runc 1.0-rc94 -- "Time is an illusion. Lunchtime doubly so."

This release fixes several regressions found in v1.0.0-rc93. We
recommend users update as soon as possible. This release includes the
following notable changes:

Potentially breaking changes:

• cgroupv1: kernel memory limits are now always ignored, as kmemcg has
  been effectively deprecated by the kernel. Users should make use of
  regular memory cgroup controls. (#2840)
• libcontainer/cgroups: cgroup managers' Set now accept
  configs.Resources rather than configs.Cgroups (#2906)
• libcontainer/cgroups/systemd: reconnect and retry in case dbus
  connection is closed (after dbus restart) (#2923)
• libcontainer/cgroups/systemd: don't set limits in Apply (#2814)

Bugfixes:

• seccomp: fix 32-bit compilation errors (regression in rc93, #2783)
• cgroupv2: blkio weight value conversion fix (#2786)
• runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  (regression in rc93, #2871)
• runc start: fix "chdir to cwd: permission denied" for some setups
  (regression in rc93, #2894)
• s390: fix broken terminal (regression in rc93, #2898)

Improvements:

• runc start/exec: better diagnostics when container limits are too low
  (#2812)
• runc start/exec: better cleanup after failed runc init (#2855)
• cgroupv1: improve freezing chances (#2941, #2918, #2791)
• cgroupv2: multiple GetStats improvements (#2816, #2873)
• cgroupv2: fallback to setting io.weight if io.bfq.weight is not
  available (#2820)
• capabilities: WARN, not ERROR, for unknown / unavailable capabilities
  (#2854)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

---

Thanks to the following people who made this release possible:

• Adam Korcz [email protected]
• Adrian Reber [email protected]
• Akihiro Suda [email protected]
• Aleksa Sarai [email protected]
• Ben Hutchings [email protected]
• Danail Branekov [email protected]
• Daniel Dao [email protected]
• Enrico Weigelt [email protected]
• Iceber Gu [email protected]
• Kenta Tada [email protected]
• Kieron Browne [email protected]
• Kir Kolyshkin [email protected]
• Liang Zhou [email protected]
• Liu Hua [email protected]
• Mauricio Vásquez [email protected]
• Mrunal Patel [email protected]
• Odin Ugedal [email protected]
• Peter Hunt [email protected]
• Qiang Huang [email protected]
• Ryosuke Hanatsuka [email protected]
• Sascha Grunert [email protected]
• Sebastiaan van Stijn [email protected]
• Shengjing Zhu [email protected]
• Shiming Zhang [email protected]
• Vasiliy Ulyanov [email protected]

Vote: +6 -0 !1
Signed-off-by: Aleksa Sarai [email protected]