runc v1.3.1 -- "この瓦礫の山でよぉ" This is the first patch release of the 1.3.z release series of runc. It primarily includes some minor fixes for issues found in 1.3.0. Fixed: * Container processes will no longer inherit the CPU affinity of runc by default. Instead, the default CPU affinity of container processes will be the largest set of CPUs permitted by the container's cpuset cgroup and any other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) * Setting linux.rootfsPropagation to shared or unbindable now functions properly. (#1755, #1815, #4724, #4789) * Close seccomp agent connection to prevent resource leaks. (#4796, #4799) * runc delete and runc stop can now correctly handle cases where runc create was killed during setup. Previously it was possible for the container to be in such a state that neither runc stop nor runc delete would be unable to kill or delete the container. (#4534, #4645, #4757, #4793) * runc update will no longer clear intelRdt state information. (#4828, #4833) * CI: Fix exclusion rules and allow us to run jobs manually. (#4760, #4763) Changed: * Improvements to the deprecation warnings as part of the github.com/opencontainers/cgroups split. (#4784, #4788) * Ignore the dmem controller in our cgroup tests, as systemd does not yet support it. (#4806, #4811) * /proc/net/dev is no longer included in the permitted procfs overmount list. Its inclusion was almost certainly an error, and because /proc/net is a symlink to /proc/self/net, overmounting this was almost certainly never useful (and will be blocked by future kernel versions). (#4817, #4820) * Simplify the prepareCriuRestoreMounts logic for checkpoint-restore. (#4765, #4871) * CI: Bump golangci-lint to v2.1. (#4747, #4754) * CI: Switch to GitHub-hosted ARM runners. Thanks again to @alexellis for supporting runc's ARM CI up until now. (#4844, #4856, #4866) Thanks to the following contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * HirazawaUi <695097494plus@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Markus Lehtonen <markus.lehtonen@intel.com> * Martin Sivak <msivak@redhat.com> * Pavel Liubimov <prlyubimov@gmail.com> * Peter Hunt <pehunt@redhat.com> * Rodrigo Campos <rata@users.noreply.github.com> * Yusuke Sakurai <yusuke.sakurai@3-shake.com> * lfbzhm <lifubang@acmcoder.com> * ningmingxiao <ning.mingxiao@zte.com.cn> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>