runc v1.2.0-rc.2 -- "TRUE or FALSE, it's a problem!"
Pre-releaseThis is the second release candidate for the 1.2.0 branch of runc. It includes
all patches and bugfixes included in runc 1.1 patch releases (up to and
including 1.1.13). A fair few new features have been added, and some changes
have been made which may affect users. Please help us thoroughly test this
release candidate before we release 1.2.0.
Breaking
- runc now requires a minimum of Go 1.20 to compile. If building with
Go 1.22, make sure to use 1.22.4 or later version (#4233). - libcontainer/cgroups users who want to manage cgroup devices need to
explicitly import libcontainer/cgroups/devices. (#3452, #4248)
Security
- The
runc
binaries provided here were built with go1.21.11, which includes a
security fix foros.RemoveAll
to fix a bug that would allow an attacker to
trick runc into deleting a directory on the host. We encourage users to update,
and if they buildrunc
themselves, make sure they build their binaries using
go1.21.11 or later, or go1.22.4 or later.
Added
Fixed
- cgroup v2: do not set swap to 0 or unlimited when it's not available. (#4188)
- Set the default value of CpuBurst to nil instead of 0. (#4210, #4211)
- libct/cg: write unified resources line by line. (#4186)
- libct.Start: fix locking, do not allow a second container init. (#4271)
- Fix tests in debian testing (mount_sshfs.bats). (#4245)
- libct/cg/dev: fix TestSetV1Allow panic. (#4295)
- tests/int/scheduler: require smp. (#4298)
Changed
- libct/cg/fs: don't write cpu_burst twice on ENOENT. (#4259)
- Make trimpath optional. (#3908)
- Remove unused system.Execv. (#4268)
- Stop blacklisting Go 1.22+, drop Go < 1.21 support, use Go 1.22 in CI. (#4292)
- Improve some error messages for runc exec. (#4320)
- ci/gha: bump golangci-lint[-action]. (#4255)
- tests/int/tty: increase the timeout. (#4260)
- [ci] use go mod instead of go get in spec.bats. (#4264)
- tests/int/checkpoint: rm double logging. (#4251)
- ci/gha: bump golangci-lint-action from 5 to 6. (#4275)
- .cirrus.yml: rm FIXME from rootless fs on CentOS 7. (#4279)
- Dockerfile: bump Debian to 12, Go to 1.21. (#4296)
- ci/gha: switch to ubuntu 24.04. (#4286)
- Vagrantfile.fedora: bump to F40. (#4285)
Static Linking Notices
The runc
binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc
acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to the following contributors for making this release possible:
- Akhil Mohan akhilerm@gmail.com
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Austin Vazquez macedonv@amazon.com
- Avi Deitcher avi@deitcher.net
- Kir Kolyshkin kolyshkin@gmail.com
- Rodrigo Campos rodrigoca@microsoft.com
- Sebastiaan van Stijn thaJeztah@users.noreply.github.com
- Sohan Kunkerkar sohank2602@gmail.com
- lifubang lifubang@acmcoder.com
- ls-ggg 335814617@qq.com