Tags: masters-of-cats/runc
Tags
v1.0.0~rc4 Features: + runc now supports v1.0.0 of the OCI runtime specification. opencontainers#1527 + Rootless containers support has been released. The current state of this feature is that it only supports single-{uid,gid} mappings as an unprivileged user, and cgroups are completely unsupported. Work is being done to improve this. opencontainers#774 + Rather than relying on CRIU version nnumbers, actually check if the system supports pre-dumping. opencontainers#1371 + Allow the PIDs cgroup limit to be updated. opencontainers#1423 + Add support for checkpoint/restore of containers with orphaned PTYs (which is effectively all containers with terminal=true). opencontainers#1355 + Permit prestart hooks to modify the cgroup configuration of a container. opencontainers#1239 + Add support for a wide variety of mount options. opencontainers#1460 + Expose memory.use_hierarchy in MemoryStats. opencontainers#1378 Fixes: * Fix incorrect handling of systems without the freezer cgroup. opencontainers#1387 * Many, many changes to switch away from Go's "syscall" stdlib to "golang.org/x/sys/unix". opencontainers#1394 opencontainers#1398 opencontainers#1442 opencontainers#1464 opencontainers#1467 opencontainers#1470 opencontainers#1474 opencontainers#1478 opencontainers#1491 opencontainers#1482 opencontainers#1504 opencontainers#1519 opencontainers#1530 * Set cgroup resources when restoring a container. opencontainers#1399 * Switch back to using /sbin as the installation directory. opencontainers#1406 * Remove the arbitrary container ID length restriction. opencontainers#1435 * Make container force deletion ignore non-existent containers. opencontainers#1451 * Improve handling of arbitrary cgroup mount locations when populating cpuset. opencontainers#1372 * Make the SaneTerminal interface public. opencontainers#1479 * Fix cases where runc would report a container to be in a "Running" state if the init was a zombie or dead. opencontainers#1489 * Do not set supplementary groups for numeric users. opencontainers#1450 * Fix various issues with the "owner" field in runc-list. opencontainers#1516 * Many other miscellaneous fixes, some of which were made by first-time contributors. Thanks, and welcome to the project! opencontainers#1406 opencontainers#1400 opencontainers#1365 opencontainers#1396 opencontainers#1402 opencontainers#1414 opencontainers#1412 opencontainers#1408 opencontainers#1418 opencontainers#1425 opencontainers#1428 opencontainers#1436 opencontainers#1433 opencontainers#1438 opencontainers#1410 opencontainers#1447 opencontainers#1388 opencontainers#1484 opencontainers#1481 opencontainers#1496 opencontainers#1245 opencontainers#1524 opencontainers#1534 opencontainers#1526 opencontainers#1533 Removals: - Remove any semblance of non-Linux support. opencontainers#1502 - We no longer use shfmt for testing. opencontainers#1510 Thanks to all of the contributors that made this release possible: * Adrian Reber <[email protected]> * Aleksa Sarai <[email protected]> * Andrei Vagin <[email protected]> * Antonio Murdaca <[email protected]> * chchliang <[email protected]> * Christy Perez <[email protected]> * Craig Furman <[email protected]> * CuiHaozhi <[email protected]> * Daniel, Dao Quang Minh <[email protected]> * Derek Carr <[email protected]> * Harshal Patil <[email protected]> * Jonh Wendell <[email protected]> * Justin Cormack <[email protected]> * Kang Liang <[email protected]> * Kenfe-Mickael Laventure <[email protected]> * Konstantinos Karampogias <[email protected]> * Ma Shimiao <[email protected]> * Michael Crosby <[email protected]> * Mrunal Patel <[email protected]> * Qiang Huang <[email protected]> * Steven Hartland <[email protected]> * Tim Potter <[email protected]> * Tobias Klauser <[email protected]> * Valentin Rothberg <[email protected]> * Vincent Batts <[email protected]> * Wentao Zhang <[email protected]> * Will Martin <[email protected]> * W. Trevor King <[email protected]> * yangshukui <[email protected]> * Zhang Wei <[email protected]> Vote-Closed: [Wed Aug 9 05:28:38 UTC 2017] Vote-Results: [+5 -0 /2]
