diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000000..e462f1f3a9c --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,1736 @@ +## v1.0.0-rc11 [20yy-mm-dd] + +* cgroups/fs2: don't always parse /proc/self/cgroup (#2358 by @kolyshkin) +* Vagrantfile: use Fedora 32 (and remove unused Podman) (#2363 by @AkihiroSuda) +* docs: terminals: mention subreaper requirement (#2359 by @cyphar) +* check that StartTransientUnit/StopUnit succeeds (#2331 by @lifubang) +* Makefile fixes and improvements (#2357 by @kolyshkin) +* fs2: fix cgroup.subtree_control EPERM on rootless + add CI (#2340 by @AkihiroSuda) +* travis: run vagrant tests on the host (#2342 by @kolyshkin) +* fix data inconsistent when runc update in systemd driven cgroup (#2343 by @lifubang) +* cgroupv2: use default allowed devices when linux resources is null (#2318 by @lifubang) +* checkpoint: don't print error if --pre-dump is set (#2327 by @kolyshkin) +* Fix cgroupv2 checkpoint/restore (#2335 by @kolyshkin) +* cgroupv2: allow to set EnableAllDevices=true (#2347 by @kolyshkin) +* Makefile nits (#2334 by @kolyshkin) +* libcontainer: fix Checkpoint wrt cgroupv2 (#2324 by @kolyshkin) +* Dockerfile: use bats-core (#2336 by @kolyshkin) +* libcontainer: use consts of Namespace from runtime-spec (#2330 by @KentaTada) +* libcontainer: use x/sys/unix instead of the hardcoded value (#2348 by @KentaTada) +* MAINTAINERS: add Kir Kolyshkin (#2326 by @AkihiroSuda) +* Fix/improve checkpoint integration tests (#2332 by @kolyshkin) +* cgroupv2: fix fs2 driver initialization (#2299 by @kolyshkin) +* CI cleanups (#2320 by @kolyshkin) +* Nits (#2325 by @kolyshkin) +* cgroupv2: default join cgroup namespace in runc example (#2322 by @lifubang) +* Defer netns.Close() after error check (#2317 by @tedyu) +* cgroupv2: fix fs2 driver default path (#2305 by @kolyshkin) +* runc exec: don't enable terminal unless -t is set (#2308 by @kolyshkin) +* Initial integration tests for cgroupv2 (#2295 by @kolyshkin) +* Exposing memory.numa_stats (#2278 by @iwankgb) +* Properly remove intermediate directory (#2312 by @tedyu) +* travis: move `cgroup-v2` out of `allow_failures` (#2304 by @AkihiroSuda) +* libcontainer: remove unneeded import (#2303 by @KentaTada) +* cgroupv2: fix setting MemorySwap (#2288 by @kolyshkin) +* cgroupv2: only treat -1 as "max" (#2300 by @kolyshkin) +* README.md: update Go version to build (#2296 by @KentaTada) +* libcontainer: use cgroups.NewStats (#2297 by @giuseppe) +* Fix TestGetContainerStateAfterUpdate on cgroup v2 (#2289 by @AkihiroSuda) +* Remove unused consts testScopeWait and testSliceWait (#2294 by @tklauser) +* Restore close of criuServer (#2293 by @tedyu) +* Use errors.As() and errors.Is() to unwrap errors (#2291 by @kolyshkin) +* Added HugeTlb controller for cgroupv2 (#2235 by @Zyqsempai) +* vagrant: switch from VirtualBox to KVM + increase HW resources (#2261 by @AkihiroSuda) +* Use errors.Unwrap() where possible (#2280 by @kolyshkin) +* isPathInPrefixList return value should be reverted (#2283 by @tedyu) +* Avoid double close of criuServer (#2284 by @tedyu) +* cgroupv2: don't use GetCgroupMounts for criu c/r (#2276 by @kolyshkin) +* libct/isPaused: don't use GetPaths from v2 code (#2282 by @kolyshkin) +* Add minimal cgroup2 checkpoint/restore support (#2259 by @adrianreber) +* Actually check for syscall.ENODEV when checking if a container is paused (#2279 by @yulianedyalkova) +* Separate systemd dbus connection initialization from running check (#2203 by @mrunalp) +* Dockerfile: some refactoring, and switch to "buster" variant (#2234 by @thaJeztah) +* update vendor (#2268 by @AkihiroSuda) +* bifio.Scan.Err usage nits (#2275 by @kolyshkin) +* Use faster mountinfo parser (part 1) (#2256 by @kolyshkin) +* cgroup v2 cleanups (#2273 by @kolyshkin) +* Retry writing to cgroup files on EINTR error (#2258 by @danail-branekov) +* cgroupv2: use "max" for negative values (#2272 by @kolyshkin) +* cgroupv2: don't try to set kmem for systemd case (#2270 by @kolyshkin) +* fix readSync (#2193 by @milkwine) +* checkpoint: remove error message with --leave-running (#2260 by @adrianreber) +* Assorted minor nits in libcontainer (#2263 by @kolyshkin) +* vendor: update go-systemd and godbus (#2242 by @AkihiroSuda) +* Avoid duplicate calls to runner#destroy (#2267 by @tedyu) +* specconv: fix null spec.Process making runc panic (#1826 by @jingxiaolu) +* Use signal map from x/sys/unix (#2257 by @kolyshkin) +* Dockerfile: add -f to curl (#2264 by @kolyshkin) +* libcontainer/sync: Drop procConsole transaction from comments (#1737 by @wking) +* Remove unreachable code paths (#1974 by @saschagrunert) +* cgroup2: fix conversion (#2248 by @AkihiroSuda) +* restore: fix a race condition in process.Wait() (#2226 by @avagin) +* Add support for Go Modules (#2073 by @odinuge) +* Makefile: set selinux and apparmor build tags (#2254 by @kolyshkin) +* fix rootless container: unrelated error with root flag (#1999 by @lifubang) +* sd-notify: do not hang when NOTIFY_SOCKET is used with create (#1807 by @giuseppe) +* Synchronize the call to linuxContainer.Signal() (#2252 by @pkagrawal) +* Use named error return for initProcess#start (#2238 by @tedyu) +* Use "command -v" shell builtin instead of "which" (#2228 by @cpuguy83) +* Add rootless testpath in Makefile (#1877 by @KentaTada) +* travis: update configuration (#2222 by @cyphar) +* Convert blkioWeight to io.weight properly (#2212 by @Zyqsempai) +* vendor: opencontainers/selinux v1.3.3, and update golang.org/x/sys (#2230 by @thaJeztah) +* libcontainer: dual-license nsenter/cloned_binary.c (#2232 by @cyphar) +* MAINTAINERS: add Akihiro Suda to maintainers (#2231 by @thaJeztah) +* Exchange deprecated systemd resources with the appropriate for cgroupv2 (#2210 by @Zyqsempai) +* Fix the value corresponding to rlimitmap [key] (#2223 by @wanghuaiqing2010) +* Fix MAJ:MIN io.stat parsing order (#2192 by @Zyqsempai) +* Allow to set systemd unit properties via annotations (#2224 by @kolyshkin) +* Added conversion for cpu.weight v2 (#2213 by @Zyqsempai) +* README.md: modify the explanation of make flags (#2184 by @KentaTada) +* Adding Security audit (#2190 by @amye) +* Fix path for security report line (#2221 by @inductor) + +## v1.0.0-rc10 [2020-01-24] + +* VERSION: release 1.0.0~rc10 (#2217 by @cyphar) +* rootfs: do not permit /proc mounts to non-directories (#2207 by @cyphar) +* Handle ENODEV when accessing the freezer.state file (#2133 by @yulianedyalkova) +* temporarily disable CRIU tests (#2198 by @AkihiroSuda) +* cgroup2: split fs2 from fs (#2169 by @AkihiroSuda) +* libcontainer: export and add new methods to allow cgroups manipulation (#2177 by @devimc) +* Fix race checking for process exit and waiting for exec fifo (#2185 by @liggitt) +* fix permission denied (#2086 by @win-t) +* criu: Ensure other users cannot read c/r files (#2141 by @rst0git) +* Makefile: allow overriding `docker` command (#2161 by @AkihiroSuda) +* Expose network interfaces via runc events (#2174 by @saschagrunert) +* .travis.yml: add Fedora 31 vagrant box (for cgroup2) (#2165 by @AkihiroSuda) +* Make event types public (#2172 by @saschagrunert) +* cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error (#2168 by @AkihiroSuda) +* Remove the static_build build tag. (#2154 by @jpeach) +* cgroup2: port over eBPF device controller from crun (#2145 by @AkihiroSuda) +* cgroup2: implement `runc ps` (#2149 by @AkihiroSuda) +* cgroup2: cpuset_v2: skip Apply when no limit is specified (#2148 by @AkihiroSuda) +* cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS (#2159 by @AkihiroSuda) +* cgroup2: do not parse /proc/cgroups (#2160 by @AkihiroSuda) +* Set unified mountpoint in find mnt func (#2140 by @crosbymichael) +* Adds info about `userns` for rootless containers (#1929 by @kkallday) +* io_v2.go: remove blkio v1 code (#2147 by @AkihiroSuda) +* README.md: clarify cgroup2 support is not ready for production (#2146 by @AkihiroSuda) +* checkpoint: Set descriptors.json file mode to 0600 (#2139 by @rst0git) +* Support different field counts of cpuaact.stats (#2132 by @skilxn-go) +* SECURITY: Add Security Policy (#2135 by @mrueg) + +## v1.0.0-rc9 [2019-10-05] + +* VERSION: update to 1.0.0-rc9 (#2134 by @cyphar) +* `*`: verify operations on /proc/... are on procfs (#2130 by @cyphar) +* Only allow proc mount if it is procfs (#2129 by @crosbymichael) +* Change the permissions of the notify listener socket to rwx for everyone (#2041 by @jburianek) +* libcontainer/nsenter: Don't import C in non-cgo file (#2126 by @titanous) +* cgroup: support mount of cgroup2 (#2125 by @giuseppe) +* criu image path permission error when checkpoint rootless container (#2010 by @lifubang) +* man: fix man-pages (#2098 by @adrianreber) +* Update dependencies (#2029 by @thaJeztah) +* Update to Go 1.12 and drop obsolete versions (#2028 by @thaJeztah) +* libcontainer: initial support for cgroups v2 (#2113 by @giuseppe) +* Bump x/sys and update syscall for initial Risc-V support (#2123 by @carlosedp) +* nsenter: minor fixes (#2122 by @AkihiroSuda) +* Rename cgroups_windows.go to cgroups_unsupported.go (#2120 by @rhatdan) +* cgroups/fs: check nil pointers in cgroup manager (#2103 by @sipsma) +* Make get devices function public (#2107 by @sashayakovtseva) +* libcontainer: update masked paths of /proc (#2119 by @KentaTada) +* Remove libcontainer detection for systemd features (#2117 by @filbranden) +* Avoid the dependency on cgo through go-systemd/util package (#2116 by @filbranden) +* Skip searching /dev/.udev for device nodes. (#2094 by @sipsma) +* doc: First process in container needs `Init: true` (#2089 by @anx-astocker) +* integration: remove blkio.weight (unavailable in kernel 5.0) (#2082 by @AkihiroSuda) +* Bump CRIU to 3.12 (#2081 by @AkihiroSuda) +* Update busybox source and fix runc exec bug (#2080 by @zhlhahaha) +* Update bash completion for v1.0.0 release (#2075 by @KentaTada) +* Update dependency libseccomp-golang (#2074 by @odinuge) +* Allow to define `COMMIT` by env (#2071 by @judu) +* Fix cgroup hugetlb size prefix for kB (#2065 by @odinuge) +* libcontainer: change seccomp test for clone syscall (#2067 by @KentaTada) +* libcontainer: fix TestGetContainerState to check configs.NEWCGROUP (#2061 by @KentaTada) +* libcontainer: intelrdt: add missing destroy handler in defer func (#2042 by @xiaochenshen) +* main: not reopen /dev/stderr (#2057 by @giuseppe) +* `r.destroy` can defer exec in `runner.run` method. (#2038 by @imxyb) +* specconv: always set "type: bind" in case of MS_BIND (#2035 by @cyphar) +* Move systemd.Manager initialization into a function in that module (#2047 by @filbranden) +* Support for logging from children processes (#2034 by @danail-branekov) + +## v1.0.0-rc8 [2019-04-26] + +* VERSION: release 1.0.0-rc8 (#2045 by @cyphar) +* Vendor in latest selinux code for keycreate errors (#2043 by @rhatdan) +* Add selinux validate in runc exec (#2031 by @lifubang) +* Fix SELinux failures on disabled SELinux Machines (#2032 by @rhatdan) + +## v1.0.0-rc7 [2019-03-28] + +* VERSION: release v1.0.0-rc7 (#2026 by @cyphar) +* Fixes regression causing zombie runc:[1:CHILD] processes (#2023 by @LittleLightLittleFire) +* Need to setup labeling of kernel keyrings. (#2012 by @rhatdan) +* Use getenv not secure_getenv (#2015 by @justincormack) +* Add $RUNC_USE_SYSTEMD to run tests using systemd cgroup driver (#2014 by @filbranden) +* nsenter: cloned_binary: "memfd" cleanups (#1984 by @cyphar) +* README: link to /org/security/ (#2001 by @vbatts) +* Create bind mount mountpoints during restore (#1968 by @adrianreber) +* fix preserve-fds flag may cause runc hang (#2000 by @lifubang) +* exec: expose --preserve-fds (#1995 by @giuseppe) +* Vendor in go-criu and use it for CRIU's RPC definition (#1963 by @adrianreber) +* switched travis to xenial (#1986 by @adrianreber) +* nsexec (CVE-2019-5736): avoid parsing environ (#1982 by @brauner) +* Remove detection for scope properties, which have always been broken (#1978 by @filbranden) +* Vendor opencontainers/runtime-spec 29686dbc (#1973 by @lowenna) +* nsenter: clone /proc/self/exe to avoid exposing host binary to container (https://github.com/opencontainers/runc/commit/6635b4f0 by @cyphar) +* Update vendored golang.org/x/sys to latest (#1972 by @filbranden) +* libcontainer: intelrdt: fix null intelrdt path issue in Destroy() (#1955 by @xiaochenshen) +* Resilience in adding of exec tasks to cgroups (#1950 by @BooleanCat) +* integration: fix mis-use of libcontainer.Factory (#1967 by @cyphar) +* Document 'org.criu.config' annotation (#1964 by @adrianreber) +* systemd: fix setting kernel memory limit (#1960 by @giuseppe) +* Add CRIU configuration file support (#1933 by @adrianreber) +* rootfs: umount all procfs and sysfs with --no-pivot (#1962 by @giuseppe) +* Fix .Fatalf() error message (#1952 by @JoeWrightss) +* Fix some typos (#1945 by @JoeWrightss) +* Modify check-config.sh in accordance with Moby Project updates (#1942 by @KentaTada) +* cgroups: nokmem: error out on explicitly-set kmemcg limits (#1939 by @cyphar) +* kill: allow to signal paused containers (#1943 by @giuseppe) +* cr: get pid from criu notify when restore (#1944 by @Ace-Tang) +* libcontainer: intelrdt: add support for Intel RDT/MBA Software Controller in runc (#1919 by @xiaochenshen) +* MAINTAINERS: remove @rjnagal and @vmarmol (#1940 by @cyphar) +* fix: may kill other process when container has been stopped (#1934 by @lifubang) + +## v1.0.0-rc6 [2018-11-22] + +* `*`: release v1.0.0~rc6 (#1937 by @cyphar) +* Small fixes for CRIU based test cases (#1936 by @adrianreber) +* libcontainer: Set 'status' in hook stdin (#1741 by @wking) +* Bump CRIU to 3.11 (#1935 by @adrianreber) +* add missing intelRdt parameters in 'runc update' manpage (#1930 by @linericyang) +* Respect container's cgroup path (#1872 by @ostenbom) +* tty: clean up epollConsole closing (#1897 by @cyphar) +* Add support for cgroup namespace (#1916 by @crosbymichael) +* libcontainer: map PidsLimit to systemd's TasksMax property (#1917 by @slp) +* Various cleanups to address linter issues (#1911 by @theSuess) +* test: fix TestDupNamespaces fail to test dup-ns error (#1925 by @Ace-Tang) +* rootless: fix potential panic in shouldUseRootlessCgroupManager (#1928 by @Ace-Tang) +* libcontainer: fix potential panic if spec.Process is nil (#1926 by @Ace-Tang) +* SELinux labels are tied to the thread (#1814 by @rhatdan) +* Makefile: rm cgo tag (#1922 by @kolyshkin) +* readme: add nokmem build tag (#1923 by @Ace-Tang) +* libcontainer: ability to compile without kmem (#1921 by @kolyshkin) +* rootless: fix running with /proc/self/setgroups set to deny (#1918 by @giuseppe) +* libcontainer: intelrdt: add user-friendly diagnostics for Intel RDT operation errors (#1913 by @xiaochenshen) +* clarify license information (#1903 by @mikebrow) +* Bump Travis versions (#1915 by @HaraldNordgren) +* Fix travis Go: tip (#1910 by @adrianreber) +* libcontainer: CurrentGroupSubGIDs -> CurrentUserSubGIDs (#1880 by @AkihiroSuda) +* libcontainer: intelrdt: add support for Intel RDT/MBA in runc (#1632 by @xiaochenshen) +* Disable rootless mode except RootlessCgMgr when executed as the root in userns (fix Docker-in-LXD regression) (#1862 by @AkihiroSuda) +* fix build break (#1908 by @mikebrow) +* Fix issue #1890: config.json with no linux config should not crash (#1894 by @marler8997) +* keyring: handle ENOSYS with keyctl(KEYCTL_JOIN_SESSION_KEYRING) (#1893 by @cyphar) +* tty: close epollConsole on errors (#1895 by @giuseppe) +* Stop relying on number of systems for cgroups (#1817 by @jgkamat) +* Update outdated nsenter README content (#1858 by @marcov) +* test: add more test case for CleanPath (#1892 by @Ace-Tang) +* doc: fix typo (#1886 by @halfcrazy) +* fix delete other file bug when container id is .. (#1883 by @lifubang) +* linux: drop check for /proc as invalid dest (#1832 by @giuseppe) +* libcontainer: add /proc/loadavg to the white list of bind mount (#1882 by @accepting) +* Add --rootless option to man page (#1868 by @rhatdan) +* Remove unused veth setup code (#1874 by @mrunalp) +* When doing a copyup, /tmp can not be a shared mount point (#1873 by @rhatdan) +* Add support to checkpoint and restore into external network namespaces (#1849 by @adrianreber) +* Add docker proxy settings for make test in a proxy environment (#1854 by @KentaTada) +* Add an explanation for TESTPATH (#1855 by @KentaTada) +* cr: don't restore net namespace by default (#1871 by @Ace-Tang) +* Revert "libcontainer/rootfs_linux: minor cleanup" (#1867 by @mrunalp) +* Dockerfile: update criu to v3.10 + checkpoint-restore/criu@27034e7c (#1864 by @AkihiroSuda) +* Pass GOMAXPROCS to init processes (#1830 by @crosbymichael) +* Fix the problem TESTFLAGS is not to be used in Makefile correctly (#1841 by @KentaTada) +* Fix regression with mounts with non-absolute source path (#1845 by @alban) +* cr: don't dump network devices and their configuration (#1840 by @avagin) +* criu tests: rename criu feature check (#1838 by @adrianreber) +* Add osusergo flag to static build (#1836 by @kolyshkin) +* libcontainer: devices: fix mips builds (#1824 by @cyphar) +* travis: test cross compilation (#1820 by @AkihiroSuda) +* Add docs for terminals (#1730 by @deitch) +* libcontainer: improve "kernel.{domainname,hostname}" sysctl handling (#1827 by @cyphar) +* Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys (#1825 by @onlyjob) +* libcontainer: fix compilation on GOARCH=arm GOARM=6 (32 bits) (#1819 by @tiborvass) +* runc: not require uid/gid mappings if euid()==0 (#1816 by @giuseppe) +* Fix race in runc exec (#1812 by @mrunalp) +* cgroup: clean up isIgnorableError for skippable EROFS (#1806 by @cyphar) +* Fix merge conflict (#1808 by @AkihiroSuda) +* main: support rootless mode in userns (#1688 by @AkihiroSuda) +* rootless: cgroup: treat EROFS as a skippable error (#1759 by @cyphar) +* fix systemd cpu quota for -1 (#1805 by @derekwaynecarr) +* Wrap error messages during init (#1796 by @crosbymichael) +* nsenter: improve namespace creation and SELinux IPC handling (#1562 by @cyphar) +* Make channel for StartTransientUnit buffered (#1781 by @filbranden) +* libcontainer: allow setgroup in rootless mode (#1693 by @AkihiroSuda) +* Make the setupSeccomp function public. (#1785 by @dlorenc) +* libcontainer/rootfs_linux: minor cleanup (#1784 by @pierrchen) +* libcontainer/specconv/spec_linux: Support empty 'type' for bind mounts (#1753 by @wking) +* nsexec.c: fix GCC 8 warning (#1779 by @runcom) +* Only configure networking when creating a net ns (#1777 by @nalind) +* Detect whether Delegate is available on both slices and scopes (#1776 by @filbranden) +* Fix systemd.Apply() to check for DBus error before waiting on a channel. (#1772 by @filbranden) +* libcontainer: Don't set container state to running when exec'ing (#1771 by @sboeuf) +* Fix error message (#1762 by @tamalsaha) +* rootless: set sticky bit if using XDG_RUNTIME_DIR (#1760 