v1.1.6 -- "In this world nothing is certain but death and taxes." This is the sixth path release in the 1.1.z series of runc, which fixes a series of cgroup-related issues. Note that this release can no longer be built from sources using Go 1.16. Using a latest maintained Go 1.20.x or Go 1.19.x release is recommended. Go 1.17 can still be used. * systemd cgroup v1 and v2 drivers were deliberately ignoring `UnitExist` error from systemd while trying to create a systemd unit, which in some scenarios may result in a container not being added to the proper systemd unit and cgroup. (#3780, #3806) * systemd cgroup v2 driver was incorrectly translating cpuset range from spec's `resources.cpu.cpus` to systemd unit property (`AllowedCPUs`) in case of more than 8 CPUs, resulting in the wrong AllowedCPUs setting. (#3808) * systemd cgroup v1 driver was prefixing container's cgroup path with the path of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup. (#3811) * runc run/start may return "permission denied" error when starting a rootless container when the file to be executed does not have executable bit set for the user, not taking the `CAP_DAC_OVERRIDE` capability into account. This is a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1 (#3715, #3817) * cgroup v1 drivers are now aware of `misc` controller. (#3823) Thanks to all of the contributors who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Chengen, Du <chengen.du@canonical.com> * dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Mrunal Patel <mrunalp@gmail.com> * Peter Hunt~ <pehunt@redhat.com> * Rodrigo Campos <rodrigoca@microsoft.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>