Release v0.6.5

Official Packages

📦 sysbox-ce_0.6.5-0.linux_amd64.deb
📦 sysbox-ce_0.6.5-0.linux_arm64.deb

Changelog

Added

• Update to Golang 1.22.
• Implement 'relaxed-read-only' mode to ease the bind-mount requirements of read-only containers.
• Enhance sysbox-fs emulation to allow writes to '/proc/sys/kernel/shm*' paths.
• Fix emulation of /proc/sys/kernel/random (issue #785).
• Fix bug in sysbox-fs that resulted in left-over nsenter mounts of procfs and sysfs (issue #829).
• Fix issue causing Sysbox to slow down due to the accumulation of large numbers of mountpoints when '--allow-immutable-unmounts' knob is set to 'false'.
• Skip dns change when default route doesn't exists (issue #834).
• Fix issue breaking read() operations over '/sys/kernel' nodes with non-zero offsets.
• Return error for disallowed unmount of sysbox-fs managed mountpoint (issue #808).
• sysbox-deploy-k8s: add support for K8s v1.29 and v1.30.
• sysbox-deploy-k8s: deprecate support of K8s v1.26.
• sysbox-deploy-k8s: add support for incremental Sysbox upgrades.
• sysbox-deploy-k8s: introduce logic to config Sysbox's daemons through a configMap.
• sysbox-deploy-k8s: increase 'vm.max_map_count' to satisfy mmap-demanding apps (Elastic).
• sysbox-deploy-k8s: enhance logic to detect Sysbox's config-environment changes (sysctl vars).
• sysbox-deploy-k8s: fix issue preventing Sysbox installation from concluding during upgrades.
• sysbox-deploy-k8s: fix for race-condition in GKE clusters.
• sysbox-deploy-k8s: fix for 'sysbox-installer-helper' to workaround dpkg error.
• sysbox-deploy-k8s: check for existence of 'unprivileged_userns_clone' procfs node before attempting to write().
• sysbox-deploy-k8s: delete preexisting sysbox pods during upgrade or re-installation process.#767).

Checksums

sha256sum sysbox-ce_0.6.5-0.linux_amd64.deb 
f02ffb48eae99d6c884c9aa0378070cc716d028f58e87deec5ae00a41b706fe8  sysbox-ce_0.6.5-0.linux_amd64.deb

sha256sum sysbox-ce_0.6.5-0.linux_arm64.deb 
d9267eb176190b96dcfa29ba4c4c685a26a4a1aca1d7f15deb31ec33ed63de15  sysbox-ce_0.6.5-0.linux_arm64.deb

Release v0.6.4

Official Packages

📦 sysbox-ce_0.6.4-0.linux_amd64.deb
📦 sysbox-ce_0.6.4-0.linux_arm64.deb

Changelog

Added

• Fix to allowing running x86 apps in Sysbox containers (issue #350).
• Fix sysbox-fs nsenter mount leak.
• Fix sysbox emulation of /proc and /sys in containers for kernels 6.5+.
• Add hardening against CVE 2024-21626.
• Fix ordering of mounts under /run for containers with systemd (issue #767).

Checksums

sha256sum sysbox-ce_0.6.4-0.linux_amd64.deb 
d034ddd364ee1f226b8b1ce7456ea8a12abc2eb661bdf42d3e603ed2dc741827  sysbox-ce_0.6.4-0.linux_amd64.deb

sha256sum sysbox-ce_0.6.4-0.linux_arm64.deb 
0ed41cd828cbeadbeceae41ec8c422b415bb1437443eb1fdf571f4973806a90e  sysbox-ce_0.6.4-0.linux_arm64.deb

Release v0.6.3

Official Packages

📦 sysbox-ce_0.6.3-0.linux_amd64.deb
📦 sysbox-ce_0.6.3-0.linux_arm64.deb

Changelog

Added

• Fix to ensure "docker --net=host" works inside Sysbox containers (issue #712).
• Fix bug when mounting host kernel headers into containers (issue #727).
• Fix emulation of /sys/devices/virtual/* inside containers (issue #719).
• Don't intercept *xattr syscalls by default (improves performance).
• Add feature to skip shiftfs and idmapping on specific container files/dirs (via SYSBOX_SKIP_UID_SHIFT container env var).
• Fix bug with fsuid-map-fail-on-error config option.
• Fix bug with pivot-root inside Sysbox containers (ensures docker:24-dind image can run inside Sysbox containers).
• sysbox-deploy-k8s: add support for Kubernetes v1.27 and v1.28.
• sysbox-deploy-k8s: automatically detect installation on GKE clusters and set up configs accordingly.
• sysbox-deploy-k8s: support installation on Debian-based K8s nodes.
• sysbox-deploy-k8s: don't install shiftfs on K8s nodes with kernel >= 5.19.

Removed

• sysbox-deploy-k8s: deprecated support for K8s v1.24 and v1.25 (EOL'd).

Checksums

$ sha256sum sysbox-ce_0.6.3-0.linux_amd64.deb
cfce811006a27305071b1634ca8fe690392f5dcc205612e7b4e5bde411b7701e  sysbox-ce_0.6.3-0.linux_amd64.deb

$ sha256sum sysbox-ce_0.6.3-0.linux_arm64.deb
4b475e7e7eed79708b2707a67d556a5d3c0bdaef0a1f341311d095d1b4b3e271  sysbox-ce_0.6.3-0.linux_arm64.deb

Release v0.6.2

Official Packages

📦 sysbox-ce_0.6.2-0.linux_amd64.deb
📦 sysbox-ce_0.6.2-0.linux_arm64.deb

Changelog

• Fix bug in Sysbox's checking of host support for idmapping and shiftfs.
• Fix storage leak in /var/lib/sysbox when using Sysbox on K8s clusters.
• Fix bug in Sysbox's handling of "docker run -w" flag.
• Change disable-inner-image-preload flag to allow running (but not committing) sysbox containers with preloaded inner images.
• Set disable-inner-image-preload flag in Sysbox K8s deployments to improve performance when stopping pods.

Checksums

$ sha256sum sysbox-ce_0.6.2-0.linux_amd64.deb
fd287f2f3b5a072b62c378f9e1eeeeaa2ccad22bb48cb381d30d8c855c51b401  sysbox-ce_0.6.2-0.linux_amd64.deb

$ sha256sum sysbox-ce_0.6.2-0.linux_arm64.deb 
64436c12024098a2e3b0cd1647732cb3a1b1415917458f6f3e0a56dbb4c2e737  sysbox-ce_0.6.2-0.linux_arm64.deb

Release v0.6.1

Official Packages

📦 sysbox-ce_0.6.1-0.linux_amd64.deb
📦 sysbox-ce_0.6.1-0.linux_arm64.deb

Changelog

• Added support for ID-mapped overlayfs lower layers; eliminates need for shiftfs and Sysbox rootfs chown; requires kernel 5.19+.
• Have Sysbox perform shiftfs and ID-mapping functional checks during init (issue #596).
• Fixed rootfs cloning to prevent inode leakage (for hosts with kernel < 5.19 and no shiftfs) (issue #570).
• Added support for Kubernetes v1.24 to v1.26.
• Added --disable-inner-image-preload flag to sysbox-mgr (speeds up Sysbox container startup).
• Added --syscont-mode flag to sysbox-mgr; allows Sysbox to work in system container mode (default) or regular container mode; the latter is meant for running microservices with stronger isolation.
• Added --disable-shiftfs-on-fuse flag to sysbox-mgr; prevents Sysbox from mounting shiftfs on top of FUSE-backed filesystems (some of which don't work with shiftfs).
• Added few optimizations to expedite I/O operations in procfs/sysfs emulated resources.
• Enhanced life-cycle management of Sysbox daemons in Systemd-free scenarios.
• Prevented concurrent execution of Sysbox daemons (multi-instance problem).
• Improved the handling of ungraceful shutdown scenarios.
• Eliminated Sysbox dependencies on configfs kernel module presence.
• Fixed emulation of /sys/module/nf_conntrack/parameters inside containers.
• Added emulation of /sys/devices/virtual/dmi branch inside containers (for hosts where this or inner resources is not present).
• Hide /sys/kernel/security inside containers (issue #662)
• Don't assign more capabilities to the container than those given to Sysbox itself.
• Don't fail in kernel distros without /lib/modules/.
• Increased the pods-per-node limit from 16 to 4K (Sysbox-CE now matches Sysbox-EE on this regard).
• Extended kubelet config-detection process to multiple drop-in files in sysbox-deploy-k8s daemon-set.
• Incorporated taints during sysbox-deploy-k8s installation process.
• Fixed issue preventing sysbox-deploy-k8s installation in rke2 environments (issue #614).
• Fixed issue preventing proper sysbox-deploy-k8s installation in Azure (issue #612).

Checksums

$ sha256sum sysbox-ce_0.6.1-0.linux_amd64.deb
d57dc297c60902d4f7316e4f641af00a2a9424e24dde88bb2bb7d3bc419b0f04  sysbox-ce_0.6.1-0.linux_amd64.deb

$ sha256sum sysbox-ce_0.6.1-0.linux_arm64.deb
28121f48a6d482bb94f2e8a23c1469e1930e0ef2c703dd9db7405764cfd827c6  sysbox-ce_0.6.1-0.linux_arm64.deb

Release v0.5.2

Official Packages

📦  sysbox-ce_0.5.2-linux_amd64.deb
📦  sysbox-ce_0.5.2-linux_arm64.deb

Changelog

Added

• Fixed issue #544 preventing containers initialization within sysbox containers when running latest oci-runc releases (1.1.0-rc.1+).
• Added support to allow CIFS mounts within Sysbox containers (Sysbox-EE only).
• Fixed issue to allow shiftfs mounts over files that are themselves bind-mounts.

Checksums

$ sha256sum sysbox-ce_0.5.2-0.linux_amd64.deb
f13fc0e156f72c6f8bd48e206c59482f83f19acc229701c74e0f23baafa724d8  sysbox-ce_0.5.2-0.linux_amd64.deb

$ sha256sum sysbox-ce_0.5.2-0.linux_arm64.deb
82474781c4ec0bea2589aa2fd6a72ca8d9b0526544212ba23bc11f340dac3cb0  sysbox-ce_0.5.2-0.linux_arm64.deb

Release v0.5.0

Official Packages

📦  sysbox-ce_0.5.0-linux_amd64.deb
📦  sysbox-ce_0.5.0-linux_arm64.deb

Changelog

Added

• Added support for Linux ID-mapped mounts (shiftfs alternative in kernels >= 5.12).
• Added support for ARM64 hosts.
• Added support for running buildx/buildkit inside Sysbox containers.
• Added support for running Rancher RKE2 and Mirantis K0s inside Sysbox containers.
• Added configs to disable trapping chown and xattr* syscalls (improves performance but may reduce functionality).
• Added config to strictly honor container capabilities from higher-level container manager.
• Added support for per-container configs via SYSBOX_* env vars.
• Improved performance of Sysbox's syscall interception code.
• Improved the way Sysbox releases the seccomp-fd handles for intercept syscalls (kernels >= 5.8).
• Improved Sysbox's cross-compilation support (artifacts can now be generated from/to either AMD64 or ARM64 hosts).
• Update to golang 1.16.
• Replaced the per-distro *.deb installation packages with a single deb bundle package.
• Allow alternative Docker data-root inside a Sysbox container (if Docker is pre-installed in the Sysbox container image).

Fixed (main issues)

• Fixed segfault when building Docker image inside Sysbox container (issue #484).
• Fixed segfault when running python pip install inside nested sysbox container (issue #485).
• Fixed issue with running KinD inside a Sysbox container (issue #415).
• Fixed problem with shiftfs mounts on Kubernetes persistent volumes (issue #431).

Checksums

$ sha256sum sysbox-ce_0.5.0-0.linux_amd64.deb
eeacd9ae0e08ee5e5637e3b93e4f0cf78f20f9590ef2e7ab08347700682422f0  sysbox-ce_0.5.0-0.linux_amd64.deb

$ sha256sum sysbox-ce_0.5.0-0.linux_arm64.deb
a767f0c51ba9026fe67030eaf19c690e9933a589b2318789544a9bc47135737e  sysbox-ce_0.5.0-0.linux_arm64.deb

Release v0.4.1

Official Packages

📦  sysbox-ce_0.4.1-ubuntu-bionic_amd64.deb
📦  sysbox-ce_0.4.1-ubuntu-focal_amd64.deb
📦  sysbox-ce_0.4.1-debian-buster_amd64.deb
📦  sysbox-ce_0.4.1-debian-bullseye_amd64.deb

Changelog

Added

• Added important optimization to expedite the container creation cycle.
• Enhanced uid-shifting logic to perform shifting operations of Sysbox's special dirs on a need basis.
• Added support for Kinvolk's Flatcar Linux distribution (Sysbox-EE only).
• Added basic building blocks to allow Sysbox support on ARM platforms.
• Made various enhancements to Sysbox's Kubernetes installer to simplify its operation.
• Extend Sysbox's Kubernetes installer to support Rancher's RKE k8s distribution.

Fixed (main issues)

• Fixed issue preventing Sysbox folders from being eliminated from HDD when Sysbox is shut down.
• Enable sys container processes to set 'trusted.overlay.opaque' xattr on files (issue #254).
• Fixed bug resulting in the failure of "mount" operation within a sys container.

Checksums

$ sha256sum sysbox-ce_0.4.1-0.ubuntu-bionic_amd64.deb
171130bc6e56fac57810614103f7b23cb873b174d42bd6981e8730175b341290  sysbox-ce_0.4.1-0.ubuntu-bionic_amd64.deb

$ sha256sum sysbox-ce_0.4.1-0.ubuntu-focal_amd64.deb
9b42246ad35bfbe6b52acf5b1b6a4878d004b1f122ec0b0ec79bd622e42d8e3d  sysbox-ce_0.4.1-0.ubuntu-focal_amd64.deb

$ sha256sum sysbox-ce_0.4.1-0.debian-buster_amd64.deb
bd96866b52821338a859586f5e5bbf6954d56181e9ef77ab0fb9d05127e9bf97  sysbox-ce_0.4.1-0.debian-buster_amd64.deb

$ sha256sum sysbox-ce_0.4.1-0.debian-bullseye_amd64.deb
6aaddf08a253b05b8326ab95fdb37189eacf679cb8b3b86c40ddc493aebdb5e3  sysbox-ce_0.4.1-0.debian-bullseye_amd64.deb

Release v0.4.0

Official Packages

📦  sysbox-ce_0.4.0-ubuntu-bionic_amd64.deb
📦  sysbox-ce_0.4.0-ubuntu-focal_amd64.deb
📦  sysbox-ce_0.4.0-debian-buster_amd64.deb
📦  sysbox-ce_0.4.0-debian-bullseye_amd64.deb

Changelog

Added

• Added support to create secure Kubernetes PODs with Sysbox (sysbox-pods).
• Added support for Cgroups-v2 systems.
• Added support to allow K3s execution within Sysbox containers.
• Extended Sysbox support to Fedora-33 and Fedora-34 releases.
• Extended Sysbox support to Flatcar Linux distribution.
• Modified Sysbox binaries' installation path ("/usr/local/sbin" -> "/usr/bin").
• Enhanced generation and handling of logging output by relying on systemd (journald) subsystem.
• Multiple enhancements in /proc & /sys file-system's emulation logic.
• Extended installer to allow it to deploy Sysbox in non-strictly-supported distros / releases.
• Improved security of shiftfs mounts.

Fixed (main issues)

• Fixed issue impacting sysbox-fs stability in scaling scenarios (issue #266).
• Fixed issue preventing sys-container initialization due a recent change in oci-runc (issue #291).
• Fixed issue with "--mountpoint" cli knob being ignored (sysbox issue #310).
• Fixed issue causing sysbox-fs handlers to stall upon access to a procfs node (issue #306).
• Fixed issue preventing write access to 'domainname' procfs node (issue #287).
• Fixed issue preventing systemd-based containers from being able to initialize (issue #273).
• Made changes to allow Docker network sharing between containers.
• Ensure that Sysbox mounts in read-only containers are mounted as read only.

Removed

• Deprecated EOL'd Fedora-31 and Fedora-32 releases.

Checksums

$ sha256sum sysbox-ce_0.4.0-0.ubuntu-bionic_amd64.deb
41df345ccdeb58bfde9f968ab90aea6f2a88ff18435d2e9a6591daf3220c1783  sysbox-ce_0.4.0-0.ubuntu-bionic_amd64.deb

$ sha256sum sysbox-ce_0.4.0-0.ubuntu-focal_amd64.deb
b189602cdb2bbca9a1f25159a6e664ebd251d7c2fb6be968c7148564e96744c4  sysbox-ce_0.4.0-0.ubuntu-focal_amd64.deb

$ sha256sum sysbox-ce_0.4.0-0.debian-buster_amd64.deb
1b21cb19544a8e594a49ddce35f914035445a55e55f1cd4ba398a42e08ff86aa  sysbox-ce_0.4.0-0.debian-buster_amd64.deb

$ sha256sum sysbox-ce_0.4.0-0.debian-bullseye_amd64.deb
f5f21637e62f8e7b0d24954fb13e0e646fa2b5e46021c9fffe2f11f32ae4b8c9  sysbox-ce_0.4.0-0.debian-bullseye_amd64.deb

Release v0.3.0

Official Packages

📦  sysbox-ce_0.3.0-ubuntu-bionic_amd64.deb
📦  sysbox-ce_0.3.0-ubuntu-focal_amd64.deb
📦  sysbox-ce_0.3.0-debian-buster_amd64.deb
📦  sysbox-ce_0.3.0-debian-bullseye_amd64.deb

Changelog

Added

• Secured system container initial mounts (mount/remount/unmounts on these from within the container are now restricted). See here for details.
• Improved Sysbox systemd service unit files (dependencies, open-file limits).
• Improved logging by sysbox-mgr and sysbox-fs (json logging, more succint logs).
• Added support for systemd-managed cgroups v1 on the host (cgroups v2 still not supported).
• Added support for read-only Docker containers.
• Synced-up sysbox-runc to include the latest changes from the OCI runc.
• Added support for Debian distribution (Buster and Bullseye).
• Added ground-work to support Sysbox on RedHat, Fedora, and CentOS (next step is creating a package manager for these).
• Added config option to configure the Sysbox work directory (defaults to /var/lib/sysbox).
• Added support and required automation for Sysbox-in-Docker deployments.
• Fixed sporadic session stalling issue during syscall interception handling.
• Fixed sysbox-mgr file descriptor leak (sysbox issue #195).
• Fixed problem with "docker --restart" on Sysbox containers (sysbox issue #184).
• Fixed race condition in sysbox-fs procfs & sysfs emulation.
• Fixed problem preventing kernel-headers from being properly imported within sys containers.
• Fixed inappropriate handling of mount instructions in chroot jail environments.

Removed

• None

Checksums

$ sha256sum sysbox-ce_0.3.0-0.ubuntu-bionic_amd64.deb
43229b8d815bf2c6852a61fa55669de215ef51a44af8c4b967edea4bf3e38c75  sysbox-ce_0.3.0-0.ubuntu-bionic_amd64.deb

$ sha256sum sysbox-ce_0.3.0-0.ubuntu-focal_amd64.deb
37d300a21452e7a3201fae02bab7b2ed6bc5f571df4f99f9f2bad1895f9a0557  sysbox-ce_0.3.0-0.ubuntu-focal_amd64.deb

$ sha256sum sysbox-ce_0.3.0-0.debian-buster_amd64.deb
02aa4b3ab3e823d91e01c742875a4ece9d6415c9915c5f08df918725361b928e  sysbox-ce_0.3.0-0.debian-buster_amd64.deb

$ sha256sum sysbox-ce_0.3.0-0.debian-bullseye_amd64.deb
b334d71e09eb08f016d3d03b3d9d137b1d9425a4bf2ef7111af7372c7e05db45  sysbox-ce_0.3.0-0.debian-bullseye_amd64.deb