by @cyphar) +* tests: allow to load kernel modules from a test container (#1750 by @avagin) +* Label the masked tmpfs with the mount label (#1756 by @rhatdan) +* Add timeout while waiting for StartTransinetUnit completion signal (#1754 by @vikaschoudhary16) +* cgroups/fs: fix NPE on Destroy than no cgroups are set (#1752 by @dennwc) +* Minor wording enhancement in readme (#1751 by @glikson) +* libcontainer/user: platform dependent calls (#1749 by @vbatts) +* makefile: make "release" PHONY (#1748 by @cyphar) +* Fix make shell (#1746 by @tiborvass) +* Update build dependencies in Dockerfile (#1711 by @dqminh) + +## v1.0.0-rc5 [2018-02-27] + +* release v1.0.0~rc5 (https://github.com/opencontainers/runc/commit/4bb1fe4a by @cyphar) +* libcontainer: setupUserNamespace is always called (#1743 by @ynirk) +* fix lint error in specconv (#1736 by @allencloud) +* Update console dependency to fix runc exec on BE (#1727 by @pmorjan) +* adding go get instruction to readme (#1729 by @vsoch) +* fix systemd slice expansion so that it could be consumed by cAdvisor (#1722 by @ravisantoshgudimetla) +* libcontainer/capabilities_linux: Drop os.Getpid() call (#1724 by @wking) +* man: Fix manpages related to console (#1695 by @Taeung) +* Warning message if 'go-md2man' is not yet installed (#1685 by @Taeung) +* chroot when no mount namespaces is provided (#1702 by @crosbymichael) +* libcontainer/state_linux_test: Add a testTransitions helper (#1703 by @wking) +* kill.go: Remove unnecessary checks (#1706 by @unshare) +* make: validate C format (#1699 by @AkihiroSuda) +* Avoid race when opening exec fifo (#1698 by @craigfurman) +* libcontainer: expose annotations in hooks (#1687 by @runcom) +* Pin version of gojsonschema in tests (#1682 by @BooleanCat) +* Fix race against systemd (#1683 by @vikaschoudhary16) +* libcontainer: Do not wait for signalled processes if subreaper is set (#1678 by @sboeuf) +* RFC: libcontainer: remove dependency on libapparmor (#1675 by @tklauser) +* specconv: avoid skipping gidmappings applied when uidmappings is empty (#1665 by @Mashimiao) +* support unbindable,runbindable for rootfs propagation (#1655 by @Mashimiao) +* Update criu_opts_linux.go (#1667 by @allencloud) +* stopped container can't be checkpoint (#1669 by @Mashimiao) +* enable integration test on arm64 platform (#1642 by @lubinsz) +* remove placeholder for non-linux platforms (#1654 by @dqminh) +* Ensure container tests do not write on the host (#1661 by @danail-branekov) +* libcontainer: drop FreeBSD support (#1664 by @tklauser) +* Delete xattr related code (#1660 by @danail-branekov) +* systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling (#1651 by @sjenning) +* Import docker/docker/pkg/mount into runc (#1644 by @vdemeester) +* Add build 1.9 to travis (#1645 by @vdemeester) +* Remove pkg/symlink from docker/docker and use cyphar/filepath-securejoin (#1622 by @vdemeester) +* enable unit test on arm64 platform (#1640 by @jongwu) +* specconv.Example(): add /proc/scsi to masked paths (#1641 by @AkihiroSuda) +* Avoid disk usage explosion when copying busybox (#1629 by @danail-branekov) +* Specconv: Test create command hooks and seccomp setup (#1626 by @fntlnz) +* tests: add missing cgroups_kmem requirement (#1621 by @monstermunchkin) +* WIP: Better testsuite for specconv (#1619 by @fntlnz) +* tests: add various !terminal tests (#1357 by @cyphar) +* libcontainer: handler errors from terminate (#1607 by @crosbymichael) +* trailing punctuation in header (#1206 by @YuPengZTE) +* Fix breaking change in Seccomp profile behavior (#1616 by @mheon) +* libcontainer: intelrdt: fix a GetStats() issue (#1615 by @xiaochenshen) +* specconv: emit an error when using MS_PRIVATE with --no-pivot (#1606 by @cyphar) +* libcontainer: use Major/Minor from x/sys/unix (#1614 by @tklauser) +* add additional-gids to runc exec (#1608 by @crosbymichael) +* Propagate the correct argv0 when re-execing (#1453 by @petrosagg) +* Support cgroups with limits as rootless (#1540 by @williammartin) +* libcontainer: merge common syscall implementations (#1613 by @tklauser) +* Update libseccomp-golang dependency for filter generation bugfix (#1424 by @mheon) +* Add mips support (#1475 by @vstefanovic) +* rootfs: switch ms_private remount of oldroot to ms_slave (#1500 by @cyphar) +* libcontainer: cgroups: Write freezer state after every state check (#1610 by @sboeuf) +* make localintegration fails on Ubuntu 17.04 (#1528 by @leitwolf7) +* libcontainer: intelrdt: add update command support (#1590 by @xiaochenshen) +* libcontainer: create Cwd when it does not exist (#1604 by @AkihiroSuda) +* Set initial console size based on process spec (#1275 by @williammartin) +* Bump console and sys deps (#1600 by @crosbymichael) +* libcontainer: remove unnecessary type conversions (#1599 by @tklauser) +* libcontainer: default mount propagation correctly (#1598 by @euank) +* Delete unused variable (#1597 by @s7v7nislands) +* Drop support golang 1.5 (#1593 by @s7v7nislands) +* Apply cgroups earlier (#1586 by @crosbymichael) +* Disable systemd in static build (#1579 by @yongtang) +* Use `netgo` for static build (#1577 by @yongtang) +* tty: move IO of master pty to be done with epoll (#1455 by @dqminh) +* Support multiple users/groups mapped for the rootless case (#1529 by @giuseppe) +* Delete unused function (#1588 by @s7v7nislands) +* Fixes #1585 config.Namespaces is empty when accessed (#1587 by @Mashimiao) +* libcontainer: intelrdt: use init() to avoid race condition (#1589 by @xiaochenshen) +* init: delay seccomp application as late as possible (#1569 by @cyphar) +* checkpoint: support lazy migration (#1541 by @adrianreber) +* libcontainer: add support for Intel RDT/CAT in runc (#1279 by @xiaochenshen) +* signal: ignore tty.resize errors (#1575 by @cyphar) +* travis: drop shfmt install (#1578 by @cyphar) +* fix --read-only containers under --userns-remap (#1572 by @tych0) +* Fix systemd cgroup after memory type changed (#1573 by @hqhq) +* init: switch away from stateDirFd entirely (#1570 by @cyphar) +* Add AutoDedup option to CriuOpts (#1561 by @thegrumpylion) +* Check error return values (#1560 by @tklauser) +* fix panic when Linux is nil for rootless case (#1559 by @Mashimiao) +* release: import umoci's release.sh script (#1554 by @cyphar) +* Update state after update (#1558 by @hqhq) +* makefile: enable -buildmode=pie (#1542 by @cyphar) +* makefile: drop usage of --install (#1555 by @cyphar) +* Fix flaky test TestNotifyOnOOM (#1556 by @hqhq) +* fix panic when Linux is nil (#1551 by @crosbymichael) +* Handle non-devices correctly in DeviceFromPath (#1553 by @mlaventure) +* Pass back the pid of runc:[1:CHILD] so we can wait on it (#1506 by @LittleLightLittleFire) +* Use CRIU VERSION RPC if available (#1535 by @adrianreber) +* Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" (#1548 by @mlaventure) +* Fix condition to detect device type in DeviceFromPath (#1544 by @mlaventure) +* Move user pkg unix specific calls to unix file (#1545 by @mlaventure) +* Remove @avagin as a maintainer (#1543 by @avagin) +* Fix issues found by staticcheck (#1537 by @tklauser) +* Always save own namespace paths (#1477 by @yummypeng) + +## v1.0.0-rc4 [2017-08-10] + +* VERSION: release v1.0.0-rc4 (#1532 by @cyphar) +* Updated logrus to v1 (#1526 by @stevenh) +* Remove the code that close negative descriptor (#1533 by @keloyang) +* README.md: adjust capabilities section in config.json example (#1534 by @tklauser) +* libcontainer: one more switch from syscall to x/sys/unix (#1530 by @tklauser) +* Bump the spec up to v1.0.0 (#1527 by @mrunalp) +* update gocapability (#1524 by @Mashimiao) +* libcontainer: use additional functions and constants from x/sys/unix (#1519 by @tklauser) +* list: fix various problems with owner field (#1516 by @cyphar) +* Fix integration when missing criu (#1245 by @WeiZhang555) +* Update runtime-spec to rc6+ (#1518 by @crosbymichael) +* Use Prctl() and ioctl wrapper functions from x/sys/unix (#1504 by @tklauser) +* libcontainer/user: add supplementary groups only for non-numeric users (#1450 by @vrothberg) +* Remove shfmt (#1510 by @crosbymichael) +* `*`: fix shfmt (#1505 by @cyphar) +* Expose memory.use_hierarchy in MemoryStats (#1378 by @derekwaynecarr) +* libcontainer/specconv/spec_linux: Add support for (no)lazytime (#1460 by @wking) +* runc only works on Linux so remove putative Solaris and unsupported main (#1502 by @justincormack) +* Update spec to master, switch to int64 for memory limits (#1495 by @justincormack) +* Fix checkpoint/restore tests with newer kernel (#1496 by @dqminh) +* Use keyctl wrappers from x/sys/unix (#1482 by @tklauser) +* Use Eventfd() from golang.org/x/sys/unix (#1491 by @tklauser) +* libcontainer/container_linux: Consider process state (running, zombie, etc.) in runType (#1489 by @wking) +* update READ.me for new struct configs.Config.Capabilities (#1481 by @elianka) +* tests: redirect runc log messages to stderr (#1484 by @avagin) +* libcontainer/console_linux.go: Make SaneTerminal public (#1479 by @wking) +* travis: set go_import_path to github.com/opencontainers/runc (#1388 by @avagin) +* Use Prctl() from x/sys/unix instead of own wrapper (#1478 by @tklauser) +* Update spec to 239c4e44f2a612ed85f6db9c66247aa33f4 (#1473 by @crosbymichael) +* Use `NLA_*` constants from x/sys/unix instead of syscall (#1474 by @tklauser) +* Use symlink xattr functions from x/sys/unix (#1470 by @tklauser) +* Switch examples in README.md