Update runc binary to v1.2.5 #11388

austinvazquez · 2025-02-14T03:53:49Z

This is the fifth patch release in the 1.2.z series of runc. It primarily fixes an issue caused by an upstream systemd bug.

There was a regression in systemd v230 which made the way we define device rule restrictions require a systemctl daemon-reload for our transient units. This caused issues for workloads using NVIDIA GPUs. Workaround the upstream regression by re-arranging how the unit properties are defined.
Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1, to allow projects that vendor runc to bump it as well.
CI: fixed criu-dev compilation.
Dependency golang.org/x/net is updated to 0.33.0.

diff: opencontainers/[email protected]

This is the fifth patch release in the 1.2.z series of runc. It primarily fixes an issue caused by an upstream systemd bug. There was a regression in systemd v230 which made the way we define device rule restrictions require a systemctl daemon-reload for our transient units. This caused issues for workloads using NVIDIA GPUs. Workaround the upstream regression by re-arranging how the unit properties are defined. Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1, to allow projects that vendor runc to bump it as well. CI: fixed criu-dev compilation. Dependency golang.org/x/net is updated to 0.33.0. diff: opencontainers/[email protected] Signed-off-by: Austin Vazquez <[email protected]>

k8s-ci-robot · 2025-02-14T03:53:51Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

thaJeztah

LGTM

this probably needs cherry-picks for the active release branches

thaJeztah · 2025-02-17T22:19:21Z

/cherry-pick release/2.0 release/1.7 release/1.6

k8s-infra-cherrypick-robot · 2025-02-17T22:20:06Z

@thaJeztah: new pull request created: #11394

In response to this:

/cherry-pick release/2.0 release/1.7 release/1.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

thaJeztah · 2025-02-17T22:22:03Z

/cherrypick release/1.7

thaJeztah · 2025-02-17T22:22:17Z

/cherrypick release/1.6

k8s-infra-cherrypick-robot · 2025-02-17T22:22:41Z

@thaJeztah: new pull request created: #11395

In response to this:

/cherrypick release/1.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-infra-cherrypick-robot · 2025-02-17T22:22:54Z

@thaJeztah: new pull request created: #11396

In response to this:

/cherrypick release/1.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot added do-not-merge/work-in-progress size/XS labels Feb 14, 2025

austinvazquez marked this pull request as ready for review February 14, 2025 04:03

k8s-ci-robot removed the do-not-merge/work-in-progress label Feb 14, 2025

thaJeztah approved these changes Feb 14, 2025

View reviewed changes

thaJeztah added cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch labels Feb 14, 2025

estesp approved these changes Feb 14, 2025

View reviewed changes

estesp added this pull request to the merge queue Feb 14, 2025

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 14, 2025

samuelkarp approved these changes Feb 14, 2025

View reviewed changes

samuelkarp added this pull request to the merge queue Feb 14, 2025

Merged via the queue into containerd:main with commit d305214 Feb 14, 2025
58 checks passed

austinvazquez deleted the update-runc-1.2.5 branch February 14, 2025 21:12

k8s-infra-cherrypick-robot mentioned this pull request Feb 17, 2025

[release/2.0] Update runc binary to v1.2.5 #11394

Merged

k8s-infra-cherrypick-robot mentioned this pull request Feb 17, 2025

[release/1.7] Update runc binary to v1.2.5 #11395

Merged

k8s-infra-cherrypick-robot mentioned this pull request Feb 17, 2025

[release/1.6] Update runc binary to v1.2.5 #11396

Merged

thaJeztah removed cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch labels Feb 17, 2025

thaJeztah added cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch cherry-picked/2.0.x PR commits are cherry picked into the release/2.0 branch labels Feb 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update runc binary to v1.2.5 #11388

Update runc binary to v1.2.5 #11388

austinvazquez commented Feb 14, 2025 •

edited

Loading

k8s-ci-robot commented Feb 14, 2025

thaJeztah left a comment

thaJeztah commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

thaJeztah commented Feb 17, 2025

thaJeztah commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

Update runc binary to v1.2.5 #11388

Update runc binary to v1.2.5 #11388

Conversation

austinvazquez commented Feb 14, 2025 • edited Loading

k8s-ci-robot commented Feb 14, 2025

thaJeztah left a comment

Choose a reason for hiding this comment

thaJeztah commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

thaJeztah commented Feb 17, 2025

thaJeztah commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

k8s-infra-cherrypick-robot commented Feb 17, 2025

austinvazquez commented Feb 14, 2025 •

edited

Loading