Dario Faggioli
717a46a1f5
- Update to 1.8.1
* linux: idmapped mounts expect the same configuration as
the user namespace mappings. Before they were expecting the inverted
mapping. It is a breaking change, but the behavior was aligned
to what runc will do as well.
* krun: always allow /dev/kvm in the cgroup configuration.
* handlers: disable exec for handlers that do not support it.
* selinux: allow setting fscontext using a custom annotation.
* cgroup: reset systemd unit if start fails.
* cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
* cgroup: always delete the cgroup on errors.
On some errors it could have been leaked before.
- changes from 1.8
* linux: precreate devices on the host.
* cgroup: support cpuset mounted with noprefix.
* linux: mount the source cgroup if cgroupns=host.
* libcrun: don't clone self from read-only mount.
* build: fix build without dlfcn.h.
* linux: set PR_SET_DUMPABLE.
* utils: fix applying AppArmor profile.
* linux: write setgroups=deny when mapping a single uid/gid.
* cgroup: fix enter cgroupv1 mount on RHEL 7.
OBS-URL: https://build.opensuse.org/request/show/1068319
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=20
12 lines
488 B
Plaintext
12 lines
488 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmP8iFgACgkQZ+OPeoui
|
|
F3KHxQgAk7ZFn/k7Vqx1iYj1Osg9VoVV9cwMtcpat9Bef43hHm94TPL3d88RhmTl
|
|
3nRdKdU3MUjeL+jkJvZ0GHcNuSvjQZePGaiY0W913X8qxjzXu2HyHCCdPmGP8t1m
|
|
OMMpR08vsdI7rSaC+1yWMGLaHAT/eE7Z8G54WUxdndtuUIh+6aZr6w7gXs/D80cq
|
|
I/DK+k/S4jV6o4vK6oKFrQajF0dyVJ2MQmyLAlWglv1/HOC2LoH692bRIQ2DF6wo
|
|
hchKgnvEy18kWnAic3sF6qD6dSvl+4S/Nexo9Pg2YV2k84tvlN6x920Xij+M0AfO
|
|
Rp7Ed+4Bv9Ya7v4n4pFnUmNzWLHmAQ==
|
|
=3bFX
|
|
-----END PGP SIGNATURE-----
|