SUSE-RU-2017:1965-1

Описание

This update for Containerd, Docker and RunC provides several fixes and enhancements.

Containerd:

• Update containerd to the version needed for docker-v17.04.0-ce. (bsc#1034053)
• Fix spurious messages filling journal. (bsc#1032769)
• Set TasksMax=infinity to make sure runC doesn't start failing randomly.

Docker:

• Update to version 17.04.0-ce. (bsc#1034053)
• Fix execids leaks due to bad error handling. (bsc#1037436)
• Make Apparmor's pkg/aaparser work on read-only root. (bsc#1037607)
• Improve Docker's systemd configuration. (bsc#1032287)
• Check if the docker binary is available before attempting to use it. (bsc#1038476)
• Build man pages for all architectures. (bsc#953182)
• Fix DNS resolution when Docker host uses 127.0.0.1 as resolver. (bsc#1034063)
• Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't understand.
• Update SUSE secrets patch to handle bsc#1030702.
• Change lvm2 from Requires to Recommends: Docker usually uses a default storage driver, when it's not configured explicitly. This default driver then depends on the underlying system and gets chosen during installation. (bsc#1032644)
• Disable libseccomp for Leap 42.1, SLE 12 and 12-SP1, because docker needs a higher version. Otherwise, we get the error 'conditional filtering requires libseccomp version >= 2.2.1. (bsc#1028639, bsc#1028638)
• Add a backport of fix to AppArmor lazy loading docker-exec case.
• Fix systemd TasksMax default which could throttle docker. (bsc#1026827)
• Enable pkcs11

For a comprehensive list of changes please refer to /usr/share/doc/packages/docker/CHANGELOG.md

RunC:

• Update version to the one required by docker-17.04.0-ce. (bsc#1034053)
• Make sure to ignore cgroup v2 mountpoints. (bsc#1028113)