v1.0.0~rc5 This is planned to be the final -rc release of runc. While we really haven't followed the rules for release candidates (with huge features introduced each release, and with massive gaps between releases) the hope is that once we've release 1.0.0 we will be much more liberal with releases in future. Let's see how that pans out. :P Features: + Support cgroups in rootless containers. This is a continuation of the previous work done, and allows for users that have specialised setups (such as having the LXC pam_cg.so module set up) to use cgroups with rootless containers. #1540 + Add support for newuidmap and newgidmap with rootless containers. This is a continuation of some previous work, and allows users that have /etc/sub{uid,gid} configured to use the shadow-utils setuid helpers. Note that this support doesn't restrict users that don't want to use setuid binaries at all. #1529 + runc will now use a chroot when mount namespaces aren't provided in the config.json. While chroot does have its (many) downsides, this does allow for specialised configurations to work properly. #1702 + Expose annotations to hooks, so that the hook can have more direct information about the container it is being run against. #1687 + Add "runc exec --additional-gids" support. #1608 + Allow more signals to be sent with "runc kill" than are defined by Go's syscall package. #1706 + Emit an error if users try to use MS_PRIVATE with --no-pivot, as that is simply not safe. #1606 + Add support for "unbindable" and "runbindable" as rootfs propagation. #1655 + Implement intelrdt support in runc. #1279 #1590 + Add support for lazy migration with CRIU. This includes the addition of "runc checkpoint httpd" which acts as a remote pagefault request server. #1541 + Add MIPS support. #1475 Fixes: * Delay seccomp application as late as possible, to reduce the syscall footprint of runc on profiles. #1569 * Fix --read-only containers with user namespaces, which would previously fail under Docker because of privilege problems when trying to do the read-only remount. #1572 * Switch away from stateDirFd entirely. This is an improvement over the protections we added for CVE-2016-9962, and protects against many other possible container escape bugs. #1570 * Handle races between "runc start" and "runc delete" over the exec FIFO correctly, and avoid blocking "runc start" indefinitely. #1698 * Correctly generate seccomp profiles that place requirements on syscall arguments, as well as multi-argument restrictions. #1616 #1424 * Prospective patch for remounting of old-root during pivot_root. This is intended to solve one of the many "mount leak" bugs that have been popping up recently -- caused by lots of container churn and host mounts being pinned during container setup. #1500 * Fix "runc exec" on big-endian architectures. #1727 * Correct systemd slice expansion to work with cAdvisor. #1722 * Fix races against systemd cgroup scope creation. #1683 * Do not wait for signalled processes if libcontainer is running in a process that is a subreaper. #1678 * Remove dependency on libapparmor entirely, and just use /proc/$pid/attr directly. #1675 * Improvements to our integration tests. #1661 #1629 #1528 * Handle systemd's quirky CPUQuotaPerSecUSec handling in fractions-of-a-percent edge-cases. #1651 * Remove docker/docker import in runc by moving the package to runc. #1644 * Switch from docker's pkg/symlink to cyphar/filepath-securejoin. #1622 * Enable integration and unit tests on arm64. #1642 #1640 * Add /proc/scsi to masked paths (mirror of Docker's CVE-2017-16539). #1641 * Add several tests for specconv. #1626 #1619 * Add more extensive tests for terminal handling. #1357 * Always write freezer