v1.0.0~rc5
This is planned to be the final -rc release of runc. While we really
haven't followed the rules for release candidates (with huge features
introduced each release, and with massive gaps between releases) the
hope is that once we've release 1.0.0 we will be much more liberal with
releases in future. Let's see how that pans out. :P
Features:
+ Support cgroups in rootless containers. This is a continuation of the
previous work done, and allows for users that have specialised setups
(such as having the LXC pam_cg.so module set up) to use cgroups with
rootless containers. #1540
+ Add support for newuidmap and newgidmap with rootless containers.
This is a continuation of some previous work, and allows users that
have /etc/sub{uid,gid} configured to use the shadow-utils setuid
helpers. Note that this support doesn't restrict users that don't want
to use setuid binaries at all. #1529
+ runc will now use a chroot when mount namespaces aren't provided in
the config.json. While chroot does have its (many) downsides, this
does allow for specialised configurations to work properly. #1702
+ Expose annotations to hooks, so that the hook can have more direct
information about the container it is being run against. #1687
+ Add "runc exec --additional-gids" support. #1608
+ Allow more signals to be sent with "runc kill" than are defined by
Go's syscall package. #1706
+ Emit an error if users try to use MS_PRIVATE with --no-pivot, as that
is simply not safe. #1606
+ Add support for "unbindable" and "runbindable" as rootfs propagation.
#1655
+ Implement intelrdt support in runc. #1279 #1590
+ Add support for lazy migration with CRIU. This includes the addition
of "runc checkpoint httpd" which acts as a remote pagefault request
server. #1541
+ Add MIPS support. #1475
Fixes:
* Delay seccomp application as late as possible, to reduce the syscall
footprint of runc on profiles. #1569
* Fix --read-only containers with user namespaces, which would
previously fail under Docker because of privilege problems when trying
to do the read-only remount. #1572
* Switch away from stateDirFd entirely. This is an improvement over the
protections we added for CVE-2016-9962, and protects against many
other possible container escape bugs. #1570
* Handle races between "runc start" and "runc delete" over the exec FIFO
correctly, and avoid blocking "runc start" indefinitely. #1698
* Correctly generate seccomp profiles that place requirements on syscall
arguments, as well as multi-argument restrictions. #1616 #1424
* Prospective patch for remounting of old-root during pivot_root. This
is intended to solve one of the many "mount leak" bugs that have been
popping up recently -- caused by lots of container churn and host
mounts being pinned during container setup. #1500
* Fix "runc exec" on big-endian architectures. #1727
* Correct systemd slice expansion to work with cAdvisor. #1722
* Fix races against systemd cgroup scope creation. #1683
* Do not wait for signalled processes if libcontainer is running in a
process that is a subreaper. #1678
* Remove dependency on libapparmor entirely, and just use
/proc/$pid/attr directly. #1675
* Improvements to our integration tests. #1661 #1629 #1528
* Handle systemd's quirky CPUQuotaPerSecUSec handling in
fractions-of-a-percent edge-cases. #1651
* Remove docker/docker import in runc by moving the package to runc.
#1644
* Switch from docker's pkg/symlink to cyphar/filepath-securejoin. #1622
* Enable integration and unit tests on arm64. #1642 #1640
* Add /proc/scsi to masked paths (mirror of Docker's CVE-2017-16539).
#1641
* Add several tests for specconv. #1626 #1619
* Add more extensive tests for terminal handling. #1357
* Always write freezer state during retry-loop, to avoid an indefinite
hang when new tasks are spawned in the container. #1610
* Create cwd when it doesn't exist in the container. #1604
* Set initial console size based on process spec, to avoid SIGWINCH
races where initial console size is completely wrong. #1275
* Small fixes for static builds. #1579 #1577
* Use epoll for PTY IO, to avoid issues with systemd's SAK protections.
