Skip to content

0.20
Compare
Choose a tag to compare
@giuseppe giuseppe released this 01 Jun 19:01
0.20
This tag was signed with the committer’s verified signature.
giuseppe Giuseppe Scrivano
GPG key ID: E4730F97F60286ED
Learn about vigilant mode.
0d42f11
This commit was signed with the committer’s verified signature.
giuseppe Giuseppe Scrivano
GPG key ID: E4730F97F60286ED
Learn about vigilant mode.
  • container: call prestart hooks before rootfs is RO.
  • cgroup: added support cleaning custom controllers on cgroupv1.
  • spec: add support for --bundle.
  • exec: add --no-new-privs.
  • exec: add --process-label and --apparmor to change SELinux and AppArmor labels.
  • cgroup: kill procs in cgroup on EBUSY.
  • cgroup: ignore devices errors when running in a user namespace.
  • seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
  • seccomp: report correct action in error message.
  • apply SELinux label to keyring.
  • add custom annotation run.oci.delegate-cgroup.
  • close_range fallbacks to close on EPERM.
  • report error if the cgroup path was set and the cgroup could not be joined.
Assets 14
Loading