from syscall to x/sys/unix (#1467 by @tklauser) +* vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d (#1464 by @wking) +* Allow specification of general Go build flags and ldflags (#1452 by @justincormack) +* Move libcontainer to x/sys/unix (#1442 by @clnperez) +* Fix setup cgroup before prestart hook (#1239 by @moypray) +* Handle container creation when cgroups have already been mounted in another location (#1372 by @craigfurman) +* Dump and restore containers with external terminals (#1355 by @avagin) +* Ignore error when force deleting a non-existing container (#1451 by @runcom) +* Clean up unix vs linux usage (#1447 by @justincormack) +* add createdState and runningState status testcase (#1410 by @chchliang) +* Fix comments about when to pivot_root (#1438 by @hqhq) +* tests: don't call wait_for_container after synchronous operations (#1433 by @avagin) +* Issue #1429 : Removing check for id string length (#1435 by @harche) +* update man page for `runc update` (#1436 by @sak0) +* Remove redundant declaration of namespace slice (#1428 by @harche) +* Allow updating pids limit (#1423 by @mlaventure) +* Add a rootless section to "spec" man page and command help (#1425 by @jwendell) +* Optimizing looping over namespaces (#1418 by @harche) +* vendor: clean up to be better written (#1408 by @cyphar) +* Don't try to read freezer.state from the current directory (#1387 by @avagin) +* Fix misspelling of "properties" in various places (#1412 by @tpot) +* Update examples on README to allow rootless execution (#1414 by @jwendell) +* add testcase in generic_error_test.go (#1402 by @chchliang) +* Set container state only once during start (#1396 by @harche) +* Use opencontainers/selinux package (#1365 by @hqhq) +* Revert back to using /sbin (#1406 by @crosbymichael) +* restore: apply resource limits (#1399 by @avagin) +* checkpoint: check if system supports pre-dumping (#1371 by @adrianreber) +* could load a stopped container. (#1400 by @sak0) +* Fix console syscalls (#1398 by @clnperez) +* libcontainer: rewrite cmsg to use sys/unix (#1394 by @cyphar) +* Rootless Containers (#774 by @cyphar) +* .travis.yml: Don't require FETCH_HEAD (partial fix for failing master tests) (#1383 by @wking) +* travis: use alternate commit range (#1382 by @vbatts) + +## v1.0.0-rc3 [2017-03-21] + +* Bump up runc version to v1.0.0-rc3 (#1377 by @mrunalp) +* fix panic regression when config doesnt have caps (#1380 by @dqminh) +* Use uint64 for resources to keep consistency with runtime-spec (#1375 by @hqhq) +* Revert "fix minor issue" (#1374 by @cyphar) +* Add separate console socket (#1356 by @crosbymichael) +* fix minor issue (#1373 by @moypray) +* Update runtime spec to rc5 (#1370 by @mrunalp) +* Remove unused ExecFifoPath (#1366 by @hqhq) +* Update devices_unix.go for LXD (#1327 by @CarltonSemple) +* Only allow single container operation (#1363 by @hqhq) +* Remove lk4d4 as a maintainer (#1362 by @crosbymichael) +* Remove unused function in systemd cgroup (#1360 by @hqhq) +* fix cpu.cfs_quota_us changed when systemd daemon-reload using systemd. (#1344 by @xuxinkun) +* Don't fchown when inheriting io (#1354 by @crosbymichael) +* Container can be in stopped status from created status. (#1353 by @sak0) +* user: fix the parameter error (#1280 by @datawolf) +* Fix kmem accouting when use with cgroupsPath (#1350 by @hqhq) +* Carry #998: Use vndr tool for vendoring (#1340 by @dqminh) +* fix systemd-notify when using a different PID namespace (#1308 by @giuseppe) +* add pre-dump and parent-path to checkpoint (#1001 by @x1022as) +* Add --preserve-file-descriptors=N to create (#1320 by @ijc) +* small cleanup for `runc ps` man pages (#1342 by @sak0) +* Fix state when `_LIBCONTAINER` in environment (#1317 by @hqhq) +* Don't override system error (#1339 by @cpuguy83) +* ps: --format value check (#1332 by @sak0) +* update go version at travis-ci (#1335 by @mcuadros) +* Fix race condition when sync with child and grandchild (#1237 by @hqhq) +* Use %zu for printing of size_t values (#1336 by @crosbymichael) +* Fixes set memory to unlimited (#1127 by @boynux) +* fix typo (#1328 by @sak0) +* support create device with type p and u (#1321 by @Mashimiao) +* Small cleanup (#1316 by @hqhq) +* libcontainer: rootfs_linux: support overlayfs (#1314 by @runcom) +* libcontainer: selinux: fix DupSecOpt and DisableSecOpt (#1312 by @runcom) +* Only wait for processes after delivering SIGKILL in signalAllProcesses (#1285 by @stevenh) +* Correct docs typo for restoredState. (#1309 by @stevenh) +* Correct container.Destroy() docs (#1310 by @stevenh) +* Resolve InitArgs to ensure init works (#1293 by @stevenh) +* kill: requires max 2 arguments (#1305 by @giuseppe) +* libcontainer: init: only pass stateDirFd when creating a container (#1274 by @cyphar) +* Revert "DupSecOpt needs to match InitLabels" (#1303 by @runcom) +* Add godoc links to README.md files (#1284 by @stevenh) +* Ensure pipe is always closed on error in StartInitialization (#1294 by @stevenh) +* Call defer tty.Close() earlier (#1300 by @hqhq) +* fix typos by the result of golint checking (#1205 by @YuPengZTE) +* Add nsenter details to libcontainer README.md (#1298 by @stevenh) +* Remove a compiler warning in some environments (#1291 by @justincormack) +* using golang-style assignment (#1288 by @rainrambler) +* move error check out of the for loop (#1278 by @datawolf) +* Ignore cgroup2 mountpoints (#1266 by @mrunalp) +* kill: make second argument optional (#1282 by @giuseppe) +* small refactor (#1249 by @datawolf) +* Bump golang to 1.7.4 (#1271 by @hqhq) +* Do not create cgroup dir name from combining subsystems (#1268 by @hqhq) +* Cleanup: remove redundant code (#1260 by @coolljt0725) +* Fix regression of exec command (#1265 by @WeiZhang555) +* checkpoint: handle config.Devices and config.MaskPaths (#1110 by @avagin) +* Fix the outdated comment for Error interface (#1248 by @datawolf) +* cgroups: update the comments (#1251 by @datawolf) +* remove `-i` option to avoid failure of jenkins in non-interactive mode. (#1252 by @FengtuWang) +* Fix go_vet errors (#1254 by @hqhq) +* Fix typos (#1255 by @hqhq) +* Simplify error handling on function return (#1257 by @mrunalp) +* Remove unused code and unnecessary conversion (#1258 by @mrunalp) +* Fix error shadow and error check warnings (#1259 by @mrunalp) +* Makefile: add manpage cleanup (#1232 by @Mashimiao) +* Fix leftover cgroup directory issue (#1196 by @hqhq) +* Add badge for Go Report Card (#1253 by @xlgao-zju) +* Add Travis CI badge to README (#1250 by @caniszczyk) +* `*`: fix go-vet failures (#1243 by @cyphar) +* travis: add travis-ci (#1246 by @cyphar) +* Add integration for update rt period and runtime (#1203 by @WeiZhang555) +* Split the code for remounting mount points and mounting paths. (#1222 by @justincormack) +* Check args numbers before application start (#1158 by @WeiZhang555) +* Don't add device to list if it doesn't exist anymore (#1217 by @mrunalp) +* Sync HookState struct with OCI spec (#1201 by @WeiZhang555) +* Bump runtime-spec to v1.0.0-rc3 (#1233 by @WeiZhang555) +* rename ocitools to oci-runtime-tool (#1231 by @Mashimiao) +* Clean apt archives and source directories in Dockerfile (#1226 by @nhlfr) +* validate: Check that the given namespace path is a symlink (#1221 by @sameo) +* Consoles, consoles, consoles. (#1018 by @cyphar) +* Fix thread safety of SelinuxEnabled and getSelinuxMountPoint (#1216 by @eparis) +* `*`: add information about security mailing list (#1213 by @cyphar) +* Fix typo. (#1211 by @yummypeng) +* Fix typo (#1210 by @xianlubird) +* delete unused variable (#1207 by @datawolf) +* tiny refactor (#1208 by @datawolf) +* fix typos (#1204 by @allencloud) +* Fix cpuset issue with cpuset.cpu_exclusive (#1194 by @hqhq) +* Sync with grandchild (#1154 by @hqhq) +* godeps: update go-systemd to v14 (#1199 by @squeed) +* Add shell formatting via shfmt (#1192 by @mvdan) +* Fixing error message in nsexec (#1187 by @rajasec) +* fix the pid-file option for runc exec/run/create command (#1128 by @datawolf) +* Adding update command in help-bats (#1182 by @rajasec) +* Add --all flag to kill (#1180 by @crosbymichael) +* More fix to nsexec.c's comments (#1168 by @hqhq) +* Add bash completions for new flags of `update` (#1177 by @WeiZhang555) +* Allow update rt_period_us and rt_runtime_us (#1173 by @WeiZhang555) +* add test cases for exec command (#1133 by @datawolf) +* libcontainer: io: stop screwing with \n in console output (#1146 by @cyphar) +* Move ambient capabilties behind build tag (#1172 by @crosbymichael) +* Remove panic from init (#1117 by @crosbymichael) +* fix error message (#1171 by @Crazykev) +* nsenter: fix up comments (#1165 by @cyphar) +* Fix all typos found by misspell (#1160 by @hqhq) +* Updating container state and status API in README (#1157 by @rajasec) +* Unify rootfs validation (#1159 by @hqhq) +* Small correction in update resource file usage (#1161 by @rajasec) +* Correction in util error messages (#1162 by @rajasec) +* man page update for delete command (#1163 by @rajasec) +* Clarify libseccomp installation in guide (#1164 by @resouer) +* Remove unnecessary cloneflag validation (#1153 by @hqhq) +* Detect and forbid duplicated namespace in spec (#1150 by @WeiZhang555) +* Make parent mount private before bind mounting rootfs (#1148 by @rhvgoyal) +* validator: unbreak sysctl `net.