v1.0.0~rc6
This is the final feature release of runc before 1.0, rather than 1.0
itself. The reason for tihs is that, during the preparations for this
release (which was originally meant to be 1.0) it was brought up that
there were several spec-compliance problems. One of these was related to
hook ordering, and upon trying to fix them it turns out that many users
(notably the NVIDIA OCI hooks) make use of our incorrect hook ordering.
Many of the proposed solutions to this problem all require a lot of time
and co-ordination, and thus would stall this release indefinitely.
So, the idea is to have an intermediate release which will mark a
freeze-on-everything-except-spec-compliance-bugs. No other changes will
be included pre-1.0 (aside from security patches obviously).
Features:
+ Upgrade to using Go 1.10. #1711
+ Upgrade to CRIU 3.11. #1711 #1864 #1935 #1936
+ Allow for checkpoint-restore into a foreign network namespace. #1849
+ The "type" field for bind-mounts is now ignored. This is important, because
many users incorrectly assume that "type" defines a bind-mount and not
"options". Previously you had to set both. #1753 #1845
+ "setgroups=allow" is now possible in rootless mode, but requires the use of
the privileged newgidmap helper (fully-rootless still requires
"setgroups=deny"). #1693
+ Rootless mode can now safely ignore a read-only cgroupfs. #1759 #1806
+ Several aspects of rootless mode are now used inside user namespaces. This
is necessary for a bunch of useful things (such as running Docker inside an
user namespace), but did cause some breakages. We think they've all been
fixed -- but if not please submit an issue! #1688 #1808 #1816 #1862
+ Improve kernel.{domain,host}name sysctl handling, to allow the NIS
domainname to be set from Docker or other callers without an OCI spec
change. #1827
+ Add documentation for one of the more confusion parts of runc, how terminals
are handled (including an explanation of --console-socket). All the gory
details and recommendations are available in docs/terminals.md. #1730
+ Allow /proc to be bind-mounted over (useful for rootless containers). #1832
+ Ignore ENOSYS for keyctl(2) operations. This is necessary to get Docker
working with LXC under the default seccomp profile (which is what ChromeOS
uses). #1893
+ Add support for the Intel RDT/MBA resource control system. #1632 #1913
+ Allow building with completely-disabled kmemcg support, to get around
problems with broken kernels (RHEL 7.5 can oops with kmemcg accounting
enabled). #1921 #1922 #1930
+ Add support for cgroup namespaces, which in turn fixes a few other issues we
encountered with the previous code (which could be moving us to a cgroup
during Go execution). #1916
Fixes:
* Namespace creation with user namespaces now plays a bit nicer with SELinux
and IPC (which had a bug where the in-kernel mqueue mount would have the
wrong tag if using unshare(CLONE_NEWUSER|CLONE_NEWIPC)). This is done to
avoid future problems with broken kernel integration. #1562
* Mild refactor of libcontainer/user. #1749
* Fix null-pointer-exception when no cgroups were set. #1752
* Various DBus and systemd related changes for the systemd-cgroup driver.
#1754 #1772 #1776 #1781 #1805 #1917
* Apply SELinux label to masked directories. #1756
* Obey the XDG spec and set the sticky bit on runc's root when using
XDG_RUNTIME_DIR (in rootless mode). #1760
* Only configure network namespaces if we are creating them. #1777
* Fix race in runc-exec against a currently-exiting pid1. #1812
* Forward GOMAXPROCS to try to reduce the number of threads started by 'runc
init'. Unforunately there's no way to stop Go from spawning new threads so
this is more of a recommendation. #1830
* Fix tmpcopyup in cases where /tmp is not a private mount. #1873
* Whitelist /proc/loadavg for bind-mounting. #1882
* Protect against deletion of runc state directory with a containerid of "..",
as well as the addition of other path hardening code. #1883
* Handle duplicated cgroupfs mountpoint entries more sanely, to make runc work
on distributions that use-and-abuse shared subtrees. #1817
* Fix console hanging in several cases. #1895 #1897
* Lock-to-a-thread during 'runc init' to ensure that that we don't switch
threads and run within a different SELinux label. #1814
* Respect cgroupPath when trying to find the cgroupfs mountpoint (which can
happen in cases where containers are given different cgroupfs mounts). #1872
* And many other minor changes, many from first-time contributors! #1746 #1748
#1749 #1784 #1779 #1785 #1796 #1819 #1825 #1836 #1824 #1820 #1838 #1840
#1841 #1867 #1871 #1855 #1854 #1874 #1868 #1886 #1892 #1858 #1894 #1908
#1880 #1910 #1915 #1903 #1922 #1926 #1928 #1925 #1911
Fixes (for spec violations):
* Don't set a container to "running" when exec-ing into it (because it might
be in the "created" state). #1771
* oom_score_adj is now no longer modified if it was unspecified in config.json
(this was a spec violation). #1759
* Set "status" in hook stdin, as well as switch to using *spec.State to avoid
JSON-representation drift. #1741
Thanks to all of the contributors that made this release possible:
* Ace-Tang <aceapril@126.com>
* Adrian Reber <areber@redhat.com>
* Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* Alban Crequy <alban@kinvolk.io>
* Aleksa Sarai <asarai@suse.de>
* Alex Glikson <alex.glikson@gmail.com>
* Andrei Vagin <avagin@virtuozzo.com>
* Antonio Murdaca <runcom@redhat.com>
* Bin Chen <nk@devicu.com>
* ChangFeng <changfeng@pinduoduo.com>
* Chris Aniszczyk <caniszczyk@gmail.com>
* Danail Branekov <danailster@gmail.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* Daniel J Walsh <dwalsh@redhat.com>
* Denys Smirnov <denys@sourced.tech>
* Derek Carr <decarr@redhat.com>
* dlorenc <lorenc.d@gmail.com>
* Dmitry Smirnov <onlyjob@member.fsf.org>
* Dominik Süß <dominik@suess.wtf>
* Filipe Brandenburger <filbranden@google.com>
* Giuseppe Scrivano <gscrivan@redhat.com>
* Harald Nordgren <haraldnordgren@gmail.com>
* Jay Kamat <jaygkamat@gmail.com>
* Jonathan Marler <johnnymarler@gmail.com>
* Kenta Tada <Kenta.Tada@sony.com>
* Kir Kolyshkin <kolyshkin@gmail.com>
* Lifubang <lifubang@acmcoder.com>
* Lin Yang <lin.a.yang@intel.com>
* Marco Vedovati <mvedovati@suse.com>
* Michael Crosby <crosbymichael@gmail.com>
* Mike Brown <brownwm@us.ibm.com>
* Mrunal Patel <mrunalp@gmail.com>
* Nalin Dahyabhai <nalin@redhat.com>
* Qiang Huang <h.huangqiang@huawei.com>
* Sebastien Boeuf <sebastien.boeuf@intel.com>
* Sergio Lopez <slp@redhat.com>
* Tamal Saha <tamal@appscode.com>
* Tibor Vass <tibor@docker.com>
* vikaschoudhary16 <choudharyvikas16@gmail.com>
* Vincent Batts <vbatts@hashbangbash.com>
* W. Trevor King <wking@tremily.us>
* Xiaochen Shen <xiaochen.shen@intel.com>
* Yan Zhu <yanzhu@alauda.io>
* Yuanhong Peng <pengyuanhong@huawei.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>