v1.3.0

This is the fourth minor release of the v1 series of the Open Container Initiative Runtime Specification.
This release features the addition of the specification for FreeBSD.

Additions

• config-vm: add hwConfig object (#1209)
• config-linux: add intelRdt.schemata field (#1230)
• config-linux: add netDevices object (#1271)
• config-linux: add memoryPolicy object (#1282)
• config-freebsd: add the spec for FreeBSD (#1286)
• config-linux: add intelRdt.enableMonitoring field (#1287)

Minor fixes

• config-linux: clarify intelRdt configuration (#1196)
• runtime: fail when a poststart hook fails (#1262)
• config-linux: clarify pids cgroup settings (#1279)
• config-linux: define default clos for intelRdt (#1289)
• features-linux: add intelRdt.enableMonitoring field (#1290)
• features-linux: add intelRdt.schemata field (#1291)
• config-linux: fix and elaborate memoryPolicy.nodes field (#1294)
• config-linux, schema: fix FileMode description (#1298)

Documentation, CI & Governance

• add systemd-nspawn to implementations.md (#1272)
• CI: add codespell, bump golangci-lint (#1281)
• docs: add missing backticks for code formatting (#1284)
• docs: fix typo (#1285)
• principles: fix typo (#1288)
• schema: fix json (#1297)
• ci: use supported Go versions (#1300)
• Add minimum supported Go version to CI (#1303)
• Mention FreeBSD platform (#1304)

Thanks to the following contributors for making this release possible: @Artoria2e5 @Sharmaann @aojea @ariel-anieli @askervin @cyphar @dfr @gogolok @ipuustin @kolyshkin @marquiz @oleksiimoisieiev @tianon

Vote-Results: +9 -0 *2 (#1302)
Signed-off-by: Akihiro Suda (@AkihiroSuda)

v1.2.1

This is the first patch release of the v1.2.z series of the Open
Container Initative Runtime Specification. It primarily includes a
series of minor fixes as well as new support for the specification of
the CPU affinity of container processes.

Additions

• zos updates (#1273)
• Add support for windows CPU affinity (#1258)
• specs-go: sync SCMP_ARCH_* constants with libseccomp main (#1229)
• Add CPU affinity to executed processes (#1253, #1261)
• config-linux: describe the format of cpus and mems (#1253)

Minor fixes

• Fix description of errnoRet in Seccomp (#1277)
• config-linux: update for libseccomp v2.6.0 (#1276)
• Correct prestart hook description in summary (#1275)

Documentation, CI & Governance

• ci: Add a github actions workflow for lint (#1257)
• update http links to https (#1269)
• doc: fix the invalid hyperlink naming-a-volume (#1268)
• ci: remove redundunt actions (#1256)
• chore: format JSON file make -C schema fmt (#1255)
• CODEOWNERS: remove vbatts (#1248)
• MAINTAINERS: move vbatts to EMERITUS (#1248)
• Update golangci-lint to v1.56.1 in CI (#1245)
• Add Go v1.21 and v1.22 to GitHub Actions CI matrix (#1245)
• Update GitHub Actions packages to resolve warnings in CI (#1244)

Thanks to the following contributors for making this release possible:

• Akihiro Suda [email protected]
• Austin Vazquez [email protected]
• Kaita Nakamura [email protected]
• Kershaw Mehta [email protected]
• Kijima Daigo [email protected]
• Kir Kolyshkin [email protected]
• Kirtana Ashok [email protected]
• Lei Wang [email protected]
• Neil Johnson [email protected]
• Patrickuuuu [email protected]
• Sebastiaan van Stijn [email protected]
• Tianon Gravi [email protected]
• Toru Komatsu [email protected]
• Vincent Batts [email protected]

