containerd 1.2.6 Welcome to the v1.2.6 release of containerd! The sixth patch release for `containerd` 1.2 contains fixes for the containerd client, the CRI plugin and containerd io and mount handling. It whitelists 2 new syscalls in the default seccomp profile, and also updates CNI to v0.7.5 to include the fix for [CVE-2019-9946](https://nvd.nist.gov/vuln/detail/CVE-2019-9946). All these changes are noted below. ### Notable Updates * Allow overriding package name in `containerd --version` output. [#3098](https://github.com/containerd/containerd/pull/3098) * Add 2 new syscalls `io_pgetevents` and `statx` in the default seccomp whitelist. [#3113](https://github.com/containerd/containerd/pull/3113) [#3115](https://github.com/containerd/containerd/pull/3115) * Fix a bug that custom containerd cgroup path does not work in containerd 1.2.5. [#3143](https://github.com/containerd/containerd/pull/3143) * Fix a bug in the containerd client that `WithAllCapabilities` applies incomplete capability list. [#3147](https://github.com/containerd/containerd/pull/3147) * Fix a bug that container output can be incomplete when stdout and stderr are pointed to the same file. [#3118](https://github.com/containerd/containerd/issues/3118) * Fix a bug that containerd can't properly handle space in mount point path. [3161](https://github.com/containerd/containerd/pull/3161) * cri: fix a bug that containers being gracefully stopped are SIGKILLed when kubelet is restarted. [cri#1098](https://github.com/containerd/cri/issues/1098) * cri: Fix a bug that pod UTS namespace is used for host network. [cri#1111](https://github.com/containerd/cri/pull/1111) * cri: Update CNI plugins to v0.7.5 for [CVE-2019-9946](https://nvd.nist.gov/vuln/detail/CVE-2019-9946). * Update cri to eb926cd79d3bac188dcc4ed7694fc9298f8831be. [#3174](https://github.com/containerd/containerd/pull/3174) * Update runc to v1.0.0-rc7-6-g029124da [#3183](https://github.com/containerd/containerd/pull/3183) to fix potential container start failure on non-SELinux system. [runc#2030](https://github.com/opencontainers/runc/issues/2030) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Lantao Liu * Sebastiaan van Stijn * Michael Crosby * Phil Estes * Derek McGowan * Peter Wagner * Akihiro Suda * Avi Kivity ### Changes * [`894b81a4b8`](https://github.com/containerd/containerd/commit/894b81a4b802e4eb2a91d1ce216b8817763c29fb) Merge pull request [#3180](https://github.com/containerd/containerd/pull/3180) from Random-Liu/1.2.6-release-note * [`4be9af65b9`](https://github.com/containerd/containerd/commit/4be9af65b91dc7fd8c79162c205bb0a6d52a9ee9) Prepare 1.2.6 containerd release. * [`9d87dddaec`](https://github.com/containerd/containerd/commit/9d87dddaecd8ed385d0dd1c7e2b57194a4a97637) Merge pull request [#3183](https://github.com/containerd/containerd/pull/3183) from thaJeztah/1.2_bump_runc * [`e01177391d`](https://github.com/containerd/containerd/commit/e01177391d2483b6eca8d048b272ae424fdb0150) bump runc to 029124da (v1.0.0-rc7-6-g029124da) * [`7f8cf855a0`](https://github.com/containerd/containerd/commit/7f8cf855a0db07c3bc686bea6a792d5532ed4981) Merge pull request [#3174](https://github.com/containerd/containerd/pull/3174) from Random-Liu/update-cri-release-1.2 * [`7c1ca26e2d`](https://github.com/containerd/containerd/commit/7c1ca26e2d4bff57d08c9087d930e96997b3e4e1) Update cri to eb926cd79d3bac188dcc4ed7694fc9298f8831be * [`02fd892d59`](https://github.com/containerd/containerd/commit/02fd892d59c465ef8673086d911ca16463177f12) Merge