Features:
+ {create,run}: add --no-new-keyring flag so that a new session keyring
is not created for the container and the calling process's keyring is
inherited.
+ restore: add --empty-ns flag to tell CRIU to only create a network
namespace for a container and not populate it (allowing higher levels
to correctly handle re-creating the network namespace).
+ {create,start}: use a FIFO rather than signals to signal the starting
of a container. This removes the Go version restriction, and also
avoids potential issues with Go's signal handling.
+ exec: allow additional groups to be overridden.
+ delete: add --force flag.
- exec: disable the subreaper option entirely, because the option
causes many issues with reparenting in the context of containers.
This is not a complete fix, which is intended to land for -rc3. Using
the removed option will be silently ignored by runC.
+ {create,run}: add support for masking directories with MaskPaths.
+ delete: allow for the deletion of multiple containers in one cmdline.
+ build: add `make release` for distributions.
Fixes:
* Major improvements and fixes to CLI handling. Now commands like
`runc ps` and `runc exec` will act sanely when you're trying to use
flags that are not meant to be parsed by runC.
* Set the cp.rt_* cgroup options correctly so that runC running in
SCHED_RR (realtime) mode can operate properly.
* Massive improvements to kmem limit detection to ensure that we only
attempt to change memory.kmem.* if it is safe to do so.
* Part of a major cleanup of the nsenter code, with more intended to
land before -rc3.
* Restored containers now have a start time, which is the time that the
new container was started (not when the original container was
started).
* Fix the default cgroupPath behaviour, so that we actually attach to
subcgroups of all of the caller's current cgroups (rather than using
the devices cgroup path for all other cgroups)
+ Support 32bit UIDs on i386 with the setuid32(2) syscall.
+ Add /proc/timer_list to the set of default masked paths.
- Do not create /dev/fuse by default.
* Parse cgroupPath correctly if it contains ':'.
* Add some more debugging information for the test suite, along with
fixes for race conditions and other issues. In addition, add more
integration tests for edge conditions.
* Improve check-config.sh script to handle more cases.
* Fix incorrect type when setting of net_cls classid.
* Lots of fixes to help pages and man pages.
+ *: append -dirty to the version if the git repo is unclean.
* Fix the JSON tags for CpuRt* options.
* Cleanups to the rootfs setup code.
* Improve error messages related to SELinux.
Thanks to all of the contributors that made this release possible:
* Akihiro Suda <[email protected]>
* Aleksa Sarai <[email protected]>
* Alexander Morozov <[email protected]>
* Andrew Vagin <[email protected]>
* Ben <[email protected]>
* Buddha Prakash <[email protected]>
* Carl Henrik Lunde <[email protected]>
* Christian Brauner <[email protected]>
* Dam Thomason <[email protected]>
* Dan Walsh <[email protected]>
* Daniel, Dao Quang Minh <[email protected]>
* Davanum Srinivas <[email protected]>
* Euan Kemp <[email protected]>
* Guilherme Rezende <[email protected]>
* Haiyan Meng <[email protected]>
* Hushan Jia <[email protected]>
* Jiuyue Ma <[email protected]>
* Johnny Bieren <[email protected]>
* Jonathan Boulle <[email protected]>
* Justin Cormack <[email protected]>
* Kenfe-Mickael Laventure <[email protected]>
* Michael Crosby <[email protected]>
* Mike Brown <[email protected]>
* Mrunal Patel <[email protected]>
* Peng Gao <[email protected]>
* Petar Petrov <[email protected]>
* Phil Estes <[email protected]>
* Qiang Huang <[email protected]>
* Serge Hallyn <[email protected]>
* Seth Jennings <[email protected]>
* Shukui Yang <[email protected]>
* Tristan Cacqueray <[email protected]>
* Vishnu kannan <[email protected]>
* Wang Long <[email protected]>
* Yang Hongyang <[email protected]>
* Yen-Lin Chen <[email protected]>
* Yuanhong Peng <[email protected]>
* Zhang Wei <[email protected]>
* Zhao Lei <[email protected]>
* rajasec <[email protected]>
* xiekeyang <[email protected]>
