containerd minimal version change

Skip to first unread message

Fabricio Voznika

Jan 21, 2021, 12:44:10 PMJan 21
to gVisor Users, gVisor Development
Hi all,

containerd issued a fix for CVE-2020-15257 in containerd 1.3.9 and 1.4.3. This CVE affects the communication between containerd and shims. Starting at b2a6973, gvisor-containerd-shim was updated to build against containerd 1.3.9. This version is not compatible with containerd releases that do not contain the fix. When used with containerd versions that do not have the fix, the shim will fail to start with the following error:

Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: dial unix /run/containerd/s/09e4a212c74968bf1dfd3d75ddc47bfd8bbab446e0f3ae5347da51008e378cff: connect: connection refused: unknown

Minimum containerd versions required are 1.3.9 and 1.4.3.
Reply all
Reply to author
0 new messages