diff --git a/.gitignore b/.gitignore
index 2e1ff66..9cc4d0e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/v1.0.3.tar.gz
+SOURCES/v1.1.4.tar.gz
diff --git a/.runc.metadata b/.runc.metadata
index 6443808..d124f3f 100644
--- a/.runc.metadata
+++ b/.runc.metadata
@@ -1 +1 @@
-cbd1b1eff60b0d6f61a034cb50a7fe22edd2b140 SOURCES/v1.0.3.tar.gz
+fb65327930c41c8ec016badd6738bef83b556aed SOURCES/v1.1.4.tar.gz
diff --git a/SOURCES/3468.patch b/SOURCES/3468.patch
new file mode 100644
index 0000000..a02339d
--- /dev/null
+++ b/SOURCES/3468.patch
@@ -0,0 +1,84 @@
+From 2ce40b6ad72b4bd4391380cafc5ef1bad1fa0b31 Mon Sep 17 00:00:00 2001
+From: Kir Kolyshkin <kolyshkin@gmail.com>
+Date: Wed, 4 May 2022 14:56:16 -0700
+Subject: [PATCH] Remove tun/tap from the default device rules
+
+Looking through git blame, this was added by commit 9fac18329
+aka "Initial commit of runc binary", most probably by mistake.
+
+Obviously, a container should not have access to tun/tap device, unless
+it is explicitly specified in configuration.
+
+Now, removing this might create a compatibility issue, but I see no
+other choice.
+
+Aside from the obvious misconfiguration, this should also fix the
+annoying
+
+> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory
+
+messages from systemd on every container start, when runc uses systemd
+cgroup driver, and the system runs an old (< v240) version of systemd
+(the message was presumably eliminated by [1]).
+
+[1] https://github.com/systemd/systemd/pull/10996/commits/d5aecba6e0b7c73657c4cf544ce57289115098e7
+
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+---
+ .../ebpf/devicefilter/devicefilter_test.go    | 19 ++++++-------------
+ libcontainer/specconv/spec_linux.go           | 10 ----------
+ 2 files changed, 6 insertions(+), 23 deletions(-)
+
+diff --git a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
+index d279335821..25703be5ad 100644
+--- a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
++++ b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go
+@@ -120,21 +120,14 @@ block-8:
+         51: Mov32Imm dst: r0 imm: 1
+         52: Exit
+ block-9:
+-// tuntap (c, 10, 200, rwm, allow)
++// /dev/pts (c, 136, wildcard, rwm, true)
+         53: JNEImm dst: r2 off: -1 imm: 2 <block-10>
+-        54: JNEImm dst: r4 off: -1 imm: 10 <block-10>
+-        55: JNEImm dst: r5 off: -1 imm: 200 <block-10>
+-        56: Mov32Imm dst: r0 imm: 1
+-        57: Exit
++        54: JNEImm dst: r4 off: -1 imm: 136 <block-10>
++        55: Mov32Imm dst: r0 imm: 1
++        56: Exit
+ block-10:
+-// /dev/pts (c, 136, wildcard, rwm, true)
+-        58: JNEImm dst: r2 off: -1 imm: 2 <block-11>
+-        59: JNEImm dst: r4 off: -1 imm: 136 <block-11>
+-        60: Mov32Imm dst: r0 imm: 1
+-        61: Exit
+-block-11:
+-        62: Mov32Imm dst: r0 imm: 0
+-        63: Exit
++        57: Mov32Imm dst: r0 imm: 0
++        58: Exit
+ `
+ 	var devices []*devices.Rule
+ 	for _, device := range specconv.AllowedDevices {
+diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
+index 5ae95c6c18..83c7a2c348 100644
+--- a/libcontainer/specconv/spec_linux.go
++++ b/libcontainer/specconv/spec_linux.go
+@@ -302,16 +302,6 @@ var AllowedDevices = []*devices.Device{
+ 			Allow:       true,
+ 		},
+ 	},
+-	// tuntap
+-	{
+-		Rule: devices.Rule{
+-			Type:        devices.CharDevice,
+-			Major:       10,
+-			Minor:       200,
+-			Permissions: "rwm",
+-			Allow:       true,
+-		},
+-	},
+ }
+ 
+ type CreateOpts struct {
diff --git a/SPECS/runc.spec b/SPECS/runc.spec
index 18b4fc6..447ccd0 100644
--- a/SPECS/runc.spec
+++ b/SPECS/runc.spec
@@ -22,7 +22,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl 
 
 Epoch: 1
 Name: %{repo}
-Version: 1.0.3
+Version: 1.1.4
 Release: 1%{?dist}
 Summary: CLI for running Open Containers
 # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
@@ -33,11 +33,13 @@ ExcludeArch: %{ix86}
 License: ASL 2.0
 URL: %{git0}
 Source0: %{git0}/archive/v%{version}.tar.gz
+Patch0: https://patch-diff.githubusercontent.com/raw/opencontainers/runc/pull/3468.patch
 Provides: oci-runtime
-BuildRequires: golang >= 1.12.12-4
+BuildRequires: golang >= 1.17.7
 BuildRequires: git
-BuildRequires: go-md2man
-BuildRequires: libseccomp-devel
+BuildRequires: /usr/bin/go-md2man
+BuildRequires: libseccomp-devel >= 2.5
+Requires: libseccomp >= 2.5
 Requires: criu
 
 %description
@@ -84,6 +86,31 @@ make install install-man install-bash DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} 
 %{_datadir}/bash-completion/completions/%{name}
 
 %changelog
+* Mon Aug 29 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.4-1
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.4
+- Related: #2061390
+
+* Mon Jun 13 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.3-2
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.3
+- Related: #2061390
+
+* Thu Jun 09 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.3-1
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.3
+- Related: #2061390
+
+* Fri Jun 03 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.1.2-1
+- update to https://github.com/opencontainers/runc/releases/tag/v1.1.2
+- Related: #2061390
+
+* Fri Apr 08 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-3
+- bump golang BR to 1.17.7
+- Related: #2061390
+
+* Fri Mar 11 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-2
+- require at least libseccomp >= 2.5
+- Resolves: #2053990
+- Related: #2061390
+
 * Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 1:1.0.3-1
 - rollback to 1.0.3 due to gating test issues
 - Related: #2001445