Tags

debian/1.0.0_rc4+dfsg1-4

debian/1.0.0_rc4+dfsg1-4

debian/1.0.0_rc4+dfsg1-3

debian/1.0.0_rc4+dfsg1-3

debian/1.0.0_rc4+dfsg1-2

runc Debian release 1.0.0~rc4+dfsg1-2

debian/1.0.0_rc4+dfsg1-1

runc Debian release 1.0.0~rc4+dfsg1-1

upstream/1.0.0_rc4+dfsg1

Upstream version 1.0.0~rc4+dfsg1

v1.0.0-rc4

v1.0.0~rc4

Features:

+ runc now supports v1.0.0 of the OCI runtime specification. #1527
+ Rootless containers support has been released. The current state of
  this feature is that it only supports single-{uid,gid} mappings as an
  unprivileged user, and cgroups are completely unsupported. Work is
  being done to improve this. #774
+ Rather than relying on CRIU version nnumbers, actually check if the
  system supports pre-dumping. #1371
+ Allow the PIDs cgroup limit to be updated. #1423
+ Add support for checkpoint/restore of containers with orphaned PTYs
  (which is effectively all containers with terminal=true). #1355
+ Permit prestart hooks to modify the cgroup configuration of a
  container. #1239
+ Add support for a wide variety of mount options. #1460
+ Expose memory.use_hierarchy in MemoryStats. #1378

Fixes:

* Fix incorrect handling of systems without the freezer cgroup. #1387
* Many, many changes to switch away from Go's "syscall" stdlib to
  "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
  #1478 #1491 #1482 #1504 #1519 #1530
* Set cgroup resources when restoring a container. #1399
* Switch back to using /sbin as the installation directory. #1406
* Remove the arbitrary container ID length restriction. #1435
* Make container force deletion ignore non-existent containers. #1451
* Improve handling of arbitrary cgroup mount locations when populating
  cpuset. #1372
* Make the SaneTerminal interface public. #1479
* Fix cases where runc would report a container to be in a "Running"
  state if the init was a zombie or dead. #1489
* Do not set supplementary groups for numeric users. #1450
* Fix various issues with the "owner" field in runc-list. #1516
* Many other miscellaneous fixes, some of which were made by first-time
  contributors. Thanks, and welcome to the project! #1406 #1400 #1365
  #1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
  #1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533

Removals:

- Remove any semblance of non-Linux support. #1502
- We no longer use shfmt for testing. #1510

Thanks to all of the contributors that made this release possible:

* Adrian Reber <areber@redhat.com>
* Aleksa Sarai <asarai@suse.de>
* Andrei Vagin <avagin@virtuozzo.com>
* Antonio Murdaca <runcom@redhat.com>
* chchliang <chen.chuanliang@zte.com.cn>
* Christy Perez <christy@linux.vnet.ibm.com>
* Craig Furman <cfurman@pivotal.io>
* CuiHaozhi <cuihz@wise2c.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* Derek Carr <decarr@redhat.com>
* Harshal Patil <harshal.patil@in.ibm.com>
* Jonh Wendell <jonh.wendell@redhat.com>
* Justin Cormack <justin.cormack@docker.com>
* Kang Liang <kangliang424@gmail.com>
* Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Konstantinos Karampogias <konstantinos.karampogias@swisscom.com>
* Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
* Michael Crosby <crosbymichael@gmail.com>
* Mrunal Patel <mrunalp@gmail.com>
* Qiang Huang <h.huangqiang@huawei.com>
* Steven Hartland <steven.hartland@multiplay.co.uk>
* Tim Potter <tpot@hpe.com>
* Tobias Klauser <tklauser@distanz.ch>
* Valentin Rothberg <vrothberg@suse.com>
* Vincent Batts <vbatts@redhat.com>
* Wentao Zhang <zhangwentao234@huawei.com>
* Will Martin <wmartin@pivotal.io>
* W. Trevor King <wking@tremily.us>
* yangshukui <yangshukui@huawei.com>
* Zhang Wei <zhangwei555@huawei.com>

