Update containerd minimal version

PiperOrigin-RevId: 353340554

3 files changed, 12 insertions, 25 deletions

diff --git a/g3doc/user_guide/FAQ.md b/g3doc/user_guide/FAQ.md
index 69033357c..8e5721ad1 100644
--- a/g3doc/user_guide/FAQ.md
+++ b/g3doc/user_guide/FAQ.md
@@ -137,9 +137,16 @@ sandbox isolation. There are a few different workarounds you can try:
 *   Use IPs instead of container names.
 *   Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes.
 
+### I'm getting an error like `dial unix /run/containerd/s/09e4...8cff: connect: connection refused: unknown` {#shim-connect}
+
+This error may happen when using `gvisor-containerd-shim` with a `containerd`
+that does not contain the fix for [CVE-2020-15257]. The resolve the issue,
+update containerd to 1.3.9 or 1.4.3 (or newer versions respectively).
+
 [security-model]: /docs/architecture_guide/security/
 [host-net]: /docs/user_guide/networking/#network-passthrough
 [debugging]: /docs/user_guide/debugging/
 [filesystem]: /docs/user_guide/filesystem/
 [docker]: /docs/user_guide/quick_start/docker/
 [k8s]: /docs/user_guide/quick_start/kubernetes/
+[CVE-2020-15257]: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
diff --git a/g3doc/user_guide/containerd/configuration.md b/g3doc/user_guide/containerd/configuration.md
index 4f5e721be..011af3b10 100644
--- a/g3doc/user_guide/containerd/configuration.md
+++ b/g3doc/user_guide/containerd/configuration.md
@@ -1,8 +1,8 @@
 # Containerd Advanced Configuration
 
 This document describes how to configure runtime options for
-`containerd-shim-runsc-v1`. This follows the
-[Containerd Quick Start](./quick_start.md) and requires containerd 1.2 or later.
+`containerd-shim-runsc-v1`. You can find the installation instructions and
+minimal requirements in [Containerd Quick Start](./quick_start.md).
 
 ## Shim Configuration
 
@@ -47,27 +47,6 @@ When you are done, restart containerd to pick up the changes.
 sudo systemctl restart containerd
 ```
 
-### Containerd 1.2
-
-For containerd 1.2, the config file is not configurable. It should be named
-`config.toml` and located in the runtime root. By default, this is
-`/run/containerd/runsc`.
-
-### Example: Enable the KVM platform
-
-gVisor enables the use of a number of platforms. This example shows how to
-configure `containerd-shim-runsc-v1` to use gvisor with the KVM platform.
-
-Find out more about platform in the
-[Platforms Guide](../../architecture_guide/platforms.md).
-
-```shell
-cat <<EOF | sudo tee /etc/containerd/runsc.toml
-[runsc_config]
-  platform = "kvm"
-EOF
-```
-
 ## Debug
 
 When `shim_debug` is enabled in `/etc/containerd/config.toml`, containerd will
diff --git a/g3doc/user_guide/containerd/quick_start.md b/g3doc/user_guide/containerd/quick_start.md
index a98fe5c4a..132d80927 100644
--- a/g3doc/user_guide/containerd/quick_start.md
+++ b/g3doc/user_guide/containerd/quick_start.md
@@ -1,7 +1,7 @@
 # Containerd Quick Start
 
 This document describes how to use `containerd-shim-runsc-v1` with the
-containerd runtime handler support on `containerd` 1.2 or later.
+containerd runtime handler support on `containerd`.
 
 > ⚠️ NOTE: If you are using Kubernetes and set up your cluster using kubeadm you
 > may run into issues. See the [FAQ](../FAQ.md#runtime-handler) for details.
@@ -11,7 +11,8 @@ containerd runtime handler support on `containerd` 1.2 or later.
 -   **runsc** and **containerd-shim-runsc-v1**: See the
     [installation guide](/docs/user_guide/install/).
 -   **containerd**: See the [containerd website](https://containerd.io/) for
-    information on how to install containerd.
+    information on how to install containerd. **Minimal version supported: 1.3.9
+    or 1.4.3.**
 
 ## Configure containerd