- upgrade to runc 1.2.8 to fix multiple critical security vulnerabilities: - CVE-2024-21626: fix file descriptor leak vulnerability allowing container escape - CVE-2025-52565: fix container escape with malicious config due to /dev/console mount races - CVE-2025-31133: fix container escape and denial of service due to masked path abuse - CVE-2025-52881: fix container escape and denial of service due to procfs write redirects - remove obsolete CVE-2023-27561_CVE-2023-28642.patch (fixes included in 1.2.8) - add no_openssl build tag to prevent use of vendored crypto libraries - add runc_dmz_selinux_nocompat build tag for SELinux DMZ feature support - add container-selinux >= 2.224.0 dependency for DMZ SELinux feature