diff --git a/.gitignore b/.gitignore
index 2e1ff66..5fee5b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/v1.0.3.tar.gz
+SOURCES/v1.1.3.tar.gz
diff --git a/.runc.metadata b/.runc.metadata
index 6443808..7968435 100644
--- a/.runc.metadata
+++ b/.runc.metadata
@@ -1 +1 @@
-cbd1b1eff60b0d6f61a034cb50a7fe22edd2b140 SOURCES/v1.0.3.tar.gz
+9ad2300d41deb361ced92112366d0c8801d00050 SOURCES/v1.1.3.tar.gz
diff --git a/SOURCES/3468.patch b/SOURCES/3468.patch
new file mode 100644
index 0000000..a02339d
--- /dev/null
+++ b/SOURCES/3468.patch
@@ -0,0 +1,84 @@
+From 2ce40b6ad72b4bd4391380cafc5ef1bad1fa0b31 Mon Sep 17 00:00:00 2001
+From: Kir Kolyshkin <kolyshkin@gmail.com>
+Date: Wed, 4 May 2022 14:56:16 -0700
+Subject: [PATCH] Remove tun/tap from the default device rules
+
+Looking through git blame, this was added by commit 9fac18329
+aka "Initial commit of runc binary", most probably by mistake.
+
+Obviously, a container should not have access to tun/tap device, unless
+it is explicitly specified in configuration.
+
+Now, removing this might create a compatibility issue, but I see no
+other choice.
+
+Aside from the obvious misconfiguration, this should also fix the
+annoying
+
+> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory
+
+messages from systemd on every container start, when runc uses systemd
+cgroup driver, and the system runs an old (< v240) version of systemd
+(the message was presumably eliminated by [1]).
+
+[1] https://github.com/systemd/systemd/pull/10996/commits/d5aecba6e0b7c73657c4cf544ce57289115098e7
+
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+---
+ .../ebpf/devicefilter/devicefilter_test.go    | 19 ++++++-------------
+ libcontainer/specconv/spec_linux.go           | 10 ----------
+ 2 files changed, 6 insertions(+), 23 deletions(-)
+
+diff --git a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
+index d279335821..25703be5ad 100644
+--- a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
++++ b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
+@@ -120,21 +120,14 @@ block-8:
+         51: Mov32Imm dst: r0 imm: 1
+         52: Exit
+ block-9:
+-// tuntap (c, 10, 200, rwm, allow)
++// /dev/pts (c, 136, wildcard, rwm, true)
+         53: JNEImm dst: r2 off: -1 imm: 2 <block-10>
+-        54: JNEImm dst: r4 off: -1 imm: 10 <block-10>
+-        55: JNEImm dst: r5 off: -1 imm: 200 <block-10>
+-        56: Mov32Imm dst: r0 imm: 1
+-        57: Exit
++        54: JNEImm dst: r4 off: -1 imm: 136 <block-10>
++        55: Mov32Imm dst: r0 imm: 1
++        56: Exit
+ block-10:
+-// /dev/pts (c, 136, wildcard, rwm, true)
+-        58: JNEImm dst: r2 off: -1 imm: 2 <block-11>
+-        59: JNEImm dst: r4 off: -1 imm: 136 <block-11>
+-        60: Mov32Imm dst: r0 imm: 1
+-        61: Exit
+-block-11:
+-        62: Mov32Imm dst: r0 imm: 0
+-        63: Exit
++        57: Mov32Imm dst: r0 imm: 0
++        58: Exit
+ `
+ 	var devices []*devices.Rule
+ 	for _, device := range specconv.AllowedDevices {
+diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
+index 5ae95c6c18..83c7a2c348 100644
+--- a/libcontainer/specconv/spec_linux.go
++++ b/libcontainer/specconv/spec_linux.go
+@@ -302,16 +302,6 @@ var AllowedDevices = []*devices.Device{
+ 			Allow:       true,
+ 		},
+ 	},
+-	// tuntap
+-	{
+-		Rule: devices.Rule{
+-			Type:        devices.CharDevice,
+-			Major:       10,
+-			Minor:       200,
+-			Permissions: "rwm",
+-			Allow:       true,
+-		},
+-	},
+ }
+ 
+ type CreateOpts struct {
diff --git a/SOURCES/3511.patch b/SOURCES/3511.patch
new file mode 100644
index 0000000..e3be84b
--- /dev/null
+++ b/SOURCES/3511.patch
@@ -0,0 +1,66 @@
+From 62b0c31d4b940ff93a23ac6fdb3a6ef345910abf Mon Sep 17 00:00:00 2001
+From: Kir Kolyshkin <kolyshkin@gmail.com>
+Date: Tue, 14 Jun 2022 17:19:10 -0700
+Subject: [PATCH] libct: fix mounting via wrong proc fd
+
+Due to a bug in commit 9c444070ec7, when the user and mount namespaces
+are used, and the bind mount is followed by the cgroup mount in the
+spec, the cgroup is mounted using the bind mount's mount fd.
+
+This can be reproduced with podman 4.1 (when configured to use runc):
+
+$ podman run --uidmap 0:100:10000 quay.io/libpod/testimage:20210610 mount
+Error: /home/kir/git/runc/runc: runc create failed: unable to start container process: error during container init: error mounting "cgroup" to rootfs at "/sys/fs/cgroup": mount /proc/self/fd/11:/sys/fs/cgroup/systemd (via /proc/self/fd/12), flags: 0x20502f: operation not permitted: OCI permission denied
+
+or manually with the spec mounts containing something like this:
+
+    {
+      "destination": "/etc/resolv.conf",
+      "type": "bind",
+      "source": "/userdata/resolv.conf",
+      "options": [
+        "bind"
+      ]
+    },
+    {
+      "destination": "/sys/fs/cgroup",
+      "type": "cgroup",
+      "source": "cgroup",
+      "options": [
+        "rprivate",
+        "nosuid",
+        "noexec",
+        "nodev",
+        "relatime",
+        "ro"
+      ]
+    }
+
+The issue was not found earlier since it requires using userns, and even then
+mount fd is ignored by mountToRootfs, except for bind mounts, and all the bind
+mounts have mountfd set, except for the case of cgroup v1's /sys/fs/cgroup
+which is internally transformed into a bunch of bind mounts.
+
+This is a minimal fix for the issue, suitable for backporting.
+
+Fixes: 9c444070ec7 ("Open bind mount sources from the host userns")
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+(cherry picked from commit b3aa20af7fb67ee1f2b381f3c82329e73c7d3a0c)
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+---
+ libcontainer/rootfs_linux.go | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
+index 3cfd2bf1e4..ec7638e4d5 100644
+--- a/libcontainer/rootfs_linux.go
++++ b/libcontainer/rootfs_linux.go
+@@ -80,6 +80,8 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err
+ 		// Therefore, we can access mountFds[i] without any concerns.
+ 		if mountFds != nil && mountFds[i] != -1 {
+ 			mountConfig.fd = &mountFds[i]
++		} else {
++			mountConfig.fd = nil
+ 		}
+ 
+ 		if err := mountToRootfs(m, mountConfig); err != nil {
diff --git a/SPECS/runc.spec b/SPECS/runc.spec
index 5082629..84d5c0e 100644
--- a/SPECS/runc.spec
+++ b/SPECS/runc.spec
@@ -22,7 +22,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl 
 
