diff --git a/CHANGELOG.md b/CHANGELOG.md index 12a2e305849..c0de36c7198 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.5.0-rc.1] - 2026-03-12 + +> 憎しみを束ねてもそれは脆い! + +> [!NOTE] +> runc v1.5.0-rc.1 includes all of the patches backported to runc v1.4.1. + ### libcontainer API ### - The following deprecated Go APIs have been removed: - `CleanPath`, `StripRoot`, and `WithProcfd` from `libcontainer/utils`. Note @@ -28,7 +35,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `libcontainer/configs.NewWeightDevice` - `libcontainer/configs.NewThrottleDevice` - `libcontainer/configs.HookList.RunHooks`. (#5141) - - `libcontainer/configs.MPOL_*` (#5414) + - `libcontainer/configs.MPOL_*` (#5141) - All of the types in `libcontainer/devices` which are now maintained in `github.com/opencontainers/cgroups/devices/config` (#5141): - `libcontainer/devices.Wildcard` @@ -40,27 +47,96 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `libcontainer/devices.Permissions` - `libcontainer/devices.Type` - `libcontainer/devices.Rule` +- `libcontainer.Process` methods (`Wait`, `Pid`, `Signal`) and + `libcontainer/configs.Config` methods (`HostUID`, `HostRootUID`, `HostGID`, + `HostRootGID`) now use pointer receivers. (#5088) +- The example code for `libcontainer` has been moved out of a `README` and into + a proper `Example*` test file that will be compile-tested by our CI. As + mentioned elsewhere, we still *do not* recommend users make use of the + `libcontainer` API directly. (#5127) + +### Deprecated ### +- The `libcontainer/configs.Mount.Relabel` configuration field (used to relabel + mounts with the `z` and `Z` "pseudo" mount options) was never accessible + outside of the libcontainer API, and in practice the relabel logic has always + lived in higher level runtimes. It has been made into a no-op and the field + will be removed entirely in runc 1.7. (#5152, #5160) ### Removed ### - The `memfd-bind` helper binary has been removed, as it has never been particularly useful and was completely obsoleted by the changes to `/proc/self/exe` sealing we introduced in runc [1.2.0][]. (#5141) +### Added ### +- User-namespaced containers can now configure `user.*` sysctls. (#4889) +- Intel RDT: the RDT subdirectory is now only removed if runc created it, + matching the updated runtime-spec guidance. (#3832, #5155) + ### Changed ### - Our release binaries and default build configuration now use [libpathrs][] by - default, providiung better hardening against certain kinds of attacks. Users - of runc should not see any changes as a result of this, but pacakgers will + default, providing better hardening against certain kinds of attacks. Users + of runc should not see any changes as a result of this, but packagers will need to adjust their packaging accordingly. runc can still be built without libpathrs (by building without the `libpathrs` build tag), but we currently plan to make runc 1.6 *require* libpathrs. (#5103) +- `runc exec` will now request systemd to move the `exec` process into the + container cgroup, making the procedure more rootless-friendly. (#4822) +- seccomp: minor documentation updates. (#4902) +- Errors from `runc init` have historically been quite painful to understand + and debug, we have made several improvements to make them more comprehensive + and thus useful when debugging issues. (#4951, #4928) +- Update spec conformance documentation for OCI runtime-spec v1.3.0. (#4948, + #5150) +- Our release archives now have the name `runc-$version.tar.xz` to make distro + packaging a little easier by matching the filename to the top-level directory + name in the archive. (#5052) + +[libpathrs]: https://github.com/cyphar/libpathrs + +## [1.4.1] - 2026-03-12 + +> La guerre n'est pas une aventure. La guerre est une maladie. Comme le typhus. + +### Deprecated ### +- `libcontainer/configs.MPOL_*` constants added in runc [1.4.0][]. (#5110, + #5055) + +### Added ### +- Preliminary `loong64` support. (#5062, #4938) + +### Fixed ### +- libct: fix panic in `initSystemdProps` when processing certain systemd + properties in the OCI spec. (#5161, #5133) +- libct: fix several file descriptor leaks on error paths. (#5168, #5009) +- Remove unnecessary `crypto/tls` dependency by open-coding the systemd socket + activation logic, allowing us to more easily avoid false positive CVE + warnings. (#5093, #5057) +- Remove legacy `os.Is*` error usage, improving error type detection to make + our error fallback paths