce those as extra
  dependencies in the CLI).
- deprecates pkg/urlutil, but adds aliases as there are some external consumers.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-12 19:58:05 +02:00
CrazyMax
12558c8d6e fix cross compilation for arm platforms
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-10 21:03:31 +02:00
Akihiro Suda
ffc903d7a6 update runc binary to v1.1.1
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-04-01 15:24:13 +09:00
Akihiro Suda
4d7ab4b214 update RootlessKit to v1.0.0
Only minor changes since v0.14.6, such as upgrading Go to 1.18:
https://github.com/rootless-containers/rootlesskit/compare/v0.14.6...v1.0.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-03-26 02:10:52 +09:00
Sebastiaan van Stijn
4a26fdda76 Merge pull request #43334 from thaJeztah/api_swagger_inline_examples
api: swagger: use explicit definitions, use inline examples, and fix indentation.
2022-03-25 09:51:13 +01:00
Sebastiaan van Stijn
e69529c94a update containerd binary to v1.6.2
The second patch release for containerd 1.6 includes a fix for
 [CVE-2022-24769](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c).

Notable Updates

- **Fix the inheritable capability defaults** ([GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c))

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 17:26:40 +01:00
CrazyMax
32f0561715 ci: buildkit integration test
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-03-23 16:07:04 +01:00
Akihiro Suda
de6732a403 version: add RootlessKit, slirp4netns, and VPNKit version
```console
$ docker --context=rootless version
...
Server:
...
 rootlesskit:
  Version:          0.14.2
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /tmp/rootlesskit245426514
 slirp4netns:
  Version:          1.1.9
  GitCommit:        4e37ea557562e0d7a64dc636eff156f64927335e
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-03-15 15:44:42 +09:00
Sebastiaan van Stijn
06abe8dd2d update containerd binary to v1.6.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 13:14:33 +01:00
Sebastiaan van Stijn
e4c6ca36ae api: swagger: move ContainerWaitResponse to definitions
This should help with CI being unstable when generating the types (due
to Go randomizing order). Unfortunately, the (file) names are a bit ugly,
but addressing that in a follow-up.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-05 22:21:56 +01:00
Sebastiaan van Stijn
0119f7973b api: swagger: move VolumeCreateOptions to definitions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-05 22:20:25 +01:00
Sebastiaan van Stijn
2c8f0a0c99 update containerd binary to v1.5.10
Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648][1]
and other issues.

Notable Updates

- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims
- Handle sigint/sigterm in shimv2
- Use readonly mount to read user/group info

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
[2]: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 19:34:03 +01:00
Cory Snider
e9bbc41dd1 Remove local fork of archive/tar package
A copy of Go's archive/tar packge was vendored with a patch applied to
mitigate CVE-2019-14271. Vendoring standard library packages is not
supported by Go in module-aware mode, which is getting in the way of
maintenance. A different approach to mitigate the vulnerability is
needed which does not involve vendoring parts of the standard library.

glibc implements name service lookups such as users, groups and DNS
using a scheme known as Name Service Switch. The services are
implemented as modules, shared libraries which glibc dynamically links
into the process the first time a function requiring the module is
called. This is the crux of the vulnerability: if a process linked
against glibc chroots, then calls one of the functions implemented with
NSS for the first time, glibc may load NSS modules out of the chrooted
filesystem.

The API underlying the `docker cp` command is implemented by forking a
new process which chroots into the container's rootfs and writes a tar
stream of files from the container over standard output. It utilizes the
Go standard library's archive/tar package to write the tar stream. It
makes use of the tar.FileInfoHeader function to construct a tar.Header
value from an fs.FileInfo value. In modern versions of Go on *nix
platforms, FileInfoHeader will attempt to resolve the file's UID and GID
to their respective user and group names by calling the os/user
functions LookupId and LookupGroupId. The cgo implementation of os/user
on *nix performs lookups by calling the corresponding libc functions. So
when linked against glibc, calls to tar.FileInfoHeader after the
process has chrooted into the container's rootfs can have the side
effect of loading NSS modules from the container! Without any
mitigations, a malicious container image author can trivially get
arbitrary code execution by leveraging this vulnerability and escape the
chroot (which is not a sandbox) into the host.

Mitigate the vulnerability without patching or forking archive/tar by
hiding the OS-dependent file info from tar.FileInfoHeader which it needs
to perform the lookups. Without that information available it falls back
to populating the tar.Header with only the information obtainable
directly from the FileInfo value without making any calls into os/user.

Fixes #42402

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 13:40:19 -05:00
Sebastiaan van Stijn
646ace6ee3 Dockerfile: update golangci-lint v1.44.0
Looks like this may be needed for Go 1.18

Also updating the golangci-lint configuration to account for updated
exclusion rules.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-08 09:43:30 +01:00
Akihiro Suda
c55eb6b824 update runc binary to v1.1.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-02-06 16:23:38 +09:00