diff --git a/git-commit b/git-commit
index ed1035159c5b8b6ca0887df59abded22d2bcc465..20fc417032a77e695f886b2c684884cb2fb71ffd 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-115f07e6a16508a63b98f4f375e285607822b8a8
+086f61a1fa54aaf82d0903a577bafd90067173fa
diff --git a/patch/0126-runc-honor-seccomp-errnoRet-to-fix-curl-failed.patch b/patch/0126-runc-honor-seccomp-errnoRet-to-fix-curl-failed.patch
new file mode 100644
index 0000000000000000000000000000000000000000..16b67255a1a3d2e389e1464ba12d04ec53e47bd6
--- /dev/null
+++ b/patch/0126-runc-honor-seccomp-errnoRet-to-fix-curl-failed.patch
@@ -0,0 +1,133 @@
+From 1f186f2162aa1e6814fe8fcef94e5823840af9f0 Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Sat, 11 Sep 2021 05:14:11 +0800
+Subject: [PATCH] runc: honor seccomp errnoRet to fix curl failed
+
+If clone3 returns EPERM, glibc will return error, which causes curl
+failed in kernel 5.10. So seccomp adds new rule to change clone3 return
+code to NOSYS, as glibc will try to call clone then when clone3 returns
+NOSYS.
+
+upstream:https://github.com/opencontainers/runc/commit/41aa19662b6aa05b8ec70962f0c74f6f77098835
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ libcontainer/configs/config.go                       |  6 ++++--
+ libcontainer/seccomp/seccomp_linux.go                | 12 +++++++++---
+ libcontainer/specconv/spec_linux.go                  |  1 +
+ .../opencontainers/runtime-spec/specs-go/config.go   |  8 +++++---
+ 4 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
+index 9074c86..3d8490a 100644
+--- a/libcontainer/configs/config.go
++++ b/libcontainer/configs/config.go
+@@ -4,11 +4,12 @@ import (
+ 	"bytes"
+ 	"encoding/json"
+ 	"fmt"
+-	"github.com/Sirupsen/logrus"
+-	"github.com/opencontainers/runtime-spec/specs-go"
+ 	"os/exec"
+ 	"strings"
+ 	"time"
++
++	"github.com/Sirupsen/logrus"
++	"github.com/opencontainers/runtime-spec/specs-go"
+ )
+ 
+ const (
+@@ -79,6 +80,7 @@ type Syscall struct {
+ 	Name     string `json:"name"`
+ 	Action   Action `json:"action"`
+ 	Priority uint8  `json:"priority,omitempty"`
++	ErrnoRet *uint  `json:"errnoRet"`
+ 	Args     []*Arg `json:"args"`
+ }
+ 
+diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
+index 0c97da6..26cec43 100644
+--- a/libcontainer/seccomp/seccomp_linux.go
++++ b/libcontainer/seccomp/seccomp_linux.go
+@@ -36,7 +36,7 @@ func InitSeccomp(config *configs.Seccomp) error {
+ 		return fmt.Errorf("cannot initialize Seccomp - nil config passed")
+ 	}
+ 
+-	defaultAction, err := getAction(config.DefaultAction)
++	defaultAction, err := getAction(config.DefaultAction, nil)
+ 	if err != nil {
+ 		return fmt.Errorf("error initializing seccomp - invalid default action")
+ 	}
+@@ -100,17 +100,23 @@ func IsEnabled() bool {
+ }
+ 
+ // Convert Libcontainer Action to Libseccomp ScmpAction
+-func getAction(act configs.Action) (libseccomp.ScmpAction, error) {
++func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error) {
+ 	switch act {
+ 	case configs.Kill:
+ 		return actKill, nil
+ 	case configs.Errno:
++		if errnoRet != nil {
++			return libseccomp.ActErrno.SetReturnCode(int16(*errnoRet)), nil
++		}
+ 		return actErrno, nil
+ 	case configs.Trap:
+ 		return actTrap, nil
+ 	case configs.Allow:
+ 		return actAllow, nil
+ 	case configs.Trace:
++		if errnoRet != nil {
++			return libseccomp.ActTrace.SetReturnCode(int16(*errnoRet)), nil
++		}
+ 		return actTrace, nil
+ 	default:
+ 		return libseccomp.ActInvalid, fmt.Errorf("invalid action, cannot use in rule")
+@@ -173,7 +179,7 @@ func matchCall(filter *libseccomp.ScmpFilter, call *configs.Syscall) error {
+ 	}
+ 
+ 	// Convert the call's action to the libseccomp equivalent
+-	callAct, err := getAction(call.Action)
++	callAct, err := getAction(call.Action, call.ErrnoRet)
+ 	if err != nil {
+ 		return err
+ 	}
+diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
+index 0cbc66f..d275967 100644
+--- a/libcontainer/specconv/spec_linux.go
++++ b/libcontainer/specconv/spec_linux.go
+@@ -759,6 +759,7 @@ func setupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) {
+ 				Name:     name,
+ 				Action:   newAction,
+ 				Priority: call.Priority,
++				ErrnoRet: call.ErrnoRet,
+ 				Args:     []*configs.Arg{},
+ 			}
+ 			// Loop through all the arguments of the syscall and convert them
+diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+index 8439744..4b52684 100644
+--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+@@ -487,9 +487,10 @@ type WindowsNetworkResources struct {
+ 
+ // LinuxSeccomp represents syscall restrictions
+ type LinuxSeccomp struct {
+-	DefaultAction LinuxSeccompAction `json:"defaultAction"`
+-	Architectures []Arch             `json:"architectures,omitempty"`
+-	Syscalls      []LinuxSyscall     `json:"syscalls"`
++	DefaultAction   LinuxSeccompAction `json:"defaultAction"`
++	DefaultErrnoRet *uint              `json:"defaultErrnoRet,omitempty"`
++	Architectures   []Arch             `json:"architectures,omitempty"`
++	Syscalls        []LinuxSyscall     `json:"syscalls"`
+ }
+ 
+ // Arch used for additional architectures
+@@ -559,4 +560,5 @@ type LinuxSyscall struct {
+ 	Priority uint8              `json:"priority,omitempty"`
+ 	Args     []LinuxSeccompArg  `json:"args"`
+ 	Comment  string             `json:"comment"`
++	ErrnoRet *uint              `json:"errnoRet,omitempty"`
+ }
+-- 
+2.27.0
+
diff --git a/runc-openeuler.spec b/runc-openeuler.spec
index 4241e437bc2527af25ec7fc54df534c47b52995c..e8207d80af08a3b156f8cf0d6538c46c4d331753 100644
--- a/runc-openeuler.spec
+++ b/runc-openeuler.spec
@@ -52,6 +52,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Sat Sep 11 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-118
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:honor seccomp errnoRet to fix curl failed
+
 * Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.0.0.rc3-113
 - Type:bugfix
 - CVE:NA
diff --git a/series.conf b/series.conf
index 7c53b831dbf42f553eb6a207c434614711b91b01..88a2fb9ef3a9755448fa038e2fba130dc59aa35c 100644
--- a/series.conf
+++ b/series.conf
@@ -123,4 +123,5 @@
 0121-runc-add-cpu-and-memory-info-when-print-cgroup-info.patch
 0124-runc-fix-freezing-race.patch
 0125-runc-compile-option-compliance.patch
+0126-runc-honor-seccomp-errnoRet-to-fix-curl-failed.patch
 #end