v1.0.0~rc3 Features: + Add slice management support to the systemd cgroup driver. Checks are done to make sure that systemd supports the feature. opencontainers#1084 + Support for readonly mount labels. opencontainers#1112 + Add a tmpcopyup mount extension for tmpfs mounts that are mounted over already existing directories, allowing for the contents of a volume to be copied up transparently. opencontainers#845 * Switch our pivot_root usage to no longer require temporary directories, improving the state of containters running in entirely readonly contexts. opencontainers#1125 opencontainers#1148 + Allow updating of rt_period_us and rt_runtime_us in cpuacct cgroup. + Reimplement console handling to use AF_UNIX sockets such that the console is created inside the container's (namespaced) devpts instance, solving a wide variety of historical pty bugs with runC. opencontainers#1018 opencontainers#1356 * Support overlayfs in mounts. opencontainers#1314 + Support creating devices with types 'p' and 'u'. opencontainers#1321 + Add --preserve-fds=N to create and run commands. opencontainers#1320 + Add pre-dump and parent-path to checkpoint. opencontainers#1001 + Update to runtime-spec v1.0.0-rc5. opencontainers#1370 Fixes: * Remove check for binding to /. opencontainers#1090 * Ensure we log to logrus on command errors. opencontainers#1089 * Don't enable kmem limits if they're not specified in the config. opencontainers#1095 * Handle cases where specs.Resources.* members would cause null dereferences. opencontainers#1111 opencontainers#1116 * Fix bugs in the GetProcessStartTime implementation. opencontainers#1136 * Make sysctl config validation checks handle network namespaces more gracefully. opencontainers#1138 opencontainers#1149 * Guarantee correct namespace creation ordering. This is part of the rootless container patchset, and is also required in certain SELinux setups. opencontainers#977 * Stop screwing around with '\n' in console output. opencontainers#1146 * Fix cpuset.cpu_exclusive handling. opencontainers#1194 * Sync HookState with the OCI specification. opencontainers#1201 * Split remounting mountpoints and bindmounts, resolving issues with mount options being dropped in certain cases. opencontainers#1222 * Fix leftover cgroup directory issue. opencontainers#1196 * Handle config.Devices and config.MaskPaths in checkpoint. opencontainers#1110. * Don't create combined cgroup subsystem names. opencontainers#1268 * Ignore cgroupv2 mountpoints, fixing issues with systemd v232. opencontainers#1266 * Race condition when synchronising with children and grandchildren in nsexec.c. opencontainers#1237 * Fix state checks to no longer depend on _LIBCONTAINER being present in the environment, fixing both bugs as well as being part of the rootless container patchset. opencontainers#1317 * Fix systemd-notify when using different PID namespaces, and allow detach+notify socket. opencontainers#1308 * Don't fchown when inheriting stdio, which is necessary for rootless containers in certain scenarios. opencontainers#1354 * Fix cpu.cfs_quota_us being changed when systemd is reloaded. opencontainers#1344 * Add devices to whitelist for LXD, to make runC under LXC/LXD work better. opencontainers#1327 * Many improvements to testing. opencontainers#1121 opencontainers#1131 opencontainers#1132 opencontainers#1147 Security: * Several fixes for CVE-2016-9962. 5d93fed opencontainers#1274 Thanks to all of the contributors that made this release possible: * Qiang Huang <[email protected]> * Aleksa Sarai <[email protected]> * Mrunal Patel <[email protected]> * Michael Crosby <[email protected]> * Wang Long <[email protected]> * Daniel, Dao Quang Minh <[email protected]> * rajasec <[email protected]> * Zhang Wei <[email protected]> * Steven Hartland <[email protected]> * Giuseppe Scrivano <[email protected]> * Shukui Yang <[email protected]> * Ma Shimiao <[email protected]> * Daniel Dao <[email protected]> * CuiHaozhi <[email protected]> * Antonio Murdaca <[email protected]> * Xianglin Gao <[email protected]> * Lei Jitang <[email protected]> * Justin Cormack <[email protected]> * Dan Walsh <[email protected]> * Daniel Martí <[email protected]> * Ce Gao <[email protected]> * allencloud <[email protected]> * Alexander Morozov <[email protected]> * yupeng <[email protected]> * Yuanhong Peng <[email protected]> * Yong Tang <[email protected]> * xuxinkun <[email protected]> * Xianlu Bird <[email protected]> * William Martin <[email protected]> * Wentao Zhang <[email protected]> * Vivek Goyal <[email protected]> * Samuel Ortiz <[email protected]> * rainrambler <[email protected]> * Mohammad Arab <[email protected]> * Michal Rostecki <[email protected]> * Máximo Cuadros <[email protected]> * Kenfe-Mickael Laventure <[email protected]> * Ian Campbell <[email protected]> * Harry Zhang <[email protected]> * Fengtu Wang <[email protected]> * Eric Paris <[email protected]> * Derek Carr <[email protected]> * Deng Guangxing <[email protected]> * CuiHaozhi <[email protected]> * Crazykev <[email protected]> * Chris Aniszczyk <[email protected]> * Casey Callendrello <[email protected]> * Carlton-Semple <[email protected]> * Brian Goff <[email protected]> * Andrew Vagin <[email protected]>
runC 1.0.0-rc2
Features:
+ {create,run}: add --no-new-keyring flag so that a new session keyring
is not created for the container and the calling process's keyring is
inherited.
