VERSION: release v1.2.0

[cyphar]

v1.2.0 -- "できるときにできることをやるんだ。それが今だ。"

This is long-awaited release of runc 1.2.0! The primary changes from rc3
are general improvements and fixes for minor regressions related to the
new /proc/self/exe cloning logic in runc 1.2, follow-on patches related
to CVE-2024-45310, as well as some other minor changes.

 + In order to alleviate the remaining concerns around the memory usage
   and (arguably somewhat unimportant, but measurable) performance
   overhead of memfds for cloning `/proc/self/exe`, we have added a new
   protection using `overlayfs` that is used if you have enough
   privileges and the running kernel supports it. It has effectively no
   performance nor memory overhead (compared to no cloning at all).
   (#4448)
 * The original fix for CVE-2024-45310 was intentionally very limited in
   scope to make it easier to review, however it also did not handle all
   possible `os.MkdirAll` cases and thus could lead to regressions. We
   have switched to the more complete implementation in the newer
   versions of `github.com/cyphar/filepath-securejoin`. (#4393, #4400,
   #4421, #4430)
 * In certain situations (a system with lots of mounts or racing mounts)
   we could accidentally end up leaking mounts from the container into
   the host. This has been fixed. (#4417)
 * The fallback logic for `O_TMPFILE` clones of `/proc/self/exe` had a
   minor bug that would cause us to miss non-`noexec` directories and
   thus fail to start containers on some systems. (#4444)
 * Sometimes the cloned `/proc/self/exe` file descriptor could be placed
   in a way that it would get clobbered by the Go runtime. We had a fix
   for this already but it turns out it could still break in rare
   circumstances, but it has now been fixed. (#4294, #4452)
 * It is not possible for `runc kill` to work properly in some specific
   configurations (such as rootless containers with no cgroups and a
   shared pid namespace). We now output a warning for such
   configurations. (#4398)
 * memfd-bind: update the documentation and make path handling with the
   systemd unit more idiomatic. (#4428)
 * We now use v0.16 of Cilium's eBPF library, including fixes that quite
   a few downstreams asked for. (#4397, #4396)
 * Some internal `runc init` synchronisation that was no longer
   necessary (due to the `/proc/self/exe` cloning move to Go) was
   removed. (#4441)

Thanks to all of the contributors who made this release possible:

 * Akhil Mohan <[email protected]>
 * Akihiro Suda <[email protected]>
 * Aleksa Sarai <[email protected]>
 * Amir M. Ghazanfari <[email protected]>
 * Kir Kolyshkin <[email protected]>
 * Rafael Roquetto <[email protected]>
 * Rodrigo Campos <[email protected]>
 * Sebastiaan van Stijn <[email protected]>
 * Stavros Panakakis <[email protected]>
 * lifubang <[email protected]>

Signed-off-by: Aleksa Sarai <[email protected]>

[cyphar]

Last call for LGTMs @opencontainers/runc-maintainers

I'll do the merge and release today.

[rata]

LGTM