VERSION: release v1.4.0-rc.2

cyphar · cyphar · commit 8aeb2a4bdde8 · 2025-10-09T14:35:07.000+11:00
Signed-off-by: Aleksa Sarai &lt;cyphar@cyphar.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,9 +6,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased 1.4.z]
 
+## [1.4.0-rc.2] - 2025-10-10
+
+> 私の役目は信じるかどうかではない。行うかどうかだ。
+
 ### libcontainer API
-- The deprecated `libcontainer/userns` package has been removed; use
-  `github.com/moby/sys/userns` instead.
+ * The deprecated `libcontainer/userns` package has been removed; use
+   `github.com/moby/sys/userns` instead. (#4910, #4911)
+
+### Added
+ * Allow setting `user.*` sysctls for user-namespaced containers, as they are
+   namespaced and thus safe to configure. (#4889, #4892)
+ * Add support for using `clone3(2)`'s `CLONE_INTO_CGROUP` flag when
+   configuring the `runc exec` process. This also included some internal
+   changes to how we add processes to containers. (#4822, #4812, #4920)
+ * Add support for configuring the NUMA pmemory policy for a container with
+   `set_mempolicy(2)`. (opencontainers/runtime-spec#1282, #4726, #4915)
+ * Add support for `intelRdt.schemata` to allow for configuration of all
+   schemas in `resctrl`. (opencontainers/runtime-spec#1230, #4830, #4915)
+ * Add support for `intelRdt.enableMonitoring` to allow for per-container
+   `resctrl` monitoring. This replaces the old `intelRdt.enableCMT` and
+   `intelRdt.enableMBM` options which were never implemented by runc and have
+   been removed from the runtime-spec. (opencontainers/runtime-spec#1287,
+   #4832, #4921)
+
+### Fixed
+ * Configure `personality(2)` before applying seccomp profiles. (#4900, #4903)
+ * Fixed integration test failure on ppc64, caused by 64K page size so the
+   kernel was rounding memory limit to 64K. (#4841, #4895, #4893)
+ * seccompagent: fix fd close loop to prevent closing stdio in the error path.
+   (#4913, #4923)
 
 ## [1.4.0-rc.1] - 2025-09-05
 
@@ -1309,5 +1336,6 @@ implementation (libcontainer) is *not* covered by this policy.
 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1
 
 <!-- 1.4.z patch releases -->
-[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...release-1.4
+[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.2...release-1.4
+[1.4.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...v1.4.0-rc.2
 [1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.4.0-rc.1+dev
+1.4.0-rc.2
