This is the second patch release of the 1.2.z branch of runc. It
includes two fixes for problems introduced in runc 1.2.0, as well as
some documentation improvements surrounding the overlayfs /proc/self/exe
protections.
- Fixed the failure of
runc deleteon a rootless container with no
dedicated cgroup on a system with read-only/sys/fs/cgroupmount.
This is a regression in runc 1.2.0, causing a failure when using
rootless buildkit. (#4518, #4531) - Using runc on a system where /run/runc and /usr/bin are on different
filesystems no longer results in harmless but annoying messages
("overlayfs: "xino" feature enabled using 3 upper inode bits")
appearing in the kernel log. (#4508, #4530) - Better memfd-bind documentation. (#4530)
- CI: bump Fedora 40 -> 41. (#4528)
Static Linking Notices
The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Austin Vazquez macedonv@amazon.com
- Kir Kolyshkin kolyshkin@gmail.com
- Rodrigo Campos rodrigoca@microsoft.com
- lfbzhm lifubang@acmcoder.com
Signed-off-by: Aleksa Sarai cyphar@cyphar.com