Releases: containers/crun
Releases · containers/crun
0.10.5
- fix CVE-2019-18837
- fix running on CentOS/RHEL 8
- report errors opening the console socket
- not leave config.json around if the container could not be created
0.10.4
0.10.3
0.10.2
0.10.1
0.10
- support for AppArmor
- fix for CVE-2019-16884, make sure writes to /proc for the SELinux and AppArmor labels are on procfs
- exec supports --preserve-fds
- seccomp: fix lookup for pseudo syscalls, seccomp now works fine on non native archs
- cgroup: ignore rootless errors if manager != systemd
- error: always write errors to stderr
- chroot: follow symlinks for the last component
- set $HOME if it is not already defined
0.9.1
0.9
- fix exec into containers running systemd on cgroups v2
- kill: honor --all
- kill: when not using a PID namespace, use the freezer controller to prevent the container forking new processes
- linux: handle tmpcopyup option to copy files from the rootfs to the new mounted tmpfs.
- OCI: honor seccomp options. If not specified any seccomp option, now crun will default to using SECCOMP_FILTER_FLAG_SPEC_ALLOW|SECCOMP_FILTER_FLAG_LOG when using the seccomp(2) syscall.
0.8
- executable lookup. Now create fails immediately if the specified executable doesn't exist
- subreaper enabled only when crun is attached
- fix notify socket when used from create and prevent it hanging indefinitely when the container exits
- correctly write cpu controller resources when using cgroups v2
- support for the freezer controller when using cgroups v2
- honor unspecified minor/major number for devices when using cgroups v2
- reintroduce --no-pivot
- do not add a cgroup path again if it was already specified in the OCI configuration
0.7
- support devices on cgroups v2 using eBPF.
- new option --cgroup-manager=MANAGER. Accepted values are
cgroupfs
,systemd
anddisabled
. - can run without using cgroups also as root.
NOTIFY_SOCKET
works also for containers created via create/start.- when using systemd, create the same name for the scope as runc does.