diff --git a/0125-runc-compile-option-compliance.patch b/0125-runc-compile-option-compliance.patch
new file mode 100644
index 0000000..bd56480
--- /dev/null
+++ b/0125-runc-compile-option-compliance.patch
@@ -0,0 +1,38 @@
+From d7e62b082d564d0ac1e58257f34d25082e58c3cf Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Thu, 18 Mar 2021 11:17:13 +0800
+Subject: [PATCH] runc: compile option compliance
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ Makefile | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 43d15bf..fcf34ea 100644
+--- a/Makefile
++++ b/Makefile
+@@ -39,10 +39,17 @@ recvtty: contrib/cmd/recvtty/recvtty
+ contrib/cmd/recvtty/recvtty: $(SOURCES)
+ 	go build -i -ldflags " -buildid=IdByIsula ${BEP_FLAG} -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+ 
++LD_FLAGS='-w -buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=-Wl,-z,relro,-z,now \
++          -X main.gitCommit=${COMMIT} -X main.version=${VERSION}'
++
+ static: $(SOURCES)
+-	mkdir -p ${BEP_DIR}
+-	CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -buildid=IdByIsula -extldflags -static  ${BEP_FLAG}  -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o runc .
+-	CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -buildid=IdByIsula -extldflags -static  ${BEP_FLAG}  -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
++	rm -rf /tmp/bep-runc && mkdir /tmp/bep-runc
++	CGO_ENABLED=1 \
++	CGO_CFLAGS="-fstack-protector-strong -fPIE" \
++	CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
++	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
++	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
++	go build -buildmode=pie -i -tags "$(BUILDTAGS) cgo static_build" -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc .
+ 
+ release:
+ 	@flag_list=(seccomp selinux apparmor static); \
+-- 
+1.8.3.1
+
diff --git a/git-commit b/git-commit
index 330233a..ed10351 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-331003887c493ae924ef3f0dd3dfdf522a2c40c5
+115f07e6a16508a63b98f4f375e285607822b8a8
diff --git a/runc-openeuler.spec b/runc-openeuler.spec
index f630852..5bd8cfe 100644
--- a/runc-openeuler.spec
+++ b/runc-openeuler.spec
@@ -1,8 +1,10 @@
+#needsrootforbuild
 %global _bindir /usr/local/bin
+%global debug_package %{nil}
 
 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 111
+Release: 112
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
 
 License: ASL 2.0
@@ -38,6 +40,7 @@ ln -sf `pwd` .gopath/src/github.com/opencontainers/runc
 cd .gopath/src/github.com/opencontainers/runc
 make BUILDTAGS="seccomp selinux" static 
 rm -rf .gopath
+strip runc
 
 install -d $RPM_BUILD_ROOT/%{_bindir}
 install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
@@ -49,6 +52,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc
 
 %changelog
+* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.0.0.rc3-112
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:build security option
+
 * Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 1.0.0.rc3-111
 - Type:bugfix
 - ID:NA
diff --git a/series.conf b/series.conf
index 5e23e3d..7c53b83 100644
--- a/series.conf
+++ b/series.conf
@@ -122,4 +122,5 @@
 0122-runc-add-riscv-on-existing-files.patch
 0121-runc-add-cpu-and-memory-info-when-print-cgroup-info.patch
 0124-runc-fix-freezing-race.patch
+0125-runc-compile-option-compliance.patch
 #end