Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Tags: dklyle/runc

Tags

v1.0.0-rc3

Toggle v1.0.0-rc3's commit message

Verified

This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Verified
Learn about vigilant mode 
v1.0.0~rc3

Features:

+ Add slice management support to the systemd cgroup driver. Checks are
  done to make sure that systemd supports the feature. opencontainers#1084
+ Support for readonly mount labels. opencontainers#1112
+ Add a tmpcopyup mount extension for tmpfs mounts that are mounted over
  already existing directories, allowing for the contents of a volume to
  be copied up transparently. opencontainers#845
* Switch our pivot_root usage to no longer require temporary
  directories, improving the state of containters running in entirely
  readonly contexts. opencontainers#1125 opencontainers#1148
+ Allow updating of rt_period_us and rt_runtime_us in cpuacct cgroup.
+ Reimplement console handling to use AF_UNIX sockets such that the
  console is created inside the container's (namespaced) devpts
  instance, solving a wide variety of historical pty bugs with runC.
  opencontainers#1018 opencontainers#1356
* Support overlayfs in mounts. opencontainers#1314
+ Support creating devices with types 'p' and 'u'. opencontainers#1321
+ Add --preserve-fds=N to create and run commands. opencontainers#1320
+ Add pre-dump and parent-path to checkpoint. opencontainers#1001
+ Update to runtime-spec v1.0.0-rc5. opencontainers#1370

Fixes:

* Remove check for binding to /. opencontainers#1090
* Ensure we log to logrus on command errors. opencontainers#1089
* Don't enable kmem limits if they're not specified in the config. opencontainers#1095
* Handle cases where specs.Resources.* members would cause null
  dereferences. opencontainers#1111 opencontainers#1116
* Fix bugs in the GetProcessStartTime implementation. opencontainers#1136
* Make sysctl config validation checks handle network namespaces more
  gracefully. opencontainers#1138 opencontainers#1149
* Guarantee correct namespace creation ordering. This is part of the
  rootless container patchset, and is also required in certain SELinux
  setups. opencontainers#977
* Stop screwing around with '\n' in console output. opencontainers#1146
* Fix cpuset.cpu_exclusive handling. opencontainers#1194
* Sync HookState with the OCI specification. opencontainers#1201
* Split remounting mountpoints and bindmounts, resolving issues with
  mount options being dropped in certain cases. opencontainers#1222
* Fix leftover cgroup directory issue. opencontainers#1196
* Handle config.Devices and config.MaskPaths in checkpoint. opencontainers#1110.
* Don't create combined cgroup subsystem names. opencontainers#1268
* Ignore cgroupv2 mountpoints, fixing issues with systemd v232. opencontainers#1266
* Race condition when synchronising with children and grandchildren in
  nsexec.c. opencontainers#1237
* Fix state checks to no longer depend on _LIBCONTAINER being present in
  the environment, fixing both bugs as well as being part of the
  rootless container patchset. opencontainers#1317
* Fix systemd-notify when using different PID namespaces, and allow
  detach+notify socket. opencontainers#1308
* Don't fchown when inheriting stdio, which is necessary for rootless
  containers in certain scenarios. opencontainers#1354
* Fix cpu.cfs_quota_us being changed when systemd is reloaded. opencontainers#1344
* Add devices to whitelist for LXD, to make runC under LXC/LXD work
  better. opencontainers#1327
* Many improvements to testing. opencontainers#1121 opencontainers#1131 opencontainers#1132 opencontainers#1147

Security:

* Several fixes for CVE-2016-9962. 5d93fed opencontainers#1274

Thanks to all of the contributors that made this release possible:

