runc 1.1.10 -- "Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na jawie."

This is the tenth (and most likely final) patch release in the 1.1.z
release branch of runc. It mainly fixes a few issues in cgroups, and a
umask-related issue in tmpcopyup.

• Add support for hugetlb.<pagesize>.rsvd limiting and accounting.
  Fixes the issue of postres failing when hugepage limits are set.
  (#3859, #4077)

• Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation. (#3991, #4060)
• libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes
  (fixes the compatibility with Linux kernel 6.1+). (#4028)
• Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model. (#4103)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

---

Thanks to all of the contributors who made this release possible:

• Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
• Aleksa Sarai cyphar@cyphar.com
• Jordan Rife jrife0@gmail.com
• Kir Kolyshkin kolyshkin@gmail.com
• lifubang lifubang@acmcoder.com
• Mrunal Patel mrunalp@gmail.com

Signed-off-by: Aleksa Sarai cyphar@cyphar.com