| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Fixes: ad0aa1b2fc64e8 ("crun: update to 1.7.2")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes compilation problems with glibc 2.36.
Full changelog:
* crun-1.6
- runc compatibility: -v now prints the version string.
- build: fix build with glibc 2.36.
- container: drop intermediate userns custom feature.
- cgroup: change the delegate cgroup semantic so that the cgroup is
created in the container payload after the cgroup namespace is created.
- seccomp: use helper process to send file descriptor to the listener
socket. It enables to be notified on every syscall without hanging
the main process.
- linux: add a fallback to using kill(2) if pidfd_send_signal(2) fails
with ENOSYS.
- krun: add support for krun-sev.
- wasmtime: always grant file system capability for workdir inside the container.
- wasmtime: inherit arguments list from the handler instead of the current process.
- wasmedge: use released wasmedge library instead of libwasmedge_c.so.
* crun-1.5
- add mono based native .NET handler
- new Wasmtime backend for running WebAssembly
- add support for wasmedge 0.10 and dropping support for wasmedge 0.9.x
- dropping support for experimental `WasmEdgeProcess` from wasmedge handler
- honor process user's uid when setting the HOME environment variable
- create the current working directory if it is missing in the container
- fallback to using a tmpfs mount if umount of /sys and /proc fails
- fallback to netlink to setup lo device
- fix creating devices in the rootfs
- fallback to using io.weight if io.bfq.weight doesn't exist
- remove tun/tap from the default allow list
- linux: devices mounts have noexec and nosuid
- fix copyup of files from the container to the tmpfs
- honor $PATH for newgidmap and newguidmap
- krun: limit the number of vCPUs to 8
- cgroup: add support for cpu.idle
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
- CRIU: add support for different manage cgroups modes.
- the hook processes inherit the crun process environment if there is no environment block specified in the OCI configuration.
- exec: fix double free when using --apparmor and --process-label.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
release notes:
0.20.1
- container: ignore error when resetting the SELinux label for the keyring.
0.21
- when compiled with krun, automatically use it if the current executable file is called "krun"
- cgroup: lookup pids controller as well when the memory controller is not available
- status: add fields for owner and created timestamp
- honor memory swappiness set to 0
1.0
- Fix symlink target mangling for tmpcopyup targets.
- Makefile.am: fix link error when using directly libcrun.
- cgroup: add support for setting memory.use_hierarchy on cgroup v1.
- linux: treat pidfd_open failures EINVAL as ESRCH.
- cgroup: chown the current container cgroup to root in the container.
1.1
- utils: retry openat2 on EAGAIN. If the openat2 syscall is interrupted, try again.
- criu: fix save of external descriptors. Now restored containers attach correctly their standard streams.
- criu: Add support for external PID namespace.
- container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing.
- exec: refuse to exec in a paused container/cgroup.
- cgroup: use cgroup.kill when available. It is faster to kill a container through its cgroup as there is no need to recurse over the cgroup pids and terminate each one of them.
1.2
- criu: add support for external ipc, uts and time namespaces.
- exec: fix regression in 1.1 where containers are being wrongly reported as paused.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
|
|
|
| |
The package needs libseccomp, which does not currently support arc.
In order to avoid a circular dependency, we must avoid arc here as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
crun is the prefered container run-time of podman, it's faster than
runc and has a much lower memory footprint.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|