* Qiang Huang <[email protected]>
* Aleksa Sarai <[email protected]>
* Mrunal Patel <[email protected]>
* Michael Crosby <[email protected]>
* Wang Long <[email protected]>
* Daniel, Dao Quang Minh <[email protected]>
* rajasec <[email protected]>
* Zhang Wei <[email protected]>
* Steven Hartland <[email protected]>
* Giuseppe Scrivano <[email protected]>
* Shukui Yang <[email protected]>
* Ma Shimiao <[email protected]>
* Daniel Dao <[email protected]>
* CuiHaozhi <[email protected]>
* Antonio Murdaca <[email protected]>
* Xianglin Gao <[email protected]>
* Lei Jitang <[email protected]>
* Justin Cormack <[email protected]>
* Dan Walsh <[email protected]>
* Daniel Martí <[email protected]>
* Ce Gao <[email protected]>
* allencloud <[email protected]>
* Alexander Morozov <[email protected]>
* yupeng <[email protected]>
* Yuanhong Peng <[email protected]>
* Yong Tang <[email protected]>
* xuxinkun <[email protected]>
* Xianlu Bird <[email protected]>
* William Martin <[email protected]>
* Wentao Zhang <[email protected]>
* Vivek Goyal <[email protected]>
* Samuel Ortiz <[email protected]>
* rainrambler <[email protected]>
* Mohammad Arab <[email protected]>
* Michal Rostecki <[email protected]>
* Máximo Cuadros <[email protected]>
* Kenfe-Mickael Laventure <[email protected]>
* Ian Campbell <[email protected]>
* Harry Zhang <[email protected]>
* Fengtu Wang <[email protected]>
* Eric Paris <[email protected]>
* Derek Carr <[email protected]>
* Deng Guangxing <[email protected]>
* CuiHaozhi <[email protected]>
* Crazykev <[email protected]>
* Chris Aniszczyk <[email protected]>
* Casey Callendrello <[email protected]>
* Carlton-Semple <[email protected]>
* Brian Goff <[email protected]>
* Andrew Vagin <[email protected]>

v1.0.0-rc2

Toggle v1.0.0-rc2's commit message

Verified

This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Verified
Learn about vigilant mode 
runC 1.0.0-rc2

Features:
 + {create,run}: add --no-new-keyring flag so that a new session keyring
   is not created for the container and the calling process's keyring is
   inherited.
 + restore: add --empty-ns flag to tell CRIU to only create a network
   namespace for a container and not populate it (allowing higher levels
   to correctly handle re-creating the network namespace).
 + {create,start}: use a FIFO rather than signals to signal the starting
   of a container. This removes the Go version restriction, and also
   avoids potential issues with Go's signal handling.
 + exec: allow additional groups to be overridden.
 + delete: add --force flag.
 - exec: disable the subreaper option entirely, because the option
   causes many issues with reparenting in the context of containers.
   This is not a complete fix, which is intended to land for -rc3. Using
   the removed option will be silently ignored by runC.
 + {create,run}: add support for masking directories with MaskPaths.
 + delete: allow for the deletion of multiple containers in one cmdline.
 + build: add `make release` for distributions.

Fixes:
 * Major improvements and fixes to CLI handling. Now commands like
   `runc ps` and `runc exec` will act sanely when you're trying to use
   flags that are not meant to be parsed by runC.
 * Set the cp.rt_* cgroup options correctly so that runC running in
   SCHED_RR (realtime) mode can operate properly.
 * Massive improvements to kmem limit detection to ensure that we only
   attempt to change memory.kmem.* if it is safe to do so.
 * Part of a major cleanup of the nsenter code, with more intended to
   land before -rc3.
 * Restored containers now have a start time, which is the time that the
   new container was started (not when the original container was
   started).
 * Fix the default cgroupPath behaviour, so that we actually attach to
   subcgroups of all of the caller's current cgroups (rather than using
   the devices cgroup path for all other cgroups)
 + Support 32bit UIDs on i386 with the setuid32(2) syscall.
 + Add /proc/timer_list to the set of default masked paths.
 - Do not create /dev/fuse by default.
 * Parse cgroupPath correctly if it contains ':'.
 * Add some more debugging information for the test suite, along with
   fixes for race conditions and other issues. In addition, add more
   integration tests for edge conditions.
 * Improve check-config.sh script to handle more cases.
 * Fix incorrect type when setting of net_cls classid.
 * Lots of fixes to help pages and man pages.
 + *: append -dirty to the version if the git repo is unclean.
 * Fix the JSON tags for CpuRt* options.
 * Cleanups to the rootfs setup code.
 * Improve error messages related to SELinux.

