Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump runc from v1.1.13 to v1.3.0-rc.1 #159

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump runc from v1.1.13 to v1.3.0-rc.1 #159

wants to merge 1 commit into from

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Mar 9, 2025

v1.3.0-rc.1

Tag: v1.3.0-rc.1
Published at: 2025-03-04T12:14:28Z
URL: Release v1.3.0-rc.1

Description:

This is the first release candidate of the runc 1.3.0 release. It
contains a couple of new features, but is mostly made up of some minor
(but notable) API changes to libcontainer as well as a series of bug
fixes.

This is the first release series that will follow our new release
policy, meaning that user should expect runc 1.3.0 to be released at the
end of April 2025, at which point the support policy for the runc 1.2.z
branch will change. Please see the new RELEASES.md document for more
information.

Users are strongly encouraged to test our release candidates over the
next two months so we can fix issues before the general release.

libcontainer API

  • configs.CommandHook struct has changed, Command is now a pointer.
    Also, configs.NewCommandHook now accepts a *Command. (# 4325)
  • The Process struct has User string field replaced with numeric
    UID and GID fields, and AdditionalGroups changed its type from
    []string to []int. Essentially, resolution of user and group
Show more

names to IDs is no longer performed by libcontainer, so if a libcontainer
user previously relied on this feature, now they have to convert names to
IDs before calling libcontainer; it is recommended to use Go package
github.com/moby/sys/user for that. (# 3999)

  • Move libcontainer/cgroups to a separate repository. (# 4618)

Fixed

  • runc exec -p no longer ignores specified ioPriority and scheduler
    settings. Similarly, libcontainer's Container.Start and Container.Run
    methods no longer ignore Process.IOPriority and Process.Scheduler
    settings. (# 4585)
  • We no longer use F_SEAL_FUTURE_WRITE when sealing the runc binary, as it
    turns out this had some unfortunate bugs in older kernel versions and was
    never necessary in the first place. (# 4641, # 4640)
  • runc now uses a more flexible method of joining namespaces, which better
    matches the behaviour of nsenter(8). This is mainly useful for users that
    create a container with a runc-managed user namespace but want the container
    to join some externally-managed namespace as well. (# 4492)
  • runc now properly handles joining time namespaces (such as with runc exec).
    Previously we would attempt to set the time offsets when joining, which
    would fail. (# 4635, # 4636)
  • Handle EINTR retries correctly for socket-related direct
    golang.org/x/sys/unix system calls. (# 4637)
  • Handle close_range(2) errors more gracefully. (# 4596)
  • Fix a stall issue that would happen if setting O_CLOEXEC with
    CloseExecFrom failed (# 4599).
  • Handle errors on older kernels when resetting ambient capabilities more
    gracefully. (# 4597)

Changed

  • runc now has an official release policy to help provide more consistency
    around our release schedules and better define our support policy for old
    release branches. See RELEASES.md for more details. (# 4557)
  • Improved performance by switching to strings.Cut where appropriate.
    (# 4470)
  • The minimum Go version of runc is now Go 1.23. (# 4598)
  • Updated builds to libseccomp v2.5.6. (# 4625)

Added

  • runc has been updated to support OCI runtime-spec 1.2.1. (# 4653)
  • CPU affinity support for runc exec. (# 4327)
  • CRIU support can be disabled using the build tag runc_nocriu. (# 4546)
  • Support to get the pidfd of the container via CLI flag pidfd-socket.
    (# 4045)
  • Support skip-in-flight and link-remap options for CRIU. (# 4627)
  • Support cgroup v1 mounted with noprefix. (# 4513)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following contributors for making this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits
  • a00ce11 VERSION: release v1.3.0-rc.1
  • 0ebf331 Merge pull request # 4327 from kolyshkin/exec-cpu-aff
  • 10ca66b runc exec: implement CPU affinity
  • 701516b merge # 4654 into opencontainers/runc:main
  • d92dd22 performance improvement: setup signal notify in a new go routine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants