We are delighted to annouce the release of the OCI Runtime Spec v1.2.0. This release contains about 10 pull requests that were merged since the 1.1.0 release. We appreciate everybody who contributed to this release.

What is the OCI Runtime Spec?

The OCI Runtime Spec defines the behavior and the configuration interface of low-level container runtimes such as runc. The spec is also implemented by crun, youki, gVisor, Kata Containers, and others. These low-level container runtimes are usually called from high-level container runtimes such as containerd and CRI-O.

Additions

config: add idmap and ridmap mount options (#1222)

Linux mount options have been expanded to include idmap and ridmap. These options are not passed directly to mount(2) but require processing by runtimes. The addition of such dummy options might impact existing runtimes; however, it has been confirmed by maintainers that there are no issues with at least crun and youki. This enhancement was made to solve the issue that the IDMapping field introduced in v1.1 could not apply MOUNT_ATTR_IDMAP and AT_RECURSIVE together, necessitating an expansion of the field.

config: add support for org.opencontainers.image annotations (#1197)

The org.containers.image has been added as a reserved annotation. Each field is linked with the OCI Image Spec, so please refer to the following for more details.
https://github.com/opencontainers/image-spec/blob/v1.1.0/conversion.md#annotation-fields

features: add potentiallyUnsafeConfigAnnotations (#1205)

The features introduced in v1.1.0 has been enhanced to show a list of potentiallyUnsafeConfigAnnotations, which could alter the behavior of runtimes.

Other changes

See here for the list of the full changes.

What’s next?

See the GitHub issues and the pull requests for the proposals toward the future releases. e.g.,

• Add Landlock LSM support (#1111)
• Add loong64 support for seccomp (#1187)
• Add hardware description object to the VM configuration (#1209)

You are always welcome to submit your own proposals too.