Skip to content

runc 1.1.13 -- "There is no certainty in the world. This is the only certainty I have."

Latest
Latest
Compare
Choose a tag to compare
@kolyshkin kolyshkin released this 13 Jun 16:03
· 1152 commits to main since this release
v1.1.13
This tag was signed with the committer’s verified signature.
kolyshkin Kir Kolyshkin
GPG key ID: 17DE5ECB75A1100E
Learn about vigilant mode.
58aa920
This commit was signed with the committer’s verified signature.
lifubang lfbzhm
GPG key ID: 1279750416083543
Learn about vigilant mode.

This is the thirteenth patch release in the 1.1.z release branch of runc. It
brings in Go 1.22.x compatibility and fixes a few issues, including an
occasional wrong nofile rlimit in runc exec, and a race between runc list and
runc delete.

NOTE that if using Go 1.22.x to build runc, make sure to use 1.22.4 or a later version.
For more details, see issue #4233.

  • Support go 1.22.4+. (#4313)
  • runc list: fix race with runc delete. (#4231)
  • Fix set nofile rlimit error. (#4277, #4299)
  • libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284)
  • Fix a debug msg for user ns in nsexec. (#4315)
  • script/*: fix gpg usage wrt keyboxd. (#4316)
  • CI fixes and misc backports. (#4241)
  • Fix codespell warnings. (#4300)
  • Silence security false positives from golang/net. (#4244)
  • libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257)
  • allow overriding VERSION value in Makefile. (#4270)
  • Vagrantfile.fedora: bump Fedora to 39. (#4261)
  • ci/cirrus: rm centos stream 8. (#4305, #4308)

Security

  • The runc binaries provided here were built with go1.21.11, which includes a
    security fix for os.RemoveAll     to fix a bug that would allow an attacker to
    trick runc into deleting a directory on the host. We encourage users to update,
    and if they build runc themselves, make sure they build their binaries using
    go1.21.11 or later, or go1.22.4 or later.

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Kir Kolyshkin [email protected]

Assets 21
Loading