github opencontainers/runc v1.0.0-rc91
runc 1.0-rc91 -- "Just Hook a Right Over Here"
on GitHub

latest releases: v1.2.0-rc.2, v1.1.13, v1.2.0-rc.1...
3 years ago

This is intended to be the second-last RC release, with -rc92 having
very few large changes so that we can release runc 1.0 (at long last).

NOTE: This release's artefacts were updated on 2020-07-30 to correct an
LGPL compliance issue (we previously did not include the source code of
libseccomp with our releases) and thus we had to recompile our runc
binaries to be sure we were distributing the correct version of libseccomp.
All of the binaries are still signed by the same maintainer key, and thus can
still be easily validated.

NOTE: This release's artefacts were updated on 2021-04-07, to correct an
issue with the .tar.xz archive from 2020-07-30 (the archive had malformed
paths due to a bug in historical release scripts -- which caused the update
on 2020-07-30 to change the checksum of the source code archive). See #2895
for more details. All of the binaries are still signed by the same maintainer
key, and thus can still be easily validated.

  • The long-awaited hooks changes have been merged into runc. This was
    one of the few remaining spec-related issues which were blocking us
    from releasing runc 1.0. Existing hook users will not be affected by
    this change, but runc now supports additional hooks that we expect
    users to migrate to eventually. The new hooks are:

    • createRuntime (replacement for the now-deprecated prestart)
    • createContainer
    • startContainer

  • A large amount of effort has been undertaken to support cgroupv2
    within runc. The support is still considered experimental, but it is
    mostly functional at this point. Please report any bugs you find when
    running under cgroupv2-only systems.

  • A minor-severity security bug was fixed. The devices list would
    be in allow-by-default mode from the outset, meaning that users would
    have to explicitly specify they wish to deny all device access at the
    beginning of the configuration. While this would normally be
    considered a high-severity vulnerability, all known users of runc had
    worked around this issue several years ago (hence why this fairly
    obvious bug was masked).

    In addition, the devices list code has been massively improved such
    that it will attempt to avoid causing spurrious errors in the
    container (such as while writing to /dev/null) when doing devices
    cgroup updates.

  • A security audit of runc was conducted in 2019, and the report PDF is
    now included in the runc repository. The previous release of runc
    has already addressed the security issues found in that report.

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following people who made this release possible:

NOTE: For those who are confused by the massive version jump (rc10
to rc91), this was done to avoid issues with SemVer and lexical
comparisons -- there haven't been 90 other release candidates. Please
also note that runc 1.0.0-rc90 is identical to 1.0.0-rc10. See #2399
for more details.

Vote: +7 -0 #0
Signed-off-by: Aleksa Sarai asarai@suse.de

Check out latest releases or
releases around opencontainers/runc v1.0.0-rc91

Don't miss a new runc release

NewReleases is sending notifications on new releases.

Get notifications