Skip to content

runc 1.1.6 -- "In this world nothing is certain but death and taxes."

Choose a tag to compare

View all tags
@cyphar cyphar released this 12 Apr 04:15
· 2184 commits to main since this release
v1.1.6
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Verified
Learn about vigilant mode.
0f48801
This commit was signed with the committer’s verified signature.
kolyshkin Kir Kolyshkin
GPG key ID: 17DE5ECB75A1100E
Verified
Learn about vigilant mode.

This is the sixth path release in the 1.1.z series of runc, which fixes
a series of cgroup-related issues.

Note that this release can no longer be built from sources using Go
1.16. Using a latest maintained Go 1.20.x or Go 1.19.x release is
recommended. Go 1.17 can still be used.

  • systemd cgroup v1 and v2 drivers were deliberately ignoring UnitExist error
    from systemd while trying to create a systemd unit, which in some scenarios
    may result in a container not being added to the proper systemd unit and
    cgroup. (#3780, #3806)
  • systemd cgroup v2 driver was incorrectly translating cpuset range from spec's
    resources.cpu.cpus to systemd unit property (AllowedCPUs) in case of more
    than 8 CPUs, resulting in the wrong AllowedCPUs setting. (#3808)
  • systemd cgroup v1 driver was prefixing container's cgroup path with the path
    of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup.
    (#3811)
  • runc run/start may return "permission denied" error when starting a rootless
    container when the file to be executed does not have executable bit set for
    the user, not taking the CAP_DAC_OVERRIDE capability into account. This is
    a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1 (#3715, #3817)
  • cgroup v1 drivers are now aware of misc controller. (#3823)

Known issues

  • v1.1.6 regression: adding misc controller to cgroup v1 makes kubelet sad. (#3849)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Assets 19
Loading