This is the sixth patch release in the 1.2.z series of runc.
It primarily fixes an issue with runc exec vs time namespace,
and a compatibility issue with older kernels.
Fixed
- Fix a stall issue that would happen if setting
O_CLOEXECwith
CloseExecFromfailed (#4647). runcnow properly handles joining time namespaces (such as with
runc exec). Previously we would attempt to set the time offsets
when joining, which would fail. (#4635, #4649)- Handle
EINTRretries correctly for socket-related direct
golang.org/x/sys/unixsystem calls. (#4650) - We no longer use
F_SEAL_FUTURE_WRITEwhen sealing the runc binary, as it
turns out this had some unfortunate bugs in older kernel versions and was
never necessary in the first place. (#4651, #4640)
Removed
- Remove
Fexecvehelper fromlibcontainer/system. Runc 1.2.1 removed
runc-dmz, but we forgot to remove this helper added only for that. (#4646)
Changed
- Use Go 1.23 for official builds, run CI with Go 1.24 and drop Ubuntu 20.04
from CI. We need to drop Ubuntu 20.04 from CI because Github Actions
announced it's already deprecated and it will be discontinued soon. (#4648)
Static Linking Notices
The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to the following contributors who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Evan Phoenix evan@phx.io
- Kir Kolyshkin kolyshkin@gmail.com
- lifubang lifubang@acmcoder.com
- Rodrigo Campos rodrigoca@microsoft.com
- Tomasz Duda tomaszduda23@gmail.com
Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com