runc is closely related to us (containerization/K8S practitioners), has been running for 5 years since v1.0.0-rc1 was released in 2016, from rc1 to rc95, and now The process of finally officially releasing the v1.0 version and the story in the middle.
Hi everyone, this is Zhang Jintao.
At the end of November 2018, I wrote an article "runc 1.0-rc6 release" , that should be my first public introduction to runc. If you still don't understand what runc is and how to use it, please refer to my article. The concept and usage are no longer explained in this article.
At the end of March 2019, I wrote another article "runc 1.0-rc7 release" , introducing the reason for the release of runc 1.0-rc7, and the main fix CVE-2019-5736 It also introduces the compatibility of runc/Docker and other issues with the Linux kernel. Interested friends can take a look.
Friends who follow me should have seen my introduction to runc many times K8S Ecological Weekly
In June 2015, Docker, CoreOS and some other companies jointly established the OCI (Open Container Project) organization, the main content of which has two:
- Container runtime specification
- Container image specification
Docker donated its runtime to OCI, as the basic implementation of the container runtime specification, hosted at https://github.com/opencontainers/runc is now the runc you see.
Release history
Let's take a look at the release history of the runc version to understand why it has been running for 5 years.
| runc version | release time | runtime-spec version | Remarks |
|---|---|---|---|
| runc v1.0-rc1 | 2016.06.04 | v1.0.0-rc1 | |
| runc v1.0-rc2 | 2016.10.01 | v1.0.0-rc2-38-g1c7c27d | |
| runc v1.0-rc3 | 2017.03.22 | v1.0.0-rc5 | |
| runc v1.0-rc4 | 2017.08.09 | v1.0.0 | runtime-spec first released v1.0 |
| runc v1.0-rc5 | 2018.02.27 | v1.0.0 | First planned as the last rc version |
| runc v1.0-rc6 | 2018.11.21 | v1.0.1-49-g5684b8a | The plan is the last functional version before 1.0, which includes some amendments to the specification and compliance |
| runc v1.0-rc7 | 2019.03.28 | v1.0.1-59-g29686db | Fix CVE-2019-5736 |
| runc v1.0-rc8 | 2019.04.26 | v1.0.1-59-g29686db | Fix v1.0.0-rc7 |
| runc v1.0-rc9 | 2019.10.05 | v1.0.1-59-g29686db | Fix CVE-2019-16884 |
| runc v1.0-rc10 | 2020.01.23 | v1.0.1-59-g29686db | Fix CVE-2019-19921 |
| runc v1.0-rc90 | 2020.05.12 | v1.0.1-59-g29686db | Same as runc v1.0-rc10, to modify the version scheme |
| runc v1.0-rc91 | 2020.07.02 | v1.0.2-8-g237cc4f | Started to support cgroup v2; some regulatory issues have been resolved |
| runc v1.0-rc92 | 2020.08.06 | v1.0.2-23-g4d89ac9 | Fix the bug I found in runc v1.0-rc91 |
| runc v1.0-rc93 | 2021.02.04 | v1.0.2-35-ge6143ca | cgroup v2 is supported stably, |
| runc v1.0-rc94 | 2021.05.10 | v1.0.2-57-g1c3f411 | Fix regressions in runc v1.0-rc93 |
| runc v1.0-rc95 | 2021.05.19 | v1.0.2-57-g1c3f411 | Fix CVE-2021-30465 |
| runc v1.0 | 2021.06.22 | v1.0.2-57-g1c3f411 |
In the above table, I specifically added a column runtime-spec version , indicating the version of the container runtime specification in the OCI organization. Let's summarize the release process:
- Before runc v1.0-rc5, runc actually did not plan to release the official version, after all, the standard has not been officially completed, and the implementation cannot be released first;
- runc v1.0-rc7, rc 9 ~ rc 10 are all to correct serious security problems;
- runc v1.0-rc90 is purely to solve the problem of version scheme;
- The main function of runc v1.0-rc91~rc93 is the support of cgroup v2, and some integration issues with the specification;
- After runc v1.0-93, the basic control code was actually frozen until runc v1.0-rc95 fixed a security vulnerability;
- At present, several major repositories have also tested the integration with the latest code in the runc code repository, and related problems have also been fixed.
The three main time-consuming points seen from here are as follows:
- runtime-spec has not officially released the v1.0 version;
- Fix security vulnerabilities and own bugs;
- Time-consuming to complete new features;
The time-consuming part of the specification has not been released v1.0, I won’t say much here. This is also a dependency. For most projects/software development, there will be similar situations, and I can only promote the release of the specification;
As for the time-consuming features, bugs and security vulnerabilities, this is actually related to the function and positioning of the runc project. Runc is at the bottom level, which requires more knowledge in related fields to support it. Take the bug I found in runc v1.0-rc 91, people who don't know much about the Linux kernel source code will really spend more time.
- switch {
- case mode&unix.S_IFBLK == unix.S_IFBLK:
+ switch mode & unix.S_IFMT {
+ case unix.S_IFBLK:
devType = configs.BlockDevice
- case mode&unix.S_IFCHR == unix.S_IFCHR:
+ case unix.S_IFCHR:
devType = configs.CharDevice
- case mode&unix.S_IFIFO == unix.S_IFIFO:
+ case unix.S_IFIFO:
devType = configs.FifoDevice
default:
return nil, ErrNotADeviceWhat is interesting is that the title of runc v1.0 Release is "A wizard is never late, nor is he early, he arrives precisely when he means to." This is probably also in line with the release history of runc :)
But anyway, after 5 years of running, runc finally released the v1.0 version! Thanks to everyone who has paid for it!
Everyone is welcome to download the update! https://github.com/opencontainers/runc/releases/tag/v1.0.0
Welcome to subscribe to my article public account【MoeLove】
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。