crun is a drop-in replacement for runc, so we can use the former to
impersonate the latter when it is not enabled.
To do so, we create a runc symlink pointing to crun, when runc is not
enabled.
See: https://github.com/containerd/containerd/discussions/6162
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Christian Stewart <christian@paral.in>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libgcrypt is an optional dependency which is enabled by default since
version 1.7 and
dd310aaf5a
Unfortunately, thetre are no associated --enable/disable flags; it all
depends on auto-detection.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
crun unconditionally uses fexecve since its addition in commit
530d6f661e and
ce4dfbb97a:
resulting in the following uclibc build failure:
/tmp/instance-11/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arceb-snps-linux-uclibc/9.2.1/../../../../arceb-snps-linux-uclibc/bin/ld: src/libcrun/crun-cloned_binary.o: in function `ensure_cloned_binary':
cloned_binary.c:(.text+0x1006): undefined reference to `fexecve'
In 6e3f7fbc07 (package/runc: add upstream security fix for
CVE-2019-5736), we made runc unavailable for uclibc toolchains, and crun
uses fexecve for that same reason, to fix CVE-2019-5736.
So, also make crun unavailable for uclibc toolchains.
Fixes:
- http://autobuild.buildroot.org/results/e1f4ef2b392c0e7161390ba0f97d6eef3bd12e9c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
