This is the third release of the 1.1.z series of runc, and contains
various minor improvements and bugfixes.
- Our seccomp
-ENOSYS
stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return-EPERM
despite the existence of the-ENOSYS
stub
code (this was due to how s390x does syscall multiplexing). (#3478) - Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes. (#3476) - Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang. (#3477) - When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths. (#3504) - Socket activation was failing when more than 3 sockets were used. (#3494)
- Various CI fixes. (#3472, #3479)
- Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)
- runc static binaries are now linked against libseccomp v2.5.4. (#3481)
Thanks to all of the contributors who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- CrazyMax crazy-max@users.noreply.github.com
- Erik Sjölund erik.sjolund@gmail.com
- Irwin D'Souza dsouzai.gh@gmail.com
- Kang Chen kongchen28@gmail.com
- Kir Kolyshkin kolyshkin@gmail.com
- Sebastiaan van Stijn thaJeztah@users.noreply.github.com
Signed-off-by: Aleksa Sarai cyphar@cyphar.com