- Issued:
- 2017-04-12
- Updated:
- 2017-04-12
RHBA-2017:0949 - Bug Fix Advisory
Synopsis
oci-systemd-hook bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated oci-systemd-hook packages that fix several bugs are now available for Red Hat Enterprise Linux 7 Extras.
Description
The Open Container Initiative (OCI) systemd hook enables users to run systemd in docker and OCI compatible runtimes such as runc without requiring the "--privileged" flag.
This update fixes several bugs, including:
- Previously, oci-systemd-hook incorrectly ran with the container_t SELinux label. This caused the "systemctl is-active" command to show failures and SELinux errors when using a MariaDB container. This bug has been fixed, and MariaDB containers now start as expected. (BZ#1419040)
- Previously, oci-systemd-hook read the entire JSON-formatted container configuration into a fixed-size buffer. This imposed a limit on the size of container configuration that oci-systemd-hook can handle. Consequently, if container configuration was 65536 bytes or more, oci-systemd-hook logged error message
systemdhook <error>: config file too big
and the container failed to start. With this update, buffer for configuration is allocated dynamically, so there is no more limit on configuration size, and containers with large configurations start as expected. (BZ#1431856)
Users of oci-systemd-hook are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
Fixes
- BZ - 1419040 - The change to /var/log mounting breaks the running of services that require a folder in /var/log created at docker build time
- BZ - 1439382 - avc when running systemd container
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 7
SRPM | |
---|---|
oci-systemd-hook-0.1.7-2.git2788078.el7.src.rpm | SHA-256: 652906333ce95629644a5d175bcc2ae4078b97cb38079c30d0295f729839bad7 |
x86_64 | |
oci-systemd-hook-0.1.7-2.git2788078.el7.x86_64.rpm | SHA-256: 7379e071057ef9ccda0dd84a000068384c597850ef98fd596f8b41601f8c6961 |
oci-systemd-hook-debuginfo-0.1.7-2.git2788078.el7.x86_64.rpm | SHA-256: 8a7168740e6f363c9430023a93ac9eebe54a582532731c70d28125948f16a0bf |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.