Vote-Closed: [Wed Aug 9 05:28:38 UTC 2017]
Vote-Results: [+5 -0 /2]

debian/1.0.0_rc2+git20170201.133.9df8b30-2

runc Debian release 1.0.0~rc2+git20170201.133.9df8b30-2

debian/1.0.0_rc2+git20170201.133.9df8b30-1

Signed tag for release

debian/0.1.1+dfsg1-3

upstream/1.0.0-rc2+git20170201.133.9df8b30

Upstream version 1.0.0-rc2+git20170201.133.9df8b30

v1.0.0-rc3

v1.0.0~rc3

Features:

+ Add slice management support to the systemd cgroup driver. Checks are
  done to make sure that systemd supports the feature. #1084
+ Support for readonly mount labels. #1112
+ Add a tmpcopyup mount extension for tmpfs mounts that are mounted over
  already existing directories, allowing for the contents of a volume to
  be copied up transparently. #845
* Switch our pivot_root usage to no longer require temporary
  directories, improving the state of containters running in entirely
  readonly contexts. #1125 #1148
+ Allow updating of rt_period_us and rt_runtime_us in cpuacct cgroup.
+ Reimplement console handling to use AF_UNIX sockets such that the
  console is created inside the container's (namespaced) devpts
  instance, solving a wide variety of historical pty bugs with runC.
  #1018 #1356
* Support overlayfs in mounts. #1314
+ Support creating devices with types 'p' and 'u'. #1321
+ Add --preserve-fds=N to create and run commands. #1320
+ Add pre-dump and parent-path to checkpoint. #1001
+ Update to runtime-spec v1.0.0-rc5. #1370

Fixes:

* Remove check for binding to /. #1090
* Ensure we log to logrus on command errors. #1089
* Don't enable kmem limits if they're not specified in the config. #1095
* Handle cases where specs.Resources.* members would cause null
  dereferences. #1111 #1116
* Fix bugs in the GetProcessStartTime implementation. #1136
* Make sysctl config validation checks handle network namespaces more
  gracefully. #1138 #1149
* Guarantee correct namespace creation ordering. This is part of the
  rootless container patchset, and is also required in certain SELinux
  setups. #977
* Stop screwing around with '\n' in console output. #1146
* Fix cpuset.cpu_exclusive handling. #1194
* Sync HookState with the OCI specification. #1201
* Split remounting mountpoints and bindmounts, resolving issues with
  mount options being dropped in certain cases. #1222
* Fix leftover cgroup directory issue. #1196
* Handle config.Devices and config.MaskPaths in checkpoint. #1110.
* Don't create combined cgroup subsystem names. #1268
* Ignore cgroupv2 mountpoints, fixing issues with systemd v232. #1266
* Race condition when synchronising with children and grandchildren in
  nsexec.c. #1237
* Fix state checks to no longer depend on _LIBCONTAINER being present in
  the environment, fixing both bugs as well as being part of the
  rootless container patchset. #1317
* Fix systemd-notify when using different PID namespaces, and allow
  detach+notify socket. #1308
* Don't fchown when inheriting stdio, which is necessary for rootless
  containers in certain scenarios. #1354
* Fix cpu.cfs_quota_us being changed when systemd is reloaded. #1344
* Add devices to whitelist for LXD, to make runC under LXC/LXD work
  better. #1327
* Many improvements to testing. #1121 #1131 #1132 #1147

Security:

* Several fixes for CVE-2016-9962. 5d93fed3d27f #1274

Thanks to all of the contributors that made this release possible:

* Qiang Huang <h.huangqiang@huawei.com>
* Aleksa Sarai <asarai@suse.de>
* Mrunal Patel <mrunalp@gmail.com>
* Michael Crosby <crosbymichael@gmail.com>
* Wang Long <long.wanglong@huawei.com>
* Daniel, Dao Quang Minh <dqminh89@gmail.com>
* rajasec <rajasec79@gmail.com>
* Zhang Wei <zhangwei555@huawei.com>
* Steven Hartland <steven.hartland@multiplay.co.uk>
* Giuseppe Scrivano <gscrivan@redhat.com>
* Shukui Yang <yangshukui@huawei.com>
* Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
* Daniel Dao <dqminh89@gmail.com>
* CuiHaozhi <cuihaozhi@chinacloud.com.cn>
* Antonio Murdaca <runcom@redhat.com>
* Xianglin Gao <xlgao@zju.edu.cn>
* Lei Jitang <leijitang@huawei.com>
* Justin Cormack <justin.cormack@docker.com>
* Dan Walsh <dwalsh@redhat.com>
* Daniel Martí <mvdan@mvdan.cc>
* Ce Gao <ce.gao@outlook.com>
* allencloud <allen.sun@daocloud.io>
* Alexander Morozov <lk4d4math@gmail.com>
* yupeng <yu.peng36@zte.com.cn>
* Yuanhong Peng <pengyuanhong@huawei.com>
* Yong Tang <yong.tang.github@outlook.com>
* xuxinkun <xuxinkun@gmail.com>
* Xianlu Bird <xianlubird@gmail.com>
* William Martin <wmartin@pivotal.io>
* Wentao Zhang <zhangwentao234@huawei.com>
* Vivek Goyal <vgoyal@redhat.com>
* Samuel Ortiz <sameo@linux.intel.com>
* rainrambler <wanganyu@outlook.com>
* Mohammad Arab <boynux@gmail.com>
* Michal Rostecki <michal@kinvolk.io>
* Máximo Cuadros <mcuadros@gmail.com>
* Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Ian Campbell <ian.campbell@docker.com>
* Harry Zhang <harryz@hyper.sh>
* Fengtu Wang <wangfengtu@huawei.com>
* Eric Paris <eparis@redhat.com>
* Derek Carr <decarr@redhat.com>
* Deng Guangxing <dengguangxing@huawei.com>
* CuiHaozhi <61755280@qq.com>
* Crazykev <crazykev@zju.edu.cn>
* Chris Aniszczyk <caniszczyk@gmail.com>
* Casey Callendrello <c1@caseyc.net>
* Carlton-Semple <carlton.semple@ibm.com>
* Brian Goff <cpuguy83@gmail.com>
* Andrew Vagin <avagin@openvz.org>

debian/1.0.0_rc2+git20161109.131.5137186-1

Signed tag for release

upstream/1.0.0_rc2+git20161109.131.5137186

Upstream version 1.0.0~rc2+git20161109.131.5137186

debian/0.1.1+dfsg1-2

v1.0.0-rc2

runC 1.0.0-rc2

Features:
 + {create,run}: add --no-new-keyring flag so that a new session keyring
   is not created for the container and the calling process's keyring is
   inherited.
 + restore: add --empty-ns flag to tell CRIU to only create a network
   namespace for a container and not populate it (allowing higher levels
   to correctly handle re-creating the network namespace).
 + {create,start}: use a FIFO rather than signals to signal the starting
   of a container. This removes the Go version restriction, and also
   avoids potential issues with Go's signal handling.
 + exec: allow additional groups to be overridden.
 + delete: add --force flag.
 - exec: disable the subreaper option entirely, because the option
   causes many issues with reparenting in the context of containers.
   This is not a complete fix, which is intended to land for -rc3. Using
   the removed option will be silently ignored by runC.
 + {create,run}: add support for masking directories with MaskPaths.
 + delete: allow for the deletion of multiple containers in one cmdline.
 + build: add `make release` for distributions.

