Replies: 1 comment 10 replies
-
|
My |
Beta Was this translation helpful? Give feedback.
-
|
I have similar issue Rancher Desktop version 1.22.3 on Ubuntu 24.04. I have replaced $~ rdctl shell uname -a
Linux lima-rancher-desktop 6.6.137-0-virt
$~ less .local/share/rancher-desktop/lima/0/lima.yaml | grep location
- location: /opt/rancher-desktop/resources/resources/linux/alpine-lima-v0.2.47.rd1.2-rd-3.23.0.iso
- location: "~"
- location: /tmp/rancher-desktop
- location: /opt/rancher-desktop/resources/resources
$~ |
Beta Was this translation helpful? Give feedback.
-
|
That is expected, please check the output of |
Beta Was this translation helpful? Give feedback.
-
➜ ~ rdctl shell modinfo algif_aead
modinfo: module '/lib/modules/6.6.137-0-virt/algif_aead' not found
➜ ~ |
Beta Was this translation helpful? Give feedback.
-
|
That ( |
Beta Was this translation helpful? Give feedback.
-
|
Yes that is true, but I think it is mixed with different bug: and I have tried to remove these files: ➜ ~ rm -rf ~/.lima
➜ ~ rm -rf ~/.rd/ca-certificates/
➜ ~ rm -rf ~/.rd/lima
➜ ~ nano .local/share/rancher-desktop/lima/0/lima.yaml # here I edit that location
➜ ~ rdctl shell modinfo algif_aead
modinfo: module '/lib/modules/6.6.137-0-virt/algif_aead' not found
➜ ~ rancher-desktop # and error during startup any idea how to fix that? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Background
Rancher Desktop 1.22.3 ships with an updated kernel that no longer includes the modules vulnerable to the
copy.failanddirtyfragexploits. These exploits would let a process running inside a container access and modify host files that have not been mounted into it.On macOS and Linux, upgrading to 1.22.3 does not refresh the kernel automatically; to update it, you must either factory-reset Rancher Desktop (which wipes existing images and Kubernetes workloads) or follow the procedure below.
On Windows, the vulnerable modules are removed on every start of Rancher Desktop, so the update applies automatically and no factory reset is required.
Check if you are running the new kernel
You can verify that you don't have the affected kernel modules installed with
However, if you get the following output, then you are still running the old version:
Workaround to force a kernel update
The following is a workaround to trigger the update without doing a factory reset:
Make sure you have installed 1.22.3.
Shut down Rancher Desktop
Edit the
lima.yamlfile. The path depends on the OS:Linux:
~/.local/share/rancher-desktop/lima/0/lima.yamlmacOS:
~/Library/Application\ Support/rancher-desktop/lima/0/lima.yamlIt will contain this block (example shows macOS path):
Edit the filename so the version segment reads
v0.2.47.rd0-rd-3.23.0.iso. You may see eitherrd1orrd1.2betweenv0.2.47.and-rd-; replace whichever you find withrd0.Restart Rancher Desktop
Verify that you are running the new kernel with the
modinfocommand shown above.Note
Snapshots created with 1.22.0 still contain the vulnerable kernel, so restoring one will require upgrading the kernel again. Consider saving a fresh snapshot after the upgrade.
Beta Was this translation helpful? Give feedback.
All reactions