Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.6 full diff: opencontainers/runc@v1.1.5...v1.1.6 This is the sixth patch release in the 1.1.z series of runc, which fixes a series of cgroup-related issues. Note that this release can no longer be built from sources using Go 1.16. Using a latest maintained Go 1.20.x or Go 1.19.x release is recommended. Go 1.17 can still be used. - systemd cgroup v1 and v2 drivers were deliberately ignoring UnitExist error from systemd while trying to create a systemd unit, which in some scenarios may result in a container not being added to the proper systemd unit and cgroup. - systemd cgroup v2 driver was incorrectly translating cpuset range from spec's resources.cpu.cpus to systemd unit property (AllowedCPUs) in case of more than 8 CPUs, resulting in the wrong AllowedCPUs setting. - systemd cgroup v1 driver was prefixing container's cgroup path with the path of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup. - runc run/start may return "permission denied" error when starting a rootless container when the file to be executed does not have executable bit set for the user, not taking the CAP_DAC_OVERRIDE capability into account. This is a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1 - cgroup v1 drivers are now aware of misc controller. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit d0efca8) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Loading branch information
