You can find the source of this version on GitHub at cloudfoundry/garden-runc-release. It was created based on the commit
- Verified with grootfs-release v0.7.0
Patches runC to address a security vulnerability (CVE-2016-9962). Garden never runs user processes as pid 1 (which the mentioned exploit relies on) and enables apparmor (which prevents ptrace), but the patch also works around a kernel mis-ordering of operations that could very briefly expose an fd in a container.
You can reference this release in your deployment manifest from the
- name: "garden-runc" version: "1.1.1" url: "https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1" sha1: "6e50e37efbfbfcfa803d5d87a7a85a3073f69243"
Or upload it to your director with the
bosh upload-release --sha1 6e50e37efbfbfcfa803d5d87a7a85a3073f69243 \ https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.1.1