kumquat-buildroot/package/containerd
Christian Stewart 935bd589a3 package/containerd: security bump to version 1.5.9
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when
it is SELinux"

Containers launched through containerd’s CRI implementation on Linux systems
which use the SELinux security module and containerd versions since v1.5.0 can
cause arbitrary files and directories on the host to be relabeled to match the
container process label through the use of specially-configured bind mounts in a
hostPath volume. This relabeling elevates permissions for the container,
granting full read/write access over the affected files and directories.
Kubernetes and crictl can both be configured to use containerd’s CRI
implementation.

https://github.com/advisories/GHSA-mvff-h3cj-wj9c
https://github.com/containerd/containerd/releases/tag/v1.5.9

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-01-26 22:22:55 +01:00
..
Config.in
containerd.hash
containerd.mk