NEWS 11.7 KB
Newer Older
1 2 3
      libvirt Sandbox News
      ====================

4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
0.6.0 - "Dashti Margo" - 2015-07-01
-----------------------------------

 - API/ABI in-compatible change, soname increased
 - Prevent use of virt-sandbox-service as non-root upfront
 - Fix misc memory leaks
 - Block SIGHUP from the dhclient binary to prevent
   accidental death if the controlling terminal is
   closed & reopened
 - Add support for re-creating libvirt XML from sandbox
   config to facilitate upgrades
 - Switch to standard gobject introspection autoconf macros
 - Add ability to set filters on network interfaces
 - Search /usr/lib instead of /lib for systemd unit
   files, as the former is the canonical location even
   when / and /usr are merged
 - Only set SELinux labels on hosts that support SELinux
 - Explicitly link to selinux, instead of relying on
   indirect linkage
 - Update compiler warning flags
 - Fix misc docs comments
 - Don't assume use of SELinux in virt-sandbox-service
 - Fix path checks for SUSUE in virt-sandbox-service
 - Add support for AppArmour profiles
 - Mount /var after other FS to ensure host image is
   available
 - Ensure state/config dirs can be accessed when QEMU
   is running non-root for qemu:///system
 - Fix mounting of host images in QEMU sandboxes
 - Mount images as ext4 instead of ext3
 - Allow use of non-raw disk images as filesystem
   mounts
 - Check if required static libs are available at configure
   time to prevent silent fallback to shared linking
 - Require libvirt-glib >= 0.2.1
 - Add support for loading lzma and gzip compressed kmods
 - Check for support libvirt URIs when starting guests
   to ensure clear error message upfront
 - Add LIBVIRT_SANDBOX_INIT_DEBUG env variable to allow
   debugging of kernel boot messages and sandbox init
   process setup
 - Add support for exposing block devices to sandboxes
   with a predictable name under /dev/disk/by-tag/TAGNAME
 - Use devtmpfs instead of tmpfs for auto-populating
   /dev in QEMU sandboxes
 - Allow setup of sandbox with custom root filesystem
   instead of inheriting from host's root.
 - Allow execution of apps from non-matched ld-linux.so
   / libc.so, eg executing F19 binaries on F22 host
 - Use passthrough mode for all QEMU filesystems

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
0.5.1 - "Cholistan" - 2013-11-18
--------------------------------

 - Fix path to systemd binary (prefers dir /lib/systemd not /bin)
 - Remove obsolete commands from virt-sandbox-service man page
 - Fix delete of running service container
 - Allow use of custom root dirs with 'virt-sandbox --root DIR'
 - Fix 'upgrade' command for virt-sandbox-service generic services
 - Fix logrotate script to use virsh for listing sandboxed services
 - Add 'inherit' option for virt-sandbox '-s' security context
   option, to auto-copy calling process' context
 - Remove non-existant '-S' option froom virt-sandbox-service man
   page
 - Fix line break formatting of man page
 - Mention LIBVIRT_DEFAULT_URI in virt-sandbox-service man page
 - Check some return values in libvirt-sandbox-init-qemu
 - Remove unused variables
 - Fix crash with partially specified mount option string
 - Add man page docs for 'ram' mount type
 - Avoid close of un-opened file descriptor
 - Fix leak of file handles in init helpers
 - Log a message if sandbox cleanup fails
 - Cope with domain being missing when deleting container
 - Improve stack trace diagnostics in virt-sandbox-service
 - Fix virt-sandbox-service content copying code when faced with
   non-regular files.
 - Improve error reporting if kernel does not exist
 - Allow kernel version/path/kmod to be set with virt-sandbox
 - Don't overmount '/root' in QEMU sandboxes by default
 - Fix nosuid / nodev mount options for tmpfs
 - Force 9p2000.u protocol version to avoid QEMU bugs
 - Fix cleanup when failing to start interactive sandbox
 - Create copy of kernel from /boot to allow relabelling
 - Bulk re-indent of code
 - Avoid crash when gateway is missing in network options
 - Fix symlink target created in multi-user.target.wants
 - Add '-p PATH' option for virt-sandbox-service clone/delete
   to match 'create' command option.
 - Only allow 'lxc:///' URIs with virt-sandbox-service
   until further notice
 - Rollback state if cloning a service sandbox fails
 - Add more kernel modules instead of assuming they are
   all builtins
 - Don't complain if some kmods are missing, as they may
   be builtins
 - Allow --mount to be repeated with virt-sandbox-service


103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
0.5.0 - "Sahara Desert" - 2013-08-01
------------------------------------

 - Switch to use persistent libvirt configuration files for
   service sandboxes
 - Store service configs in /etc/libvirt-sandbox/services/$NAME/
   instead of /etc/libvirt-sandbox/services/$NAME.sandbox to
   allow storage of multiple files per sandbox
 - Add a new 'virt-sandbox-service upgrade NAME' command,
   to be run by admin for all existing service sandboxes to
   upgrade their configuration to be compatible with the new
   release
 - Remove start, stop, list commands from virt-sandbox-service,
   with recomendation to use start, destroy & list commands in
   virsh instead.
 - Remove duplicate -u option in man page
 - Update man page examples
 - Stop generating a UNIT_sandbox.target unit, instead letting
   the sandbox unit tie into multi-user.target as normal
 - Remove unimplemented APIs for graphical sandboxes, to be
   re-added at a later date when actually functional
 - Add padding to public structs, to facilitate preservation
   of public ABI compatibility in future
 - Add note about default libvirt URIs in man page
 - Fix cloning of sandboxes


130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
0.2.1 - "Owami Desert" - 2013-07-09
-----------------------------------

 - Requires libvirt-glib >= 0.1.7
 - ABI change: Removed GVirSandboxCleaner class
 - Don't add link in /var/log/journal for image based containers
 - Don't hold open libvirt connection when displaying service
   sandbox consoles
 - Record container UUID in config for service sandboxes
 - Add missing RPMs deps
 - Allow custom mounts to be specified to virt-sandbox-service
 - Fix misc bugs in sandbox creation/deletion
 - Use 'guest bind' for configuring image based service sandboxes
 - Allow NIC MAC address to be chosen
 - Include systemd-initctl.socket in service sandboxes by default
   to allow libvirt initiated graceful shutdown


148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
0.2.0 - "Nubian Desert" - 2013-05-07
------------------------------------

 - Requires systemd >= 198
 - Fix termination of interactive sandbox client to
   avoid loosing final I/O
 - Stop hardcoding default security label
 - Misc docs typos / fixes
 - Fix infinite loop handling security opts
 - Mandate enablement of introspection
 - Handle NULL broadcast address for NICs
 - Don't assume /var/log/journal exists
 - Improve rollback if creation of service sandbox fails
 - Block host NICs from sandbox
 - Sanity check requested network config
 - Fix sandbox journal location to be a dir not a file
 - Fix parsing of --security option
 - Change virt-sandbox-service to use --security opts
   instead of SELinux specific -l/-t/-d args
 - Replace use of YUM with RPM to improve performance
 - Send dhclient output to /dev/null
 - Avoid getting stuck in waitpid if non-primary process
   exits
 - Allow choice of host virtual networks
 - Support network config with virt-sandbox-service
 - Do not create any NIC in service sandbox by default
 - Cope with SELinux label lacking a category pair
 - Delay dropping credentials until after ttys are opened
 - Fix tty permissions in QEMU init helper to be 0700 instead
   of 0777
 - Add support for non-systemd service containers
 - Add support for i18n of all output strings
 - Remove hardcoding of lxc:/// in virt-sandbox-service
 - Correctly handle EOF from raw console
 - Improve I/O performance of virt-sandbox
 - Allow custom uid/gid for generic service sandboxes
 - Do not run debug shell in service sandboxes
 - Add --package option to virt-sandbox-service for cases
   where the unit file is not owned by an RPM
 - Use drop in systemd service override, instead of
   includes
 - Support templated systemd service units


192 193
0.1.2 - "Namib Desert" - 2013-03-05
-----------------------------------
194 195 196 197 198 199 200 201 202 203 204 205 206 207 208

 - Requires libvirt >= 1.0.2
 - Split virt-sandbox-service manpage into separate docs,
   one for each sub-command
 - Fix handling of GLib.GError exceptions
 - Containerize /var/lib/nfs/rpc_pipefs too
 - Add ability to execute arbitrary commands inside the
   container using namespace attach
 - Fix docs for virt-sandbox mount options
 - Better wording about escape sequence for consoles
 - Create journal file if it doesn't already exist
 - Create /etc/rc.d/init.d inside container to block
   legacy init scripts starting
 - Skip binding files/dirs which don't exist in host

209 210 211

0.1.1 - "Libyan Desert" - 2012-12-10
------------------------------------
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226

 - Fix typos in POD docs for some classes
 - Only depend on libvirt-daemon-{kvm,qemu,lxc}, not
   full libvirt RPM.
 - Switch to YUM for extracting package file list
 - Bind mount whole of /var rather than only some subdirs
 - Validate unit files exist before creating sandbox
 - Fixes to population of files in /etc and /var
 - Finish 'clone' command for copying sandboxes
 - Populate /etc/machine-id file
 - Fix systemd dependancies for bulk start/stop of containers
 - Symlink container journal directory into host filesystem
 - Rename sandbox.target to multi-user.target
 - Fix attachment to running containers

227 228 229

0.1.0 - "Karoo" - 2012-08-10
----------------------------
230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259

 - ABI+API incompatible with previous library, so new soname
 - Some changes to CLI args for virt-sandbox command
 - Many fixes to virt-sandbox-service
 - Use /run/libvirt-sandbox instead of /root/.cache/libvirt
   when run as root
 - Fix typo setting RUNDIR
 - Re-add /kernel suffix to kmod search dir
 - Add APIs to select kernel version
 - Fix SEGV when attaching consoles to NULL stdin
 - Add logrotate script for virt-sandbox-service
 - Turn GVirSandboxConsole into an abstract class
 - Configurable keysequence for breaking out of console
   (defaults to Ctrl+])
 - Fix handling of strace debugging
 - Add APIs to select kmod directory prefix
 - Require glib >= 2.32
 - Refactor APIs for configuring sandbox mounts
 - Maintain a single sorted list of mounts
 - Add support for RAM filesystems
 - Setup tmpfs for /run and /tmp in sandbox services
 - Remove need to provide executable for sandbox services,
   just rely on systemd unit filename
 - Enable admin customization of systemd services in sandbox
   services
 - Rewrite part of virt-sandbox-service in C to reduce
   long term memory overhead
 - Create custom systemd startup sequence


260 261
0.0.3 - "Kalahari Desert" - 2012-04-13
--------------------------------------
262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281

 - Ensure root/config filesystems are readonly in KVM
 - Add support for mounting host disk images in guests
 - Add support for binding guest filesystems to new locations
 - Add support for an optional interactive shell for debugging
   or administrative purposes
 - Add a virt-sandbox-service script for preparing sandboxes
   for system services, integrating with systemd
 - Misc compiler warning fixes
 - Replace invocation of insmod with direct syscalls
 - Refactor API to separate interactive sandbox functionality
   from base class & service sandbox functionality
 - Rewrite host/guest I/O handling to separate stdout from
   stderr correctly, improve reliability of startup/shutdown
   handshakes and propagate exit status back to host
 - Exec away the first hypervisor specific init process,
   so generic init process get PID 1
 - Turn on reboot-on-panic in KVM to ensure guest exists on
   fatal problems

282 283 284

0.0.2 - "Blue Desert" - 2012-01-12
----------------------------------
285 286 287 288 289 290 291

 - Add ability to attach to an existing sandbox
 - Update to require libvirt-gobject 0.0.4
 - Add ability to run privileged apps
 - Add support for an admin debug shell
 - Switch to use /etc/libvirt-sandbox/scratch for config

292 293 294

0.0.1 - "Tatti Desert" - 2012-01-11
-----------------------------------
295 296

 - First release