Skip to content

runc 1.1.3 -- "In the beginning there was nothing, which exploded."
Compare
Choose a tag to compare
@cyphar cyphar released this 09 Jun 00:17
· 1527 commits to main since this release
v1.1.3
This tag was signed with the committer’s verified signature. The key has been revoked.
cyphar Aleksa Sarai
GPG key ID: 9D94B96321B9D012
Revoked
Verified
Learn about vigilant mode.
6724737

This is the third release of the 1.1.z series of runc, and contains
various minor improvements and bugfixes.

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return -EPERM despite the existence of the -ENOSYS stub
    code (this was due to how s390x does syscall multiplexing). (#3478)
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes. (#3476)
  • Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang. (#3477)
  • When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths. (#3504)
  • Socket activation was failing when more than 3 sockets were used. (#3494)
  • Various CI fixes. (#3472, #3479)
  • Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)
  • runc static binaries are now linked against libseccomp v2.5.4. (#3481)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Assets 19
Loading