pull request [#3164](https://github.com/containerd/containerd/pull/3164) from Random-Liu/update-cri-release-1.2 * [`67def02025`](https://github.com/containerd/containerd/commit/67def02025b668e3179bbd30c90dc3d73385406a) Update cri to ffd9a66034aee582db04cf4c59e9b2262fd4fc59. * [`f2702c52a9`](https://github.com/containerd/containerd/commit/f2702c52a9e73b8bbd7b42bac6defc84f997f754) Merge pull request [#3161](https://github.com/containerd/containerd/pull/3161) from thaJeztah/1.2_backport_fix_parseinfofile_parsing * [`f8d644ddc0`](https://github.com/containerd/containerd/commit/f8d644ddc0503bf48cad158d43027419c9829ff8) Use pkg/errors for all errors * [`50cb294d08`](https://github.com/containerd/containerd/commit/50cb294d08b8558ddce98bcdde4a4587022a8fba) fix parseInfoFile does not handle spaces in filenames * [`0d58ce1a2b`](https://github.com/containerd/containerd/commit/0d58ce1a2b329db49e34193ebff1eb95ce163052) Merge pull request [#3154](https://github.com/containerd/containerd/pull/3154) from thaJeztah/1.2_backport_issue_3118 * [`76d1f3e692`](https://github.com/containerd/containerd/commit/76d1f3e6925ae075097ea8d95291cbf346e726f5) runtime: guard Close() until both streams are complete * [`5236247ada`](https://github.com/containerd/containerd/commit/5236247adaebfa0aac3ca2e38ee5285b3ff1ab38) runtime: log IO error when copying output streams * [`5066e517ff`](https://github.com/containerd/containerd/commit/5066e517ff6c140c81f07710ce4f06cf37b42c16) Merge pull request [#3147](https://github.com/containerd/containerd/pull/3147) from Random-Liu/cherrypick-#3137-release-1.2 * [`de1b991122`](https://github.com/containerd/containerd/commit/de1b99112208b56d4ba86448eb4d1bd2fa36315b) Fix race and panic. * [`667ff6a451`](https://github.com/containerd/containerd/commit/667ff6a451200997898ae21a963b7b2add5e0ab3) Merge pull request [#3143](https://github.com/containerd/containerd/pull/3143) from thaJeztah/1.2_backport_bump_cgroups * [`7f8deb37ed`](https://github.com/containerd/containerd/commit/7f8deb37ed964e9833c73818908954cebb2e5cab) Merge pull request [#3141](https://github.com/containerd/containerd/pull/3141) from thaJeztah/1.2_backport_bump_runc_v1.0.0-rc7 * [`1e75661aed`](https://github.com/containerd/containerd/commit/1e75661aed02232804924491ec25a9e0c149e448) bump containerd/cgroups 4994991857f9b0ae8dc439551e8bebdbb4bf66c1 * [`16a56020e6`](https://github.com/containerd/containerd/commit/16a56020e65f168198b8f3f1c23b309c52530560) update opencontainers/runc v1.0.0-rc7 * [`6d14516877`](https://github.com/containerd/containerd/commit/6d14516877282483e6034870d02ed62ac89e0976) Merge pull request [#3113](https://github.com/containerd/containerd/pull/3113) from thaJeztah/1.2_backport_whitelist_statx * [`c9042ae5b5`](https://github.com/containerd/containerd/commit/c9042ae5b5a9b860585732044da0155f2e06c945) Merge pull request [#3115](https://github.com/containerd/containerd/pull/3115) from thaJeztah/1.2_backport_whitelist_io_pgetevents * [`2c2a86b019`](https://github.com/containerd/containerd/commit/2c2a86b0191e6aa020130ba30e34d90a19d0bf5d) seccomp: whitelist io_pgetevents * [`b0a8b6dd0b`](https://github.com/containerd/containerd/commit/b0a8b6dd0b7b23610e5bb933c504f2fe6d8b0f88) seccomp: whitelist statx syscall * [`5296db1b90`](https://github.com/containerd/containerd/commit/5296db1b90d17473cb9cff31a7ea2b83d18a77ff) Merge pull request [#3098](https://github.com/containerd/containerd/pull/3098) from