+ restore: add --empty-ns flag to tell CRIU to only create a network
namespace for a container and not populate it (allowing higher levels
to correctly handle re-creating the network namespace).
+ {create,start}: use a FIFO rather than signals to signal the starting
of a container. This removes the Go version restriction, and also
avoids potential issues with Go's signal handling.
+ exec: allow additional groups to be overridden.
+ delete: add --force flag.
- exec: disable the subreaper option entirely, because the option
causes many issues with reparenting in the context of containers.
This is not a complete fix, which is intended to land for -rc3. Using
the removed option will be silently ignored by runC.
+ {create,run}: add support for masking directories with MaskPaths.
+ delete: allow for the deletion of multiple containers in one cmdline.
+ build: add `make release` for distributions.
Fixes:
* Major improvements and fixes to CLI handling. Now commands like
`runc ps` and `runc exec` will act sanely when you're trying to use
flags that are not meant to be parsed by runC.
* Set the cp.rt_* cgroup options correctly so that runC running in
SCHED_RR (realtime) mode can operate properly.
* Massive improvements to kmem limit detection to ensure that we only
attempt to change memory.kmem.* if it is safe to do so.
* Part of a major cleanup of the nsenter code, with more intended to
land before -rc3.
* Restored containers now have a start time, which is the time that the
new container was started (not when the original container was
started).
* Fix the default cgroupPath behaviour, so that we actually attach to
subcgroups of all of the caller's current cgroups (rather than using
the devices cgroup path for all other cgroups)
+ Support 32bit UIDs on i386 with the setuid32(2) syscall.
+ Add /proc/timer_list to the set of default masked paths.
- Do not create /dev/fuse by default.
* Parse cgroupPath correctly if it contains ':'.
* Add some more debugging information for the test suite, along with
fixes for race conditions and other issues. In addition, add more
integration tests for edge conditions.
* Improve check-config.sh script to handle more cases.
* Fix incorrect type when setting of net_cls classid.
* Lots of fixes to help pages and man pages.
+ *: append -dirty to the version if the git repo is unclean.
* Fix the JSON tags for CpuRt* options.
* Cleanups to the rootfs setup code.
* Improve error messages related to SELinux.
Thanks to all of the contributors that made this release possible:
* Akihiro Suda <[email protected]>
* Aleksa Sarai <[email protected]>
* Alexander Morozov <[email protected]>
* Andrew Vagin <[email protected]>
* Ben <[email protected]>
* Buddha Prakash <[email protected]>
* Carl Henrik Lunde <[email protected]>
* Christian Brauner <[email protected]>
* Dam Thomason <[email protected]>
* Dan Walsh <[email protected]>
* Daniel, Dao Quang Minh <[email protected]>
* Davanum Srinivas <[email protected]>
* Euan Kemp <[email protected]>
* Guilherme Rezende <[email protected]>
* Haiyan Meng <[email protected]>
* Hushan Jia <[email protected]>
* Jiuyue Ma <[email protected]>
* Johnny Bieren <[email protected]>
* Jonathan Boulle <[email protected]>
* Justin Cormack <[email protected]>
* Kenfe-Mickael Laventure <[email protected]>
* Michael Crosby <[email protected]>
* Mike Brown <[email protected]>
* Mrunal Patel <[email protected]>
* Peng Gao <[email protected]>
* Petar Petrov <[email protected]>
* Phil Estes <[email protected]>
* Qiang Huang <[email protected]>
* Serge Hallyn <[email protected]>
* Seth Jennings <[email protected]>
* Shukui Yang <[email protected]>
* Tristan Cacqueray <[email protected]>
* Vishnu kannan <[email protected]>
* Wang Long <[email protected]>
* Yang Hongyang <[email protected]>
* Yen-Lin Chen <[email protected]>
* Yuanhong Peng <[email protected]>
* Zhang Wei <[email protected]>
* Zhao Lei <[email protected]>
* rajasec <[email protected]>
* xiekeyang <[email protected]>
Update runc version to 1.0.0-rc1 Signed-off-by: Michael Crosby <[email protected]>
Bump to 0.1.1 This includes a fix for selinux mount labels in the spec. Signed-off-by: Michael Crosby <[email protected]>
Update runc to 0.1.0 Signed-off-by: Michael Crosby <[email protected]>
Bump runc to 0.0.9 Signed-off-by: Michael Crosby <[email protected]>
Merge pull request opencontainers#549 from crosbymichael/tty-close Close tty on error before handler
Merge pull request opencontainers#512 from LK4D4/bump_version Bump runc version to 0.0.7
Merge pull request opencontainers#336 from hqhq/hq_parent_cgroup_systemd systemd: support cgroup parent with specified slice
PreviousNext