diff --git a/git-commit b/git-commit
index 0a46dc22abf34947980e8c3c5e21ba6908128ea7..0cee8d135903c8331b2a34b8061400df34fde8be 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-79523452a255e123d3659b5b7447d9a060487015
+730600d399df40399622cdf301a5bcf159b71a9f
diff --git a/patch/0055-runc-do-not-support-set-umask-through-native.umask.patch b/patch/0055-runc-do-not-support-set-umask-through-native.umask.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a435006cdf957fd596cb62e3cda4761ef8feb6ea
--- /dev/null
+++ b/patch/0055-runc-do-not-support-set-umask-through-native.umask.patch
@@ -0,0 +1,48 @@
+From 13bd15e296861b9026ea7581e2442969599a3a9f Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Thu, 11 Jul 2024 20:20:33 +0800
+Subject: [PATCH] runc:do not support set umask through native.umask
+
+Signed-off-by: zhongjiawei <zhongjiawei1@huawei.com>
+---
+ libcontainer/rootfs_linux.go     | 6 ------
+ libcontainer/setns_init_linux.go | 6 ------
+ 2 files changed, 12 deletions(-)
+
+diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
+index 8749114..ef81f5f 100644
+--- a/libcontainer/rootfs_linux.go
++++ b/libcontainer/rootfs_linux.go
+@@ -190,12 +190,6 @@ func finalizeRootfs(config *configs.Config) (err error) {
+ 	} else {
+ 		unix.Umask(0o022)
+ 	}
+-	umask := utils.SearchLabels(config.Labels, "native.umask")
+-	if umask == "normal" {
+-		unix.Umask(0o022)
+-	} else {
+-		unix.Umask(0o027)
+-	}
+ 	return nil
+ }
+ 
+diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go
+index f1dcab6..d8cdfdf 100644
+--- a/libcontainer/setns_init_linux.go
++++ b/libcontainer/setns_init_linux.go
+@@ -56,12 +56,6 @@ func (l *linuxSetnsInit) Init() error {
+ 			return err
+ 		}
+ 	}
+-        umask := utils.SearchLabels(l.config.Config.Labels, "native.umask")
+-        if umask == "normal" {
+-                unix.Umask(0o022)
+-        } else {
+-                unix.Umask(0o027)
+-        }
+ 	if l.config.NoNewPrivileges {
+ 		if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil {
+ 			return err
+-- 
+2.33.0
+
diff --git a/runc.spec b/runc.spec
index 1e0fc81c5edad17036c046941a0a266e7e754085..769e442044681f53e51657507205148f5693ac66 100644
--- a/runc.spec
+++ b/runc.spec
@@ -3,7 +3,7 @@
 
 Name: runc
 Version: 1.1.3
-Release: 27
+Release: 28
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Thu Jul 11 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.3-28
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:do not support set umask through native.umask
+
 * Wed Jun 19 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.3-27
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index a1a34225f2cd194c47e346d88f35645e3479148d..3b448dbb2f2c8449a979b9511dddd60a6a895d3f 100644
--- a/series.conf
+++ b/series.conf
@@ -52,3 +52,4 @@ patch/0051-runc-fix-CVE-2024-21626.patch
 patch/0052-runc-check-cmd-exist.patch
 patch/0053-runc-fix-CVE-2024-3154.patch
 patch/0054-runc-Set-temporary-single-CPU-affinity-before-cgroup-cpus.patch
+patch/0055-runc-do-not-support-set-umask-through-native.umask.patch