Tags: kolyshkin/runc
Tags
v1.0.2 -- "Given the right lever, you can move a planet." This is a second stable release in 1.0 branch, fixing a few medium and high priority issues, including one that affects Kubernetes' usage of runc's libcontainer. Bugfixes: * Fixed a failure to set CPU quota period in some cases on cgroup v1. (opencontainers#3115) * Fixed the inability to start a container with the "adding seccomp filter rule for syscall ..." error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. (opencontainers#3129) * Made release builds reproducible from now on. (opencontainers#3142) * Fixed a rare debug log race in runc init, which can result in occasional harmful "failed to decode ..." errors from runc run or exec. (opencontainers#3130) * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. (opencontainers#3167) Thanks to all of the contributors who made this release possible: * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Mrunal Patel <mrunal@me.com> * Odin Ugedal <odin@uged.al> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.1 -- "If in doubt, Meriadoc, always follow your nose." This is the first stable release in the 1.0 branch, fixing a few medium and high priority issues with runc 1.0.0, including a few that affect Kubernetes' usage of libcontainer. Bugfixes: * Fixed occasional runc exec/run failure ("interrupted system call") on an Azure volume. (opencontainers#3074) * Fixed "unable to find groups ... token too long" error with /etc/group containing lines longer than 64K characters. (opencontainers#3079) * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). (opencontainers#3085) * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. (opencontainers#3087) * cgroup/systemd/v2: don't freeze cgroup on Set. (opencontainers#3092) * cgroup/systemd/v1: avoid unnecessary freeze on Set. (opencontainers#3093) Thanks to all of the contributors who made this release possible: * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Maksim An <maksiman@microsoft.com> * Mrunal Patel <mrunal@me.com> * Odin Ugedal <odin@uged.al> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0 -- "A wizard is never late, nor is he early, he arrives precis… …ely when he means to." This release fixes a few bugs found (almost all related to cgroupv2 handling), and is the first non-rc release of runc in 5 years (v1.0.0-rc1 was released in 2016). It's been a very long road, and we thank the many contributors and maintainers that helped us get to this point (approximately 422 people in total). As runc follows Semantic Versioning, we will endeavor to not make any breaking changes without bumping the major version number of runc. However, it should be noted that Go API usage of runc's internal implementation (libcontainer) is *not* covered by this policy -- for historical reasons, this code was not moved into an "internal" package (this feature did not exist in Go at the time) and because certain projects currently depend on this, we have not yet moved this code into an internal package. Despite this, we reserve the right to make breaking changes in our Go APIs (though we will note such changes in our changelog, and will try to avoid needless disruption if possible). Breaking changes: * Removed libcontainer/configs.Device* identifiers (deprecated since rc94, use libcontainer/devices) (opencontainers#2999) * Removed libcontainer/system.RunningInUserNS function (deprecated since rc94, use libcontainer/userns) (opencontainers#2999) Deprecations: * The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). (opencontainers#2917, opencontainers#3004) Bugfixes: * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix `runc update` and avoid leaking eBPF programs (resulting in errors when managing containers). (opencontainers#2951) * cgroupv2: correctly convert "number of IOs" statistics in a cgroupv1-compatible way. (opencontainers#2965, opencontainers#2967, opencontainers#2968, opencontainers#2964) * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. (opencontainers#2955) * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94 * cgroups/systemd: fixed returning "unit already exists" error from a systemd cgroup manager (regression in rc94) (opencontainers#2997, opencontainers#2996) Improvements: * cgroupv2: support SkipDevices with systemd driver (opencontainers#2958, opencontainers#3019) * cgroup/systemd: return, not ignore, stop unit error from Destroy (opencontainers#2946) * Fix all golangci-lint failures. (opencontainers#2781, opencontainers#2962) * Make "runc --version" output sane even when built with `go get` or otherwise outside of our build scripts. (opencontainers#2962) * cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during `runc update`). (opencontainers#2994) * cgroup1: blkio: support BFQ weights. (opencontainers#3010) * cgroupv2: set per-device io weights if BFQ IO scheduler is available. (opencontainers#3022) Thanks to the following people who made this release possible: * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Antti Kervinen <antti.kervinen@intel.com> * Daniel, Dao Quang Minh <dqminh89@gmail.com> * Enrico Weigelt <info@metux.net> * Kir Kolyshkin <kolyshkin@gmail.com> * Michael Crosby <michael@thepasture.io> * Mrunal Patel <mrunal@me.com> * Peter Hunt <pehunt@redhat.com> * Qiang Huang <h.huangqiang@huawei.com> * Sebastiaan van Stijn <github@gone.nl> * Shiming Zhang <wzshiming@foxmail.com> * Yashpal Choudhary <yashpal.c1995@gmail.com> Vote: +5 -0 %2 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0-rc95 -- "Just when I thought I was out, they pull me back in." This release of runc contains a fix for CVE-2021-30465[1], and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). Aside from this security fix, only a few other changes were made since v1.0.0-rc94 (the only user-visible change was the addition of support for defaultErrnoRet in seccomp profiles). Thanks to the following people who made this release possible: * Aleksa Sarai <cyphar@cyphar.com> * Giuseppe Scrivano <gscrivan@redhat.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Mrunal Patel <mrunal@me.com> Due to the nature of this release, it didn't go through the normal public release procedure. However, this break from procedure was agreed upon on the security mailing list. [1]: GHSA-c3xm-pvg7-gh7r Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0-rc94 -- "Time is an illusion. Lunchtime doubly so." This release fixes several regressions found in v1.0.0-rc93. We recommend users update as soon as possible. This release includes the following notable changes: Potentially breaking changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. (opencontainers#2840) * libcontainer/cgroups: cgroup managers' `Set` now accept `configs.Resources` rather than `configs.Cgroups` (opencontainers#2906) * libcontainer/cgroups/systemd: reconnect and retry in case dbus connection is closed (after dbus restart) (opencontainers#2923) * libcontainer/cgroups/systemd: don't set limits in `Apply` (opencontainers#2814) Bugfixes: * seccomp: fix 32-bit compilation errors (regression in rc93, opencontainers#2783) * cgroupv2: blkio weight value conversion fix (opencontainers#2786) * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code (regression in rc93, opencontainers#2871) * runc start: fix "chdir to cwd: permission denied" for some setups (regression in rc93, opencontainers#2894) * s390: fix broken terminal (regression in rc93, opencontainers#2898) Improvements: * runc start/exec: better diagnostics when container limits are too low (opencontainers#2812) * runc start/exec: better cleanup after failed runc init (opencontainers#2855) * cgroupv1: improve freezing chances (opencontainers#2941, opencontainers#2918, opencontainers#2791) * cgroupv2: multiple GetStats improvements (opencontainers#2816, opencontainers#2873) * cgroupv2: fallback to setting io.weight if io.bfq.weight is not available (opencontainers#2820) * capabilities: WARN, not ERROR, for unknown / unavailable capabilities (opencontainers#2854) Thanks to the following people who made this release possible: * Adam Korcz <adam@adalogics.com> * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Ben Hutchings <ben.hutchings@essensium.com> * Danail Branekov <danailster@gmail.com> * Daniel Dao <dqminh89@gmail.com> * Enrico Weigelt <info@metux.net> * Iceber Gu <wei.cai-nat@daocloud.io> * Kenta Tada <Kenta.Tada@sony.com> * Kieron Browne <kbrowne@vmware.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Liang Zhou <zhoul110@chinatelecom.cn> * Liu Hua <weldonliu@tencent.com> * Mauricio Vásquez <mauricio@kinvolk.io> * Mrunal Patel <mrunal@me.com> * Odin Ugedal <odin@uged.al> * Peter Hunt <pehunt@redhat.com> * Qiang Huang <h.huangqiang@huawei.com> * Ryosuke Hanatsuka <hanatsuu@gmail.com> * Sascha Grunert <sgrunert@redhat.com> * Sebastiaan van Stijn <github@gone.nl> * Shengjing Zhu <zhsj@debian.org> * Shiming Zhang <wzshiming@foxmail.com> * Vasiliy Ulyanov <vulyanov@suse.de> Vote: +6 -0 !1 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0~rc93 -- "I never could get the hang of Thursdays." This is the last feature-rich RC release and we are in a feature-freeze until 1.0. 1.0.0~rc94 will be released in a few weeks with minimal bug fixes only, and 1.0.0 will be released soon afterwards. * runc's cgroupv2 support is no longer considered experimental. It is now believed to be fully ready for production deployments. In addition, runc's cgroup code has been improved: - The systemd cgroup driver has been improved to be more resilient and handle more systemd properties correctly. - We now make use of openat2(2) when possible to improve the security of cgroup operations (in future runc will be wholesale ported to libpathrs to get this protection in all codepaths). * runc's mountinfo parsing code has been reworked significantly, making container startup times significantly faster and less wasteful in general. * runc now has special handling for seccomp profiles to avoid making new syscalls unusable for glibc. This is done by installing a custom prefix to all seccomp filters which returns -ENOSYS for syscalls that are newer than any syscall in the profile (meaning they have a larger syscall number). This should not cause any regressions (because previously users would simply get -EPERM rather than -ENOSYS, and the rule applied above is the most conservative rule possible) but please report any regressions you find as a result of this change -- in particular, programs which have special fallback code that is only run in the case of -EPERM. * runc now supports the following new runtime-spec features: - The umask of a container can now be specified. - The new Linux 5.9 capabilities (CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE) are now supported. - The "unified" cgroup configuration option, which allows users to explicitly specify the limits based on the cgroup file names rather than abstracting them through OCI configuration. This is currently limited in scope to cgroupv2. * Various rootless containers improvements: - runc will no longer cause conflicts if a user specifies a custom device which conflicts with a user-configured device -- the user device takes precedence. - runc no longer panics if /sys/fs/cgroup is missing in rootless mode. * runc --root is now always treated as local to the current working directory. * The --no-pivot-root hardening was improved to handle nested mounts properly (please note that we still strongly recommend that users do not use --no-pivot-root -- it is still an insecure option). * A large number of code cleanliness and other various cleanups, including fairly large changes to our tests and CI to make them all run more efficiently. For packagers the following changes have been made which will have impact on your packaging of runc: * The "selinux" and "apparmor" buildtags have been removed, and now all runc builds will have SELinux and AppArmor support enabled. Note that "seccomp" is still optional (though we very highly recommend you enable it). * make install DESTDIR= now functions correctly. Thanks to the following people who made this release possible: * acetang <aceapril@126.com> * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Amim Knabben <amim.knabben@gmail.com> * An Long <aisk1988@gmail.com> * Aos Dabbagh <aosdab@gmail.com> * Ashok Pon Kumar <ashokponkumar@gmail.com> * Cesar Talledo <ctalledo@nestybox.com> * Chaitanya Bandi <kbandi@cs.stonybrook.edu> * Cory Bennett <cbennett@netflix.com> * Daniel J Walsh <dwalsh@redhat.com> * Eduardo Vega <edvegavalerio@gmail.com> * Feng Sun <loyou85@gmail.com> * Giuseppe Scrivano <gscrivan@redhat.com> * Jeff Zvier <zvier20@gmail.com> * Kenta Tada <Kenta.Tada@sony.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Manabu Sugimoto <Manabu.Sugimoto@sony.com> * Mauricio Vásquez <mauricio@kinvolk.io> * Michael Crosby <crosbymichael@gmail.com> * Mrunal Patel <mrunalp@gmail.com> * Paweł Szulik <pawel.szulik@intel.com> * Peter Hunt <pehunt@redhat.com> * Piotr Wagner <piotr.wagner@intel.com> * Sascha Grunert <sgrunert@suse.com> * SataQiu <1527062125@qq.com> * Sebastiaan van Stijn <github@gone.nl> * Shengjing Zhu <zhsj@debian.org> * Shukui Yang <keloyangsk@gmail.com> * wangtianxia <sometimesnaive@sjtu.edu.cn> * Wei Fu <fuweid89@gmail.com> * Xiaochen Shen <xiaochen.shen@intel.com> * Xiaodong Liu <liuxiaodong@loongson.cn> Vote: +6 -0 #1 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0~rc92 This release contains a hotfix to solve a regression in v1.0.0-rc91 that concerns Docker (this only affects Docker's vendoring of libcontainer, not the usage of runc as the runtime): * Fix helpers used by Docker to correctly handle symlinks in /dev (when running with --privileged containers). As well as some other improvements: * Updates to CRIU support. * Improvements to cgroupfs performance and correctness. Thanks to the following people who made this release possible: * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <cyphar@cyphar.com> * Daniel J Walsh <dwalsh@redhat.com> * Giuseppe Scrivano <gscrivan@redhat.com> * John Hwang <john.f.hwang@gmail.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Lokesh Mandvekar <lsm5@fedoraproject.org> * Mrunal Patel <mrunalp@gmail.com> * Sebastiaan van Stijn <github@gone.nl> * tjucoder <chinesecoder@foxmail.com> * Xiaodong Liu <liuxiaodong@loongson.cn> * Xiaoyu Zhang <mateuszhang@tencent.com> * zvier <zvier20@gmail.com> Vote: +4 -0 #3 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
v1.0.0-rc91 This is intended to be the second-last RC release, with -rc92 having very few large changes so that we can release runc 1.0 (at long last). * The long-awaited hooks changes have been merged into runc. This was one of the few remaining spec-related issues which were blocking us from releasing runc 1.0. Existing hook users will not be affected by this change, but runc now supports additional hooks that we expect users to migrate to eventually. The new hooks are: - createRuntime (replacement for the now-deprecated prestart) - createContainer - startContainer * A large amount of effort has been undertaken to support cgroupv2 within runc. The support is still considered experimental, but it is mostly functional at this point. Please report any bugs you find when running under cgroupv2-only systems. * A minor-severity security bug was fixed[1]. The devices list would be in allow-by-default mode from the outset, meaning that users would have to explicitly specify they wish to deny all device access at the beginning of the configuration. While this would normally be considered a high-severity vulnerability, all known users of runc had worked around this issue several years ago (hence why this fairly obvious bug was masked). In addition, the devices list code has been massively improved such that it will attempt to avoid causing spurrious errors in the container (such as while writing to /dev/null) when doing devices cgroup updates. * A security audit of runc was conducted in 2019, and the report PDF is now included in the runc repository. The previous release of runc has already addressed the security issues found in that report. Thanks to the following people who made this release possible: * Adrian Reber <areber@redhat.com> * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Alban Crequy <alban@kinvolk.io> * Aleksa Sarai <asarai@suse.de> * Alice Frosi <afrosi@de.ibm.com> * Amye Scavarda Perrin <amye@linuxfoundation.org> * Andrei Vagin <avagin@gmail.com> * Boris Popovschi <zyqsempai@mail.ru> * Brian Goff <cpuguy83@gmail.com> * Chris Aniszczyk <caniszczyk@gmail.com> * Danail Branekov <danailster@gmail.com> * Giuseppe Scrivano <gscrivan@redhat.com> * iwankgb <maciej.iwanowski@intel.com> * John Hwang <John.F.Hwang@gmail.com> * Katarzyna Kujawa <katarzyna.kujawa@intel.com> * Kenta Tada <Kenta.Tada@sony.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Kir Kolyshkin <kolyshkin@users.noreply.github.com> * Kohei Ota <kela@inductor.me> * l00397676 <lujingxiao@huawei.com> * Lifubang <lifubang@acmcoder.com> * Mario Nitchev <marionitchev@gmail.com> * Michael Crosby <crosbymichael@gmail.com> * Mrunal Patel <mrunalp@gmail.com> * Odin Ugedal <odin@ugedal.com> * Paweł Szulik <pawel.szulik@intel.com> * Peter Hunt <pehunt@redhat.com> * Pradyumna Agrawal <pradyumnaa@vmware.com> * Qiang Huang <h.huangqiang@huawei.com> * Renaud Gaubert <rgaubert@nvidia.com> * Sascha Grunert <sgrunert@suse.com> * Sebastiaan van Stijn <github@gone.nl> * SiYu Zhao <d.chaser.zsy@gmail.com> * Ted Yu <yuzhihong@gmail.com> * Tianjia Zhang <tianjia.zhang@linux.alibaba.com> * Tianon Gravi <admwiggin@gmail.com> * Tobias Klauser <tklauser@distanz.ch> * wanghuaiqing <wanghuaiqing@loongson.cn> * W. Trevor King <wking@tremily.us> * Yulia Nedyalkova <julianedialkova@hotmail.com> * zyu <yuzhihong@gmail.com> > **NOTE**: For those who are confused by the massive version jump (rc10 > to rc91), this was done to avoid issues with SemVer and lexical > comparisons -- there haven't been 90 other release candidates. Please > also note thatrunc 1.0.0-rc90 is identical to 1.0.0-rc10. [1]: GHSA-g54h-m393-cpwq Vote: +7 -0 #0 Signed-off-by: Aleksa Sarai <asarai@suse.de>
v1.0.0-rc90 This release is *identical* to v1.0.0-rc10. The purpose of this release is to resolve an issue with our versioning scheme (in particular, the format we've used under SemVer means that the "-rcNN" string suffix is sorted lexicographically rather than in the classic `sort -V` order). Because we cannot do a post-1.0 release yet, this is a workaround to make sure that systems such as Go modules correctly update to the latest runc release. See [1] for more details. The next release (which would've originally been called -rc11) will be 1.0.0-rc91. I'm sorry. [1]: opencontainers#2399 Signed-off-by: Aleksa Sarai <asarai@suse.de>
v1.0.0~rc10 This is a hot-fix for v1.0.0~rc9, primarily fixing CVE-2019-19921. Given that the relevant runtime-spec PR which was considered a blocker has been merged[1] the next rc release of runc should be the last one before 1.0.0. Thanks to the following people who made this release possible: * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Aleksa Sarai <asarai@suse.de> * James Peach <jpeach@apache.org> * Jordan Liggitt <liggitt@google.com> * Julia Nedialkova <julianedialkova@hotmail.com> * Julio Montes <julio.montes@intel.com> * Kevin Kelani <kkelani@gmail.com> * Kurnia D Win <kurnia.d.win@gmail.com> * Manuel Rüger <manuel@rueg.eu> * Michael Crosby <crosbymichael@gmail.com> * Mrunal Patel <mrunal@me.com> * Qiang Huang <h.huangqiang@huawei.com> * Radostin Stoyanov <rstoyanov1@gmail.com> * Sascha Grunert <sgrunert@suse.com> * tianye15 <tianye15@yq01-ps-www007cc6e83.yq01.baidu.com> [1]: opencontainers/runtime-spec#1008 Vote: +4 -0 #1 Signed-off-by: Aleksa Sarai <asarai@suse.de>
PreviousNext