*` validation (#1149 by @cyphar) +* Check pid file (#1147 by @datawolf) +* nsenter: guarantee correct user namespace ordering (#977 by @cyphar) +* Small typo in README (#1141 by @rajasec) +* check the arguments for `runc create` (#1129 by @datawolf) +* docker/docker#27484-check if sysctls are used in host network mode. (#1138 by @gaocegege) +* rootfs: make pivot_root not use a temporary directory (#1125 by @cyphar) +* Updating bash completion for ps command (#1140 by @rajasec) +* fix nits in stderr log (#1139 by @allencloud) +* add test cases for create command (#1132 by @datawolf) +* add test cases for list command (#1131 by @datawolf) +* Add support for copying up directories into tmpfs when a tmpfs is mounted over them (#845 by @mrunalp) +* Some refactor and cleanup (#1134 by @WeiZhang555) +* Fix issue in `GetProcessStartTime` (#1136 by @yongtang) +* Ignore error when starting transient unit that already exists (#1124 by @derekwaynecarr) +* tests: mask: use test paths rather than /sys (#1121 by @cyphar) +* ps error logging improvement (#1091 by @rajasec) +* checkpoint: fix gofmt (#1120 by @cyphar) +* update the man for runc delete command (#1118 by @datawolf) +* Add num check for kill command (#1105 by @keloyang) +* Fixing runc panic for missing file mode (#1115 by @rajasec) +* Add support for r/o mount labels (#1112 by @rhatdan) +* start multi-containers with `runc start` command (#1074 by @datawolf) +* pause and resume multi-containers (#1075 by @datawolf) +* Fixing runc panic during hugetlb pages (#1116 by @rajasec) +* Valide platform on loading config.json (#1114 by @coolljt0725) +* DupSecOpt needs to match InitLabels (#1109 by @rhatdan) +* tiny fix, add a null check for specs.Resources.Pids.Limit (#1111 by @keloyang) +* remove /tmp/bats from dev_runc (#1097 by @keloyang) +* fix typos with misspell (#1108 by @dqminh) +* just fix a typo (#1107 by @datawolf) +* tiny fix (#1106 by @xlgao-zju) +* Delete: exit with non zero if one of the containers encountered an error (#1078 by @datawolf) +* Revert "simplify ps command" (#1102 by @datawolf) +* Add integration test for ps command (#784 by @hqhq) +* simplify ps command (#1092 by @datawolf) +* Don't enable kernel mem if not set (#1095 by @crosbymichael) +* systemd cgroup driver supports slice management (#1084 by @derekwaynecarr) +* Ensure we log into logrus on command error (#1089 by @mlaventure) +* Remove check for binding to / (#1090 by @crosbymichael) +* Fix typo when container does not exist (#1087 by @williammartin) + +## v1.0.0-rc2 [2016-10-01] + +* Bump spec and version to rc2 (#1088 by @crosbymichael) +* Set ambient capabilities where supported (#1086 by @justincormack) +* Refactor enum map range to slice range (#1081 by @ggaaooppeenngg) +* Remove the workaround which add a -- flag to runc ps command (#1065 by @keloyang) +* Fix TestGetAdditionalGroups on i686 (#1080 by @hqhq) +* [integration] add testcases for `runc delete` command (#1069 by @datawolf) +* Container must not checkpoint in created state (#1076 by @rajasec) +* Updating libcontainer README for container run (#1077 by @rajasec) +* MaskPaths: support directory (#1068 by @AkihiroSuda) +* Bug fix for make dbuild (#1072 by @keloyang) +* [unittest] add extra ErrorCode in TestErrorCode testcase (#1063 by @datawolf) +* Ps/exec parameter fix (#1051 by @keloyang) +* enhance runc delete command (#1053 by @datawolf) +* cgroup: using WriteCgroupProc to write the specified pid into the cgroup's cgroup.procs file (#1059 by @datawolf) +* update the comment for container.Pause() method on linux (#1058 by @datawolf) +* Add flag to allow getting all mounts for cgroups subsystems (#1049 by @mrunalp) +* Use same state object for state and list (#1048 by @crosbymichael) +* Fix typo (#1060 by @yummypeng) +* remove duplicate test command on integration (#1056 by @datawolf) +* Fix update cpuset on single processor box (#1052 by @hqhq) +* Update golang to 1.7.1 (#1055 by @hqhq) +* Fix error messages to give information of relabeling failed (#1046 by @rhatdan) +* Fix check config (#1023 by @zhaoleidd) +* Allow recrusive generic error (#1045 by @hqhq) +* Continue for list on errors (#1039 by @crosbymichael) +* Removing fatal error from events in stopped state (#1043 by @rajasec) +* move m.GetPaths out of the loop (#1042 by @datawolf) +* Add privileged to make dbuild (#1022 by @hqhq) +* Adding bash completion for create and run (#1027 by @rajasec) +* Update runtime-spec to current upstream (#1036 by @athomason) +* Fix make release error (#1038 by @keloyang) +* Fix runc ps issue (#1013 by @hqhq) +* Fix typo. (#1028 by @yummypeng) +* Change netclassid json tag (#1033 by @crosbymichael) +* Introduce make release (#914 by @zhaoleidd) +* Typo in README.md (#1026 by @rajasec) +* remove redundant by in annotation(nsexec.c) (#1019 by @keloyang) +* Append string "-dirty" to version if git repo is unclean (#1017 by @WeiZhang555) +* Tiny refactor: remove unused local variables (#1024 by @WeiZhang555) +* Makefile: Fix wrong dependency of "integration" target (#1020 by @forever043) +* Fix null point reference panic (#1012 by @hqhq) +* Fix default cgroup path (#1009 by @hqhq) +* Combine runctestimage and runcimage (#1008 by @hqhq) +* Fix runtime-spec repository reference in README (#1011 by @jonboulle) +* Error handling when container not exists (#1003 by @rajasec) +* Not exec a container from stopped state (#880 by @rajasec) +* cli: Workaround for ps's argument (#933 by @zhaoleidd) +* Add "--" exec cli support for command arguments (#906 by @TristanCacqueray) +* Updated the libcontainer interface comments (#815 by @rajasec) +* Return 0 for pid if container is stopped (#1002 by @crosbymichael) +* Fix and refactor init args (#934 by @macrosheep) +* Support 32 bit UID on i386 (#988 by @chlunde) +* let defer function (#997 by @xiekeyang) +* Test: Make TestCaptureTestFunc pass in localunittest (#987 by @zhaoleidd) +* Adjust man pages for create start split (#878 by @hqhq) +* Restored-from-checkpoint containers should have a start time (#995 by @estesp) +* Fix race condition when using cgroups.Paths (#970 by @hqhq) +* remove unused code (#994 by @xiekeyang) +* Disable the subreaper on exec (#993 by @crosbymichael) +* move util function (#992 by @xiekeyang) +* Fix format specifier for size_t (#989 by @mrunalp) +* nsenter: major cleanups (#950 by @cyphar) +* checkMountDesktionation: add swaps and uptime to /proc whitelist (#985 by @hallyn) +* Do not create /dev/fuse by default (#983 by @justincormack) +* Set the cpu cgroup RT sched params before joining. (#860 by @bgray) +* Adding /proc/timer_list to the masked paths list (#981 by @dims) +* tests: add requires cgroups_kmem (#972 by @brauner) +* libcontainer/configs: make hooks run safer (#980 by @LK4D4) +* Fix the err info of chdir(cwd) failure (#979 by @haiyanmeng) +* Fix the err info of mount failure (#978 by @haiyanmeng) +* Use absolute cgroup path for integration test (#974 by @hqhq) +* Cleanup GetLongBit (#968 by @hqhq) +* Remove kmem Initialization check while setting memory configuration (#962 by @dubstack) +* fix init.scope in cgroup paths (#966 by @sjenning) +* Skip updates on parent Devices cgroup (#958 by @dubstack) +* Change git -C reset to git reset (#943 by @johnbieren) +* libcontainer: rename keyctl package to keys (#963 by @guilhermebr) +* UNITTEST: Bypass userns test on platform without userns support (#964 by @zhaoleidd) +* Fix help message for memory-swap (#850 by @hqhq) +* Revert "Use update time to detect if kmem limits have been set" (#961 by @hqhq) +* Fix cgroup Set when Paths are specified (#611 by @mrunalp) +* Allow cgroup creation without attaching a pid (#956 by @dubstack) +* Add runc list man change (#954 by @hqhq) +* integration_testing: Fix a output typo (#957 by @zhaoleidd) +* Fix libcontainer/nsenter/README.md (#951 by @haiyanmeng) +* fix setting net_cls classid (#937 by @hushan) +* Fixed typo in build constraint. (#947 by @hencrice) +* configs: fix json tags for `CpuRt*` options (#949 by @cyphar) +* libcontainer: Add a helper func to set CriuPath (#936 by @macrosheep) +* Let the user explicitly specify `additionalGids` on `runc exec` (#913 by @georgethebeatle) +* Fix typo (#942 by @ggaaooppeenngg) +* address issue #797 by adding additional documentation (#939 by @mikebrow) +* Use update time to detect if kmem limits have been set (#935 by @vishh) +* Make state detection precise (#930 by @hqhq) +* Add force to delete (#928 by @mlaventure) +* Use git branch name as tag when building images (#929 by @mlaventure) +* rootfs: clean up (#925 by @cyphar) +* tests: add tests with {u,g}id != 0 (#922 by @cyphar) +* Fix ps argument manual (#919 by @zhaoleidd) +* remove unused returned variables name (#917 by @xiekeyang) +* Fix fifo usage with userns and not root users (#912 by @crosbymichael) +* cgroups: Fix issue if cgroup path contains : (#904 by @euank) +* Use cli default value for list format (#879 by @hqhq) +* Update for stopped container (#881 by @rajasec) +* tests: add debug information for failing tests (#889 by @cyphar) +* Use fifo for create / start instead of signal handling (#886 by @crosbymichael) +* Removing unused variable for cgroup subsystem (#908 by @rajasec) +* Update readme for create start (#905 by @crosbymichael) +* Add option to disable new session keys (#874 by @crosbymichael) +* bug fix, LeafWeight nil err (#893 by @keloyang) +* fail if path to devices subsystem is missing (#896 by @brauner) +* readme: Mention the go 1.6 requirement in the README for building runc (#902 by @mrunalp) +* bats: Fix spec validation test (#900 by @mrunalp) +* godeps: bump libseccomp-golang to 32f571b70023028bd57d9288c20efbcb237f3ce0 (#894 by @cyphar) +* Add error return to action function signature (#891 by @mrunalp) +* restore: add the empty-ns option (#890 by @avagin) +* Replace github.com/codegangsta/cli by github.com/urfave/cli (#885 by @mrunalp) +* Updating README for starting the container (#877 by @rajasec) +* cleanup ps.go (#882 by @hushan) + +## v1.0.0-rc1 [2016-06-04] + +* Bump spec and update runc to 1.0.0-rc1 (#876 by @crosbymichael) +* Fixed typo in docstring (#873 by @joe2far) +* Updating README with set interface (#868 by @rajasec) +* runc events hang for zero duration (#872 by @rajasec) +* Implement create and start (#827 by @crosbymichael) +* Removing the nil check for process label (#867 by @rajasec) +* Add annotations to list and state output (#869 by @crosbymichael) +* seccomp: Add ppc and s390x to seccomp/config.go (#864 by @michael-holzheu) +* bash completion step for update command (#854 by @rajasec) +* Update man pages to refect the latest cli change (#851 by @hqhq) +* Improve update memory (#857 by @hqhq) +* systemd cgroup: check for Delegate property (#865 by @dqminh) +* Disallow self-LGTMs (#863 by @hqhq) +* README: Destroy container before fatal (#852 by @hqhq) +* Add VERSION file to contain the version info (#856 by @hqhq) +* Remove use_hierarchy check when set kernel memory (#853 by @hqhq) +* Changing OCF to OCI in README (#855 by @rajasec) +* Update manuals (#843 by @zhaoleidd) +* Integration framework cleanup (#837 by @cyphar) +* checkpoint: add the empty-ns option (#849 by @avagin) +* pullapprove: use the right team (#848 by @cyphar) +* Add PullApprove support (#847 by @caniszczyk) +* Add bash completion support (#817 by @rhatdan) +* Allow + in container ID (#675 by @pankit) +* Unify log setting's error output (#844 by @zhaoleidd) +* godeps: update seccomp to 60c9953736798c4a04e90d0f3da2f933d44fd4c4 (#842 by @cyphar) +* Fix update kernel memory test (#828 by @hqhq) +* `*`: correctly chown() consoles (#836 by @cyphar) +* Update cli package (#810 by @hqhq) +* Fix outdated comment for loadSpec (#835 by @zhaoleidd) +* Fix some spelling typo in manual (#833 by @zhaoleidd) +* libcontainer: Fix Running Comment (#832 by @valasabk) +* Updated description in SPEC (#830 by @rajasec) +* Add check_config.sh for runc (#826 by @hqhq) +* Add comments for error cases in status functions (#825 by @hqhq) +* integration: fix cgroup parsing (#812 by @cyphar) +* Update nsenter README (#824 by @ggaaooppeenngg) +* Updating runc man page (#822 by @rajasec) +* Fix GetLongBit() returns value when `_SC_LONG_BIT` is not available (#823 by @mlaventure) +* libcontainer: nsenter: nsexec.c: fix warnings (#821 by @runcom) +* Revert "Need to make sure labels applied to /dev" (#816 by @cyphar) +* Adding kernel mem tcp for update command (#813 by @rajasec) +* Add man page and fix typo for update command (#809 by @hqhq) +* Runc update cgroup kmem limit (#790 by @mlaventure) +* Use full test suite on make test (#783 by @cyphar) +* Updating error condition in applying apparmor profile (#804 by @rajasec) +* Change OCF to OCI in help string and man page. (#800 by @mrunalp) +* Need to make sure labels applied to /dev (#796 by @rhatdan) +* Use '=' instead of ':' separator on labels (#793 by @bboreham) +* Correct outdated URL (#795 by @jimberlage) +* If possible, apply seccomp rules immediately before exec (#789 by @justincormack) +* Change specs to runtime-spec in integration test (#782 by @hqhq) +* Fix integration test for events (#786 by @hqhq) +* Remove sniffTest (#785 by @hqhq) +* Improve stats output format for stability (#780 by @crosbymichael) +* Add json format to ps command (#779 by @crosbymichael) +* Add ps command (#767 by @hqhq) +* Not showing up the events for destroyed container (#768 by @rajasec) +* libcontainer: specconv: fix nil dereference in resource setup (#777 by @cyphar) +* Updating README for runc path (#776 by @rajasec) +* Adding selinux check during container start (#679 by @rajasec) +* Eliminate redundant parsing of mountinfo (#608 by @inatatsu) +* Bump up spec and add support for mount label (#773 by @mrunalp) +* Add target man in Makefile (#766 by @hqhq) +* adds client api integration tests for runc using bash w/bats (#659 by @mikebrow) +* Updating kcore in validator test (#772 by @rajasec) +* Fixing index out of range during exec of container (#740 by @rajasec) +* Add infomation about ocitools in runc spec (#765 by @hqhq) +* Makefile fixes (#738 by @codido) +* Update the comment for container pause (#758 by @rajasec) +* Add -q to list to print only container IDs (#751 by @mrunalp) +* nsexec: fix build against musl libc (#762 by @ncopa) +* Allow mounting cgroups as read-only when user namespace is configured (#763 by @mrunalp) +* Add cause to error messages (#759 by @crosbymichael) +* Typo in SPEC.md (#757 by @rajasec) +* handling error for userns (#672 by @rajasec) +* updating man page for start option (#753 by @rajasec) +* Fix OCI reference in README (#749 by @jonboulle) +* README.md: simplify Docker image example (#748 by @runcom) +* Switch from mixed jessie/testing to jessie+backports for libseccomp (#750 by @tianon) +* Get runc to build clean on Solaris (#747 by @amitkris) +* Fix trivial style errors reported by `go vet` and `golint` (#745 by @AkihiroSuda) + +## v0.1.1 [2016-04-25] + +* Bump to v0.1.1 for selinux mount label fix (#778 by @crosbymichael) + +## v0.1.0 [2016-04-12] + +* Update to version 0.1.0 (#746 by @crosbymichael) +* Makefile: install to /usr/local/sbin (#702 by @cyphar) +* Fix problem when swap memory unsupported (#744 by @hqhq) +* Add unit tests for the utils package (#739 by @albertoleal) +* Add unit tests for configs.Hooks (#717 by @albertoleal) +* HookState adhears to OCI (#724 by @glestaris) +* Fix setupDev logic in rootfs_linux.go (#742 by @LK4D4) +* Fix for runc failing when rootfs has a trailing slash (#736 by @mrunalp) +* Add label.GetFileLabel interface (#730 by @rhatdan) +* Fix broken build due to missing import (#737 by @mrunalp) +* Synchronize writes to mcs map (#735 by @mrunalp) +* Report hook output on error (#734 by @crosbymichael) +* Fix the build by removing go get for vet (#729 by @mrunalp) +* Updating README with container signal interaction (#722 by @rajasec) +* Add unit tests for validate.Validator (#718 by @albertoleal) +* Typo on Readme file. (#723 by @albertoleal) +* Fix problem when update memory and swap memory (#592 by @hqhq) +* Bump spec for masked and readonly paths (#716 by @crosbymichael) +* Fixing rlimit sigpending value (#721 by @rajasec) +* Fixup incorrect package name in a comment (#712 by @mrunalp) +* Return a more meaningful error when namespaces are disabled (#711 by @rhatdan) +* Add --no-pivot option for containers on ramdisk (#710 by @crosbymichael) +* libcontainer: user: always treat numeric ids numerically (#708 by @cyphar) +* Remove container root dir from an aborted start (#703 by @crosbymichael) +* Bump spec and implement hook timeout (#706 by @crosbymichael) +* Only perform mount labelling when necessary (#683 by @thtanaka) +* Fix hanging tests when run without root (#700 by @marcosnils) +* Refactor nsexec.c and add some comments (#686 by @hqhq) +* Use %v for map structure format (#698 by @ggaaooppeenngg) +* Fix typo (#699 by @ggaaooppeenngg) +* Fix libcontainer README.md example config (#696 by @hartzler) +* Set rlimits using prlimit in parent (#687 by @julz) +* Remove log from seccomp package (#691 by @crosbymichael) +* Export CreateLibcontainerConfig (#688 by @codido) +* Move lockthread to package level (#690 by @crosbymichael) +* fix typos (#685 by @allencloud) +* Dont cleanPath for systemd cgroup paths. (#682 by @anusha-ragunathan) +* Add support for enabling systemd cgroups (#667 by @mrunalp) +* Show proper error from init process panic (#677 by @tonistiigi) +* fixing typo in device access error (#673 by @rajasec) +* Set oom_score_adj before we send the config to avoid race (#668 by @mrunalp) +* Fix the kmem TCP test (#669 by @mrunalp) +* Add more information in the error messages when writing to a file (#651 by @mrunalp) +* libcontainer: cgroups: deal with unlimited case for pids.max (#644 by @cyphar) +* libcontainer: cgroups: add support for kmem.tcp limits (#665 by @cyphar) +* Export user and group lookup errors as variables. (#650 by @novln) +* adds detail to runc start and spec help text (#661 by @mikebrow) +* Fixing valid-id in regex (#647 by @rajasec) +* Fix help info of init command (#658 by @hqhq) +* remove deadcode (#653 by @jessfraz) +* Sync on the pid file to ensure the write is persisted (#655 by @mrunalp) +* Create pid-file atomically (#652 by @crosbymichael) +* Destroy container along with processes before stdio (#646 by @crosbymichael) +* Don't link runc every time (#604 by @hqhq) +* Set Delegate to true for cgroups transient units (#648 by @mrunalp) +* Ensure logs are flushed (#637 by @crosbymichael) +* MAINTAINERS: add Aleksa Sarai to maintainers (#503 by @cyphar) +* Adding spec validation for exec and start (#623 by @rajasec) +* Add make uninstall command (#643 by @hqhq) +* Fix encoding gid mappings (#638 by @hqhq) +* Call Prestart hooks before restoring processes (#576 by @avagin) +* libcontainer: cgroups: add pids.max to PidsStats (#640 by @cyphar) +* Changing from logrus to fatal in list (#639 by @rajasec) +* Add gitcommit to runc builds (#636 by @crosbymichael) +* Clear