state during retry-loop, to avoid an indefinite hang when new tasks are spawned in the container. #1610 * Create cwd when it doesn't exist in the container. #1604 * Set initial console size based on process spec, to avoid SIGWINCH races where initial console size is completely wrong. #1275 * Small fixes for static builds. #1579 #1577 * Use epoll for PTY IO, to avoid issues with systemd's SAK protections. #1455 * Update state.json after a "runc update". #1558 * Switch to umoci's release scripts, to use a more "standardised" and distribution-friendly release scheme. Several makefile-fixes included as well. #1554 #1542 #1555 * Reap "runc:[1:CHILD]" to avoid intermediate zombies building up. #1506 * Use CRIU's RPC to check the version. #1535 * Always save own namespace paths rather than the path given during start-up, to avoid issues where the path disappears afterwards. #1477 * Fix that we incorrectly set the owners of devices. This is still (subtly) broken in user namespaces, but will be fixed in a future version. #1743 * Lots of other miscellaneous fixes and cleanups, many of which were written by first-time contributors. Thanks for contributing, and welcome to the project! #1729 #1724 #1695 #1685 #1703 #1699 #1682 #1665 #1667 #1669 #1654 #1664 #1660 #1645 #1640 #1621 #1607 #1206 #1615 #1614 #1453 #1613 #1600 #1599 #1598 #1597 #1593 #1586 #1588 #1587 #1589 #1575 #1578 #1573 #1561 #1560 #1559 #1556 #1551 #1553 #1548 #1544 #1545 #1537 Removals: - Andrej Vagin stepped down as a maintainer. Thanks for all of your hard work Andrej, and have fun working on your other projects! #1543 Thanks to all of the contributors that made this release possible: * Adrian Reber <areber@redhat.com> * Akihiro Suda <suda.akihiro@lab.ntt.co.jp> * Aleksa Sarai <asarai@suse.de> * Alex Fang <littlelightlittlefire@gmail.com> * Allen Sun <allensun.shl@alibaba-inc.com> * Andrei Vagin <avagin@openvz.org> * Antonio Murdaca <runcom@redhat.com> * Bin Lu <bin.lu@arm.com> * Danail Branekov <danail.branekov@sap.com> * Daniel, Dao Quang Minh <dqminh89@gmail.com> * Ed King <eking@pivotal.io> * Euan Kemp <euan.kemp@coreos.com> * Giuseppe Scrivano <gscrivan@redhat.com> * Jianyong Wu <jianyong.wu@arm.com> * Kenfe-Mickael Laventure <mickael.laventure@gmail.com> * Konstantinos Karampogias <konstantinos.karampogias@swisscom.com> * leitwolf7 <leitwolf@wolke7.net> * Lorenzo Fontana <lo@linux.com> * Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> * Matthew Heon <mheon@redhat.com> * Michael Crosby <crosbymichael@gmail.com> * Mrunal Patel <mrunal@me.com> * Nikolas Sepos <nikolas.sepos@gmail.com> * Peter Morjan <peter.morjan@de.ibm.com> * Petros Angelatos <petrosagg@gmail.com> * Qiang Huang <h.huangqiang@huawei.com> * ravisantoshgudimetla <ravisantoshgudimetla@gmail.com> * s7v7nislands <s7v7nislands@gmail.com> * Sebastien Boeuf <sebastien.boeuf@intel.com> * Seth Jennings <sjenning@redhat.com> * Steven Hartland <steven.hartland@multiplay.co.uk> * Sumit Sanghrajka <sumit.sanghrajka@gmail.com> * Taeung Song <treeze.taeung@gmail.com> * Thomas Hipp <thipp@suse.de> * Tobias Klauser <tklauser@distanz.ch> * Tom Godkin <tgodkin@pivotal.io> * Tycho Andersen <tycho@docker.com> * Valentin Kulesh <valentin.kulesh@virtuozzo.com> * vikaschoudhary16 <choudharyvikas16@gmail.com> * Vincent Demeester <vincent@sbr.pm> * Vladimir Stefanovic <vladimir.stefanovic@imgtec.com> * vsoch <vsochat@stanford.edu> * Will Martin <wmartin@pivotal.io> * W. Trevor King <wking@tremily.us> * Xiaochen Shen <xiaochen.shen@intel.com> * ynirk <julien.lavesque@gmail.com> * Yong Tang <yong.tang.github@outlook.com> * Yuanhong Peng <pengyuanhong@huawei.com> * yupeng <yu.peng36@zte.com.cn> Signed-off-by: Aleksa Sarai <asarai@suse.de>