Votes: #1242

Additions

• config: add idmap and ridmap mount options (#1222)
• config.md: allow empty mappings for [r]idmap (#1224)
• features-linux: Expose idmap information (#1219)
• mount: Allow relative mount destinations on Linux (#1225)
• features: add potentiallyUnsafeConfigAnnotations (#1205)
• config: add support for org.opencontainers.image annotations #1197

Minor fixes:

• config: improve bind mount and propagation doc (#1228)

Documentation, CI & Governance:

• fix link to hooks in features (#1226)
• specs-go: add missing deprecation comment for Hooks.Prestart (#1232)
• specs-go: mark LinuxMemory.Kernel as deprecated ()#1233)

Vote: #1213

Blog: https://opencontainers.org/posts/blog/2023-07-21-oci-runtime-spec-v1-1/

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)
• config: add scheduler entity (#1188)
• config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes

• seccomp: fix go-specs for errnoRet (#1042)
• Define State for container and runtime namespace (#1045)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• Fix int64 and uint64 type value ranges (#1060)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• Add available LinuxSeccompFlags (#1138)
• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• config: clarify Linux mount options (#1181)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)
• config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
• releases: use +dev as in-development suffix (#1198)
• features: update Example (#1204)
• schema: fix definition for ioPriority (#1206)
• features: add a note to avoid confusion about annotations (#1212)

Documentation, CI & Governance

• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• typo: seccompFD -> seccompFd (#1133)
• fix RFC link (#1153)
• maintainer updates as per #1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)
• Update CI to Go 1.20 (#1179)
• config-linux: fix url error (#1184)
• config-linux: chore: Update ociVersion in example (#1199)
• MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
• glossary: s/features document/Features structure/g (#1203)
• CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)
• README.md: update chat information (#1210)
• Remove outdated meeting.ics (#1211)

Vote: #1208 (https://groups.google.com/a/opencontainers.org/g/dev/c/VoNKGQpXh70)

Changes (v1.1.0-rc.2 → v1.1.0-rc.3)

Additions:

• config: add scheduler entity (#1188)
• config: Add I/O Priority Configuration for process group in Linux Containers (#1191)

Minor fixes and documentation:

• config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
• config-linux: chore: Update ociVersion in example (#1199)
• releases: use +dev as in-development suffix (#1198)
• MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
• glossary: s/features document/Features structure/g (#1203)
• features: update Example (#1204)
• schema: fix definition for ioPriority (#1206)
• CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)

Changes (v1.1.0-rc.1 → v1.1.0-rc.2)

Additions

• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)

Minor fixes and documentation

• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• Update CI to Go 1.20 (#1179)
• config: clarify Linux mount options (#1181)
• config-linux: fix url error (#1184)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

Vote: #1192 ( https://groups.google.com/a/opencontainers.org/g/dev/c/fnCiFoXBsiI/m/fbbmbs19EQAJ )

Changes (v1.1.0-rc.1 → v1.1.0-rc.2)

Additions

• config-linux: add support for rsvd hugetlb cgroup (#1116)
• features: add features.md to formalize the runc features JSON (#1130)
• config-linux: add support for time namespace (#1151)

Minor fixes and documentation

• config-linux: clarify where device nodes can be created (#1148)
• runtime: remove When serialized in JSON, the format MUST adhere to the following pattern (#1178)
• Update CI to Go 1.20 (#1179)
• config: clarify Linux mount options (#1181)
• config-linux: fix url error (#1184)
• schema: fix schema for timeOffsets (#1193)
• schema: remove duplicate keys (#1195)

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

Vote: #1175 ( https://groups.google.com/a/opencontainers.org/g/dev/c/fnCiFoXBsiI/m/1jQm5OArBAAJ )

Changes (v1.0.2 → v1.1.0-rc.1)

Breaking changes (but rather conforms to the existing runc implementation)

• config: change prestart hook spec to match reality (#1169)

Deprecations

• config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)

Additions

• cgroup: add cgroup v2 support (#1040)
• seccomp: allow to override errno return code (#1041)
• seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
• Update seccomp architectures to support RISCV64 (#1059)
• Add support for SCMP_ACT_KILL_THREAD (#1064)
• Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
• config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
• seccomp: allow to override default errno return code (#1087)
• Introduce zos as platform (#1095)
• config-linux: add idle option for container cgroup (#1136)
• config-linux: add CFS bandwidth burst (#1120)
• IDMapping field for mount point (#1143)
• schema: add cpu idle (#1145)
• add domainname spec entity (#1156)
• config-linux: add memory.checkBeforeUpdate (#1158)
• seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)

Minor fixes and documentation

• seccomp: fix go-specs for errnoRet (#1042)
• MAINTAINERS: Add @cyphar as maintainer (#1043)
• Define State for container and runtime namespace (#1045)
• Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
• Remove superfluous 'an' (#1049)
• Add State status constants to spec-go (#1046)
• config.go: make umask a pointer (#1058)
• Update State structure to use the new ContainerState type (#1056)
• docs: Added enclave OCI runtime rune to implementations (#1055)
• Change all references from whitelist to allowlist (#1054)
• Fix int64 and uint64 type value ranges (#1060)
• MAINTAINERS: update vbatts email (#1065)
• travis: fix go_import_path (#1072)
• Makefile: Fix golint URL used in go get (#1075)
• config-linux: fix personality link (#1086)
• README: Fix broken link for charter (#1091)
• Fix seccomp notify inconsistencies (#1096)
• runtime should WARN / ignore capabilities that cannot be granted (#1094)
• config-linux: clarify the handling of ClosID RDT parameter (#1104)
• defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
• fix the lifecycle reference in the states listing (#1118)
• add youki to implementations.md (#1126)
• Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
• specify cgroup ownership semantics (#1123)
• config-linux: MAY reject an unfit cgroup (#1125)
• cgroup ownership: clarify that some files may not exist (#1137)
• typo: seccompFD -> seccompFd (#1133)
• schema: update README.md (#1083)
• schema: make with golang 1.16 (#1084)
• Update Windows CPU comments (#1144)
• specs-go: export LinuxBlockIODevice (#1103)
• config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
• fix RFC link (#1153)
• Add available LinuxSeccompFlags (#1138)
• maintainer updates as per (#1101 (#1150)
• GOVERNANCE: correct the Charter URL (#1157)
• CODEOWNERS: sync with MAINTAINERS (#1160)

https://groups.google.com/a/opencontainers.org/d/msg/dev/12BYcSHjSWY/IXNOMpflBQAJ

https://groups.google.com/a/opencontainers.org/d/msg/dev/Y9HXIM1tYII/73eJngHdBQAJ

Vote PASSED (+8 -0 #0): https://groups.google.com/a/opencontainers.org/d/msg/dev/_pvFMQN1DUM/YoEdnfXGBQAJ
Full changeset since rc6: v1.0.0-rc6...v1.0.0
Release PR: #893

Vote PASSED [+8 -0 #0]: https://groups.google.com/a/opencontainers.org/d/msg/dev/3wLazzsd4GI/2vi0gsxtAwAJ

There have been 128 PRs since RC5. (#882 has the list).

This marks what should be the last release-candidate for the runtime specification. There will be a two (2) week period before the impending v1.0.0. So, expect a vote to be sent out around next Wednesday. Testers are encouraged to kick the tires, as we'll be updating runc for this milestone as well.