- update to 1.11.1:
* force a remount operation with bind mounts from the host to
correctly set all the mount flags.
* cgroup: honor cpu burst.
* systemd: set CPUQuota and CPUPeriod on the scope cgroup.
* linux: append tmpfs mode if missing for mounts. This is the
same behavior of runc.
* cgroup: always use the user session for rootless.
* support for Intel Resource Director Technology (RDT).
* new mount option "copy-symlink". When provided for a mount,
if the source is a symlink, then it is copied in the container
instead of attempting a mount.
* linux: open mounts before setgroups if in a userns. This
solves a problem where a directory that was previously
accessible to the user, become inaccessible after setgroups
causing the bind mount to fail.

* linux: idmapped mounts expect the same configuration as
mapping. It is a breaking change, but the behavior was aligned
* cgroup: always delete the cgroup on errors.
° exec: fix double free when using --apparmor and