Skip to content

Commit 2a42461

Browse files
cypharcyphar
committed
merge #4581 into opencontainers/runc:release-1.2
Aleksa Sarai (2): VERSION: back to development VERSION: release v1.2.4 LGTMs: lifubang kolyshkin
2 parents 5243eba + 48ea727 commit 2a42461

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

CHANGELOG.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased 1.2.z]
88

9+
## [1.2.4] - 2025-01-07
10+
11+
> Христос се роди!
12+
13+
### Fixed
14+
* Re-add tun/tap devices to built-in allowed devices lists.
15+
16+
In runc 1.2.0 we removed these devices from the default allow-list (which
17+
were added seemingly by accident early in Docker's history) as a precaution
18+
in order to try to reduce the attack surface of device inodes available to
19+
most containers (#3468). At the time we thought that the vast majority of
20+
users using tun/tap would already be specifying what devices they need (such
21+
as by using `--device` with Docker/Podman) as opposed to doing the `mknod`
22+
manually, and thus there would've been no user-visible change.
23+
24+
Unfortunately, it seems that this regressed a noticeable number of users
25+
(and not all higher-level tools provide easy ways to specify devices to
26+
allow) and so this change needed to be reverted. Users that do not need
27+
these devices are recommended to explicitly disable them by adding deny
28+
rules in their container configuration. (#4555, #4556)
29+
930
## [1.2.3] - 2024-12-12
1031

1132
> Winter is not a season, it's a celebration.
@@ -951,7 +972,8 @@ implementation (libcontainer) is *not* covered by this policy.
951972
[1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1
952973

953974
<!-- 1.2.z patch releases -->
954-
[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.3...release-1.2
975+
[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.4...release-1.2
976+
[1.2.4]: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4
955977
[1.2.3]: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3
956978
[1.2.2]: https://github.com/opencontainers/runc/compare/v1.2.1...v1.2.2
957979
[1.2.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.2.1

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.2.3+dev
1+
1.2.4+dev

0 commit comments

Comments
 (0)