Dockerfile: update runc binary to v1.3.0
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.0
- full diff: https://github.com/opencontainers/runc/compare/v1.2.6..v1.3.0
-----
This is the first release of the 1.3.z release branch of runc. It
contains a few minor fixes for issues found in 1.3.0-rc.2.
This is the first release of runc that will follow our new release and
support policy (see RELEASES.md for more details). This means that, as
of this release:
* As of this release, the runc 1.2.z release branch will now only
receive security and "significant" bugfixes.
* Users are encouraged to plan migrating to runc 1.3.0 as soon as
possible.
* Due to its particular situation, runc 1.1.z is officially no longer
supported and will no longer receive any updates (not even for
critical security issues). Users are urged (in the strongest possible
terms) to upgrade to a supported version of runc.
* Barring any future changes to our release policy, users should expect
a runc 1.4.0 release in late October 2025.
Fixed
* Removed pre-emptive "full access to cgroups" warning when calling
`runc pause` or `runc unpause` as an unprivileged user without
`--systemd-cgroups`. Now the warning is only emitted if an actual permission
error was encountered.
* Several fixes to our CI, mainly related to AlmaLinux and CRIU.
Changed
* In runc 1.2, we changed our mount behaviour to correctly handle clearing
flags. However, the error messages we returned did not provide as much
information to users about what clearing flags were conflicting with locked
mount flags. We now provide more diagnostic information if there is an error
when in the fallback path to handle locked mount flags.
* Upgrade our CI to use golangci-lint v2.0.
* `runc version` information is now filled in using `//go:embed` rather than
being set through `Makefile`. This allows `go install` or other non-`make`
builds to contain the correct version information. Note that
`make EXTRA_VERSION=...` still works.
* Remove `exclude` directives from our `go.mod` for broken `cilium/ebpf`
versions. `v0.17.3` resolved the issue we had, and `exclude` directives are
incompatible with `go install`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2025/08/06 20:49:57Showing 2 changed files
| ... | ... |
@@ -254,7 +254,7 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc. |
| 254 | 254 |
# that is used. If you need to update runc, open a pull request in the containerd |
| 255 | 255 |
# project first, and update both after that is merged. When updating RUNC_VERSION, |
| 256 | 256 |
# consider updating runc in vendor.mod accordingly. |
| 257 |
-ARG RUNC_VERSION=v1.2.6 |
|
| 257 |
+ARG RUNC_VERSION=v1.3.0 |
|
| 258 | 258 |
RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
|
| 259 | 259 |
|
| 260 | 260 |
FROM base AS runc-build |
| ... | ... |
@@ -9,7 +9,7 @@ set -e |
| 9 | 9 |
# the containerd project first, and update both after that is merged. |
| 10 | 10 |
# |
| 11 | 11 |
# When updating RUNC_VERSION, consider updating runc in vendor.mod accordingly |
| 12 |
-: "${RUNC_VERSION:=v1.2.6}"
|
|
| 12 |
+: "${RUNC_VERSION:=v1.3.0}"
|
|
| 13 | 13 |
|
| 14 | 14 |
install_runc() {
|
| 15 | 15 |
RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"
|