VERSION: release 1.4.1#5163
Merged
kolyshkin merged 2 commits intoopencontainers:release-1.4from Mar 13, 2026
Merged
Conversation
Member
9762099 to
7ffc644
Compare
Contributor
Author
Contributor
Author
|
(release date fixed) |
Note a few minor PRs were not mentioned: opencontainers#5134, opencontainers#5094, opencontainers#5074. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Contributor
Author
Since I had everything prepared, I just released v1.4.1. Looking forward to 1.5.0-rc.1 ) |
Member
|
No worries, I was about to push my own signed binaries and noticed that my binaries have different hashes to yours -- I guess that libseccomp doesn't rebuild reproducibly...? That's a little unfortunate... :/ I mentioned elsewhere that we probably should be publishing our docker build images with our releases (to make sure we fulfill the requirements of glibc's license as well as to avoid some of these kinds of issues), so maybe we should consider doing that for 1.5? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft until #5161 and #5162 are merged (or we can drop them from the changelog/milestone).Copy-paste from CHANGELOG.md:
1.4.1 - 2026-03-12
Deprecated
libcontainer/configs.MPOL_*constants added in runc [1.4.0][]. ([1.4] assorted small backports #5110, libct/configs: mark MPOL_* constants as deprecated #5055)Added
loong64support. ([1.4] Add loong64 support in seccomp and PIE #5062, Add loong64 support in seccomp and PIE #4938)Fixed
initSystemdPropswhen processing certain systemdproperties in the OCI spec. ([1.4] libct/specconv: fix panic in initSystemdProps #5161, libct/specconv: fix panic in initSystemdProps #5133)
crypto/tlsdependency by open-coding the systemd socketactivation logic, allowing us to more easily avoid false positive CVE
warnings. (build(deps): bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 #5093, Copy go-systemd/activation.Files code to avoid bringing in crypto/tls #5057)
os.Is*error usage, improving error type detection to makeour error fallback paths more robust. ([1.4] Handle os.Is* wrapped errors correctly #5162, Handle os.Is* wrapped errors correctly #5061)
os/exec.Cmdwhich causedissues with our usage of
CLONE_INTO_CGROUP(on newer kernels). This has nowbeen resolved. ([1.4] Fix runc exec vs go1.26 + older kernel #5116, Fix runc exec vs go1.26 + older kernel #5091)
atime-related mount flags (rrelatimeet al.) are now appliedproperly. ([1.4] libct/specconv: fix partial clear of atime mount flags #5114, libct/specconv: always clear entire MOUNT_ATTR__ATIME field when updating atime mode #5098)
runc execdue toCLONE_INTO_CGROUPin the(inadvisable) scenario where a container is configured without cgroup
namespaces and with
/sys/fs/cgroupmountedrw. ([1.4] libct: prepareCgroupFD: fall back to container init cgroup #5117, libct: prepareCgroupFD: fall back to container init cgroup #5101)affinity will now correctly reset the affinity onto all available cores
(not just the first 1024). ([1.4] libct: fix resetting CPU affinity #5149, libct: fix resetting CPU affinity #5025)
cannot start a container that has stoppederrors when runningrunc createand has thus beenreverted. ([1.4] Revert "Preventing containers from being unable to be deleted" #5157, Revert "Preventing containers from being unable to be deleted" #5153, "cannot start a container that has stopped" in F-43 #5151, Add creating status to ensure state.json exists when runc kill. #4645, Preventing containers from being unable to be deleted #4757)
Changed
runc.armhfrelease binaries workwith ARMv6 (which would allow runc to work on the original Raspberry Pi).
Unfortunately, this has effectively always been broken (because we
cross-compile
libseccompwithin a Debian container and statically link toit) and so we are now officially matching the Debian definition of
armhf(that is, ARMv7). ([1.4] *: libpathrs cherry-picks #5167, build: use libpathrs by default #5103)