v1.1.4 -- "If you look for perfection, you'll never be content." This is the fourth patch release in the 1.1.z series of runc, primarily fixing a regression introduced in 1.1.3 related to device rules. It also fixes a few other bugs. * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. (#3511) * Switch `kill()` in `libcontainer/nsenter` to `sane_kill()`. (#3536) * Fix "permission denied" error from `runc run` on `noexec` fs. (#3541) * Fix failed exec after `systemctl daemon-reload`. Due to a regression in v1.1.3, the `DeviceAllow=char-pts rwm` rule was no longer added and was causing an error `open /dev/pts/0: operation not permitted: unknown` when systemd was reloaded. (#3554) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * guodong <guodong9211@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Mrunal Patel <mrunal@me.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>