While checking the changes from 1.3.0 to 1.3.3, https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 seems to be the culprit here.
This was introduced in 1.3.3 as a fix to CVE-2025-52881, i.e., this is not a regression due to the version upgrade, but due to the CVE fix. We need to confirm this (reverting the patch in a test build should suffice) and, if this is indeed the case, filing a bug upstream should be the proper approach as suggested by Nick. ** CVE added: https://cve.org/CVERecord?id=CVE-2025-52881 ** Changed in: runc (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130744 Title: runc security upgrade regresses docker tmpfs permission handling To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/runc/+bug/2130744/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
