runC 1.0.0-rc2
Features:
+ {create,run}: add --no-new-keyring flag so that a new session keyring
is not created for the container and the calling process's keyring is
inherited.
+ restore: add --empty-ns flag to tell CRIU to only create a network
namespace for a container and not populate it (allowing higher levels
to correctly handle re-creating the network namespace).
+ {create,start}: use a FIFO rather than signals to signal the starting
of a container. This removes the Go version restriction, and also
avoids potential issues with Go's signal handling.
+ exec: allow additional groups to be overridden.
+ delete: add --force flag.
- exec: disable the subreaper option entirely, because the option
causes many issues with reparenting in the context of containers.
This is not a complete fix, which is intended to land for -rc3. Using
the removed option will be silently ignored by runC.
+ {create,run}: add support for masking directories with MaskPaths.
+ delete: allow for the deletion of multiple containers in one cmdline.
+ build: add `make release` for distributions.
Fixes:
* Major improvements and fixes to CLI handling. Now commands like
`runc ps` and `runc exec` will act sanely when you're trying to use
flags that are not meant to be parsed by runC.
* Set the cp.rt_* cgroup options correctly so that runC running in
SCHED_RR (realtime) mode can operate properly.
* Massive improvements to kmem limit detection to ensure that we only
attempt to change memory.kmem.* if it is safe to do so.
* Part of a major cleanup of the nsenter code, with more intended to
land before -rc3.
* Restored containers now have a start time, which is the time that the
new container was started (not when the original container was
started).
* Fix the default cgroupPath behaviour, so that we actually attach to
subcgroups of all of the caller's current cgroups (rather than using
the devices cgroup path for all other cgroups)
+ Support 32bit UIDs on i386 with the setuid32(2) syscall.
+ Add /proc/timer_list to the set of default masked paths.
- Do not create /dev/fuse by default.
* Parse cgroupPath correctly if it contains ':'.
* Add some more debugging information for the test suite, along with
fixes for race conditions and other issues. In addition, add more
integration tests for edge conditions.
* Improve check-config.sh script to handle more cases.
* Fix incorrect type when setting of net_cls classid.
* Lots of fixes to help pages and man pages.
+ *: append -dirty to the version if the git repo is unclean.
* Fix the JSON tags for CpuRt* options.
* Cleanups to the rootfs setup code.
* Improve error messages related to SELinux.
Thanks to all of the contributors that made this release possible:
* Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* Aleksa Sarai <asarai@suse.de>
* Alexander Morozov <lk4d4math@gmail.com>
* Andrew Vagin <avagin@virtuozzo.com>
* Ben <ben.gray@bskyb.com>
* Buddha Prakash <buddhap@google.com>
* Carl Henrik Lunde <chlunde@ifi.uio.no>
* Christian Brauner <cbrauner@suse.de>
* Dam Thomason <ad@mthomason.net>
* Dan Walsh <dwalsh@redhat.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* Davanum Srinivas <davanum@gmail.com>
* Euan Kemp <euank@coreos.com>
* Guilherme Rezende <guilhermebr@gmail.com>
* Haiyan Meng <hmeng@redhat.com>
* Hushan Jia <hushan.jia@gmail.com>
* Jiuyue Ma <majiuyue@huawei.com>
* Johnny Bieren <jbieren@redhat.com>
* Jonathan Boulle <jonathanboulle@gmail.com>
* Justin Cormack <justin.cormack@docker.com>
* Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Michael Crosby <crosbymichael@gmail.com>
* Mike Brown <brownwm@us.ibm.com>
* Mrunal Patel <mrunalp@gmail.com>
* Peng Gao <peng.gao.dut@gmail.com>
* Petar Petrov <pppepito86@gmail.com>
* Phil Estes <estesp@linux.vnet.ibm.com>
* Qiang Huang <h.huangqiang@huawei.com>
* Serge Hallyn <serge@hallyn.com>
* Seth Jennings <sjenning@redhat.com>
* Shukui Yang <yangshukui@huawei.com>
* Tristan Cacqueray <tdecacqu@redhat.com>
* Vishnu kannan <vishnuk@google.com>
* Wang Long <long.wanglong@huawei.com>
* Yang Hongyang <imhy.yang@gmail.com>
* Yen-Lin Chen <hencrice+FOSS@gmail.com>
* Yuanhong Peng <pengyuanhong@huawei.com>
* Zhang Wei <zhangwei555@huawei.com>
* Zhao Lei <zhaolei@cn.fujitsu.com>
* rajasec <rajasec79@gmail.com>
* xiekeyang <xiekeyang@huawei.com>