v1.1.3 -- "In the beginning there was nothing, which exploded." This is the third release of the 1.1.z series of runc, and contains various minor improvements and bugfixes. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3478) * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. (#3476) * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. (#3477) * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. (#3504) * Socket activation was failing when more than 3 sockets were used. (#3494) * Various CI fixes. (#3472, #3479) * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493) * runc static binaries are now linked against libseccomp v2.5.4. (#3481) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * CrazyMax <crazy-max@users.noreply.github.com> * Erik Sjölund <erik.sjolund@gmail.com> * Irwin D'Souza <dsouzai.gh@gmail.com> * Kang Chen <kongchen28@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>