Skip to content

Releases: containers/crun

1.19.1

17 Dec 20:52
1.19.1
3e32a70
Compare
Choose a tag to compare
  • linux: fix a hang if there are no reads from the tty. Use non blocking sockets to read and write from the tty so that the "crun exec" process doesn't hang when the terminal is not consuming any data.
  • linux: remove the workaround needed to mount a cgroup on top of another cgroup mount. The workaround had the disadvantage to temporarily leak a mount on the host. The alternative that is currently used is to mount a temporary tmpfs between the twoo cgroup mounts.

1.19

06 Dec 14:47
1.19
db31c42
Compare
Choose a tag to compare
  • wasm: add new handler wamr.
  • criu: allow passing network lock method to libcriu.
  • linux: honor exec cpu affinity mask.
  • build: fix build with musl libc.
  • crun: use mount API to self-clone.
  • cgroup, systemd: do not override devices on update. If the "update" request has no device block configured, do not reset the previously configuration.
  • cgroup: handle case where cgroup v1 freezer is disabled. On systems without the freezer controller, containers were mistakenly reported as paused.
  • cgroup: do not stop process on exec. The cpu mask is configured on the systemd scope, the previous workaround to stop the container until the cgroup is fully configured is no longer needed.

1.18.2

31 Oct 16:41
1.18.2
00ab38a
Compare
Choose a tag to compare
  • cgroup, systemd: fix a regression when a configuration file includes only one default rule.

1.18.1

30 Oct 11:03
1.18.1
c41f034
Compare
Choose a tag to compare
  • cgroup: deprecate cgroup v1.
  • cgroup: fix regression setting up the devices cgroup on cgroup v1.
  • cgroup: fix regression and work again with the default Docker devices configuration on systemd.
  • linux: fix setting up user namespace when newuidmap/newgidmap are not available.

1.18

22 Oct 13:01
1.18
8656b25
Compare
Choose a tag to compare
  • cgroup: support running without a sub-cgroup with systemd. Use the d-bus API to set the container limits on the systemd scope itself. It allows running without a sub-cgroup when the systemd driver is used, the run.oci.systemd.subgroup annotation controls it. For now, a sub-cgroup is still created, but it might be changed in future.
  • cgroup: add support for the misc controller.
  • linux: fix running on kernel without user namespaces.
  • criu, restore: add lsm-profile option.
  • criu, restore: add lsm-mount-context option.
  • linux: add duplicate namespace detection.

1.17

09 Sep 13:40
1.17
000fa0d
Compare
Choose a tag to compare
  • Add --log-level option. It accepts error, warning and error.
  • Add debug logs for container creation.
  • Fix double-free in crun exec code that could lead to a crash.
  • Allow passing an ID to the journald log driver.
  • Report "executable not found" errors after tty has been setup.
  • Do not treat EPIPE from hooks as an error.
  • Make sure DefaultDependencies is correctly set in the systemd scope.
  • Improve the error message when the container process is not found.
  • Improve error handling for the mnt namespace restoration.
  • Fix error handling for getpwuid_r, recvfrom and libcrun_kill_linux.
  • Fix handling of device paths with trailing slashes.

1.16.1

13 Aug 15:09
1.16.1
afa829c
Compare
Choose a tag to compare
  • fix a regression introduced by 1.16 where using 'rshared' rootfs mount propagation and the rootfs itself is a mountpoint.
  • inherit user from original process on exec, if not overridden.

1.16

07 Aug 12:38
1.16
2dc1598
Compare
Choose a tag to compare
  • build: fix build for s390x.
  • linux: fix mount of special files with rro. Open the mount target with O_PATH to prevent open(2) failures with special files like FIFOs or UNIX sockets.
  • Fix sd-bus error handling for cpu quota and period props update.
  • container: use relative path for rootfs if possible. If the rootfs cannot be resolved and it is below the current working directory, only use its relative path.
  • wasmedge: access container environment variables for the WasmEdge configuration.
  • cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning for using an old configuration name.
  • cgroup, systemd: improve checks for sd_bus_message_append errors

1.15

02 May 11:49
1.15
e6eacaf
Compare
Choose a tag to compare

What's Changed

  • fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY.
  • linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run.
  • release: build s390x binaries using musl libc.
  • features: add support for potentiallyUnsafeConfigAnnotations.
  • handlers: add option to load wasi-nn plugin for wasmedge.
  • linux: fix "harden chdir()" security measure. The previous check was not correct.
  • crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits.

New Contributors

Full Changelog: 1.14.4...1.15

1.14.4

29 Feb 17:45
1.14.4
a220ca6
Compare
Choose a tag to compare
  • linux: fix mount of file with recursive flags. Do not assume it is a directory, but check the source type.
  • new build for s390x