SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for crun-1.8.6-bp156.1.9.x86_64.rpm :

* Mon Aug 14 2023 Danish Prakash - Update to 1.8.6:
* crun: new command \"crun features\".
* linux: fix handling of idmapped mounts when the container joins an existing PID namespace.
* linux: support io_priority from the OCI specs.
* linux: handle correctly the case where the status file is not written yet for a container.
* crun: fix segfault for \"ps\" when the container is not using cgroups.
* cgroup: allow setting swap to 0.
* Wed Jun 14 2023 Frederic Crozat - Update to 1.8.5:
* scheduler: use definition from the OCI configuration file instead of the custom label that is now dropped and not supported anymore.
* cgroup: fix creating cgroup under \"domain threaded\".
* cgroup, systemd: set the memory limit on the system scope.
* restore tty settings from the correct file descriptor. It was previously restoring the settings from the wrong file descriptor causing the tty settings to be changed on the calling terminal.
* criu: check if the criu_join_ns_add function exists. Fix a segfault with new versions of CRIU.
* linux: do not precreate devs with euid > 0. Fix creating devices when running the OCI runtime as non root user.
* linux: improve PID detection on systems that lack pidfd. While there is still a window of time that the PID could be recycled, now it is now reduced to a minimum.
* criu: fix memory leak.
* logging: improve error message when dlopen fails.- Changes from 1.8.4:
* drop custom annotation to set the time namespace and use the OCI specs instead.
* cgroup: workaround cpu quota/period issue with v1. Sometimes setting CPU quota period fails when a new period is lower, and a parent cgroup has CPU quota limit set.
* cgroup: fix set quota to -1 on cgroup v1.
* criu: drop loading unused functions.
* Tue Mar 28 2023 Dirk Müller - update to 1.8.3:
* update: initialize the rt limits only on cgroup v1.
* lua bindings for libcrun.
* wasmedge: add current directory to preopen paths.
* linux: inherit parent mount flags when making a path masked.
* libcrun: custom annotation to set the scheduler for the container process.
* cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1.
* cgroup: initialize rt limits when using systemd.
* tty: chown the tty to the exec user instead of the user specified to create the container.
* cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup.- add keyring for GPG validation
* Tue Feb 28 2023 Niels Abspoel - Update to 1.8.1
* linux: idmapped mounts expect the same configuration as the user namespace mappings. Before they were expecting the inverted mapping. It is a breaking change, but the behavior was aligned to what runc will do as well.
* krun: always allow /dev/kvm in the cgroup configuration.
* handlers: disable exec for handlers that do not support it.
* selinux: allow setting fscontext using a custom annotation.
* cgroup: reset systemd unit if start fails.
* cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
* cgroup: always delete the cgroup on errors. On some errors it could have been leaked before.- changes from 1.8
* linux: precreate devices on the host.
* cgroup: support cpuset mounted with noprefix.
* linux: mount the source cgroup if cgroupns=host.
* libcrun: don\'t clone self from read-only mount.
* build: fix build without dlfcn.h.
* linux: set PR_SET_DUMPABLE.
* utils: fix applying AppArmor profile.
* linux: write setgroups=deny when mapping a single uid/gid.
* cgroup: fix enter cgroupv1 mount on RHEL 7.
* Wed Dec 07 2022 Frederic Crozat - Update to 1.7.2:
* criu: hardcode library name to libcriu.so.2.
* cgroup: always enable all controllers, even if the cgroup was already joined. Regression caused by crun-1.7.- Changes from 1.7.1:
* criu: load libcriu dynamically.
* seccomp: initialize libgcrypt.
* handlers: fix rewriting the argv if the full cmdline doesn\'t fit.
* utils: honor SELinux label when using a custom handler.
* utils: honor AppArmor label when using a custom handler.
* krun: copy the OCI configuration file into the container.
* utils: fix creating the default user namespace when running with euid != 0.