more robust. (#5162, #5061) +- Go 1.26 has started enforcing a restriction of `os/exec.Cmd` which caused + issues with our usage of `CLONE_INTO_CGROUP` (on newer kernels). This has now + been resolved. (#5116, #5091) +- Recursive `atime`-related mount flags (`rrelatime` et al.) are now applied + properly. (#5114, #5098) +- Fix a regression in `runc exec` due to `CLONE_INTO_CGROUP` in the + (inadvisable) scenario where a container is configured without cgroup + namespaces and with `/sys/fs/cgroup` mounted `rw`. (#5117, #5101) +- On machines with more than 1024 CPU cores, our logic for resetting the CPU + affinity will now correctly reset the affinity onto _all_ available cores + (not just the first 1024). (#5149, #5025) +- PR #4757 caused a regression that resulted in spurious `cannot start a + container that has stopped` errors when running `runc create` and has thus + been reverted. (#5157, #5153, #5151, #4645, #4757) + +### Changed ### - Previously we made an attempt to make our `runc.armhf` release binaries work with ARMv6 (which would allow runc to work on the original Raspberry Pi). Unfortunately, this has effectively always been broken (because we cross-compile `libseccomp` within a Debian container and statically link to it) and so we are now officially matching [the Debian definition of `armhf`][debian-armhf] - (that is, ARMv7). (#5103) + (that is, ARMv7). (#5167, #5103) +- Minor signing keyring updates. (#5147, #5139, #5144, #5148) -[libpathrs]: https://github.com/cyphar/libpathrs [debian-armhf]: https://wiki.debian.org/ArmHardFloatPort ## [1.4.0] - 2025-11-27 @@ -91,9 +167,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - libct: fix mips compilation. (#4962, #4967) - When configuring a `tmpfs` mount, only set the `mode=` argument if the target path already existed. This fixes a regression introduced in our - [CVE-2025-52881][] mitigation patches. (#4971, #4976) + [CVE-2025-52881][] mitigation patches. (#4971, #4973, #4976) - Fix various file descriptor leaks and add additional tests to detect them as - comprehensively as possible. (#5007, #5021, #5034) + comprehensively as possible. (#5007, #5021, #5026, #5034) - The "hallucination" helpers added as part of the [CVE-2025-52881][] mitigation have been made more generic and now apply to all of our `pathrs` helper functions, which should ensure we will not regress dangling symlink @@ -113,9 +189,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * libct: fix mips compilation. (#4962, #4966) * When configuring a `tmpfs` mount, only set the `mode=` argument if the target path already existed. This fixes a regression introduced in our - [CVE-2025-52881][] mitigation patches. (#4971, #4976) + [CVE-2025-52881][] mitigation patches. (#4971, #4973, #4976) * Fix various file descriptor leaks and add additional tests to detect them as - comprehensively as possible. (#5007, #5021, #5034) + comprehensively as possible. (#5007, #5021, #5026, #5034) ### Changed * Downgrade `github.com/cyphar/filepath-securejoin` dependency to `v0.5.2`, @@ -134,7 +210,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 target path already existed. This fixes a regression introduced in our [CVE-2025-52881][] mitigation patches. (#4971, #4974) * Fix various file descriptor leaks and add additional tests to detect them as - comprehensively as possible. (#5007, #5021, #5027) + comprehensively as possible. (#5007, #5021, #5026, #5027) ### Changed * Downgrade `github.com/cyphar/filepath-securejoin` dependency to `v0.5.2`, @@ -1606,8 +1682,13 @@ implementation (libcontainer) is *not* covered by this policy. [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 -[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0...release-1.4 +[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.1...release-1.4 +[1.4.1]: https://github.com/opencontainers/runc/compare/v1.4.0...v1.4.1 [1.4.0]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...v1.4.0 [1.4.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.2...v1.4.0-rc.3 [1.4.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...v1.4.0-rc.2 [1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1 + + +[Unreleased 1.5.z]: https://github.com/opencontainers/runc/compare/v1.5.0-rc.1...release-1.5 +[1.5.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.4.0...v1.5.0-rc.1 diff --git a/VERSION b/VERSION index 7293a77ece3..3d3c2776684 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0-rc.1+dev +1.5.0-rc.1+dev