From 299c418144ea5bc4f7bd86b6fe0f7a23c8150823 Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Sun, 20 Jun 2021 20:10:01 -0400
Subject: [PATCH] crun: update to latest

Bumping crun to version 0.20.1-7-g7ef74c9, which comprises the following commits:

    b07c389 criu: fix error check
    09401bb linux: fix unitialized variable
    b222968 cgroup: fix a memory leak
    1182975 cgroup: honor memory swappiness set to 0
    38271d1 NEWS: tag 0.20.1
    923447b container: ignore resetting keyring SELinux label
    b26493f Dockerfile: install required python3-jinja2 package
    0d42f11 NEWS: tag 0.20
    9042ac5 seccomp: drop SECCOMP_FILTER_FLAG_LOG by default
    0f4156f cgroup: Refactor libcrun-cgroup-destory to support picking subsystems dynamically and clean custom controllers.
    d6be344 cgroup: ignore devices errors in a userns
    6e187fb cgroup: do not join empty controller
    badb23d seccomp: report correct action in error message
    5201956 container: apply SELinux label to keyring
    4b664e9 linux: attempt to open existing dev file first
    dd1c419 libocispec: sync from upstream
    5f74e2a Makefile.am: make sure libocispec uses main branch
    f0c76e1 utils: close_range fallbacks to close on EPERM
    1596ab1 Update crun manual with recently added flags
    1d84d62 Fix type for LinuxDeviceCgroup.linux.resources.devices.allow in default Spec
    62d251d container: call prestart hooks before rootfs is RO
    48bc33d Exec: Add --process-label and --apparmor to allow modifying selinux_label and apparmor_profile
    0e53e87 Exec: Add --no-new-privs to and adhere if noNewPriviledges is false in basespec config
    2de8b43 Fix SIGSEGV for rootless container caused by case when def->linux is defined but def->linux->cgroups_path is NULL
    54e77c2 Add support for spec --bundle
    ae11886 cgroup: fix regression in mode detection
    194b72d kill: fix race condition with pidfd_open
    2910d9b cgroup: add custom annotation run.oci.delegate-cgroup
    407eef9 cgroup: drop argument from function
    0485de6 cgroup: report error if the cgroup path was set
    bf5020a cgroup: improve error message
    a131715 cgroup: fix recursive cleanup
    6e95060 cgroup: kill procs in cgroup on EBUSY
    0274d6f tests: disable go modules
    1272eaf tests: skip podman create --pull
    04f1a6a container: read the error from the init process
    29afcd6 Update README.md
    9863a8e Update README.md
    55f5ed5 utils: use /proc/self/fd to open unix socket
    fa40930 contrib: fix warning from the rust compiler
    1535fed NEWS: tag 0.19.1
    227e0be spec: add cgroup ns if on cgroup v2
    3fbe777 libcrun: add const to spec_file
    eb34661 libcrun: annotate cgroup_mode < 0 checks
    92bcc81 tests: add fuzzing tests
    af3509d cgroup: support array of strings
    9effaeb On exec, honor additional_gids from the process spec, not the container definition

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 recipes-containers/crun/crun_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-containers/crun/crun_git.bb b/recipes-containers/crun/crun_git.bb
index 75e63259..8c483e55 100644
--- a/recipes-containers/crun/crun_git.bb
+++ b/recipes-containers/crun/crun_git.bb
@@ -3,7 +3,7 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 PRIORITY = "optional"
 
-SRCREV_crun = "f302dd8c02c6fddd2c50d1685d82b7a19aae8afe"
+SRCREV_crun = "7ef74c9330033cb884507c28fd8c267861486633"
 SRCREV_libocispec = "c9b8b9524814550a489aa6d38b2dec95633ffa15"
 SRCREV_ispec = "79b036d80240ae530a8de15e1d21c7ab9292c693"
 SRCREV_rspec = "7413a7f753e1bd9a6a9c6dc7f96f55888cbbd476"