thaJeztah/1.2_backport_override_package_name * [`7700a82a47`](https://github.com/containerd/containerd/commit/7700a82a474d22513b68444bab952c584153ae82) Makefile: allow overriding package name ### Changes from containerd/cgroups * [`4994991`](https://github.com/containerd/cgroups/commit/4994991857f9b0ae8dc439551e8bebdbb4bf66c1) Merge pull request [#79](https://github.com/containerd/cgroups/pull/79) from crosbymichael/load-none * [`453efe3`](https://github.com/containerd/cgroups/commit/453efe3313d53f746614e80c3d59860c1ca02d3e) Return ErrCgroupDeleted when no subsystems ### Changes from containerd/cri * [`eb926cd7`](https://github.com/containerd/cri/commit/eb926cd79d3bac188dcc4ed7694fc9298f8831be) Merge pull request [#1115](https://github.com/containerd/cri/pull/1115) from thaJeztah/1.2_backport_bump_selinux * [`c04ec48d`](https://github.com/containerd/cri/commit/c04ec48d4cd94b72c65550f968494b4eeb9f9b54) bump opencontainers/selinux v1.2.1 * [`24a507b3`](https://github.com/containerd/cri/commit/24a507b38a1a3e41f72dea955119a3de8eff8ebc) bump opencontainers/selinux to v1.2 * [`ffd9a660`](https://github.com/containerd/cri/commit/ffd9a66034aee582db04cf4c59e9b2262fd4fc59) Merge pull request [#1111](https://github.com/containerd/cri/pull/1111) from Random-Liu/cherrypick-#1102-release-1.2 * [`83d24561`](https://github.com/containerd/cri/commit/83d24561a44273a78917083ea96443901579ac8b) No UTS namespace for hostnetwork. * [`b2937694`](https://github.com/containerd/cri/commit/b29376941eeafdcbe3570844c3a84f23fda0a55f) Merge pull request [#1109](https://github.com/containerd/cri/pull/1109) from Random-Liu/cherrypick-#1108-release-1.2 * [`8ec2da6d`](https://github.com/containerd/cri/commit/8ec2da6d3853a6ed98b5455d7dd961dc6647dbfb) Update CNI to v0.7.5. * [`267a8caf`](https://github.com/containerd/cri/commit/267a8caf839d86bc32df565a53f9a619d79efa42) Merge pull request [#1104](https://github.com/containerd/cri/pull/1104) from Random-Liu/cherrypick-#1099-release-1.2 * [`03eae981`](https://github.com/containerd/cri/commit/03eae981570c818e058c8b58cfb2e3de6474f6c7) Do not SIGKILL container if container stop is cancelled. * [`4bfcd93a`](https://github.com/containerd/cri/commit/4bfcd93a4bebaa02612f8e8153402ba5758693d7) Merge pull request [#1097](https://github.com/containerd/cri/pull/1097) from Random-Liu/cherrypick-#1083-release-1.2 * [`b3eab098`](https://github.com/containerd/cri/commit/b3eab09846ea3098714f5ccfe2505a08246e68f6) Support docker 18.09 in the test script. * [`087738ab`](https://github.com/containerd/cri/commit/087738ab0baef8fb0242e8b07b7a60e83d467724) Merge pull request [#1091](https://github.com/containerd/cri/pull/1091) from Random-Liu/update-containerd-release-1.2 * [`befeac30`](https://github.com/containerd/cri/commit/befeac30043a487a98928ecb2ca67352fc166d00) Update containerd to v1.2.5. ### Dependency Changes Previous release can be found at [v1.2.5](https://github.com/containerd/containerd/releases/tag/v1.2.5) * **github.com/containerd/cgroups** dbea6f2bd41658b84b00417ceefa416b979cbf10 -> 4994991857f9b0ae8dc439551e8bebdbb4bf66c1 * **github.com/containerd/cri** a92c40017473cbe0239ce180125f12669757e44f -> eb926cd79d3bac188dcc4ed7694fc9298f8831be * **github.com/containernetworking/plugins** v0.7.0 -> v0.7.5 * **github.com/opencontainers/runc** 2b18fe1d885ee5083ef9f0838fee39b62d653e30 -> 029124da7af7360afa781a0234d1b083550f797c * **github.com/opencontainers/selinux** b6fa367ed7f534f9ba25391cc2d467085dbb445a -> v1.2.1