SUSE-RU-2019:2880-1: moderate: Recommended update for libcontainers-common

sle-updates at sle-updates at
Mon Nov 4 07:12:17 MST 2019

   SUSE Recommended Update: Recommended update for libcontainers-common

Announcement ID:    SUSE-RU-2019:2880-1
Rating:             moderate
References:         #1139526 #1151028 #1152752 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP1

   An update that has three recommended fixes can now be


   This update for libcontainers-common fixes the following issues:

   Update to image 1.4.4:

   - Hard-code the kernel keyring use to be disabled for now

   Update to libpod 1.5.1:

   - The hostname of pods is now set to the pod's name
   - Minor bugfixes

   Update to storage 1.12.16:

   - Ignore ro mount options in btrfs and windows drivers

   - Check /var/lib/containers if possible before setting btrfs backend

   - Add a default registries.d configuration file, used to specify images
     signatures storage location.

   Update to image v3.0.0:

   - Add "Env" to ImageInspectInfo
   - Add API function TryUpdatingCache
   - Add ability to install man pages
   - Add user registry auth to kernel keyring
   - Fix -> references
   - Fix typo in docs/
   - Remove pkg/sysregistries
   - Touch up transport man page
   - Try harder in storageImageDestination.TryReusingBlob
   - Use the same HTTP client for contacting the bearer token server and the
   - ci: change GOCACHE to a writeable path
   - config.go: improve debug message
   - config.go: log where credentials come from
   - docker client: error if registry is blocked
   - docker: allow deleting OCI images
   - docker: delete: support all MIME types
   - ostree: default is no OStree support
   - ostree: improve error message
   - progress bar: use spinners for unknown blob sizes
   - use 'containers_image_ostree' as build tag
   - use keyring when authfile empty
   - Update to storage v1.12.16
   - Add cirrus vendor check
   - Add storage options to IgnoreChownErrors
   - Add support for UID as well as UserName in /etc/subuid files.
   - Add support for ignoreChownErrors to vfs
   - Add support for installing man pages
   - Fix cross-compilation
   - Keep track of the UIDs and GIDs used in applied layers
   - Move lockfiles to their own package
   - Remove merged directory when it is unmounted
   - Switch to go modules
   - Switch to golangci-lint
   - Update generated files
   - Use same variable name on both commands
   - cirrus: ubuntu: try removing cryptsetup-initramfs
   - compression: add support for the zstd algorithm
   - getLockfile(): use the absolute path
   - loadMounts(): reset counts before merging just-loaded data
   - lockfile: don't bother releasing a lock when closing a file
   - locking test updates
   - locking: take read locks on read-only stores
   - make local-cross more reliable for CI
   - overlay: cache the results of supported/using-metacopy/use-naive-diff
     feature tests
   - overlay: fix small piece of repeated work
   - utils: fix check for missing conf file
   - zstd: use directly

   Update to libpod v1.4.4:

   - Fixed a bug where rootless Podman would attempt to use the entire root
     configuration if no rootless configuration was present for the user,
     breaking rootless Podman for new installations
   - Fixed a bug where rootless Podman's pause process would block SIGTERM,
     preventing graceful system shutdown and hanging until the system's init
     send SIGKILL
   - Fixed a bug where running Podman as root with sudo -E would not work
     after running rootless Podman at least once
   - Fixed a bug where options for tmpfs volumes added with the
     --tmpfs flag were being ignored
   - Fixed a bug where images with no layers could not properly be displayed
     and removed by Podman
   - Fixed a bug where locks were not properly freed on failure to create a
     container or pod
   - Podman now has greatly improved support for containers using multiple
     OCI runtimes. Containers now remember if they were created with a
     different runtime using --runtime and will always use that runtime
   - The cached and delegated options for volume mounts are now allowed for
     Docker compatability (#3340)
   - The podman diff command now supports the --latest flag
   - Fixed a bug where podman cp on a single file would create a directory at
     the target and place the file in it (#3384)
   - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
     hexadecimal address instead of a container's mounts
   - Fixed a bug where rootless Podman would not add an entry to container's
     /etc/hosts files for their own hostname (#3405)
   - Fixed a bug where podman ps --sync would segfault (#3411)
   - Fixed a bug where podman generate kube would produce an invalid ports
     configuration (#3408)
   - Podman now performs much better on systems with heavy I/O load
   - The --cgroup-manager flag to podman now shows the correct default
     setting in help if the default was overridden by libpod.conf
   - For backwards compatability, setting --log-driver=json-file in podman
     run is now supported as an alias for
     --log-driver=k8s-file. This is considered deprecated, and json-file will
      be moved to a new implementation in the future
   - Podman's default libpod.conf file now allows the crun OCI runtime to be
     used if it is installed
   - Fixed a bug where Podman could not run containers using an
     older version of Systemd as init (#3295)
   - Updated vendored Buildah to v1.9.0 to resolve a critical bug with
     Dockerfile RUN instructions
   - The error message for running podman kill on containers that are not
     running has been improved
   - The Podman remote client can now log to a file if syslog is not available
   - The MacOS dmg file is experimental, use at your own risk.
   - The podman exec command now sets its error code differently based on
     whether the container does not exist, and the command in the container
     does not exist
   - The podman inspect command on containers now outputs Mounts JSON that
     matches that of docker inspect, only including user-specified volumes
     and differentiating bind mounts and named volumes
   - The podman inspect command now reports the path to a container's OCI
     spec with the OCIConfigPath key (only included when the container is
     initialized or running)
   - The podman run --mount command now supports the bind-nonrecursive option
     for bind mounts (#3314)
   - Fixed a bug where podman play kube would fail to create containers due
     to an unspecified log driver
   - Fixed a bug where Podman would fail to build with musl libc (#3284)
   - Fixed a bug where rootless Podman using slirp4netns networking in an
     environment with no nameservers on the host other than localhost would
     result in nonfunctional networking (#3277)
   - Fixed a bug where podman import would not properly set environment
     variables, discarding their values and retaining
     only keys
   - Fixed a bug where Podman would fail to run when built with Apparmor
     support but run on systems without the Apparmor kernel module loaded
   - Remote Podman will now default the username it uses to log in to remote
     systems to the username of the current user
   - Podman now uses JSON logging with OCI runtimes that support it, allowing
     for better error reporting

   Updated vendored Buildah to v1.8.4

   Updated vendored containers/image to v2.0

   Update to image v2.0.0:

   - Add registry mirror support
   - Include missing man pages (bsc#1139526)

   Update to storage v1.12.10:

   - Add support for UID as well as UserName in /etc/subuid files.
   - utils: fix check for missing conf file
   - compression: add support for the zstd algorithm
   - overlay: cache the results of supported/using-metacopy/use-naive-diff
     feature tests

   Update to libpod v1.4.0

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2880=1

Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):



More information about the sle-updates mailing list