runc v1.2.6 -- "Hasta la victoria, siempre." This is the sixth patch release in the 1.2.z series of runc. It primarily fixes an issue with runc exec vs time namespace, and a compatibility issue with older kernels. * Fix a stall issue that would happen if setting `O_CLOEXEC` with `CloseExecFrom` failed (#4647). * `runc` now properly handles joining time namespaces (such as with `runc exec`). Previously we would attempt to set the time offsets when joining, which would fail. (#4635, #4649) * Handle `EINTR` retries correctly for socket-related direct `golang.org/x/sys/unix` system calls. (#4650) * We no longer use `F_SEAL_FUTURE_WRITE` when sealing the runc binary, as it turns out this had some unfortunate bugs in older kernel versions and was never necessary in the first place. (#4651, #4640) * Remove `Fexecve` helper from `libcontainer/system`. Runc 1.2.1 removed runc-dmz, but we forgot to remove this helper added only for that. (#4646) * Use Go 1.23 for official builds, run CI with Go 1.24 and drop Ubuntu 20.04 from CI. We need to drop Ubuntu 20.04 from CI because Github Actions announced it's already deprecated and it will be discontinued soon. (#4648) Thanks to the following contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Evan Phoenix <evan@phx.io> * Kir Kolyshkin <kolyshkin@gmail.com> * lifubang <lifubang@acmcoder.com> * Rodrigo Campos <rodrigoca@microsoft.com> * Tomasz Duda <tomaszduda23@gmail.com> Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>