runc v1.2.1 -- "No existe una escuela que enseñe a vivir." This is the first patch release of the 1.2.z series of runc. It includes a critical bugfix for an issue that manifested on SELinux-based distributions distributions and was blocking containerd from updating to runc 1.2.z. In addition, runc-dmz (added in 1.2.0) has been removed entirely. This was opt-out (due to the many limitations it had), but the late addition of the overlayfs-based CVE-2019-5736 protection made it no longer necessary at all. + Became root after joining an existing user namespace. Otherwise, runc won't have permissions to configure some mounts when running under SELinux and runc is not creating the user namespace. (#4466, #4477) - Remove dependency on `golang.org/x/sys/execabs` from go.mod. (#4480) - Remove runc-dmz, that had many limitations, and is mostly made obsolete by the new protection mechanism added in v1.2.0. Note that runc-dmz was only available only in the 1.2.0 release and required to set an environment variable to opt-in. (#4488) * The `script/check-config.sh` script now checks for overlayfs support. (#4494) * When using cgroups v2, allow to set or update memory limit to "unlimited" and swap limit to a specific value. (#4501) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Rodrigo Campos <rodrigoca@microsoft.com> * Wei Fu <fuweid89@gmail.com> * lifubang <lifubang@acmcoder.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>