Releases: containers/crun
Releases · containers/crun
1.9.2
1.9.1
- utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink.
- build: fix build on CentOS 7
- linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed.
- utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory.
1.9
- linux: support arbitrary idmapped mounts. Now it is possible to specify a mapping for any type of mount, not only bind mounts.
- linux: add support for "ridmap" mount option to support recursive idmapped mounts.
- crun delete: call systemd's reset-failed. In case systemd cgroup driver is used, and the systemd unit has failed (e.g. oom-killed), systemd won't remove the unit (that is, unless the "CollectMode: inactive-or-failed" property is set).
- linux: fix check for oom_score_adj. Write the oom_score_adj file even when the new value is 0.
- features: Support mountExtensions.
- linux: correctly handle unknown signal string when it doesn't start with a digit.
- linux: do not attempt to join again already joined namespace.
- wasmer: use latest wasix API.
1.8.7
- linux: fix a race condition when an exec was performed immediately after the start and the setns with the procfd failed.
- features: Fix annotations formatting.
- linux: do not write some errors twice.
- libcrun: handle SIGWINCH by resizing the terminal file descriptor.
1.8.6
- crun: new command "crun features".
- linux: fix handling of idmapped mounts when the container joins an existing PID namespace.
- linux: support io_priority from the OCI specs.
- linux: handle correctly the case where the status file is not written yet for a container.
- crun: fix segfault for "ps" when the container is not using cgroups.
- cgroup: allow setting swap to 0.
1.8.5
- scheduler: use definition from the OCI configuration file instead of the custom label that is now dropped and not supported anymore.
- cgroup: fix creating cgroup under "domain threaded".
- cgroup, systemd: set the memory limit on the system scope.
- restore tty settings from the correct file descriptor. It was previously restoring the settings from the wrong file descriptor causing the tty settings to be changed on the calling terminal.
- criu: check if the criu_join_ns_add function exists. Fix a segfault with new versions of CRIU.
- linux: do not precreate devs with euid > 0. Fix creating devices when running the OCI runtime as non root user.
- linux: improve PID detection on systems that lack pidfd. While there is still a window of time that the PID could be recycled, now it is now reduced to a minimum.
- criu: fix memory leak.
- logging: improve error message when dlopen fails.
1.8.4
- fix build on CentOS 7.
- drop custom annotation to set the time namespace and use the OCI specs instead.
- cgroup: workaround cpu quota/period issue with v1. Sometimes setting CPU quota period fails when a new period is lower, and a parent cgroup has CPU quota limit set.
- cgroup: fix set quota to -1 on cgroup v1.
- criu: drop loading unused functions.
1.8.3
1.8.2
- lua bindings for libcrun.
- wasmedge: add current directory to preopen paths.
- linux: inherit parent mount flags when making a path masked.
- libcrun: custom annotation to set the scheduler for the container process.
- cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1.
- cgroup: initialize rt limits when using systemd.
- tty: chown the tty to the exec user instead of the user specified to create the container.
- cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup.
1.8.1
- linux: idmapped mounts expect the same configuration as the user namespace mappings. Before they were expecting the inverted
mapping. It is a breaking change, but the behavior was aligned to what runc will do as well. - krun: always allow /dev/kvm in the cgroup configuration.
- handlers: disable exec for handlers that do not support it.
- selinux: allow setting fscontext using a custom annotation.
- cgroup: reset systemd unit if start fails.
- cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
- cgroup: always delete the cgroup on errors. On some errors it could have been leaked before.