github opencontainers/runc v1.5.1
runc v1.5.1 -- "El lujo es vulgaridad, dijo, y me conquistó."

7 hours ago

This is the first patch release in the 1.5.z release series of runc, and
primarily includes a fix for a serious regression on Ubuntu 20.04
kernels.

Fixed

  • There was a regression reported in with the maskPaths optimisation added in
    1.5.0-rc.3 (#5275). On Ubuntu Focal (20.04), attempts to mount tmpfs with
    the nr_inodes=1 option will fail due to a downstream kernel patch
    (ironically originating from AUFS). We now have a fallback path using
    nr_inodes=2 instead if the operation fails. (#5348, #5358, #5359)
  • Properly handle EINVAL for seccomp SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
    when trying to rewrite the filter. This appears to only happen if you compile
    runc with libseccomp >= 2.6.0 and then run it with an < 2.6.0 libseccomp.
    (#5347, #5354)

Static Linking Notices

The runc binaries distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

Similarly, the runc binaries distributed with this release are also
statically linked with the following MPLv2 licensed libraries,
with runc acting as a "Larger Work":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with their corresponding licenses, we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under their respective
licenses.

However, we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.


Thanks to the following contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Don't miss a new runc release

NewReleases is sending notifications on new releases.