runc 1.1.1 -- "Violence is the last refuge of the incompetent."
This is the first stable release in the 1.1 branch, fixing a few issues
with runc 1.1.0.
Fixed:
- runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355) - runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
- libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404) - Loosen OCI spec validation to avoid bogus "Intel RDT is not supported"
error. (#3406) - libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
Static Linking Notices
The runc
binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc
acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai cyphar@cyphar.com
- Kir Kolyshkin kolyshkin@gmail.com
- lifubang lifubang@acmcoder.com
- Markus Lehtonen markus.lehtonen@intel.com
Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com