Thanks to all of the contributors that made this release possible:

 * Akihiro Suda <[email protected]>
 * Aleksa Sarai <[email protected]>
 * Alexander Morozov <[email protected]>
 * Andrew Vagin <[email protected]>
 * Ben <[email protected]>
 * Buddha Prakash <[email protected]>
 * Carl Henrik Lunde <[email protected]>
 * Christian Brauner <[email protected]>
 * Dam Thomason <[email protected]>
 * Dan Walsh <[email protected]>
 * Daniel, Dao Quang Minh <[email protected]>
 * Davanum Srinivas <[email protected]>
 * Euan Kemp <[email protected]>
 * Guilherme Rezende <[email protected]>
 * Haiyan Meng <[email protected]>
 * Hushan Jia <[email protected]>
 * Jiuyue Ma <[email protected]>
 * Johnny Bieren <[email protected]>
 * Jonathan Boulle <[email protected]>
 * Justin Cormack <[email protected]>
 * Kenfe-Mickael Laventure <[email protected]>
 * Michael Crosby <[email protected]>
 * Mike Brown <[email protected]>
 * Mrunal Patel <[email protected]>
 * Peng Gao <[email protected]>
 * Petar Petrov <[email protected]>
 * Phil Estes <[email protected]>
 * Qiang Huang <[email protected]>
 * Serge Hallyn <[email protected]>
 * Seth Jennings <[email protected]>
 * Shukui Yang <[email protected]>
 * Tristan Cacqueray <[email protected]>
 * Vishnu kannan <[email protected]>
 * Wang Long <[email protected]>
 * Yang Hongyang <[email protected]>
 * Yen-Lin Chen <[email protected]>
 * Yuanhong Peng <[email protected]>
 * Zhang Wei <[email protected]>
 * Zhao Lei <[email protected]>
 * rajasec <[email protected]>
 * xiekeyang <[email protected]>

v1.0.0-rc1

Toggle v1.0.0-rc1's commit message 
Update runc version to 1.0.0-rc1

Signed-off-by: Michael Crosby <[email protected]>

v0.1.1

Toggle v0.1.1's commit message 
Bump to 0.1.1

This includes a fix for selinux mount labels in the spec.

Signed-off-by: Michael Crosby <[email protected]>

v0.1.0

Toggle v0.1.0's commit message 
Update runc to 0.1.0

Signed-off-by: Michael Crosby <[email protected]>

v0.0.9

Toggle v0.0.9's commit message 
Bump runc to 0.0.9

Signed-off-by: Michael Crosby <[email protected]>

v0.0.8

Toggle v0.0.8's commit message 
Merge pull request opencontainers#549 from crosbymichael/tty-close

Close tty on error before handler

v0.0.7

Toggle v0.0.7's commit message 
Merge pull request opencontainers#512 from LK4D4/bump_version

Bump runc version to 0.0.7

v0.0.6

Toggle v0.0.6's commit message 
Merge pull request opencontainers#336 from hqhq/hq_parent_cgroup_systemd

systemd: support cgroup parent with specified slice

v0.0.5

Toggle v0.0.5's commit message 
Release v0.0.5

It includes next changes:

* godeps: update go-systemd to v4 and godbus/dbus to v3
* libcontainer: configs: extend unsupported os
* Fix comment to be consistent with the code
* Userns container in containers
* static binary \o/
* adding support for --bundle -b to start, restore, and spec; fixes issue opencontainers#310
* Add seccomp trace support
* Change my email address
* Fix race setting process opts
* Integrate poststart hooks with spec
* Add Poststart hook to libcontainer config
* Validate process configuration for runc exec
* Add some comments about cgroup
* Refactor cgroupData
* Rename parent and data
* Windows: Refactor Container interface
* Add more context around some error cases
* Docker needs to know whether the user requested a relabel
* README.md: fix description for runc with systemd
* Windows: Refactor state struct
* Windows: Tidy libcontainer\devices
* Fixes build tags on cgroups\fs\*.go
* Windows: Refactor configs/cgroup.go
* Windows: Factor down criu_opts
* Add the conversion of architectures for seccomp config
* Fixing typo in the comment for exit
* Remove naked return
* Remove fatalf function; unused.
* libcontainer/SPEC.md: fix /dev/stdio symlinks
* Correct intuition for setupDev
* Unify behavior for memory cgroup
* Cgroup set order for systemd
* Use array instead of map for cgroup subsystems
* Add Name() to cgroup subsystems
* Set cpuset.cpus and cpuset.mems before join the cgroup
* Add ability to use json structured logging format.
* Reorder checks in Walk to avoid panics
* Get PIDs from cgroups recursively
* Add criu related debug output
* Add option to support criu manage cgroups mode for dump and restore
* Validate label options
* change named to names
* Fix for race from error on process start
* Add additional gids support
* Bump up github.com/opencontainers/specs to cf8dd12
* nsexec: Align clone child stack ptr to 16
* bump docker pkgs
* Fix name in MAINTAINERS list
* cgroups: Add name=systemd to list of subsystems
* cgroups: Add a name cgroup
* Allow numeric groups for containers without /etc/group
* change uid to gid in func HostGID
* Adjust runc to new opencontainers/specs version
* exec_test.go: Test case for rootfsPropagation="private"
* exec_test.go: Test cases for rootfsPropagation=rslave
* Make pivotDir rprivate
* Make parent mount of container root private if it is shared.
* Start parsing rootfsPropagation and make it effective
* Replace config.Privatefs with config.RootPropagation
* Fix reOpenDevNull
* Only remount if requested flags differ from current
* Run tests for all HugetlbSizes
* Systemd: Join perf_event cgroup
* Add memory reservation support for systemd
* Check for failure on /dev/mqueue and try again without labeling
* /proc and /sys do not support labeling
* Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b45114c80ac44119e7b8801fdd852
* Move mount methods out of configs pkg
* Add version to HookState to make it json-compatible with spec State
* hooks: Integrate spec hooks with libcontainer
* Libcontainer: Add support for multiple architectures in Seccomp
* Change mount dest after resolving symlinks
* no need to use p.cmd.Process.Pid in function, use p.pid() instead.
* Ignore changing /dev/null permissions if used in STDIO
* script: test_Dockerfile: install criu from source
* Enter existing user namespace if present
* Cleanup unused func arguments
* README.md: Update the config example
* Fix STDIO permissions when container user not root
* Fix STDIO ownership for non-tty processes
* script: test_Dockerfile: update criu version
* update the command usage for `runc start`
* libcontainer: Allow passing mount propagation flags
* close config file after loaded
* simple refactor for the options of `runc spec`
* update the command usage of `runc`
* Update README for the CAP prefix change
* Add CAP prefix for capabilities
* Adjust runc to new opencontainers/specs version
* Add testing docs in README
* make localtest failure on removing seccomp flag
* Add all support build tags for runc features
* c/r: create cgroups to restore a container
* mount: don't read /proc/self/cgroup many times
* Rework ParseCgroupFile
* Remove old netlink library
* Use github.com/vishvananda/netlink for networking
* Minor comments fix
* Fixing checkpoint issue
* Always remount for bind mount
* Add Andrey Vagin as maintainer