Fixes:
 * Major improvements and fixes to CLI handling. Now commands like
   `runc ps` and `runc exec` will act sanely when you're trying to use
   flags that are not meant to be parsed by runC.
 * Set the cp.rt_* cgroup options correctly so that runC running in
   SCHED_RR (realtime) mode can operate properly.
 * Massive improvements to kmem limit detection to ensure that we only
   attempt to change memory.kmem.* if it is safe to do so.
 * Part of a major cleanup of the nsenter code, with more intended to
   land before -rc3.
 * Restored containers now have a start time, which is the time that the
   new container was started (not when the original container was
   started).
 * Fix the default cgroupPath behaviour, so that we actually attach to
   subcgroups of all of the caller's current cgroups (rather than using
   the devices cgroup path for all other cgroups)
 + Support 32bit UIDs on i386 with the setuid32(2) syscall.
 + Add /proc/timer_list to the set of default masked paths.
 - Do not create /dev/fuse by default.
 * Parse cgroupPath correctly if it contains ':'.
 * Add some more debugging information for the test suite, along with
   fixes for race conditions and other issues. In addition, add more
   integration tests for edge conditions.
 * Improve check-config.sh script to handle more cases.
 * Fix incorrect type when setting of net_cls classid.
 * Lots of fixes to help pages and man pages.
 + *: append -dirty to the version if the git repo is unclean.
 * Fix the JSON tags for CpuRt* options.
 * Cleanups to the rootfs setup code.
 * Improve error messages related to SELinux.

Thanks to all of the contributors that made this release possible:

 * Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 * Aleksa Sarai <asarai@suse.de>
 * Alexander Morozov <lk4d4math@gmail.com>
 * Andrew Vagin <avagin@virtuozzo.com>
 * Ben <ben.gray@bskyb.com>
 * Buddha Prakash <buddhap@google.com>
 * Carl Henrik Lunde <chlunde@ifi.uio.no>
 * Christian Brauner <cbrauner@suse.de>
 * Dam Thomason <ad@mthomason.net>
 * Dan Walsh <dwalsh@redhat.com>
 * Daniel, Dao Quang Minh <dqminh89@gmail.com>
 * Davanum Srinivas <davanum@gmail.com>
 * Euan Kemp <euank@coreos.com>
 * Guilherme Rezende <guilhermebr@gmail.com>
 * Haiyan Meng <hmeng@redhat.com>
 * Hushan Jia <hushan.jia@gmail.com>
 * Jiuyue Ma <majiuyue@huawei.com>
 * Johnny Bieren <jbieren@redhat.com>
 * Jonathan Boulle <jonathanboulle@gmail.com>
 * Justin Cormack <justin.cormack@docker.com>
 * Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 * Michael Crosby <crosbymichael@gmail.com>
 * Mike Brown <brownwm@us.ibm.com>
 * Mrunal Patel <mrunalp@gmail.com>
 * Peng Gao <peng.gao.dut@gmail.com>
 * Petar Petrov <pppepito86@gmail.com>
 * Phil Estes <estesp@linux.vnet.ibm.com>
 * Qiang Huang <h.huangqiang@huawei.com>
 * Serge Hallyn <serge@hallyn.com>
 * Seth Jennings <sjenning@redhat.com>
 * Shukui Yang <yangshukui@huawei.com>
 * Tristan Cacqueray <tdecacqu@redhat.com>
 * Vishnu kannan <vishnuk@google.com>
 * Wang Long <long.wanglong@huawei.com>
 * Yang Hongyang <imhy.yang@gmail.com>
 * Yen-Lin Chen <hencrice+FOSS@gmail.com>
 * Yuanhong Peng <pengyuanhong@huawei.com>
 * Zhang Wei <zhangwei555@huawei.com>
 * Zhao Lei <zhaolei@cn.fujitsu.com>
 * rajasec <rajasec79@gmail.com>
 * xiekeyang <xiekeyang@huawei.com>

debian/0.1.1+dfsg1-1

accepted to unstable

upstream/0.1.1+dfsg1

Upstream version 0.1.1+dfsg1

debian/0.1.0+dfsg1-1

accepted to unstable

upstream/0.1.0+dfsg1

Upstream version 0.1.0+dfsg1

v1.0.0-rc1