#1455
* Update state.json after a "runc update". #1558
* Switch to umoci's release scripts, to use a more "standardised" and
distribution-friendly release scheme. Several makefile-fixes included
as well. #1554 #1542 #1555
* Reap "runc:[1:CHILD]" to avoid intermediate zombies building up. #1506
* Use CRIU's RPC to check the version. #1535
* Always save own namespace paths rather than the path given during
start-up, to avoid issues where the path disappears afterwards. #1477
* Fix that we incorrectly set the owners of devices. This is still (subtly)
broken in user namespaces, but will be fixed in a future version. #1743
* Lots of other miscellaneous fixes and cleanups, many of which were
written by first-time contributors. Thanks for contributing, and
welcome to the project! #1729 #1724 #1695 #1685 #1703 #1699 #1682
#1665 #1667 #1669 #1654 #1664 #1660 #1645 #1640 #1621 #1607 #1206
#1615 #1614 #1453 #1613 #1600 #1599 #1598 #1597 #1593 #1586 #1588
#1587 #1589 #1575 #1578 #1573 #1561 #1560 #1559 #1556 #1551 #1553
#1548 #1544 #1545 #1537
Removals:
- Andrej Vagin stepped down as a maintainer. Thanks for all of your hard
work Andrej, and have fun working on your other projects! #1543
Thanks to all of the contributors that made this release possible:
* Adrian Reber <areber@redhat.com>
* Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* Aleksa Sarai <asarai@suse.de>
* Alex Fang <littlelightlittlefire@gmail.com>
* Allen Sun <allensun.shl@alibaba-inc.com>
* Andrei Vagin <avagin@openvz.org>
* Antonio Murdaca <runcom@redhat.com>
* Bin Lu <bin.lu@arm.com>
* Danail Branekov <danail.branekov@sap.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* Ed King <eking@pivotal.io>
* Euan Kemp <euan.kemp@coreos.com>
* Giuseppe Scrivano <gscrivan@redhat.com>
* Jianyong Wu <jianyong.wu@arm.com>
* Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Konstantinos Karampogias <konstantinos.karampogias@swisscom.com>
* leitwolf7 <leitwolf@wolke7.net>
* Lorenzo Fontana <lo@linux.com>
* Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
* Matthew Heon <mheon@redhat.com>
* Michael Crosby <crosbymichael@gmail.com>
* Mrunal Patel <mrunal@me.com>
* Nikolas Sepos <nikolas.sepos@gmail.com>
* Peter Morjan <peter.morjan@de.ibm.com>
* Petros Angelatos <petrosagg@gmail.com>
* Qiang Huang <h.huangqiang@huawei.com>
* ravisantoshgudimetla <ravisantoshgudimetla@gmail.com>
* s7v7nislands <s7v7nislands@gmail.com>
* Sebastien Boeuf <sebastien.boeuf@intel.com>
* Seth Jennings <sjenning@redhat.com>
* Steven Hartland <steven.hartland@multiplay.co.uk>
* Sumit Sanghrajka <sumit.sanghrajka@gmail.com>
* Taeung Song <treeze.taeung@gmail.com>
* Thomas Hipp <thipp@suse.de>
* Tobias Klauser <tklauser@distanz.ch>
* Tom Godkin <tgodkin@pivotal.io>
* Tycho Andersen <tycho@docker.com>
* Valentin Kulesh <valentin.kulesh@virtuozzo.com>
* vikaschoudhary16 <choudharyvikas16@gmail.com>
* Vincent Demeester <vincent@sbr.pm>
* Vladimir Stefanovic <vladimir.stefanovic@imgtec.com>
* vsoch <vsochat@stanford.edu>
* Will Martin <wmartin@pivotal.io>
* W. Trevor King <wking@tremily.us>
* Xiaochen Shen <xiaochen.shen@intel.com>
* ynirk <julien.lavesque@gmail.com>
* Yong Tang <yong.tang.github@outlook.com>
* Yuanhong Peng <pengyuanhong@huawei.com>
* yupeng <yu.peng36@zte.com.cn>
Signed-off-by: Aleksa Sarai <asarai@suse.de>