VERSION: release 1.2.0-rc.1

Signed-off-by: Rodrigo Campos <[email protected]>
opencontainers · Sep 25, 2023 · 708fe51 · 708fe51
1 parent 1d9b158
commit 708fe51
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,41 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.2.0-rc.1] - 2023-08-10
+
+> How, dear sir, did you cross the flood? By not stopping, friend, and by not
+> straining I crossed the flood
+
+This new runc release includes all the changes from the v1.1 patch releases up
+to v1.1.9.
+
+### Compatibility
+
+* This release requires Go 1.20.x or Go 1.19.x (#3718)
+
+### Added
+
+ * Support idmap mounts as specified in the OCI runtime-spec v1.1.0. Currently
+ the mount mappings need to be identical to the mappings used in the user
+ namespace section. (#3717)
+ * Support for `cgroup.kill` to kill all processes inside a container. (#3135,
+ #3825)
+ * Implement to set a domainname as specified in the OCI runtime-spec v1.1.0.
+ (#3600)
+ * Add support for umask when exec-ing into a container. (#3661)
+ * libct/cg: support SCHED_IDLE for runc cgroupfs. (#3377)
+ * checkpoint/restore: implement `--manage-cgroups-mode` ignore. (#3546)
+ * seccomp: refactor flags support; add flags to features, set SPEC_ALLOW by
+ default. (#3588)
+ * libct/cg/sd: use systemd v240+ new `MAJOR:*` syntax. (#3843)
+ * Use github.com/checkpoint-restore/go-criu v6.3.0, which reduces the compiled
+ binary file. (#3652)
+ * Expose MountExtensions (including idmap support) in the features subcommand. (#3993)
+ * Support CFS bandwidth burst for CPU. (#3749, #3145)
+ * Support time namespace. (#3876)
+ * Build tag `runc_nodmz`, see also the `memfd-bind` binary in `contrib/` in case you can't use
+ `runc-dmz` and still want to reduce memory usage. (#3987)
+
 ### Deprecated
 
  * `runc` option `--criu` is now ignored (with a warning), and the option will
@@ -16,12 +51,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  to kill a container (with SIGKILL) which does not have its own private PID
  namespace (so that runc would send SIGKILL to all processes). Now, this is
  done automatically. (#3864, #3825)
+ * `runc kill` option `-a` is now deprecated. Previously, it had to be specified
+ to kill a container (with SIGKILL) which does not have its own private PID
+ namespace (so that runc would send SIGKILL to all processes). Now, this is
+ done automatically. (#3864, #3825)
+ * `libcontainer/user` is deprecated, use `github.com/moby/sys/user` instead. It
+ will be removed in a future release. (#4017)
 
 ### Changed
 
  * When Intel RDT feature is not available, its initialization is skipped,
  resulting in slightly faster `runc exec` and `runc run`. (#3306)
  * Enforce absolute paths for mounts. (#3020, #3717)
+ * The `runc features` command is no longer experimental. (#3861)
  * libcontainer users that create and kill containers from a daemon process
  (so that the container init is a child of that process) must now implement
  a proper child reaper in case a container does not have its own private PID
@@ -31,6 +73,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  This aligns cgroupv2 root usage more closely with cgroupv1 reporting.
  Additionally, report root swap usage as sum of swap and memory usage,
  aligned with v1 and existing non-root v2 reporting. (#3933)
+ * When running rootless or using a user namespace, a source filesystem mounted
+ with `nodev`, `nosuid` or `noexec` can now be used as source of a bind mount
+ without the same options being set for the mount. (#3805)
+ * libcontainer users that create and kill containers from a daemon process
+ (so that the container init is a child of that process) must now implement
+ a proper child reaper in case a container does not have its own private PID
+ namespace, as documented in `container.Signal`. (#3825)
+ * libcontainer: `container.Signal` no longer have the second `all bool`
+ argument; a need to kill all processes is now determined automatically.
+ (#3825, #3885)
+ * libct/cg: Remove function EnterPid with no users. (#3797)
+ * libct/seccomp: enable seccomp binary tree optimization. (#3405)
+ * runc run/exec: ignore SIGURG. (#3368)
+ * Remove tun/tap from the default device rules. (#3468)
+ * `runc --root non-existent-dir list` now reports an error for non-existent
+ root directory. (#3374)
+ * libct: Mount: Remove {Pre,Post}mountCmds, were never used and are obsoleted
+ by more generic container hooks. (#3350)
 
 ### Fixed
 
@@ -42,6 +102,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  code (this was due to how s390x does syscall multiplexing). (#3474)
  * Remove tun/tap from the default device rules. (#3468)
  * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739)
+ * libcontainer: fix private PID namespace detection when killing the container.
+ (#3866, #3825)
+ * Fix `READY` notification sometimes not accepted by systemd. (#3291, #3293)
+ * Reduce the number of mount/umount syscalls in the host mount namespace, remove the bindfd logic
+ and move the memfd logic to go. (#3987, #3599, #2532, #3931)
 
 ## [1.1.8] - 2023-07-20
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.0+dev
+1.2.0-rc.1