Release 1.0.2 #3149
Description
Here are PRs that we need in order to release 1.0.2:
- [1.0] libct/cg/v1: work around CPU quota period set failure #3115 (partial backport of libct/cg/v1: work around CPU quota period set failure #3090)
- [1.0] libct/seccomp: skip redundant rules #3129 (partial backport of seccomp: skip redundant rules #3109)
- [1.0] script/release.sh: make builds reproducible #3142 (manual backport of script/release.sh: make builds reproducible #3099)
- [1.0] fix logging race in nsexec (regression in rc94) #3130 (backport of libct/nsenter: fix logging race in nsexec (regression in rc94) #3120)
- [1.0] libct/cg/sd/v1: fix freezeBeforeSet (alt 2) #3167 (backport of libct/cg/sd/v1: fix freezeBeforeSet (alt 2) #3166)
- [1.0] libct/nsenter: fix unused-result warning #3169 (backport of libct/nsenter: fix unused-result warning #3168)
I hope to make a release ASAP (as k8s issue, kubernetes/kubernetes#104280) is quite nasty.
Release notes draft
This is a second stable release in 1.0 branch, fixing a few medium and high
priority issues, including one that affect Kubernetes using runc's libcontainer.
Bugfixes:
- Fixed a failure to set CPU quota period in some cases on cgroup v1. (#3115)
- Fixed the inability to start a container with the "adding seccomp filter
rule for syscall ..." error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped. (#3129)
- Made release builds reproducible from now on. (#3142)
- Fixed a rare debug log race in runc init, which can result in occasional
harmful "failed to decode ..." errors from runc run or exec. (#3130)
- Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
(#3167)