Tags: BSWANG/runc
Tags
runC 1.0.0-rc2
Features:
+ {create,run}: add --no-new-keyring flag so that a new session keyring
is not created for the container and the calling process's keyring is
inherited.
+ restore: add --empty-ns flag to tell CRIU to only create a network
namespace for a container and not populate it (allowing higher levels
to correctly handle re-creating the network namespace).
+ {create,start}: use a FIFO rather than signals to signal the starting
of a container. This removes the Go version restriction, and also
avoids potential issues with Go's signal handling.
+ exec: allow additional groups to be overridden.
+ delete: add --force flag.
- exec: disable the subreaper option entirely, because the option
causes many issues with reparenting in the context of containers.
This is not a complete fix, which is intended to land for -rc3. Using
the removed option will be silently ignored by runC.
+ {create,run}: add support for masking directories with MaskPaths.
+ delete: allow for the deletion of multiple containers in one cmdline.
+ build: add `make release` for distributions.
Fixes:
* Major improvements and fixes to CLI handling. Now commands like
`runc ps` and `runc exec` will act sanely when you're trying to use
flags that are not meant to be parsed by runC.
* Set the cp.rt_* cgroup options correctly so that runC running in
SCHED_RR (realtime) mode can operate properly.
* Massive improvements to kmem limit detection to ensure that we only
attempt to change memory.kmem.* if it is safe to do so.
* Part of a major cleanup of the nsenter code, with more intended to
land before -rc3.
* Restored containers now have a start time, which is the time that the
new container was started (not when the original container was
started).
* Fix the default cgroupPath behaviour, so that we actually attach to
subcgroups of all of the caller's current cgroups (rather than using
the devices cgroup path for all other cgroups)
+ Support 32bit UIDs on i386 with the setuid32(2) syscall.
+ Add /proc/timer_list to the set of default masked paths.
- Do not create /dev/fuse by default.
* Parse cgroupPath correctly if it contains ':'.
* Add some more debugging information for the test suite, along with
fixes for race conditions and other issues. In addition, add more
integration tests for edge conditions.
* Improve check-config.sh script to handle more cases.
* Fix incorrect type when setting of net_cls classid.
* Lots of fixes to help pages and man pages.
+ *: append -dirty to the version if the git repo is unclean.
* Fix the JSON tags for CpuRt* options.
* Cleanups to the rootfs setup code.
* Improve error messages related to SELinux.
Thanks to all of the contributors that made this release possible:
* Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* Aleksa Sarai <asarai@suse.de>
* Alexander Morozov <lk4d4math@gmail.com>
* Andrew Vagin <avagin@virtuozzo.com>
* Ben <ben.gray@bskyb.com>
* Buddha Prakash <buddhap@google.com>
* Carl Henrik Lunde <chlunde@ifi.uio.no>
* Christian Brauner <cbrauner@suse.de>
* Dam Thomason <ad@mthomason.net>
* Dan Walsh <dwalsh@redhat.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* Davanum Srinivas <davanum@gmail.com>
* Euan Kemp <euank@coreos.com>
* Guilherme Rezende <guilhermebr@gmail.com>
* Haiyan Meng <hmeng@redhat.com>
* Hushan Jia <hushan.jia@gmail.com>
* Jiuyue Ma <majiuyue@huawei.com>
* Johnny Bieren <jbieren@redhat.com>
* Jonathan Boulle <jonathanboulle@gmail.com>
* Justin Cormack <justin.cormack@docker.com>
* Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Michael Crosby <crosbymichael@gmail.com>
* Mike Brown <brownwm@us.ibm.com>
* Mrunal Patel <mrunalp@gmail.com>
* Peng Gao <peng.gao.dut@gmail.com>
* Petar Petrov <pppepito86@gmail.com>
* Phil Estes <estesp@linux.vnet.ibm.com>
* Qiang Huang <h.huangqiang@huawei.com>
* Serge Hallyn <serge@hallyn.com>
* Seth Jennings <sjenning@redhat.com>
* Shukui Yang <yangshukui@huawei.com>
* Tristan Cacqueray <tdecacqu@redhat.com>
* Vishnu kannan <vishnuk@google.com>
* Wang Long <long.wanglong@huawei.com>
* Yang Hongyang <imhy.yang@gmail.com>
* Yen-Lin Chen <hencrice+FOSS@gmail.com>
* Yuanhong Peng <pengyuanhong@huawei.com>
* Zhang Wei <zhangwei555@huawei.com>
* Zhao Lei <zhaolei@cn.fujitsu.com>
* rajasec <rajasec79@gmail.com>
* xiekeyang <xiekeyang@huawei.com>
Update runc version to 1.0.0-rc1 Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Merge pull request opencontainers#549 from crosbymichael/tty-close Close tty on error before handler