Vote-Results: +8 -0 *3 (#1278)
Signed-off-by: Aleksa Sarai [email protected]

v1.2.0

Votes: #1242

Additions

• config: add idmap and ridmap mount options (#1222)
• config.md: allow empty mappings for [r]idmap (#1224)
• features-linux: Expose idmap information (#1219)
• mount: Allow relative mount destinations on Linux (#1225)
• features: add potentiallyUnsafeConfigAnnotations (#1205)
• config: add support for org.opencontainers.image annotations #1197

Minor fixes:

• config: improve bind mount and propagation doc (#1228)

Documentation, CI & Governance:

• fix link to hooks in features (#1226)
• specs-go: add missing deprecation comment for Hooks.Prestart (#1232)
• specs-go: mark LinuxMemory.Kernel as deprecated ()#1233)

v1.1.0

Vote: #1213

Blog: https://opencontainers.org/posts/blog/2023-07-21-oci-runtime-spec-v1-1/

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)
• config: add scheduler entity (#1188)
• config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes

• seccomp: fix go-specs for errnoRet (#1042)
• Define State for container and runtime namespace (#1045)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• Fix int64 and uint64 type value ranges (#1060)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• Add available LinuxSeccompFlags (#1138)
• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• config: clarify Linux mount options (#1181)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)
• config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
• releases: use +dev as in-development suffix (#1198)
• features: update Example (#1204)
• schema: fix definition for ioPriority (#1206)
• features: add a note to avoid confusion about annotations (#1212)

Documentation, CI & Governance

• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• typo: seccompFD -> seccompFd (#1133)
• fix RFC link (#1153)
• maintainer updates as per #1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)
• Update CI to Go 1.20 (#1179)
• config-linux: fix url error (#1184)
• config-linux: chore: Update ociVersion in example (#1199)
• MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
• glossary: s/features document/Features structure/g (#1203)
• CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)
• README.md: update chat information (#1210)
• Remove outdated meeting.ics (#1211)

v1.1.0-rc.3

Vote: #1208 (https://groups.google.com/a/opencontainers.org/g/dev/c/VoNKGQpXh70)

---

Changes (v1.1.0-rc.2 → v1.1.0-rc.3)

Additions:

• config: add scheduler entity (#1188)
• config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes and documentation:

• config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
• config-linux: chore: Update ociVersion in example (#1199)
• releases: use +dev as in-development suffix (#1198)
• MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
• glossary: s/features document/Features structure/g (#1203)
• features: update Example (#1204)
• schema: fix definition for ioPriority (#1206)
• CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)

Changes (v1.1.0-rc.1 → v1.1.0-rc.2)

Additions

• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)

Minor fixes and documentation

• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• Update CI to Go 1.20 (#1179)
• config: clarify Linux mount options (#1181)
• config-linux: fix url error (#1184)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

v1.1.0-rc.2

Vote: #1192 ( https://groups.google.com/a/opencontainers.org/g/dev/c/fnCiFoXBsiI/m/fbbmbs19EQAJ )

---

Changes (v1.1.0-rc.1 → v1.1.0-rc.2)

Additions

• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)

Minor fixes and documentation

• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• Update CI to Go 1.20 (#1179)
• config: clarify Linux mount options (#1181)
• config-linux: fix url error (#1184)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

v1.1.0-rc.1

Vote: #1175 ( https://groups.google.com/a/opencontainers.org/g/dev/c/fnCiFoXBsiI/m/1jQm5OArBAAJ )

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

v1.0.2

https://groups.google.com/a/opencontainers.org/d/msg/dev/12BYcSHjSWY/IXNOMpflBQAJ

v1.0.1

https://groups.google.com/a/opencontainers.org/d/msg/dev/Y9HXIM1tYII/73eJngHdBQAJ

v1.0.0

Vote PASSED (+8 -0 #0): https://groups.google.com/a/opencontainers.org/d/msg/dev/_pvFMQN1DUM/YoEdnfXGBQAJ
Full changeset since rc6: v1.0.0-rc6...v1.0.0
Release PR: #893