 Epoch: 1
 Name: %{repo}
-Version: 1.0.3
+Version: 1.1.3
 Release: 2%{?dist}
 Summary: CLI for running Open Containers
 # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
@@ -33,11 +33,14 @@ ExcludeArch: %{ix86}
 License: ASL 2.0
 URL: %{git0}
 Source0: %{git0}/archive/v%{version}.tar.gz
+Patch0: https://patch-diff.githubusercontent.com/raw/opencontainers/runc/pull/3468.patch
+Patch1: https://patch-diff.githubusercontent.com/raw/opencontainers/runc/pull/3511.patch
 Provides: oci-runtime
-BuildRequires: golang >= 1.12.12-4
+BuildRequires: golang >= 1.17.7
 BuildRequires: git
-BuildRequires: go-md2man
-BuildRequires: libseccomp-devel
+BuildRequires: /usr/bin/go-md2man
+BuildRequires: libseccomp-devel >= 2.5
+Requires: libseccomp >= 2.5
 Requires: criu
 
 %description
@@ -84,16 +87,30 @@ make install install-man install-bash DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} 
 %{_datadir}/bash-completion/completions/%{name}
 
 %changelog
-* Wed Feb 16 2022 Jindrich Novy <jnovy@redhat.com> - 1.0.3-2
-- rollback to 1.0.3 due to gating test issues
-- Related: #2001445
+* Wed Jun 15 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.3-2
+- add patch in attempt to fix gating tests - thanks to Kir Kolyshkin
+- Related: #2061390
 
-* Tue Jan 18 2022 Jindrich Novy <jnovy@redhat.com> - 1.1.0-1
-- update to https://github.com/opencontainers/runc/releases/tag/v1.1.0
-- Related: #2001445
+* Mon Jun 13 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.3-1
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.3
+- Related: #2061390
+
+* Tue Jun 07 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.2-1
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.2
+- Related: #2061390
 
-* Mon Dec 06 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.3-1
-- update to https://github.com/opencontainers/runc/releases/tag/v1.0.3
+* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-4
+- Related: #2061390
+
+* Wed Apr 06 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-3
+- require at least libseccomp >= 2.5
+- Resolves: #2053990
+
+* Tue Mar 08 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-2
+- require at least libseccomp >= 2.5
+
+* Mon Mar 07 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-1
+- rollback to 1.0.3 due to gating test issues
 - Related: #2001445
 
 * Wed Aug 25 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.2-1