runc 1.0-rc4

NOTE: This release's artefacts were updated on 2020-07-30 to correct an
LGPL compliance issue (we previously did not include the source code of
libseccomp or libapparmor with our releases) and thus we had to recompile
our runc binaries to be sure we were distributing the correct version of
libseccomp and libapparmor. All of the binaries are still signed by the
same maintainer key, and thus can still be easily validated.

NOTE: This release's artefacts were updated on 2021-04-07, to correct an
issue with the .tar.xz archive from 2020-07-30 (the archive had malformed
paths due to a bug in historical release scripts -- which caused the update
on 2020-07-30 to change the checksum of the source code archive). See #2895
for more details. All of the binaries are still signed by the same maintainer
key, and thus can still be easily validated.

Features:

• runc now supports v1.0.0 of the OCI runtime specification. #1527
• Rootless containers support has been released. The current state of
  this feature is that it only supports single-{uid,gid} mappings as an
  unprivileged user, and cgroups are completely unsupported. Work is
  being done to improve this. #774
• Rather than relying on CRIU version nnumbers, actually check if the
  system supports pre-dumping. #1371
• Allow the PIDs cgroup limit to be updated. #1423
• Add support for checkpoint/restore of containers with orphaned PTYs
  (which is effectively all containers with terminal=true). #1355
• Permit prestart hooks to modify the cgroup configuration of a
  container. #1239
• Add support for a wide variety of mount options. #1460
• Expose memory.use_hierarchy in MemoryStats. #1378

Fixes:

• Fix incorrect handling of systems without the freezer cgroup. #1387
• Many, many changes to switch away from Go's "syscall" stdlib to
  "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
  #1478 #1491 #1482 #1504 #1519 #1530
• Set cgroup resources when restoring a container. #1399
• Switch back to using /sbin as the installation directory. #1406
• Remove the arbitrary container ID length restriction. #1435
• Make container force deletion ignore non-existent containers. #1451
• Improve handling of arbitrary cgroup mount locations when populating
  cpuset. #1372
• Make the SaneTerminal interface public. #1479
• Fix cases where runc would report a container to be in a "Running"
  state if the init was a zombie or dead. #1489
• Do not set supplementary groups for numeric users. #1450
• Fix various issues with the "owner" field in runc-list. #1516
• Many other miscellaneous fixes, some of which were made by first-time
  contributors. Thanks, and welcome to the project! #1406 #1400 #1365
  #1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
  #1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533

Removals:

• Remove any semblance of non-Linux support. #1502
• We no longer use shfmt for testing. #1510

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

• libseccomp
• libapparmor

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

---

Thanks to all of the contributors that made this release possible:

• Adrian Reber areber@redhat.com
• Aleksa Sarai asarai@suse.de
• Andrei Vagin avagin@virtuozzo.com
• Antonio Murdaca runcom@redhat.com
• chchliang chen.chuanliang@zte.com.cn
• Christy Perez christy@linux.vnet.ibm.com
• Craig Furman cfurman@pivotal.io
• CuiHaozhi cuihz@wise2c.com
• Daniel, Dao Quang Minh dqminh89@gmail.com
• Derek Carr decarr@redhat.com
• Harshal Patil harshal.patil@in.ibm.com
• Jonh Wendell jonh.wendell@redhat.com
• Justin Cormack justin.cormack@docker.com
• Kang Liang kangliang424@gmail.com
• Kenfe-Mickael Laventure mickael.laventure@gmail.com
• Konstantinos Karampogias konstantinos.karampogias@swisscom.com
• Ma Shimiao mashimiao.fnst@cn.fujitsu.com
• Michael Crosby crosbymichael@gmail.com
• Mrunal Patel mrunalp@gmail.com
• Qiang Huang h.huangqiang@huawei.com
• Steven Hartland steven.hartland@multiplay.co.uk
• Tim Potter tpot@hpe.com
• Tobias Klauser tklauser@distanz.ch
• Valentin Rothberg vrothberg@suse.com
• Vincent Batts vbatts@redhat.com
• Wentao Zhang zhangwentao234@huawei.com
• Will Martin wmartin@pivotal.io
• W. Trevor King wking@tremily.us
• yangshukui yangshukui@huawei.com
• Zhang Wei zhangwei555@huawei.com

Vote-Closed: [Wed Aug 9 05:28:38 UTC 2017]
Vote-Results: [+5 -0 /2]