Since this will be required by the runc security update I bump it hare
already to make the runc bump easier. Note while there is 0.6.0 out we
use 0.5.1 intentionally as 0.6 comes with breaking changes that won't
build in our dependencies.
Also note the lib now contains code licensed under MPL-2 which is not
yet approved by the CNCF[1] but because the runc fix requires it we were
advised to just go ahead and update it for now.
[1] https://github.com/cncf/foundation/issues/1154
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We implement the securejoin method to make sure the paths to /etc/passwd and
/etc/group are not symlinks to something naughty or outside the container
image. And then instead of actually chrooting, we use the runc functions to
get information about a user. The net result is increased security and
a a performance gain from 41ms to 100us.
Signed-off-by: baude <bbaude@redhat.com>
When running a privileged container, it should inherit the same
devices the host has.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #330
Approved by: mheon
