opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-29 17:48:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
26,204 Commits 57 Branches 257 Tags
b63a210dd977630e2335acb92a60bf84251df8c7
Commit Graph

20 Commits

Author SHA1 Message Date
Paul Holzinger
e0ef8362c0 update github.com/cyphar/filepath-securejoin to v0.5.1 
Since this will be required by the runc security update I bump it hare
already to make the runc bump easier. Note while there is 0.6.0 out we
use 0.5.1 intentionally as 0.6 comes with breaking changes that won't
build in our dependencies.

Also note the lib now contains code licensed under MPL-2 which is not
yet approved by the CNCF[1] but because the runc fix requires it we were
advised to just go ahead and update it for now.

[1] https://github.com/cncf/foundation/issues/1154

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-11-06 16:33:18 +01:00
renovate[bot]
f290149b70 fix(deps): update module github.com/opencontainers/runc to v1.2.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-14 02:02:06 +00:00
Paul Holzinger
1dbd68f061 vendor latest c/common from main 
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-01-07 13:35:43 +01:00
renovate[bot]
851ef2529f fix(deps): update module github.com/opencontainers/runc to v1.2.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-12-11 04:35:13 +00:00
renovate[bot]
05a449c61e fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-09 04:53:26 +00:00
renovate[bot]
ce9716ee41 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-09-30 15:44:20 +00:00
renovate[bot]
fe08440ec3 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-09-13 12:32:47 +00:00
renovate[bot]
eadfbbc809 Update module github.com/cyphar/filepath-securejoin to v0.3.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-24 14:40:02 +00:00
renovate[bot]
7c775a3f4c Update module github.com/cyphar/filepath-securejoin to v0.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-11 15:41:50 +00:00
renovate[bot]
7f6108233f Update module github.com/cyphar/filepath-securejoin to v0.2.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-05-03 09:51:56 +00:00
renovate[bot]
a5798e9f5a fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-06 08:04:39 +00:00
dependabot[bot]
9457549fff build(deps): bump github.com/vbauerster/mpb/v7 from 7.5.2 to 7.5.3 
Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/vbauerster/mpb/releases)
- [Commits](https://github.com/vbauerster/mpb/compare/v7.5.2...v7.5.3)

---
updated-dependencies:
- dependency-name: github.com/vbauerster/mpb/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Also bump the go module to 1.17 to be able to compile the new code.
Given containers/common and others already require go 1.17+ we're
safe to go.

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
 2022-09-13 08:58:22 +02:00
dependabot[bot]
518457b354 Bump github.com/cyphar/filepath-securejoin from 0.2.2 to 0.2.3 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 12:20:31 +00:00
Valentin Rothberg
2388222e98 update dependencies 
Ran a `go get -u` and bumped K8s deps to 1.15.0.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-24 21:29:31 +02:00
Valentin Rothberg
d697456dc9 migrate to go-modules 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-24 13:20:59 +02:00
Valentin Rothberg
bd40dcfc2b vendor: update everything 
* If possible, update each dependency to the latest available version.

* Use releases over commit IDs and avoid vendoring branches.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-01-11 13:38:11 +01:00
baude
6246942d37 Increase security and performance when looking up groups 
We implement the securejoin method to make sure the paths to /etc/passwd and
/etc/group are not symlinks to something naughty or outside the container
image. And then instead of actually chrooting, we use the runc functions to
get information about a user.  The net result is increased security and
a a performance gain from 41ms to 100us.

Signed-off-by: baude <bbaude@redhat.com>
 2018-10-25 06:42:43 -05:00
umohnani8
27107fdac1 Vendor in latest containers/image and contaners/storage 
Made necessary changes to functions to include contex.Context wherever needed

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #640
Approved by: baude
 2018-04-19 14:08:47 +00:00
Daniel J Walsh
af64e10400 Vendor in lots of kubernetes stuff to shrink image size 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #554
Approved by: mheon
 2018-03-27 18:09:12 +00:00
baude
be9ed1cfac Privileged containers should inherit host devices 
When running a privileged container, it should inherit the same
devices the host has.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #330
Approved by: mheon
 2018-02-15 00:20:47 +00:00