RHBA-2017:0949 - Bug Fix Advisory
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Updated oci-systemd-hook packages that fix several bugs are now available for Red Hat Enterprise Linux 7 Extras.
The Open Container Initiative (OCI) systemd hook enables users to run systemd in docker and OCI compatible runtimes such as runc without requiring the "--privileged" flag.
This update fixes several bugs, including:
- Previously, oci-systemd-hook incorrectly ran with the container_t SELinux label. This caused the "systemctl is-active" command to show failures and SELinux errors when using a MariaDB container. This bug has been fixed, and MariaDB containers now start as expected. (BZ#1419040)
- Previously, oci-systemd-hook read the entire JSON-formatted container configuration into a fixed-size buffer. This imposed a limit on the size of container configuration that oci-systemd-hook can handle. Consequently, if container configuration was 65536 bytes or more, oci-systemd-hook logged error message
and the container failed to start. With this update, buffer for configuration is allocated dynamically, so there is no more limit on configuration size, and containers with large configurations start as expected. (BZ#1431856)
Users of oci-systemd-hook are advised to upgrade to these updated packages, which fix these bugs.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
- Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 7