* Add setlinebuf() when --debug and --log=file: are used.
* Fix timestamp format in the error messages.
* krun: disable libkrun\'s collection of env vars.- Changes from 1.7:
* seccomp: use a cache for the generated BPF.
* add support for setting the domainname through the OCI spec.
* handlers: define wasm and krun.
* wasmtime: add support for compiling .wat format.
* cgroup: honor checkBeforeUpdate on cgroupv2.
* crun: chown std streams before joining the user namespace.
* crun: display rundir in --version output.
* container: with cgroupfs use clone3 to join directly the target cgroup.
* linux: create parent directories for created devices with mode 0755.
* wasm: inherit environment variables in the WasmEdge handler.
* Fri Sep 30 2022 Dario Faggioli - Update the libkrun dependency to the new libkrun1 library and devel package
* Thu Sep 29 2022 Dario Faggioli - Update to 1.6
* runc compatibility: -v now prints the version string.
* build: fix build with glibc 2.36.
* container: drop intermediate userns custom feature.
* cgroup: change the delegate cgroup semantic so that the cgroup is created in the container payload after the cgroup namespace is created.
* seccomp: use helper process to send file descriptor to the listener socket. It enables to be notified on every syscall without hanging the main process.
* linux: add a fallback to using kill(2) if pidfd_send_signal(2) fails with ENOSYS.
* krun: add support for krun-sev.
* wasmtime: always grant file system capability for workdir inside the container.
* wasmtime: inherit arguments list from the handler instead of the current process.
* wasmedge: use released wasmedge library instead of libwasmedge_c.so.- Update to 1.5
* add mono based native .NET handler
* new Wasmtime backend for running WebAssembly
* add support for wasmedge 0.10 and dropping support for wasmedge 0.9.x
* dropping support for experimental WasmEdgeProcess from wasmedge handler
* honor process user\'s uid when setting the HOME environment variable
* create the current working directory if it is missing in the container
* fallback to using a tmpfs mount if umount of /sys and /proc fails
* fallback to netlink to setup lo device
* fix creating devices in the rootfs
* fallback to using io.weight if io.bfq.weight doesn\'t exist
* remove tun/tap from the default allow list
* linux: devices mounts have noexec and nosuid
* fix copyup of files from the container to the tmpfs
* honor $PATH for newgidmap and newguidmap
* krun: limit the number of vCPUs to 8
* cgroup: add support for cpu.idle
* Mon May 09 2022 Frederic Crozat - Update to 1.4.5: + CRIU: add support for different manage cgroups modes. + linux: the hook processes inherit the crun process environment if there is no environment block specified in the OCI configuration. ° exec: fix double free when using --apparmor and - -process-label.
* Tue Apr 12 2022 Dario Faggioli - It\'d be nice to run the test suite with %check. It however, still does not work properly inside OBS workers. Add it commented and explain it
* Tue Apr 12 2022 Dario Faggioli - switch to latest upstream version (1.4.4)- big jump from 0.21! Here\'s a short summary, for details, see: https://github.com/containers/crun/releases
* 1.4.4 wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars Resolve symlinks in bind mounts when creating a user namespace. Fix CVE-2022-27650: exec does not set inheritable capabilities.
* 1.4.3 cgroup: avoid potential infinite loop when deleting a cgroup. support additional options for idmap mounts. open the source for a bind mount in the host.
* 1.4.2 CRIU: add pre-dump support. Fix running with a read-only /dev. Ignore EROFS when chowning standard stream files. Add validation for sysctls before applying them.
* 1.4.1 Fix check for an invalid path. Allow deleting a container while in created state. cgroup: do not set cpu limits if number of shares is set to 0.
* 1.4 wasm: support for running on kubernetes with containerd. linux: add support for recursive mount options. add support for idmapped mounts through a new mount option \"idmap\". linux: improve detection of /dev target. now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. retry the openat2 syscall if it fails with EAGAIN. cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. on new kernels, use setns with pidfd. attempt the chdir again with the specified user if it failed before changing credentials.
