opencontainers/runc v1.5.0-rc.2

runc v1.5.0-rc.2 -- "いざやいざや、見に行かん"

on GitHub

This is the second release candidate of the runc 1.5.0 release. It
mostly contains build fixes and improvements, but also includes
a new minor feature and some deprecations.
runc v1.5.0-rc.2 includes all of the patches backported to runc v1.4.2.

Users are strongly encouraged to test our release candidates over the
next few weeks so we can fix issues before the general release. You
should expect runc 1.5.0 to be released at the end of April 2026 (at
which point, runc 1.3.z will only receive high-severity security fixes
for 6 months and runc 1.2.z will become unmaintained -- users are thus
very strongly encouraged to migrate to a newer version).

Fixed

• Building with libpathrs for systems that use non-GNU awk, e.g. Debian.
  (#5196, #5194)

Added

• Installation notes for libpathrs. (#5199, #5195)
• Support for specs.LinuxSeccompFlagWaitKillableRecv. (#5183, #5172)
• When building runc, RUNC_BUILDTAGS make or shell environment variable can
  be used to add build tags and/or remove existing build tags (when a tag is
  prefixed with -). (#5198, #5171)

Changed

• runc now requires Go 1.25+ to build. (#5211, #5205)
• libcontainer now pre-opens container root filesystem and uses the file
  descriptor (rather than the path) for most operations related to container
  root during container start. (#5204, #5190)

Deprecated

• EXTRA_BUILDTAGS make variable is deprecated in favor of RUNC_BUILDTAGS
  and will be removed in runc 1.6. (#5171, #5198)
• libcontainer/devices has been deprecated in favour of
  github.com/moby/sys/devices (which is a carbon copy of the package). It
  will be removed in runc 1.6. (#5220, #5142)

Static Linking Notices

The runc binaries distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp

Similarly, the runc binaries distributed with this release are also
statically linked with the following MPLv2 licensed libraries,
with runc acting as a "Larger Work":

• libpathrs

The versions of these libraries were not modified from their upstream versions,
but in order to comply with their corresponding licenses, we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under their respective
licenses.

However, we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following contributors for making this release possible:

• Akhil Mohan akhilerm@gmail.com
• Aleksa Sarai cyphar@cyphar.com
• Ayato Tokubi atokubi@redhat.com
• Kir Kolyshkin kolyshkin@gmail.com
• Li Fubang lifubang@acmcoder.com
• Rodrigo Campos Catelin rodrigo@amutable.com

Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com