Skip to content

Find a way to use latest runc in VM workflows #872

New issue
New issue
Open
Task
Open
Find a way to use latest runc in VM workflows#872
Task
Milestone
v0.3.0
@skl

Description

@skl
skl
opened on Nov 7, 2025

Since CVE-2025-52565, the OBI VM workflows started failing with unsafe procfs detected. A workaround was implemented in #870 which effectively pinned runc to an older version, by running the alpine:3:20 image - this is not ideal because we no longer receive updates, and there's a risk this older image might become patched, or deleted.

A longer term solution is needed so that we can run the latest post-patch version of runc, or some other way to run the nested virtualisation workflow on older kernels.

Some ideas:

  • Await documented workarounds/flags to disable unsafe procfs detection
  • Try recompiling the kernels with different configuration
  • Try a different container engine
  • Somehow avoid nested virtualisation
  • Offload the build to a remote/self-hosted agent/service

Relates to:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions