SUSE-RU-2019:2880-1: moderate: Recommended update for libcontainers-common
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon Nov 4 07:12:17 MST 2019
SUSE Recommended Update: Recommended update for libcontainers-common
______________________________________________________________________________
Announcement ID: SUSE-RU-2019:2880-1
Rating: moderate
References: #1139526 #1151028 #1152752
Affected Products:
SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________
An update that has three recommended fixes can now be
installed.
Description:
This update for libcontainers-common fixes the following issues:
Update to image 1.4.4:
- Hard-code the kernel keyring use to be disabled for now
Update to libpod 1.5.1:
- The hostname of pods is now set to the pod's name
- Minor bugfixes
Update to storage 1.12.16:
- Ignore ro mount options in btrfs and windows drivers
- Check /var/lib/containers if possible before setting btrfs backend
(bsc#1151028)
- Add a default registries.d configuration file, used to specify images
signatures storage location.
Update to image v3.0.0:
- Add "Env" to ImageInspectInfo
- Add API function TryUpdatingCache
- Add ability to install man pages
- Add user registry auth to kernel keyring
- Fix policy.json.md -> containers-policy.json.5.md references
- Fix typo in docs/containers-registries.conf.5.md
- Remove pkg/sysregistries
- Touch up transport man page
- Try harder in storageImageDestination.TryReusingBlob
- Use the same HTTP client for contacting the bearer token server and the
registry
- ci: change GOCACHE to a writeable path
- config.go: improve debug message
- config.go: log where credentials come from
- docker client: error if registry is blocked
- docker: allow deleting OCI images
- docker: delete: support all MIME types
- ostree: default is no OStree support
- ostree: improve error message
- progress bar: use spinners for unknown blob sizes
- use 'containers_image_ostree' as build tag
- use keyring when authfile empty
- Update to storage v1.12.16
- Add cirrus vendor check
- Add storage options to IgnoreChownErrors
- Add support for UID as well as UserName in /etc/subuid files.
- Add support for ignoreChownErrors to vfs
- Add support for installing man pages
- Fix cross-compilation
- Keep track of the UIDs and GIDs used in applied layers
- Move lockfiles to their own package
- Remove merged directory when it is unmounted
- Switch to go modules
- Switch to golangci-lint
- Update generated files
- Use same variable name on both commands
- cirrus: ubuntu: try removing cryptsetup-initramfs
- compression: add support for the zstd algorithm
- getLockfile(): use the absolute path
- loadMounts(): reset counts before merging just-loaded data
- lockfile: don't bother releasing a lock when closing a file
- locking test updates
- locking: take read locks on read-only stores
- make local-cross more reliable for CI
- overlay: cache the results of supported/using-metacopy/use-naive-diff
feature tests
- overlay: fix small piece of repeated work
- utils: fix check for missing conf file
- zstd: use github.com/klauspost/compress directly
Update to libpod v1.4.4:
- Fixed a bug where rootless Podman would attempt to use the entire root
configuration if no rootless configuration was present for the user,
breaking rootless Podman for new installations
- Fixed a bug where rootless Podman's pause process would block SIGTERM,
preventing graceful system shutdown and hanging until the system's init
send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not work
after running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the
--tmpfs flag were being ignored
- Fixed a bug where images with no layers could not properly be displayed
and removed by Podman
- Fixed a bug where locks were not properly freed on failure to create a
container or pod
- Podman now has greatly improved support for containers using multiple
OCI runtimes. Containers now remember if they were created with a
different runtime using --runtime and will always use that runtime
- The cached and delegated options for volume mounts are now allowed for
Docker compatability (#3340)
- The podman diff command now supports the --latest flag
- Fixed a bug where podman cp on a single file would create a directory at
the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to container's
/etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid ports
configuration (#3408)
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct default
setting in help if the default was overridden by libpod.conf
- For backwards compatability, setting --log-driver=json-file in podman
run is now supported as an alias for
--log-driver=k8s-file. This is considered deprecated, and json-file will
be moved to a new implementation in the future
([#3363](https://github.com/containers/libpod/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI runtime to be
used if it is installed
- Fixed a bug where Podman could not run containers using an
older version of Systemd as init (#3295)
- Updated vendored Buildah to v1.9.0 to resolve a critical bug with
Dockerfile RUN instructions
- The error message for running podman kill on containers that are not
running has been improved
- The Podman remote client can now log to a file if syslog is not available
- The MacOS dmg file is experimental, use at your own risk.
- The podman exec command now sets its error code differently based on
whether the container does not exist, and the command in the container
does not exist
- The podman inspect command on containers now outputs Mounts JSON that
matches that of docker inspect, only including user-specified volumes
and differentiating bind mounts and named volumes
- The podman inspect command now reports the path to a container's OCI
spec with the OCIConfigPath key (only included when the container is
initialized or running)
- The podman run --mount command now supports the bind-nonrecursive option
for bind mounts (#3314)
- Fixed a bug where podman play kube would fail to create containers due
to an unspecified log driver
- Fixed a bug where Podman would fail to build with musl libc (#3284)
- Fixed a bug where rootless Podman using slirp4netns networking in an
environment with no nameservers on the host other than localhost would
result in nonfunctional networking (#3277)
- Fixed a bug where podman import would not properly set environment
variables, discarding their values and retaining
only keys
- Fixed a bug where Podman would fail to run when built with Apparmor
support but run on systems without the Apparmor kernel module loaded
(#3331)
- Remote Podman will now default the username it uses to log in to remote
systems to the username of the current user
- Podman now uses JSON logging with OCI runtimes that support it, allowing
for better error reporting
Updated vendored Buildah to v1.8.4
Updated vendored containers/image to v2.0
Update to image v2.0.0:
- Add registry mirror support
- Include missing man pages (bsc#1139526)
Update to storage v1.12.10:
- Add support for UID as well as UserName in /etc/subuid files.
- utils: fix check for missing conf file
- compression: add support for the zstd algorithm
- overlay: cache the results of supported/using-metacopy/use-naive-diff
feature tests
Update to libpod v1.4.0
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Basesystem 15-SP1:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2880=1
Package List:
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
libcontainers-common-20190923-3.6.1
References:
https://bugzilla.suse.com/1139526
https://bugzilla.suse.com/1151028
https://bugzilla.suse.com/1152752
More information about the sle-updates
mailing list