Skip to content

update runc binary to v1.1.3#7034

Merged
AkihiroSuda merged 1 commit intocontainerd:mainfrom
thaJeztah:update_runc
Jun 9, 2022
Merged

update runc binary to v1.1.3#7034
AkihiroSuda merged 1 commit intocontainerd:mainfrom
thaJeztah:update_runc

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jun 9, 2022

full diff: opencontainers/runc@v1.1.2...v1.1.3

This is the third release of the 1.1.z series of runc, and contains
various minor improvements and bugfixes.

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return -EPERM despite the existence of the -ENOSYS stub
    code (this was due to how s390x does syscall multiplexing).
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  • Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  • When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  • Socket activation was failing when more than 3 sockets were used.
  • Various CI fixes.
  • Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  • runc static binaries are now linked against libseccomp v2.5.4.

@thaJeztah
update runc binary to v1.1.3
0167e55 
full diff: opencontainers/runc@v1.1.2...v1.1.3

This is the third release of the 1.1.z series of runc, and contains
various minor improvements and bugfixes.

- Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
  s390 and s390x. This solves the issue where syscalls the host kernel did not
  support would return `-EPERM` despite the existence of the `-ENOSYS` stub
  code (this was due to how s390x does syscall multiplexing).
- Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
  intended; this fix does not affect runc binary itself but is important for
  libcontainer users such as Kubernetes.
- Inability to compile with recent clang due to an issue with duplicate
  constants in libseccomp-golang.
- When using systemd cgroup driver, skip adding device paths that don't exist,
  to stop systemd from emitting warnings about those paths.
- Socket activation was failing when more than 3 sockets were used.
- Various CI fixes.
- Allow to bind mount `/proc/sys/kernel/ns_last_pid` to inside container.
- runc static binaries are now linked against libseccomp v2.5.4.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was referenced Jun 9, 2022
Merged
Merged
@thaJeztah
Copy link
Member Author

thaJeztah commented Jun 9, 2022

FWIW; updating the go module did not bring in any changes, so not updating that for now

@AkihiroSuda AkihiroSuda merged commit e036bdc into containerd:main Jun 9, 2022
@thaJeztah thaJeztah deleted the update_runc branch June 9, 2022 10:34
@AkihiroSuda AkihiroSuda added cherry-pick/1.5.x cherry-picked/1.5.x PR commits are cherry-picked into release/1.5 branch cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch and removed cherry-pick/1.5.x labels Jul 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuelkarp samuelkarp samuelkarp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

cherry-picked/1.5.x PR commits are cherry-picked into release/1.5 branch cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @samuelkarp @AkihiroSuda