From f97f2347294903b88e567e884f721cc4feee5906 Mon Sep 17 00:00:00 2001 From: Luciano Ciccariello Date: Mon, 1 Dec 2025 17:12:51 +0000 Subject: [PATCH] Dockerfile: update runc binary to v1.3.4 - release notes: https://github.com/opencontainers/runc/releases/tag/v1.4.0 - full diff: opencontainers/runc@v1.3.3...v1.4.0 This version bump aims to fix a regression in runc v1.3.3, which caused /dev/shm to have inappropriate permissions exposed to containers: * https://github.com/opencontainers/runc/issues/4971 * https://github.com/opencontainers/runc/pull/4976 Signed-off-by: Luciano Ciccariello --- Dockerfile | 2 +- hack/dockerfile/install/runc.installer | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3eea0fc477..9b44e811d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -254,7 +254,7 @@ RUN git init . && git remote add origin "https://github.com/opencontainers/runc. # This version should usually match the version that is used by the containerd version # that is used. If you need to update runc, open a pull request in the containerd # project first, and update both after that is merged. -ARG RUNC_VERSION=v1.3.3 +ARG RUNC_VERSION=v1.3.4 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD FROM base AS runc-build diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer index 01d54aa341..f4d770d18e 100755 --- a/hack/dockerfile/install/runc.installer +++ b/hack/dockerfile/install/runc.installer @@ -7,7 +7,7 @@ set -e # The version of runc should match the version that is used by the containerd # version that is used. If you need to update runc, open a pull request in # the containerd project first, and update both after that is merged. -: "${RUNC_VERSION:=v1.3.3}" +: "${RUNC_VERSION:=v1.3.4}" install_runc() { RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp"}"