Skip to content

runc v1.2.0-rc.2 -- "TRUE or FALSE, it's a problem!"

Pre-release
Pre-release
Compare
Choose a tag to compare
@kolyshkin kolyshkin released this 26 Jun 18:14
· 272 commits to main since this release
v1.2.0-rc.2

This is the second release candidate for the 1.2.0 branch of runc. It includes
all patches and bugfixes included in runc 1.1 patch releases (up to and
including 1.1.13). A fair few new features have been added, and some changes
have been made which may affect users. Please help us thoroughly test this
release candidate before we release 1.2.0.

Breaking

  • runc now requires a minimum of Go 1.20 to compile. If building with
    Go 1.22, make sure to use 1.22.4 or later version (#4233).
  • libcontainer/cgroups users who want to manage cgroup devices need to
    explicitly import libcontainer/cgroups/devices. (#3452, #4248)

Security

  • The runc binaries provided here were built with go1.21.11, which includes a
    security fix for os.RemoveAll
    to fix a bug that would allow an attacker to
    trick runc into deleting a directory on the host. We encourage users to update,
    and if they build runc themselves, make sure they build their binaries using
    go1.21.11 or later, or go1.22.4 or later.

Added

Fixed

  • cgroup v2: do not set swap to 0 or unlimited when it's not available. (#4188)
  • Set the default value of CpuBurst to nil instead of 0. (#4210, #4211)
  • libct/cg: write unified resources line by line. (#4186)
  • libct.Start: fix locking, do not allow a second container init. (#4271)
  • Fix tests in debian testing (mount_sshfs.bats). (#4245)
  • libct/cg/dev: fix TestSetV1Allow panic. (#4295)
  • tests/int/scheduler: require smp. (#4298)

Changed

  • libct/cg/fs: don't write cpu_burst twice on ENOENT. (#4259)
  • Make trimpath optional. (#3908)
  • Remove unused system.Execv. (#4268)
  • Stop blacklisting Go 1.22+, drop Go < 1.21 support, use Go 1.22 in CI. (#4292)
  • Improve some error messages for runc exec. (#4320)
  • ci/gha: bump golangci-lint[-action]. (#4255)
  • tests/int/tty: increase the timeout. (#4260)
  • [ci] use go mod instead of go get in spec.bats. (#4264)
  • tests/int/checkpoint: rm double logging. (#4251)
  • ci/gha: bump golangci-lint-action from 5 to 6. (#4275)
  • .cirrus.yml: rm FIXME from rootless fs on CentOS 7. (#4279)
  • Dockerfile: bump Debian to 12, Go to 1.21. (#4296)
  • ci/gha: switch to ubuntu 24.04. (#4286)
  • Vagrantfile.fedora: bump to F40. (#4285)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.


Thanks to the following contributors for making this release possible: