Releases: containers/crun
Releases · containers/crun
0.10
- support for AppArmor
- fix for CVE-2019-16884, make sure writes to /proc for the SELinux and AppArmor labels are on procfs
- exec supports --preserve-fds
- seccomp: fix lookup for pseudo syscalls, seccomp now works fine on non native archs
- cgroup: ignore rootless errors if manager != systemd
- error: always write errors to stderr
- chroot: follow symlinks for the last component
- set $HOME if it is not already defined
0.9.1
0.9
- fix exec into containers running systemd on cgroups v2
- kill: honor --all
- kill: when not using a PID namespace, use the freezer controller to prevent the container forking new processes
- linux: handle tmpcopyup option to copy files from the rootfs to the new mounted tmpfs.
- OCI: honor seccomp options. If not specified any seccomp option, now crun will default to using SECCOMP_FILTER_FLAG_SPEC_ALLOW|SECCOMP_FILTER_FLAG_LOG when using the seccomp(2) syscall.
0.8
- executable lookup. Now create fails immediately if the specified executable doesn't exist
- subreaper enabled only when crun is attached
- fix notify socket when used from create and prevent it hanging indefinitely when the container exits
- correctly write cpu controller resources when using cgroups v2
- support for the freezer controller when using cgroups v2
- honor unspecified minor/major number for devices when using cgroups v2
- reintroduce --no-pivot
- do not add a cgroup path again if it was already specified in the OCI configuration
0.7
- support devices on cgroups v2 using eBPF.
- new option --cgroup-manager=MANAGER. Accepted values are
cgroupfs
,systemd
anddisabled
. - can run without using cgroups also as root.
NOTIFY_SOCKET
works also for containers created via create/start.- when using systemd, create the same name for the scope as runc does.
0.6
0.5
- logging: support --log=syslog: and log=journald:
- seccomp: if the syscall is not known, ignore it
- container: move set oom before entering userns
- status: always honor XDG_RUNTIME_DIR
- linux: resolve symlinks in the target for bind mounts
- fix all issues found by Coverity
- pass Kubernetes e2e tests on Fedora with CRI-O.
v0.4
differences from v0.3:
-
partial support for cgroup v2 (cpu, io, memory, pids controllers)
-
pass all the OCI validation tests (https://github.com/opencontainers/runtime-tools)
-
implement
--log-format
. crun now works with containerd -
fixed some issues that prevented crun to work on older kernels