Skip to content

Releases: containers/crun

0.10

01 Oct 15:56
0.10
d53f1bd
Compare
Choose a tag to compare
  • support for AppArmor
  • fix for CVE-2019-16884, make sure writes to /proc for the SELinux and AppArmor labels are on procfs
  • exec supports --preserve-fds
  • seccomp: fix lookup for pseudo syscalls, seccomp now works fine on non native archs
  • cgroup: ignore rootless errors if manager != systemd
  • error: always write errors to stderr
  • chroot: follow symlinks for the last component
  • set $HOME if it is not already defined

0.9.1

13 Sep 14:20
0.9.1
c42ae79
Compare
Choose a tag to compare
  • fix an issue with tmpcopyup that didn't work correctly with symlinks
  • create a new cgroup namespace before mounting the cgroup file system, so that it uses the correct namespace

0.9

11 Sep 21:24
0.9
beda2c3
Compare
Choose a tag to compare
0.9
  • fix exec into containers running systemd on cgroups v2
  • kill: honor --all
  • kill: when not using a PID namespace, use the freezer controller to prevent the container forking new processes
  • linux: handle tmpcopyup option to copy files from the rootfs to the new mounted tmpfs.
  • OCI: honor seccomp options. If not specified any seccomp option, now crun will default to using SECCOMP_FILTER_FLAG_SPEC_ALLOW|SECCOMP_FILTER_FLAG_LOG when using the seccomp(2) syscall.

0.8

19 Aug 13:09
0.8
d098caf
Compare
Choose a tag to compare
0.8
  • executable lookup. Now create fails immediately if the specified executable doesn't exist
  • subreaper enabled only when crun is attached
  • fix notify socket when used from create and prevent it hanging indefinitely when the container exits
  • correctly write cpu controller resources when using cgroups v2
  • support for the freezer controller when using cgroups v2
  • honor unspecified minor/major number for devices when using cgroups v2
  • reintroduce --no-pivot
  • do not add a cgroup path again if it was already specified in the OCI configuration

0.7

18 Jul 12:08
0.7
84884c5
Compare
Choose a tag to compare
0.7
  • support devices on cgroups v2 using eBPF.
  • new option --cgroup-manager=MANAGER. Accepted values are cgroupfs, systemd and disabled.
  • can run without using cgroups also as root.
  • NOTIFY_SOCKET works also for containers created via create/start.
  • when using systemd, create the same name for the scope as runc does.

0.6

04 Jun 22:40
0.6
7dae21c
Compare
Choose a tag to compare
0.6
  • tty: set the size on the exec tty
  • cgroup: enable only the controllers needed
  • cgroup: in unified mode report the errors also for rootless
  • cgroup2: add support for the cpuset controller
  • linux: ignore tmpcopyup

0.5

23 Apr 20:11
0.5
1c36d4b
Compare
Choose a tag to compare
0.5
  • logging: support --log=syslog: and log=journald:
  • seccomp: if the syscall is not known, ignore it
  • container: move set oom before entering userns
  • status: always honor XDG_RUNTIME_DIR
  • linux: resolve symlinks in the target for bind mounts
  • fix all issues found by Coverity
  • pass Kubernetes e2e tests on Fedora with CRI-O.

v0.4

18 Mar 16:00
3f6480d
Compare
Choose a tag to compare

differences from v0.3:

  • partial support for cgroup v2 (cpu, io, memory, pids controllers)

  • pass all the OCI validation tests (https://github.com/opencontainers/runtime-tools)

  • implement --log-format. crun now works with containerd

  • fixed some issues that prevented crun to work on older kernels