diff --git a/patch/0144-runc-update-skip-devices.patch b/patch/0144-runc-update-skip-devices.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0831821a90705fe86f05a26fe8b56ae9ab99033f
--- /dev/null
+++ b/patch/0144-runc-update-skip-devices.patch
@@ -0,0 +1,51 @@
+From 7b96ad2cf26044827cd0da53d5a0735a31aeab0a Mon Sep 17 00:00:00 2001
+From: TDnorthgarden <tdnorthgarden@gmail.com>
+Date: Sat, 7 Oct 2023 15:29:43 +0800
+Subject: [PATCH] runc update: skip devices
+
+---
+ libcontainer/cgroups/fs/devices.go  | 2 +-
+ libcontainer/configs/cgroup_unix.go | 2 ++
+ update.go                           | 2 ++
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go
+index 478b5db..799f062 100644
+--- a/libcontainer/cgroups/fs/devices.go
++++ b/libcontainer/cgroups/fs/devices.go
+@@ -52,7 +52,7 @@ func readCgroupDeviceMap(dir string) (map[string]bool, error) {
+ }
+ 
+ func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
+-	if system.RunningInUserNS() {
++	if system.RunningInUserNS() || cgroup.Resources.SkipDevices {
+ 		return nil
+ 	}
+ 
+diff --git a/libcontainer/configs/cgroup_unix.go b/libcontainer/configs/cgroup_unix.go
+index acf0562..618a43d 100644
+--- a/libcontainer/configs/cgroup_unix.go
++++ b/libcontainer/configs/cgroup_unix.go
+@@ -130,4 +130,6 @@ type Resources struct {
+ 
+ 	// Set class identifier for container's network packets
+ 	NetClsClassid uint32 `json:"net_cls_classid_u"`
++
++	SkipDevices bool `json:"-"`
+ }
+diff --git a/update.go b/update.go
+index 226a18a..c929f8f 100644
+--- a/update.go
++++ b/update.go
+@@ -254,6 +254,8 @@ other options are ignored.
+ 		config.Cgroups.Resources.MemorySwap = *r.Memory.Swap
+ 		config.Cgroups.Resources.PidsLimit = r.Pids.Limit
+ 
++		config.Cgroups.Resources.SkipDevices = true
++
+ 		return container.Set(config)
+ 	},
+ }
+-- 
+2.27.0
+
diff --git a/runc.spec b/runc.spec
index f1639708a2eee1cc5c3e4b42e0abccbb314f9a15..03484e8b7a6e147f056e404ef7681f58121389b1 100644
--- a/runc.spec
+++ b/runc.spec
@@ -2,7 +2,7 @@
 
 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 218
+Release: 219
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Tue Nov 21 2023 zhangbowei<zhangbowei@kylinos.cn> - 1.0.0.rc3-219
+- Type: bugfix
+- CVE:  NA
+- SUG:  NA
+- DESC: fix the bug when runc failed to update fat container memory value
+ 
 * Thu Oct 26 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-218
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 9e81e1d943788de39e7ea6700dcb6b346ea3bee0..c51db2a6882427308912f6e6770f82d16bac290f 100644
--- a/series.conf
+++ b/series.conf
@@ -135,3 +135,4 @@
 0141-runc-libct-init-unify-init-fix-its-error-logic.patch
 0142-runc-freezer-add-delay-after-freeze.patch
 0143-runc-fix-update-rt-runtime-us-and-rt-period-us-.patch
+0144-runc-update-skip-devices.patch