* 1.3 add support to natively build and run WebAssembly workload and WebAssembly containers. allow to specify sub-cgroup for exec. chown std streams if they are not a TTY. attach the correct streams if the container is suspended and restored multiple times. fix race condition when enabling controllers on cgroup v2.
* 1.2 exec: fix regression in 1.1 where containers are being wrongly reported as paused. criu: add support for external ipc, uts and time namespaces.
* 1.1 cgroup: use cgroup.kill when available. exec: refuse to exec in a paused container/cgroup. container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. criu: Add support for external PID namespace. criu: fix save of external descriptors. utils: retry openat2 on EAGAIN.
* 1.0 cgroup: chown the current container cgroup to root in the container. linux: treat pidfd_open failures EINVAL as ESRCH. cgroup: add support for setting memory.use_hierarchy on cgroup v1. Makefile.am: fix link error when using directly libcrun. Fix symlink target mangling for tmpcopyup targets.- fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself)- update and fixup dependencies
* Tue Nov 02 2021 Dario Faggioli - Add libprotobuf-c-devel as an explicit dependency, for fixing the build;- Get rid of rpmlintrc, as it\'s no longer needed.
* Mon Aug 23 2021 Dario Faggioli - make libkrun support conditional, so we can have crun (without libkrun, of course) on all arches, which may help with bsc#1188914.
* Fri Aug 06 2021 Frederic Crozat - Drop libkrun-dlopen.patch and adapt to libkrun new package name, it is a plugin, not a regular shared library.
* Fri Aug 06 2021 Frederic Crozat - Add libkrun-dlopen.patch: use soname when dlopening libkrun.
* Wed Jul 28 2021 Paolo Stivanin - Update to 0.21 - honor memory swappiness set to 0 - status: add fields for owner and created timestamp - cgroup: lookup pids controller as well when the memory controller is not available - when compiled with krun, automatically use it if the current executable file is called \"krun\". - container: ignore error when resetting the SELinux label for the keyring. - container: call prestart hooks before rootfs is RO. - cgroup: added support cleaning custom controllers on cgroupv1. - spec: add support for --bundle. - exec: add --no-new-privs. - exec: add --process-label and --apparmor to change SELinux and AppArmor labels. - cgroup: kill procs in cgroup on EBUSY. - cgroup: ignore devices errors when running in a user namespace. - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default. - seccomp: report correct action in error message. - apply SELinux label to keyring. - add custom annotation run.oci.delegate-cgroup. - close_range fallbacks to close on EPERM. - report error if the cgroup path was set and the cgroup could not be joined. - on exec, honor additional_gids from the process spec, not the container definition. - spec: add cgroup ns if on cgroup v2. - systemd: support array of strings for cgroup annotation. - join all the cgroup v1 controllers. - raise a warning when newuidmap/newgidmap fail. - handle eBPF access(dev_name, F_OK) call correctly. - fix some memory leaks on errors when libcrun is used by a long running process. - fix the SELinux label for masked directories. - support default seccomp errno value. - fail if no default seccomp action specified. - support OCI seccomp notify listener. - improve OOM error messages. - ignore unknown capabilities and raise a warning. - always remount bind mounts to drop not requested mount flags.
* Tue Mar 23 2021 Dario Faggioli - Add a mention to crun-rpmlintrc in the spec file
* Fri Mar 19 2021 Dario Faggioli - Since we\'re building with libkrun support, let\'s enable only the arch-es for which we do have libkrun
* Sat Mar 13 2021 Dario Faggioli - Suppress the (false positive) rpmlint warning
* Sat Mar 13 2021 Dario Faggioli - Some fixes to the spec file (add some %doc, remove unused macros, etc)
* Thu Mar 11 2021 Dario Faggioli - Initial package for 0.18 Based on the package by Giuseppe Scrivano
 
ICM