runc v1.3.0 -- "Mr. President, we must not allow a mine shaft gap!" This is the first release of the 1.3.z release branch of runc. It contains a few minor fixes for issues found in 1.3.0-rc.2. This is the first release of runc that will follow our new release and support policy (see RELEASES.md for more details). This means that, as of this release: * As of this release, the runc 1.2.z release branch will now only recieve security and "significant" bugfixes. * Users are encouraged to plan migrating to runc 1.3.0 as soon as possible. * Due to its particular situation, runc 1.1.z is officially no longer supported and will no longer receieve any updates (not even for critical security issues). Users are urged (in the strongest possible terms) to upgrade to a supported version of runc. * Barring any future changes to our release policy, users should expect a runc 1.4.0 release in late October 2025. Fixed: * Removed pre-emptive "full access to cgroups" warning when calling runc pause or runc unpause as an unprivileged user without --systemd-cgroups. Now the warning is only emitted if an actual permission error was encountered. (#4709) * Several fixes to our CI, mainly related to AlmaLinux and CRIU. (#4670, #4728, #4736) Changed: * In runc 1.2, we changed our mount behaviour to correctly handle clearing flags. However, the error messages we returned did not provide as much information to users about what clearing flags were conflicting with locked mount flags. We now provide more diagnostic information if there is an error when in the fallback path to handle locked mount flags. (#4734) * Upgrade our CI to use golangci-lint v2.0. (#4692) * runc version information is now filled in using //go:embed rather than being set through Makefile. This allows go install or other non-make builds to contain the correct version information. Note that "make EXTRA_VERSION=..." still works. (#418) * Remove exclude directives from our go.mod for broken cilium/ebpf versions. v0.17.3 resolved the issue we had, and exclude directives are incompatible with go install. (#4748) Thanks to the following contributors for making this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Rodrigo Campos <rodrigoca@microsoft.com> * lifubang <lifubang@acmcoder.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>