Tags give the ability to mark specific points in history as being important
-
archive/debian/1.1.3+ds1-7
256d6a7c · ·runc release 1.1.3+ds1-7 for unstable (sid) [dgit] [dgit distro=debian split --quilt=gbp]
-
debian/1.1.3+ds1-7
43180d69 · ·runc release 1.1.3+ds1-7 for unstable (sid) (maintainer view tag generated by dgit --quilt=gbp) [dgit distro=debian split --quilt=gbp]
-
archive/debian/1.1.3+ds1-6
1103f972 · ·runc release 1.1.3+ds1-6 for unstable (sid) [dgit] [dgit distro=debian split --quilt=gbp]
-
debian/1.1.3+ds1-6
d2e79f6f · ·runc release 1.1.3+ds1-6 for unstable (sid) (maintainer view tag generated by dgit --quilt=gbp) [dgit distro=debian split --quilt=gbp]
-
archive/debian/1.1.3+ds1-3
38cd753f · ·runc release 1.1.3+ds1-3 for unstable (sid) [dgit] [dgit distro=debian split --quilt=gbp]
-
-
-
-
-
-
archive/debian/1.0.0_rc93+ds1-5+deb11u2
5d89d69e · ·runc release 1.0.0~rc93+ds1-5+deb11u2 for bullseye (bullseye) [dgit] [dgit distro=debian split --quilt=gbp]
-
debian/1.0.0_rc93+ds1-5+deb11u2
cd2c57e5 · ·runc release 1.0.0~rc93+ds1-5+deb11u2 for bullseye (bullseye) (maintainer view tag generated by dgit --quilt=gbp) [dgit distro=debian split --quilt=gbp]
-
-
archive/debian/1.0.0_rc93+ds1-5+deb11u1
2db5c33f · ·runc release 1.0.0~rc93+ds1-5+deb11u1 for bullseye (bullseye) [dgit] [dgit distro=debian split --quilt=gbp]
-
debian/1.0.0_rc93+ds1-5+deb11u1
dcc3f4ce · ·runc release 1.0.0~rc93+ds1-5+deb11u1 for bullseye (bullseye) (maintainer view tag generated by dgit --quilt=gbp) [dgit distro=debian split --quilt=gbp]
-
v1.1.3
6724737f · ·v1.1.3 -- "In the beginning there was nothing, which exploded." This is the third release of the 1.1.z series of runc, and contains various minor improvements and bugfixes. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3478) * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. (#3476) * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. (#3477) * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. (#3504) * Socket activation was failing when more than 3 sockets were used. (#3494) * Various CI fixes. (#3472, #3479) * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493) * runc static binaries are now linked against libseccomp v2.5.4. (#3481) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * CrazyMax <crazy-max@users.noreply.github.com> * Erik Sjölund <erik.sjolund@gmail.com> * Irwin D'Souza <dsouzai.gh@gmail.com> * Kang Chen <kongchen28@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
-
v1.1.2
a916309f · ·v1.1.2 -- "I should think I’m going to be a perpetual student." This is the second patch release of the runc 1.1 release branch. It fixes CVE-2022-29162, a minor security issue (which appears to not be exploitable) related to process capabilities. This is a similar bug to the ones found and fixed in Docker and containerd recently (CVE-2022-24769). * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Thanks to all of the contributors who made this release possible: * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> [GHSA-f3fp-gc8g-vw66]: https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
-
-
-
v1.1.1
52de29d7 · ·v1.1.1 -- "Violence is the last refuge of the incompetent." This is the first stable release in the 1.1 branch, fixing a few issues with runc 1.1.0. Fixed: * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) * libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * lifubang <lifubang@acmcoder.com> * Markus Lehtonen <markus.lehtonen@intel.com> Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>