Recommended update for libcontainers-common

SUSE Recommended Update: Recommended update for libcontainers-common
Announcement ID: SUSE-RU-2019:2880-1
Rating: moderate
References: #1139526 #1151028 #1152752
Affected Products:
  • SUSE Linux Enterprise Module for Basesystem 15-SP1

An update that has three recommended fixes can now be installed.

Description:

This update for libcontainers-common fixes the following issues:
Update to image 1.4.4:

  • Hard-code the kernel keyring use to be disabled for now

Update to libpod 1.5.1:
  • The hostname of pods is now set to the pod's name
  • Minor bugfixes

Update to storage 1.12.16:
  • Ignore ro mount options in btrfs and windows drivers

  • Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)

  • Add a default registries.d configuration file, used to specify images signatures storage location.

Update to image v3.0.0:
  • Add "Env" to ImageInspectInfo
  • Add API function TryUpdatingCache
  • Add ability to install man pages
  • Add user registry auth to kernel keyring
  • Fix policy.json.md -> containers-policy.json.5.md references
  • Fix typo in docs/containers-registries.conf.5.md
  • Remove pkg/sysregistries
  • Touch up transport man page
  • Try harder in storageImageDestination.TryReusingBlob
  • Use the same HTTP client for contacting the bearer token server and the registry
  • ci: change GOCACHE to a writeable path
  • config.go: improve debug message
  • config.go: log where credentials come from
  • docker client: error if registry is blocked
  • docker: allow deleting OCI images
  • docker: delete: support all MIME types
  • ostree: default is no OStree support
  • ostree: improve error message
  • progress bar: use spinners for unknown blob sizes
  • use 'containers_image_ostree' as build tag
  • use keyring when authfile empty
  • Update to storage v1.12.16
  • Add cirrus vendor check
  • Add storage options to IgnoreChownErrors
  • Add support for UID as well as UserName in /etc/subuid files.
  • Add support for ignoreChownErrors to vfs
  • Add support for installing man pages
  • Fix cross-compilation
  • Keep track of the UIDs and GIDs used in applied layers
  • Move lockfiles to their own package
  • Remove merged directory when it is unmounted
  • Switch to go modules
  • Switch to golangci-lint
  • Update generated files
  • Use same variable name on both commands
  • cirrus: ubuntu: try removing cryptsetup-initramfs
  • compression: add support for the zstd algorithm
  • getLockfile(): use the absolute path
  • loadMounts(): reset counts before merging just-loaded data
  • lockfile: don't bother releasing a lock when closing a file
  • locking test updates
  • locking: take read locks on read-only stores
  • make local-cross more reliable for CI
  • overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests
  • overlay: fix small piece of repeated work
  • utils: fix check for missing conf file
  • zstd: use github.com/klauspost/compress directly

Update to libpod v1.4.4:
  • Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations
  • Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL
  • Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once
  • Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored
  • Fixed a bug where images with no layers could not properly be displayed and removed by Podman
  • Fixed a bug where locks were not properly freed on failure to create a container or pod
  • Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime
  • The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340)
  • The podman diff command now supports the --latest flag
  • Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384)
  • Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts
  • Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405)
  • Fixed a bug where podman ps --sync would segfault (#3411)
  • Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408)
  • Podman now performs much better on systems with heavy I/O load
  • The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf
  • For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpod/issues/3363))
  • Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed
  • Fixed a bug where Podman could not run containers using an older version of Systemd as init (#3295)
  • Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions
  • The error message for running podman kill on containers that are not running has been improved
  • The Podman remote client can now log to a file if syslog is not available
  • The MacOS dmg file is experimental, use at your own risk.
  • The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist
  • The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes
  • The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)
  • The podman run --mount command now supports the bind-nonrecursive option for bind mounts (#3314)
  • Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver
  • Fixed a bug where Podman would fail to build with musl libc (#3284)
  • Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277)
  • Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys
  • Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded (#3331)
  • Remote Podman will now default the username it uses to log in to remote systems to the username of the current user
  • Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting

Updated vendored Buildah to v1.8.4
Updated vendored containers/image to v2.0
Update to image v2.0.0:
  • Add registry mirror support
  • Include missing man pages (bsc#1139526)

Update to storage v1.12.10:
  • Add support for UID as well as UserName in /etc/subuid files.
  • utils: fix check for missing conf file
  • compression: add support for the zstd algorithm
  • overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests

Update to libpod v1.4.0

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2880=1

Package List:

  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
    • libcontainers-common-20190923-3.6.1

References: