Skip to content

[1.4] VERSION: release 1.4.0-rc.2 #4922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 9, 2025
Merged

[1.4] VERSION: release 1.4.0-rc.2 #4922

merged 3 commits into from
Oct 9, 2025

Conversation

cyphar
Copy link
Member

@cyphar cyphar commented Oct 8, 2025
edited
Loading 

runc v1.4.0-rc.2 -- "私の役目は信じるかどうかではない。行うかどうかだ。"

This is the second release candidate of the runc 1.4.0 release. It
includes a few minor features that did not make the cut-off for
v1.4.0-rc.1 (namely CLONE_INTO_CGROUP support and some new Intel RDT
features).

Users are strongly encouraged to test our release candidates over the
next month so we can fix issues before the general release. You should
expect runc 1.4.0 to be released at the end of October 2025 (at which
point, runc 1.2.z will only receive high-severity security fixes for 6
months and users are thus very strongly encouraged to migrate to a newer
version).

libcontainer API:

 * The deprecated libcontainer/userns package has been removed; use
   github.com/moby/sys/userns instead. (#4910, #4911)

Added:

 * Allow setting user.* sysctls for user-namespaced containers, as they
   are namespaced and thus safe to configure. (#4889, #4892)
 * Add support for using clone3(2)'s CLONE_INTO_CGROUP flag when
   configuring the runc exec process. This also included some internal
   changes to how we add processes to containers. (#4822, #4812, #4920)
 * Add support for configuring the NUMA pmemory policy for a container
   with set_mempolicy(2). (opencontainers/runtime-spec#1282, #4726,
   #4915)
 * Add support for intelRdt.schemata to allow for configuration of all
   schemas in resctrl. (opencontainers/runtime-spec#1230, #4830, #4915)
 * Add support for intelRdt.enableMonitoring to allow for per-container
   resctrl monitoring. This replaces the old intelRdt.enableCMT and
   intelRdt.enableMBM options which were never implemented by runc and
   have been removed from the runtime-spec.
   (opencontainers/runtime-spec#1287, #4832, #4921)

Fixed:

 * Configure personality(2) before applying seccomp profiles. (#4900,
   #4903)
 * Fixed integration test failure on ppc64, caused by 64K page size so
   the kernel was rounding memory limit to 64K. (#4841, #4895, #4893)

Thanks to the following contributors for making this release possible:

 * Aleksa Sarai <cyphar@cyphar.com>
 * Antti Kervinen <antti.kervinen@intel.com>
 * Donet Tom <donettom@linux.ibm.com>
 * Kir Kolyshkin <kolyshkin@gmail.com>
 * Markus Lehtonen <markus.lehtonen@intel.com>
 * Rodrigo Campos <rodrigoca@microsoft.com>
 * Tycho Andersen <tycho@tycho.pizza>
 * Vishal Chourasia <vishalc@linux.ibm.com>
 * Li Fubang <lifubang@acmcoder.com>

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

@cyphar cyphar added this to the 1.4.0-rc.2 milestone Oct 8, 2025
@cyphar cyphar force-pushed the release-1.4.0-rc.2 branch from a61cc63 to 8bf67bd Compare October 8, 2025 17:06
kolyshkin
kolyshkin approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

kolyshkin
kolyshkin reviewed Oct 8, 2025
View reviewed changes
@kolyshkin
Copy link
Contributor

I went through PRs with backport/1.4-todo label, most were stale (so changed to backport/1.4-done), one was closed so I removed the label. The remaining one was #4913 so I opened #4923. Feel free to change its milestone as this is a low priority fix.

cyphar added 2 commits October 9, 2025 14:35
@cyphar
CHANGELOG: add note about cpu shares changes
a2f2cf3 
This was a notable change in v1.4.0-rc.1 but this was not sufficiently
well-signposted in our changelog.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar
VERSION: release v1.4.0-rc.2
8aeb2a4 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar cyphar force-pushed the release-1.4.0-rc.2 branch from 8bf67bd to 5276412 Compare October 9, 2025 03:36
@cyphar
Copy link
Member Author

cyphar commented Oct 9, 2025

I've merged #4923 and rebased.

@cyphar
VERSION: back to development
4633173 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar cyphar force-pushed the release-1.4.0-rc.2 branch from 5276412 to 4633173 Compare October 9, 2025 04:55
@cyphar cyphar merged commit 2e3b2fb into opencontainers:release-1.4 Oct 9, 2025
36 checks passed
@cyphar cyphar deleted the release-1.4.0-rc.2 branch October 9, 2025 07:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin approved these changes

@lifubang lifubang lifubang approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@rata rata Awaiting requested review from rata

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.4.0-rc.2

Development

Successfully merging this pull request may close these issues.

4 participants

@cyphar @kolyshkin @lifubang @AkihiroSuda