#containerd
LightNews LightNews
bluesky.awakari.com
Docker Engine 29: Containerd Becomes Default, Experimental nftables Support Docker Engine 29 sets containerd as the default image store and introduces experimental nftables support for modern Linux networking.

Interest | Match | Feed
Origin
linuxiac.com
November 12, 2025 at 3:58 PM
ferramentaslinux.bsky.social
New post: "Critical #SUSE Containerd Vulnerabilities Patched: A Deep Dive"

Just published a technical analysis of the newly disclosed containerd path traversal and race condition vulnerabilities (CVE-2024-23652, CVE-2024-23653). Read more: 👉 tinyurl.com/ytuexzu5 #Security
Critical Containerd Vulnerabilities Patched: A Deep Dive into CVE-2024-23652 and CVE-2024-23653
Blog com notícias sobre, Linux, Android, Segurança , etc
tinyurl.com
November 12, 2025 at 1:53 PM
linuxiac.bsky.social
Docker Engine 29 sets containerd as the default image store and introduces experimental nftables support for modern Linux networking.
linuxiac.com/docker-engin...

#docker #linux #containerization
Docker Engine 29: Containerd Becomes Default, Experimental nftables Support
Docker Engine 29 sets containerd as the default image store and introduces experimental nftables support for modern Linux networking.
linuxiac.com
November 12, 2025 at 12:16 PM
epvh.bsky.social
I missed the snark of @quinnypig.com because I wanted to yell about containerd and cgroups at Apple. The sacrifices we make at #kubecon.
November 11, 2025 at 9:09 PM
kubernetes.dev
Maintainer Track sessions start in 15 minutes! Head to Bldg C to hear from @ciliumproject, emissary-ingress, @containerd, @rook_io, @buildpacks_io, CRI-O, @cortexmetrics, @falco_org, @kyverno, OpenKruise, @crossplane_io, @KnativeProject, @opentelemetry, @fluxcd, SIGs and WGs!
November 11, 2025 at 4:03 PM
mrugalski.bsky.social
Główny problem pojawił się na styku Containerd z AppArmor (system bezpieczeństwa, coś jak SELinux, ale prostszy).

Oficjalna porada od developerów? "Wyłącz systemy Apparmor i po problemie!". Wyłączenie systemów bezpieczeństwa w celu umożliwienia działania patcha bezpieczeństwa... 🤔
November 11, 2025 at 7:30 AM
mrugalski.bsky.social
Tysiące zaktualizowanych Dockerów.

Szybko (w kilka godzin) ogarnęliśmy hotfixa polegającego na obniżeniu containerd do poprzedniej, działającej wersji. Działało super na Ubuntu 24.04, ale kiepsko na starych Debianach i Ubuntu 22.04, bo tam upgrade pakietów był szerszy.
November 11, 2025 at 7:30 AM
mrugalski.bsky.social
5 listopada wyszła jednak nowa wersja Dockera (28.5.2), a wraz z nią aktualizacje dla ContainerD (zarządza cyklem życia kontenerów) oraz Runc (uruchamia realny kontener).

Po co ta aktualizacja? Aby załatać 3 krytyczne podatności, które umożliwiały ucieczkę z kontenera.
November 11, 2025 at 7:30 AM
viralpique.bsky.social
CPU quota calculation mismatch between containerd and runc causes container creation failure · Issue #4982 · opencontainers/runc · GitHub

✨ Check out this insightful post from Hacker News 📖 📂 Category: ✅ Key idea: Description When using the systemd cgroup driver with a CPU limit of 4096m, pod…
CPU quota calculation mismatch between containerd and runc causes container creation failure · Issue #4982 · opencontainers/runc · GitHub
✨ Check out this insightful post from Hacker News 📖 📂 Category: ✅ Key idea: Description When using the systemd cgroup driver with a CPU limit of 4096m, pod creation fails intermittently because containerd non-deterministically calculates either 409600 or 410000 microseconds for the parent cgroup, while runc consistently calculates 410000 for child cgroups. When they mismatch, the Linux kernel rejects the child cgroup creation with "invalid argument".
viralpique.com
November 9, 2025 at 11:28 AM
dailygithubtrends.bsky.social
今日のGitHubトレンド

lima-vm/lima
Limaは、自動ファイル共有とポート転送機能を備えたLinux仮想マシン(VM)を起動するツールである。
当初はmacOSユーザー向けにcontainerdやnerdctlの利用を促進することを目的としていた。
現在ではDockerやKubernetesを含む多様なコンテナエンジン、および非コンテナアプリケーションに対応し、macOS以外にも対応する汎用的なLinux実行環境を容易に構築・利用できるようにすることを目指している。
GitHub - lima-vm/lima: Linux virtual machines, with a focus on running containers
Linux virtual machines, with a focus on running containers - lima-vm/lima
github.com
November 8, 2025 at 11:14 AM
bluesky.awakari.com
nerdctl 2.2.0-1 x86_64 Docker-compatible CLI for containerd

