From 4774df387790afbddcd2fd905d70ecb8aec9c341 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 3 Sep 2025 15:52:12 +1000 Subject: [PATCH 1/2] VERSION: release v1.2.7 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 38 +++++++++++++++++++++++++++++++++++++- VERSION | 2 +- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10c6f31cf..797fe9dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,11 +6,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased 1.2.z] +## [1.2.7] - 2025-09-05 + +> さんをつけろよデコ助野郎! + ### Fixed + * Removed preemptive "full access to cgroups" warning when calling `runc + pause` or `runc unpause` as an unprivileged user without + `--systemd-cgroups`. Now the warning is only emitted if an actual permission + error was encountered. (#4709, #4720) + * Add time namespace to container config after checkpoint/restore. CRIU since + version 3.14 uses a time namespace for checkpoint/restore, however it was + not joining the time namespace in runc. (#4696, #4714) * Container processes will no longer inherit the CPU affinity of runc by default. Instead, the default CPU affinity of container processes will be the largest set of CPUs permitted by the container's cpuset cgroup and any other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) + * Close seccomp agent connection to prevent resource leaks. (#4796, #4800) + * Several fixes to our CI, mainly related to AlmaLinux and CRIU. (#4670, + #4728, #4736, #4742) + * Setting `linux.rootfsPropagation` to `shared` or `unbindable` now functions + properly. (#1755, #1815, #4724, #4791) + * `runc update` will no longer clear intelRdt state information. (#4828, + #4834) + +### Changed + * In runc 1.2, we changed our mount behaviour to correctly handle clearing + flags. However, the error messages we returned did not provide as much + information to users about what clearing flags were conflicting with locked + mount flags. We now provide more diagnostic information if there is an error + when in the fallback path to handle locked mount flags. (#4734, #4740) + * Ignore the dmem controller in our cgroup tests, as systemd does not yet + support it. (#4806, #4811) + * `/proc/net/dev` is no longer included in the permitted procfs overmount + list. Its inclusion was almost certainly an error, and because `/proc/net` + is a symlink to `/proc/self/net`, overmounting this was almost certainly + never useful (and will be blocked by future kernel versions). (#4817, #4820) + * CI: Switch to GitHub-hosted ARM runners. Thanks again to @alexellis for + supporting runc's ARM CI up until now. (#4844, #4856, #4867) + * Simplify the `prepareCriuRestoreMounts` logic for checkpoint-restore. + (#4765, #4872) ## [1.2.6] - 2025-03-17 @@ -1020,7 +1055,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 -[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.6...release-1.2 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.7...release-1.2 +[1.2.7]: https://github.com/opencontainers/runc/compare/v1.2.6...v1.2.7 [1.2.6]: https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6 [1.2.5]: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5 [1.2.4]: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4 diff --git a/VERSION b/VERSION index b43a5b582..c04c650a7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.6+dev +1.2.7 From dc892b0601cf617543ed78190b0926d2083fe29a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 3 Sep 2025 15:53:29 +1000 Subject: [PATCH 2/2] VERSION: back to development Signed-off-by: Aleksa Sarai --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index c04c650a7..49649b8e7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.7 +1.2.7+dev