v1.0.0~rc6 This is the final feature release of runc before 1.0, rather than 1.0 itself. The reason for tihs is that, during the preparations for this release (which was originally meant to be 1.0) it was brought up that there were several spec-compliance problems. One of these was related to hook ordering, and upon trying to fix them it turns out that many users (notably the NVIDIA OCI hooks) make use of our incorrect hook ordering. Many of the proposed solutions to this problem all require a lot of time and co-ordination, and thus would stall this release indefinitely. So, the idea is to have an intermediate release which will mark a freeze-on-everything-except-spec-compliance-bugs. No other changes will be included pre-1.0 (aside from security patches obviously). Features: + Upgrade to using Go 1.10. #1711 + Upgrade to CRIU 3.11. #1711 #1864 #1935 #1936 + Allow for checkpoint-restore into a foreign network namespace. #1849 + The "type" field for bind-mounts is now ignored. This is important, because many users incorrectly assume that "type" defines a bind-mount and not "options". Previously you had to set both. #1753 #1845 + "setgroups=allow" is now possible in rootless mode, but requires the use of the privileged newgidmap helper (fully-rootless still requires "setgroups=deny"). #1693 + Rootless mode can now safely ignore a read-only cgroupfs. #1759 #1806 + Several aspects of rootless mode are now used inside user namespaces. This is necessary for a bunch of useful things (such as running Docker inside an user namespace), but did cause some breakages. We think they've all been fixed -- but if not please submit an issue! #1688 #1808 #1816 #1862 + Improve kernel.{domain,host}name sysctl handling, to allow the NIS domainname to be set from Docker or other callers without an OCI spec change. #1827 + Add documentation for one of the more confusion parts of runc, how terminals are handled (including an explanation of --console-socket). All the gory details and recommendations are available in docs/terminals.md. #1730 + Allow /proc to be bind-mounted over (useful for rootless containers). #1832 + Ignore ENOSYS for keyctl(2) operations. This is necessary to get Docker working with LXC under the default seccomp profile (which is what ChromeOS uses). #1893 + Add support for the Intel RDT/MBA resource control system. #1632 #1913 + Allow building with completely-disabled kmemcg support, to get around problems with broken kernels (RHEL 7.5 can oops with kmemcg accounting enabled). #1921 #1922 #1930 + Add support for cgroup namespaces, which in turn fixes a few other issues we encountered with the previous code (which could be moving us to a cgroup during Go execution). #1916 Fixes: * Namespace creation with user namespaces now plays a bit nicer with SELinux and IPC (which had a bug where the in-kernel mqueue mount would have the wrong tag if using unshare(CLONE_NEWUSER|CLONE_NEWIPC)). This is done to avoid future problems with broken kernel integration. #1562 * Mild refactor of libcontainer/user. #1749 * Fix null-pointer-exception when no cgroups were set. #1752 * Various DBus and systemd related changes for the systemd-cgroup driver. #1754 #1772 #1776 #1781 #1805 #1917 * Apply SELinux label to masked directories. #1756 * Obey the XDG spec and set the sticky bit on runc's root when using XDG_RUNTIME_DIR (in rootless mode). #1760 * Only configure network namespaces if we are creating them. #1777 * Fix race in runc-exec against a currently-exiting pid1. #1812 * Forward GOMAXPROCS to try to reduce the number of threads started by 'runc init'. Unforunately there's no way to stop Go from spawning new threads so this is more of a recommendation. #1830 * Fix tmpcopyup in cases where /tmp is not a private mount. #1873 * Whitelist /proc/loadavg for bind-mounting. #1882 * Protect against deletion of runc state directory with a containerid of "..", as well as the addition of other path hardening code. #1883 * Handle duplicated cgroupfs mountpoint entries more sanely, to make runc work on distributions that use-and-abuse shared subtrees. #1817 * Fix console hanging in several cases. #1895 #1897 * Lock-to-a-thread during 'runc init' to ensure that that we don't switch threads and run within a different SELinux label. #1814 * Respect cgroupPath when trying to find the cgroupfs mountpoint (which can happen in cases where containers are given different cgroupfs mounts). #1872 * And many other minor changes, many from first-time contributors! #1746 #1748 #1749 #1784 #1779 #1785 #1796 #1819 #1825 #1836 #1824 #1820 #1838 #1840 #1841 #1867 #1871 #1855 #1854 #1874 #1868 #1886 #1892 #1858 #1894 #1908 #1880 #1910 #1915 #1903 #1922 #1926 #1928 #1925 #1911 Fixes (for spec violations): * Don't set a container to "running" when exec-ing into it (because it might be in the "created" state). #1771 * oom_score_adj is now no longer modified if it was unspecified in config.json (this was a spec violation). #1759 * Set "status" in hook stdin, as well as switch to using *spec.State to avoid JSON-representation drift. #1741 Thanks to all of the contributors that made this release possible: * Ace-Tang <aceapril@126.com> * Adrian Reber <areber@redhat.com> * Akihiro Suda <suda.akihiro@lab.ntt.co.jp> * Alban Crequy <alban@kinvolk.io> * Aleksa Sarai <asarai@suse.de> * Alex Glikson <alex.glikson@gmail.com> * Andrei Vagin <avagin@virtuozzo.com> * Antonio Murdaca <runcom@redhat.com> * Bin Chen <nk@devicu.com> * ChangFeng <changfeng@pinduoduo.com> * Chris Aniszczyk <caniszczyk@gmail.com> * Danail Branekov <danailster@gmail.com> * Daniel, Dao Quang Minh <dqminh89@gmail.com> * Daniel J Walsh <dwalsh@redhat.com> * Denys Smirnov <denys@sourced.tech> * Derek Carr <decarr@redhat.com> * dlorenc <lorenc.d@gmail.com> * Dmitry Smirnov <onlyjob@member.fsf.org> * Dominik Süß <dominik@suess.wtf> * Filipe Brandenburger <filbranden@google.com> * Giuseppe Scrivano <gscrivan@redhat.com> * Harald Nordgren <haraldnordgren@gmail.com> * Jay Kamat <jaygkamat@gmail.com> * Jonathan Marler <johnnymarler@gmail.com> * Kenta Tada <Kenta.Tada@sony.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Lifubang <lifubang@acmcoder.com> * Lin Yang <lin.a.yang@intel.com> * Marco Vedovati <mvedovati@suse.com> * Michael Crosby <crosbymichael@gmail.com> * Mike Brown <brownwm@us.ibm.com> * Mrunal Patel <mrunalp@gmail.com> * Nalin Dahyabhai <nalin@redhat.com> * Qiang Huang <h.huangqiang@huawei.com> * Sebastien Boeuf <sebastien.boeuf@intel.com> * Sergio Lopez <slp@redhat.com> * Tamal Saha <tamal@appscode.com> * Tibor Vass <tibor@docker.com> * vikaschoudhary16 <choudharyvikas16@gmail.com> * Vincent Batts <vbatts@hashbangbash.com> * W. Trevor King <wking@tremily.us> * Xiaochen Shen <xiaochen.shen@intel.com> * Yan Zhu <yanzhu@alauda.io> * Yuanhong Peng <pengyuanhong@huawei.com> Signed-off-by: Aleksa Sarai <asarai@suse.de>