Dockerfile: update runc binary to v1.2.5
This is the fifth patch release in the 1.2.z series of runc. It primarily fixes
an issue caused by an upstream systemd bug.
* There was a regression in systemd v230 which made the way we define
device rule restrictions require a systemctl daemon-reload for our
transient units. This caused issues for workloads using NVIDIA GPUs.
Workaround the upstream regression by re-arranging how the unit properties
are defined.
* Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1,
to allow projects that vendor runc to bump it as well.
* CI: fixed criu-dev compilation.
* Dependency golang.org/x/net is updated to 0.33.0.
full diff: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5
release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2025/02/14 18:22:57Showing 2 changed files
| ... | ... |
@@ -292,7 +292,7 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc. |
| 292 | 292 |
# that is used. If you need to update runc, open a pull request in the containerd |
| 293 | 293 |
# project first, and update both after that is merged. When updating RUNC_VERSION, |
| 294 | 294 |
# consider updating runc in vendor.mod accordingly. |
| 295 |
-ARG RUNC_VERSION=v1.2.4 |
|
| 295 |
+ARG RUNC_VERSION=v1.2.5 |
|
| 296 | 296 |
RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
|
| 297 | 297 |
|
| 298 | 298 |
FROM base AS runc-build |
| ... | ... |
@@ -9,7 +9,7 @@ set -e |
| 9 | 9 |
# the containerd project first, and update both after that is merged. |
| 10 | 10 |
# |
| 11 | 11 |
# When updating RUNC_VERSION, consider updating runc in vendor.mod accordingly |
| 12 |
-: "${RUNC_VERSION:=v1.2.4}"
|
|
| 12 |
+: "${RUNC_VERSION:=v1.2.5}"
|
|
| 13 | 13 |
|
| 14 | 14 |
install_runc() {
|
| 15 | 15 |
RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"
|