Merge pull request opencontainers#512 from LK4D4/bump_version Bump runc version to 0.0.7
Merge pull request opencontainers#336 from hqhq/hq_parent_cgroup_systemd systemd: support cgroup parent with specified slice
Release v0.0.5 It includes next changes: * godeps: update go-systemd to v4 and godbus/dbus to v3 * libcontainer: configs: extend unsupported os * Fix comment to be consistent with the code * Userns container in containers * static binary \o/ * adding support for --bundle -b to start, restore, and spec; fixes issue opencontainers#310 * Add seccomp trace support * Change my email address * Fix race setting process opts * Integrate poststart hooks with spec * Add Poststart hook to libcontainer config * Validate process configuration for runc exec * Add some comments about cgroup * Refactor cgroupData * Rename parent and data * Windows: Refactor Container interface * Add more context around some error cases * Docker needs to know whether the user requested a relabel * README.md: fix description for runc with systemd * Windows: Refactor state struct * Windows: Tidy libcontainer\devices * Fixes build tags on cgroups\fs\*.go * Windows: Refactor configs/cgroup.go * Windows: Factor down criu_opts * Add the conversion of architectures for seccomp config * Fixing typo in the comment for exit * Remove naked return * Remove fatalf function; unused. * libcontainer/SPEC.md: fix /dev/stdio symlinks * Correct intuition for setupDev * Unify behavior for memory cgroup * Cgroup set order for systemd * Use array instead of map for cgroup subsystems * Add Name() to cgroup subsystems * Set cpuset.cpus and cpuset.mems before join the cgroup * Add ability to use json structured logging format. * Reorder checks in Walk to avoid panics * Get PIDs from cgroups recursively * Add criu related debug output * Add option to support criu manage cgroups mode for dump and restore * Validate label options * change named to names * Fix for race from error on process start * Add additional gids support * Bump up github.com/opencontainers/specs to cf8dd12 * nsexec: Align clone child stack ptr to 16 * bump docker pkgs * Fix name in MAINTAINERS list * cgroups: Add name=systemd to list of subsystems * cgroups: Add a name cgroup * Allow numeric groups for containers without /etc/group * change uid to gid in func HostGID * Adjust runc to new opencontainers/specs version * exec_test.go: Test case for rootfsPropagation="private" * exec_test.go: Test cases for rootfsPropagation=rslave * Make pivotDir rprivate * Make parent mount of container root private if it is shared. * Start parsing rootfsPropagation and make it effective * Replace config.Privatefs with config.RootPropagation * Fix reOpenDevNull * Only remount if requested flags differ from current * Run tests for all HugetlbSizes * Systemd: Join perf_event cgroup * Add memory reservation support for systemd * Check for failure on /dev/mqueue and try again without labeling * /proc and /sys do not support labeling * Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b45114c80ac44119e7b8801fdd852 * Move mount methods out of configs pkg * Add version to HookState to make it json-compatible with spec State * hooks: Integrate spec hooks with libcontainer * Libcontainer: Add support for multiple architectures in Seccomp * Change mount dest after resolving symlinks * no need to use p.cmd.Process.Pid in function, use p.pid() instead. * Ignore changing /dev/null permissions if used in STDIO * script: test_Dockerfile: install criu from source * Enter existing user namespace if present * Cleanup unused func arguments * README.md: Update the config example * Fix STDIO permissions when container user not root * Fix STDIO ownership for non-tty processes * script: test_Dockerfile: update criu version * update the command usage for `runc start` * libcontainer: Allow passing mount propagation flags * close config file after loaded * simple refactor for the options of `runc spec` * update the command usage of `runc` * Update README for the CAP prefix change * Add CAP prefix for capabilities * Adjust runc to new opencontainers/specs version * Add testing docs in README * make localtest failure on removing seccomp flag * Add all support build tags for runc features * c/r: create cgroups to restore a container * mount: don't read /proc/self/cgroup many times * Rework ParseCgroupFile * Remove old netlink library * Use github.com/vishvananda/netlink for networking * Minor comments fix * Fixing checkpoint issue * Always remount for bind mount * Add Andrey Vagin as maintainer
PreviousNext