This release fixes several regressions found in v1.0.0-rc93. We
recommend users update as soon as possible. This release includes the
following notable changes:
Potentially breaking changes:
- cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of
regular memory cgroup controls. (#2840) - libcontainer/cgroups: cgroup managers'
Set
now accept
configs.Resources
rather thanconfigs.Cgroups
(#2906) - libcontainer/cgroups/systemd: reconnect and retry in case dbus
connection is closed (after dbus restart) (#2923) - libcontainer/cgroups/systemd: don't set limits in
Apply
(#2814)
Bugfixes:
- seccomp: fix 32-bit compilation errors (regression in rc93, #2783)
- cgroupv2: blkio weight value conversion fix (#2786)
- runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
(regression in rc93, #2871) - runc start: fix "chdir to cwd: permission denied" for some setups
(regression in rc93, #2894) - s390: fix broken terminal (regression in rc93, #2898)
Improvements:
- runc start/exec: better diagnostics when container limits are too low
(#2812) - runc start/exec: better cleanup after failed runc init (#2855)
- cgroupv1: improve freezing chances (#2941, #2918, #2791)
- cgroupv2: multiple GetStats improvements (#2816, #2873)
- cgroupv2: fallback to setting io.weight if io.bfq.weight is not
available (#2820) - capabilities: WARN, not ERROR, for unknown / unavailable capabilities
(#2854)
Static Linking Notices
The runc
binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc
acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to the following people who made this release possible:
- Adam Korcz adam@adalogics.com
- Adrian Reber areber@redhat.com
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Ben Hutchings ben.hutchings@essensium.com
- Danail Branekov danailster@gmail.com
- Daniel Dao dqminh89@gmail.com
- Enrico Weigelt info@metux.net
- Iceber Gu wei.cai-nat@daocloud.io
- Kenta Tada Kenta.Tada@sony.com
- Kieron Browne kbrowne@vmware.com
- Kir Kolyshkin kolyshkin@gmail.com
- Liang Zhou zhoul110@chinatelecom.cn
- Liu Hua weldonliu@tencent.com
- Mauricio Vásquez mauricio@kinvolk.io
- Mrunal Patel mrunal@me.com
- Odin Ugedal odin@uged.al
- Peter Hunt pehunt@redhat.com
- Qiang Huang h.huangqiang@huawei.com
- Ryosuke Hanatsuka hanatsuu@gmail.com
- Sascha Grunert sgrunert@redhat.com
- Sebastiaan van Stijn github@gone.nl
- Shengjing Zhu zhsj@debian.org
- Shiming Zhang wzshiming@foxmail.com
- Vasiliy Ulyanov vulyanov@suse.de
Vote: +6 -0 !1
Signed-off-by: Aleksa Sarai cyphar@cyphar.com