Interest | Match | Feed
Origin
archlinux.org
November 7, 2025 at 9:56 PM
bluesky.awakari.com
nerdctl 2.2.0-1 x86_64 Docker-compatible CLI for containerd

Interest | Match | Feed
Origin
archlinux.org
November 7, 2025 at 9:56 PM
motoridersd.pug.ninja
this is the first issue I've had with it and it wasn't even its fault. It's something to do with the latest containerd version and running an LXC container on Proxmox. A net.ipv4 permission broke with this combination.
November 7, 2025 at 6:48 PM
soli-0222.mi.soli0222.com.ap.brid.gy
containerdも上げちゃお
November 7, 2025 at 2:00 PM
bluesky.awakari.com
containerd 2.2.0-1 x86_64 An open and reliable container runtime

Interest | Match | Feed
Origin
archlinux.org
November 7, 2025 at 12:13 PM
bluesky.awakari.com
containerd 2.2.0-1 x86_64 An open and reliable container runtime

Interest | Match | Feed
Origin
archlinux.org
November 7, 2025 at 12:13 PM
cve.skyfleet.blue
CVE-2025-64329 - containerd CRI server: Host memory exhaustion through Attach goroutine leak
CVE ID : CVE-2025-64329

Published : Nov. 7, 2025, 4:15 a.m. | 1 hour, 14 minutes ago

Description : containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0....
CVE-2025-64329 - containerd CRI server: Host memory exhaustion through Attach goroutine leak
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 …
cvefeed.io
November 7, 2025 at 5:46 AM
bluesky.awakari.com
containerd 2.2.0-1 x86_64 An open and reliable container runtime

Interest | Match | Feed
Origin
archlinux.org
November 6, 2025 at 7:39 PM
bluesky.awakari.com
containerd 2.2.0-1 x86_64 An open and reliable container runtime

Interest | Match | Feed
Origin
archlinux.org
November 6, 2025 at 7:39 PM
linux.activitypub.awakari.com.ap.brid.gy
Внутреннее устройство Docker. Заглянем под капот Сначала были физические серверы - дорогие и неэффективные. За...

#docker #containerd #runc #linux #containers #container #контейнеризация #докер #devops #линукс

Origin | Interest | Match
November 6, 2025 at 11:13 AM
starptr.andref.app
Why can’t containerd support systemd in containers💔
November 6, 2025 at 6:30 AM
icecodenew.bsky.social
github.com/containerd/c...

containerd 发版 2.2.0 了。新版本新气象,光是看着 changelog 我就已经在流口水了🤤
Release containerd 2.2.0 · containerd/containerd
Welcome to the v2.2.0 release of containerd! The second minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the second time-based release...
github.com
November 6, 2025 at 2:42 AM
jschauma.mstdn.social.ap.brid.gy
If you're using `runc` for your containers: congrats! You get to patch three new vulnerabilities that could allow for a full container break-out:

CVE-2025-31133: symlink attack on bind-mount of /dev/null for masked paths […]
Original post on mstdn.social
mstdn.social
November 5, 2025 at 3:00 PM
dailyqiitatrends.bsky.social
今日のQiitaトレンド

Docker以外のコンテナエンジン完全ガイド:初心者から実践まで
本記事は、コンテナ技術の基礎知識を解説し、Docker以外の主要な代替エンジンを紹介します。
Dockerのライセンスやセキュリティの課題を背景に、デーモンレスで安全なPodman、Kubernetes推奨の軽量ランタイムであるcontainerd、CRI-Oの特徴と使い方を詳述します。
各エンジンのメリットや適用シーンを提示することで、読者が用途に応じて最適なコンテナ技術を選択できるよう支援します。
Docker以外のコンテナエンジン完全ガイド:初心者から実践まで #インフラ - Qiita
Docker以外のコンテナエンジン完全ガイド:初心者から実践まで 最終更新: 2025年11月(Kubernetes 1.34対応確認済み) はじめに 「コンテナ = Docker」と思っている方も多いのではないでしょうか?実は、コンテナ技術の世界にはDocker以外に...
qiita.com
November 3, 2025 at 10:22 PM