runC 1.0.0-rc2 Features: + {create,run}: add --no-new-keyring flag so that a new session keyring is not created for the container and the calling process's keyring is inherited. + restore: add --empty-ns flag to tell CRIU to only create a network namespace for a container and not populate it (allowing higher levels to correctly handle re-creating the network namespace). + {create,start}: use a FIFO rather than signals to signal the starting of a container. This removes the Go version restriction, and also avoids potential issues with Go's signal handling. + exec: allow additional groups to be overridden. + delete: add --force flag. - exec: disable the subreaper option entirely, because the option causes many issues with reparenting in the context of containers. This is not a complete fix, which is intended to land for -rc3. Using the removed option will be silently ignored by runC. + {create,run}: add support for masking directories with MaskPaths. + delete: allow for the deletion of multiple containers in one cmdline. + build: add `make release` for distributions. Fixes: * Major improvements and fixes to CLI handling. Now commands like `runc ps` and `runc exec` will act sanely when you're trying to use flags that are not meant to be parsed by runC. * Set the cp.rt_* cgroup options correctly so that runC running in SCHED_RR (realtime) mode can operate properly. * Massive improvements to kmem limit detection to ensure that we only attempt to change memory.kmem.* if it is safe to do so. * Part of a major cleanup of the nsenter code, with more intended to land before -rc3. * Restored containers now have a start time, which is the time that the new container was started (not when the original container was started). * Fix the default cgroupPath behaviour, so that we actually attach to subcgroups of all of the caller's current cgroups (rather than using the devices cgroup path for all other cgroups) + Support 32bit UIDs on i386 with the setuid32(2) syscall. + Add /proc/timer_list to the set of default masked paths. - Do not create /dev/fuse by default. * Parse cgroupPath correctly if it contains ':'. * Add some more debugging information for the test suite, along with fixes for race conditions and other issues. In addition, add more integration tests for edge conditions. * Improve check-config.sh script to handle more cases. * Fix incorrect type when setting of net_cls classid. * Lots of fixes to help pages and man pages. + *: append -dirty to the version if the git repo is unclean. * Fix the JSON tags for CpuRt* options. * Cleanups to the rootfs setup code. * Improve error messages related to SELinux. Thanks to all of the contributors that made this release possible: * Akihiro Suda <suda.akihiro@lab.ntt.co.jp> * Aleksa Sarai <asarai@suse.de> * Alexander Morozov <lk4d4math@gmail.com> * Andrew Vagin <avagin@virtuozzo.com> * Ben <ben.gray@bskyb.com> * Buddha Prakash <buddhap@google.com> * Carl Henrik Lunde <chlunde@ifi.uio.no> * Christian Brauner <cbrauner@suse.de> * Dam Thomason <ad@mthomason.net> * Dan Walsh <dwalsh@redhat.com> * Daniel, Dao Quang Minh <dqminh89@gmail.com> * Davanum Srinivas <davanum@gmail.com> * Euan Kemp <euank@coreos.com> * Guilherme Rezende <guilhermebr@gmail.com> * Haiyan Meng <hmeng@redhat.com> * Hushan Jia <hushan.jia@gmail.com> * Jiuyue Ma <majiuyue@huawei.com> * Johnny Bieren <jbieren@redhat.com> * Jonathan Boulle <jonathanboulle@gmail.com> * Justin Cormack <justin.cormack@docker.com> * Kenfe-Mickael Laventure <mickael.laventure@gmail.com> * Michael Crosby <crosbymichael@gmail.com> * Mike Brown <brownwm@us.ibm.com> * Mrunal Patel <mrunalp@gmail.com> * Peng Gao <peng.gao.dut@gmail.com> * Petar Petrov <pppepito86@gmail.com> * Phil Estes <estesp@linux.vnet.ibm.com> * Qiang Huang <h.huangqiang@huawei.com> * Serge Hallyn <serge@hallyn.com> * Seth Jennings <sjenning@redhat.com> * Shukui Yang <yangshukui@huawei.com> * Tristan Cacqueray <tdecacqu@redhat.com> * Vishnu kannan <vishnuk@google.com> * Wang Long <long.wanglong@huawei.com> * Yang Hongyang <imhy.yang@gmail.com> * Yen-Lin Chen <hencrice+FOSS@gmail.com> * Yuanhong Peng <pengyuanhong@huawei.com> * Zhang Wei <zhangwei555@huawei.com> * Zhao Lei <zhaolei@cn.fujitsu.com> * rajasec <rajasec79@gmail.com> * xiekeyang <xiekeyang@huawei.com>