groups after entering userns (#634 by @tonistiigi) +* Bump spec v0.4 (#633 by @crosbymichael) +* Revert "Return proper exit code for exec errors" (#630 by @crosbymichael) + +## v0.0.9 [2016-03-10] + +* nsexec: don't use CLONE_PARENT and CLONE_NEWPID together (#632 by @adfernandes) +* Improve error handling in runc (#628 by @crosbymichael) +* Create pid file when not exist (#597 by @rajasec) +* Handling error condition in loadspec (#622 by @rajasec) +* Add man pages (#614 by @mrunalp) +* Remove duplicated included head file (#616 by @hqhq) +* Serialize CommandHooks to state so that PostStop hooks execute during 'runc delete' (#618 by @teddyking) +* Add the most basic sniff tests of runc (#554 by @duglin) +* Cleanup systemd apply (#491 by @hqhq) +* Remove no longer used uid/gid mapping functions (#621 by @estesp) +* Properly setuid/setgid after entering userns (#606 by @estesp) +* Stub RunningInUserNS for non-Linux (#620 by @estesp) +* Update specs dep and runc functionality (#619 by @crosbymichael) +* Eliminating checkpoint state in container (#610 by @rajasec) +* Fix build error on centos6 (#609 by @hustcat) +* Fix handling of unsupported namespaces (#607 by @codido) +* adds the spec required state command (#605 by @mikebrow) +* Set sysfs readonly in config (#603 by @hqhq) +* Update masked and ro paths (#595 by @crosbymichael) +* Move setns within nsexec (#454 by @mlaventure) +* Fix to allow for build in different path (#600 by @duglin) +* Fix race between Apply and GetStats (#601 by @LK4D4) +* Adding linux label to test file (#579 by @rajasec) +* Updating swapiness value in README (#598 by @rajasec) +* Add hqhq to MAINTAINERS (#599 by @hqhq) +* Fix setting OomScoreAdj from OCI spec (#590 by @tonistiigi) +* Use single decoder instance for one stream (#596 by @hushan) +* Remount /dev as ro after it is populated (#585 by @crosbymichael) +* Build runC binary via a Docker container (#443 by @BenHall) +* Add bundle to runc list (#587 by @crosbymichael) +* Return proper exit code for exec errors (#591 by @crosbymichael) +* Wait for pipes to write all data before exit (#593 by @crosbymichael) +* Allow extra mount types (#594 by @crosbymichael) +* Removing pivot directory in defer (#588 by @rajasec) +* Make runc buildable everywhere (#328 by @hqhq) +* Create unique session key name for every container (#582 by @stefanberger) +* Add validation for sysctl (#303 by @mrunalp) +* Added error check in Getfilecon (#584 by @rajasec) +* Handle memory swappiness default properly (#580 by @estesp) +* Move pre-start hooks after container mounts (#568 by @mrunalp) +* Make sure container is destroyed on error (#583 by @crosbymichael) +* adding --format json to list command (#571 by @mikebrow) +* Move the process outside of the systemd cgroup (#577 by @crosbymichael) +* Look for " - " instead of just - as separator (#573 by @LK4D4) +* Removing tty0 tty1 from allowed devices (#567 by @rajasec) +* Check if tty is nil in handler (#570 by @crosbymichael) +* Fix CgroupsPath interpretation (#569 by @mlaventure) +* updating usage for runc, and all runc commands that now use as the first argument (#546 by @mikebrow) +* Do not set devices cgroup entries if in a user namespace (#564 by @hallyn) +* libcontainer: integration: fix flaky pids limit tests (#553 by @cyphar) +* Remove unneeded cgroups path removal (#556 by @hqhq) +* panic during start of failed detached container (#558 by @rajasec) +* Prevent a panic when container fails to start (#563 by @mlaventure) +* Add support for NoNewPrivileges (#557 by @mrunalp) +* Change softlink name to /dev/core (#561 by @rajasec) +* Register signal handlers earlier to avoid zombies (#562 by @julz) +* libcontainer: cgroups: fs: fix innerPath (#552 by @cyphar) +* Remove procStart (#526 by @hqhq) +* It's /proc/stat, not /proc/stats (#560 by @chenchun) +* Adding tty closure for restore operation (#550 by @rajasec) + +## v0.0.8 [2016-02-10] + +* Close tty on error before handler (#549 by @crosbymichael) +* Replace Cgroup Parent and Name fields by CgroupsPath (#497 by @mlaventure) +* Adding pids subsystem in SPEC.md (#545 by @rajasec) +* Create some util funcs that are common between start and exec (#537 by @duglin) +* Require container id as arg1 (#541 by @crosbymichael) +* `*`: use coreos/go-systemd/activation for socket activation (#542 by @runcom) +* Update spec to v0.3.0 (#536 by @crosbymichael) +* Fixing capabilities name in SPEC.md (#540 by @rajasec) +* Fixing usage in resume command (#539 by @rajasec) +* Load process.json for exec and add detach (#525 by @crosbymichael) +* Create a new session key for every container (#488 by @stefanberger) +* Added error string for process operations (#493 by @rajasec) +* Remove usage of GetMounts from GetCgroupMounts (#496 by @LK4D4) +* Add limit value to memory stats (#529 by @mlaventure) +* Add a compatibility header for CentOS/RHEL 6 (#524 by @adfernandes) +* Update list command and created methods (#522 by @crosbymichael) +* Remove version check in runc (#521 by @crosbymichael) +* update exec to pass args and --tty on run (#479 by @jessfraz) +* Remove double exec from command list (#523 by @crosbymichael) +* Add detach to runc (#474 by @crosbymichael) +* Fix the comment about sendConfig (#517 by @hqhq) +* adds list command (#507 by @mikebrow) +* cgroup: systemd: further systemd slice validation (#518 by @cyphar) + +## v0.0.7 [2016-01-26] + +* Bump runc version to 0.0.7 (#512 by @LK4D4) +* Do not use stream encoders for pipe communication (#515 by @crosbymichael) +* Update github.com/opencontainers/specs to a7b50925d8996923d99e (#514 by @mrunalp) +* cgroup: systemd: properly expand systemd slice names (#511 by @cyphar) +* Remove the nullState (#513 by @duglin) +* Adding user namespace in README (#504 by @rajasec) +* Fix various state bugs for pause and destroy (#499 by @crosbymichael) +* Revert "update date in README" (#510 by @hqhq) +* update date in README (#441 by @xlgao-zju) +* Add spec version to runC version cli (#405 by @marcosnils) +* Add build status badge (#505 by @marcosnils) +* Only set cwd when not empty (#494 by @crosbymichael) +* cgroups: set memory cgroups in Set (#495 by @cyphar) +* Remove some hard coded strings (#486 by @duglin) +* Fix comment of swap limit (#490 by @hqhq) +* Add support for just joining in apply using cgroup paths (#466 by @mrunalp) +* Embed Resources for backward compatibility (#476 by @hqhq) +* add seccomp.IsEnabled() function (#471 by @jessfraz) +* cleanup old hack dir (#481 by @jessfraz) +* Check that cwd is absolute (#480 by @mrunalp) +* Make cwd required (#475 by @mrunalp) +* selinux: add SelinuxSetEnforceMode implementation (#461 by @ahmetb) +* Update README of libcontainer (#462 by @hqhq) +* update go version to 1.5.3 in dockerfile and cleanup (#478 by @jessfraz) +* libcontainer: Add support for memcg pressure notifications (#426 by @codido) +* Only validate post-hyphen field length on cgroup mounts (#472 by @dadgar) +* Do not allow access to /dev/tty{0,1} (#455 by @hallyn) +* cgroup: add PIDs cgroup controller support (#446 by @cyphar) +* Add --console to specify path to use from runc (#459 by @crosbymichael) +* cgroups: fs: fix cgroup.Parent path sanitisation (#451 by @cyphar) +* Handle running nested in a user namespace (#458 by @hallyn) +* Revert to non-recursive GetPids, add recursive GetAllPids (#463 by @jimmidyson) +* Adding selinux label (#421 by @rajasec) +* make localtest failure with selinux enabled (#419 by @rajasec) +* Add white list for bind mount check (#452 by @hqhq) +* Cleanup Godeps (#448 by @hqhq) +* Implement Container States (#311 by @crosbymichael) +* Fix typo word in SPEC.md (#449 by @HackToday) +* Revert "cgroups: add pids controller support" (#445 by @mrunalp) +* cgroups: add pids controller support (#58 by @cyphar) +* Add NLA_HDRLEN workaround for gccgo (#437 by @clnperez) +* Move the cgroups setting into a Resources struct (#434 by @mrunalp) +* Move linux only Process.InitializeIO behind the linux build flag. (#436 by @calavera) +* Replace docker units package with new docker/go-units. (#435 by @calavera) +* Move STDIO initialization to libcontainer.Process (#430 by @crosbymichael) + +## v0.0.6 [2015-12-11] + +* update version for release 0.0.6 (#439 by @xlgao-zju) +* systemd: support cgroup parent with specified slice (#336 by @hqhq) +* fix minor typo (#432 by @xlgao-zju) +* Remove the timeframe for v1 spec (#431 by @hqhq) +* nsexec: replace usage of environment variable with netlink message (#340 by @dqminh) +* Export console New func (#428 by @crosbymichael) +* libcontainer: configs: create cgroup_unsupported.go in order to build on darwin as well (#420 by @runcom) +* libcontainer: network_linux.go: fix go vet (#424 by @runcom) +* Fixing xattr test step issue (#423 by @rajasec) +* README.md: clarify OCI JSON files (#371 by @hqhq) +* Fixing minor typo in usage (#415 by @rajasec) +* Adding error conditions when apparmor disabled (#411 by @rajasec) + +## v0.0.5 [2015-11-20] + +* Bump version constant to 0.0.5 in preparation for a new release (#410 by @tianon) +* godeps: update go-systemd to v4 and godbus/dbus to v3 (#408 by @runcom) +* libcontainer: configs: extend unsupported os (#407 by @runcom) +* Bind mount device nodes on EPERM (#357 by @ashahab-altiscale) +* adding support for --bundle (#373 by @mikebrow) +* static binary \o/ (#401 by @jessfraz) +* Fix comment to be consistent with the code (#403 by @hqhq) +* Add seccomp trace support (#398 by @crosbymichael) +* Some cgroup cleanups (#388 by @hqhq) +* Validate process configuration for runc exec (#391 by @mrunalp) +* Add poststart hooks (#392 by @mrunalp) +* Change my email address (#394 by @avagin) +* Fix race setting process opts (#393 by @crosbymichael) +* Windows: Refactor Container interface (#360 by @lowenna) +* Windows: Factor down criu_opts (#361 by @lowenna) +* Windows: Refactor state struct (#359 by @lowenna) +* Unify behavior for memory cgroup (#343 by @hqhq) +* README.md: fix description for runc with systemd (#375 by @hqhq) +* Docker needs to know whether the user requested a relabel (#377 by @rhatdan) +* Add more context around some error cases (#379 by @duglin) +* Remove naked return (#355 by @keloyang) +* Windows: Tidy libcontainer\devices (#365 by @lowenna) +* Windows: Refactor configs/cgroup.go (#362 by @lowenna) +* Fixes build tags on `cgroups\fs\*.go` (#364 by @lowenna) +* Add criu related debug output (#238 by @adrianreber) +* libcontainer/SPEC.md: fix /dev/stdio symlinks (#337 by @alban) +* Fixing typo in the comment for exit (#358 by @rajasec) +* Remove fatalf function; unused. (#354 by @warpfork) +* Add name to cgroup subsystem and set order (#335 by @crosbymichael) +* Add the conversion of architectures for seccomp config (#345 by @keloyang) +* Correct intuition for setupDev (#352 by @hqhq) +* Set cpuset.cpus and cpuset.mems before join the cgroup (#334 by @hqhq) +* Add ability to use json structured logging format. (#333 by @warpfork) +* Reorder checks in Walk to avoid panics (#332 by @LK4D4) +* Get PIDs from cgroups recursively (#330 by @LK4D4) +* Add option to support criu manage cgroups mode for dump and restore (#184 by @huikang) +* Add Andrey Vagin as maintainer (#177 by @LK4D4) +* Validate label options (#320 by @rhatdan) +* Add additional groups support (#324 by @mrunalp) +* Fix for race from error on process start (#316 by @cpuguy83) +* change named to names (#326 by @xlgao-zju) +* nsexec: Align clone child stack ptr to 16 (#319 by @dodgerblue) +* bump docker pkgs (#317 by @runcom) +* Add memory reservation support for systemd (#305 by @hqhq) +* Adapt spec 96bcd043aa8a28f6f64c95ad61329765f01de1ba (#276 by @runcom) +* Systemd name (#315 by @mrunalp) +* Allow numeric groups for containers without /etc/group (#313 by @ghost) +* Fix name in MAINTAINERS list (#314 by @LK4D4) +* change uid to gid in func HostGID (#312 by @xlgao-zju) +* Create container_private, container_slave and container_shared modes for rootfsPropagation (#208 by @rhvgoyal) +* Systemd: Join perf_event cgroup (#306 by @hqhq) +* Fix reOpenDevNull (#309 by @chenchun) +* Only remount if requested flags differ from current (#307 by @estesp) +* /proc and /sys do not support labeling (#304 by @rhatdan) +* Run tests for all HugetlbSizes (#308 by @LK4D4) +* Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b4 (#302 by @mrunalp) +* no need to use p.cmd.Process.Pid in function, use p.pid() instead. (#292 by @keloyang) +* Add prestart/poststop hooks to runc (#160 by @mrunalp) +* Move mount methods out of configs pkg (#299 by @crosbymichael) +* simple refactor for the options of `runc spec` (#270 by @laijs) +* README.md: Update the config example (#271 by @laijs) +* Libcontainer: Add support for multiple architectures in Seccomp (#295 by @mheon) +* Change mount dest after resolving symlinks (#296 by @crosbymichael) +* Cleanup unused func arguments (#283 by @runcom) +* Enter existing user namespace if present (#288 by @codido) +* Ignore changing /dev/null permissions if used in STDIO (#289 by @crosbymichael) +* script: test_Dockerfile: install criu from source (#291 by @runcom) +* Fix STDIO permissions when container user not root (#280 by @crosbymichael) +* Fix STDIO ownership for non-tty processes (#279 by @crosbymichael) +* script: test_Dockerfile: update criu version (#278 by @runcom) +* libcontainer: Allow passing mount propagation flags (#264 by @rhvgoyal) +* update the command usage for `runc start` (#269 by @laijs) +* Add CAP prefix for capabilities (#257 by @mrunalp) +* close config file after loaded (#272 by @laijs) +* update the command usage of `runc` (#268 by @laijs) +* Adjust runc to new opencontainers/specs version (#242 by @LK4D4) +* Add testing docs in README (#237 by @hqhq) +* New netlink library (#43 by @LK4D4) +* Fixing checkpoint issue (#248 by @rajasec) +* Minor comments fix (#251 by @hqhq) +* Always remount for bind mount (#236 by @hqhq) +* make localtest failure on removing seccomp flag in Makefile (#266 by @rajasec) +* c/r: create cgroups to restore a container (#253 by @avagin) +* Add all support build tags for runc features (#265 by @crosbymichael) + +## v0.0.4 [2015-09-11] + +* Add seccomp build tag (#220 by @crosbymichael) +* Implement hooks in libcontainer code base (#261 by @crosbymichael) +* Fix bug in find cgroup mount point dir (#259 by @hqhq) +* Some cgroups cleanup (#250 by @hqhq) +* Restorefixforrunningcontainer (#239 by @rajasec) +* Fix cgroup mount tests (#235 by @hqhq) +* Adding oom_score_adj as a container config param (#232 by @vishh) +* cleanup: outdated comment (#233 by @shishir-a412ed) +* Make label.Relabel safer. (#165 by @calavera) +* Add --log flag (#179 by @crosbymichael) +* Add caveat will only build on Linux as per #9 (#229 by @booyaa) +* Systemd integration with runc, for on-demand socket activation (#231 by @shishir-a412ed) +* Remove hard-coded default for tcp connections (#221 by @crosbymichael) +* Restore container cleanup (#214 by @rajasec) +* Update README config file devices (#224 by @marcosnils) +* Adding rlimit in spec (#223 by @rajasec) +* Connect Seccomp configuration in Spec to backend (#228 by @mheon) +* Error should be checked after loadSpec (#230 by @shishir-a412ed) +* Add a 'start' command (#210 by @duglin) +* Add hooks for passing explicit veth pairs for forwarding to CRIU (#215 by @boucher) +* Add the criu log file path to the failure message. (#219 by @boucher) +* Convert Seccomp support to use Libseccomp (#70 by @mheon) +* Add exec command (#205 by @tonistiigi) +* Simple Cleanups (#212 by @laijs) +* richer information error message for terminal (#213 by @laijs) +* Integrate security settings (#211 by @mrunalp) +* Update device specs (#193 by @tonistiigi) +* Adding securityfs mount (#183 by @rajasec) +* Ensure the cleanup jobs in the deferrer are executed on error (#206 by @mountkin) +* Fix cgroups again (#194 by @LK4D4) +* Fixing netlink build error on ppc64le with gccgo (#199 by @clnperez) +* Add pause/resume commands (#204 by @tonistiigi) +* make localtest fills up /tmp with /tmp/libcontainer (#209 by @rajasec) +* Add the default signal (SIGTERM) for runc kill (#197 by @laijs) +* Simplify the return on process wait (#196 by @laijs) +* container id is the cgroup name (#192 by @fabiokung) +* Minor update to usage/help text (#188 by @duglin) +* Fix cgroup parent searching (#191 by @LK4D4) +* Change example JSON to refer to "pid" namespace rather than "process." (#182 by @willmtemple) +* Rename process namespace to pid (#180 by @LK4D4) +* Fix minor stylistic issues (#181 by @mrunalp) +* Don't make modifications to /dev when it is bind mounted (#96 by @mrunalp) +* Runc kill (#178 by @crosbymichael) +* Use signal handler for restore (#174 by @crosbymichael) + +## v0.0.3 [2015-08-04] + +* Add signal API to Container interface (#175 by @crosbymichael) +* Go1.5 compatibility fix (#166 by @codido) +* Use /proc/self/exe as default for InitPath (#151 by @LK4D4) +* Update go systemd dbus v3 (#150 by @runcom) +* Update spec (#173 by @mrunalp) +* Add debug message when unable to execute criu (#172 by @huikang) +* Remove reference to nsinit (#168 by @runcom) +* Remove dind (#164 by @LK4D4) +* tests: dump/restore a container with cgroups (#163 by @avagin) +* Simplify and fix os.MkdirAll() usage (#162 by @kolyshkin) +* Change default state directory to /run/oci (#159 by @LK4D4) +* Add test arguments to Makefile targets (#161 by @marcosnils) +* Update README.md to correct comment about spec and user (#158 by @estesp) +* Only add network info if NEWNET is set (#157 by @crosbymichael) +* Fix files not closed in mountinfo parsing function (#156 by @mrunalp) +* signal: Fix leak (#154 by @mrunalp) +* systemd integration with container runtime for supporting sd_notify protocol (#129 by @shishir-a412ed) +* Remount /sys/fs/cgroup as RO if MS_RDONLY was passed (#145 by @LK4D4) +* test: propagate the error to the caller (#152 by @laijs) +* bring the loopback interface up inside containers (#147 by @fabiokung) +* typo: tempory -> temporary (#148 by @jhjeong-kr) +* Update maintainers guide (#138 by @crosbymichael) +* avoid infinite loop with GCCGO (#114 by @brahmaroutu) +* Create symlinks for merged cgroups (#144 by @LK4D4) +* ct: give criu informations about cgroup mounts (#142 by @avagin) +* Fix subsystem path with abs parent (#143 by @LK4D4) + +## v0.0.2 [2015-07-17] + +* Revert "Remount /sys/fs/cgroup as readonly always" (#137 by @mrunalp) +* Substract source mount from cgroup dir (#135 by @LK4D4) +* Remount /sys/fs/cgroup as readonly always (#136 by @LK4D4) + +## v0.0.1 [2015-07-16] + +* Cgroups mount fix (#130 by @LK4D4) +* Fix handling name= cgroups (#131 by @LK4D4) +* Add cgroup mount in the recommended config (#91 by @hqhq) +* Fixed two typos (#117 by @jhjeong-kr) +* Add memory swappiness support (#120 by @lizf-os) +* Correct tmpfs mount for cgroup (#127 by @hqhq) +* Fix error when memory cgroup not mounted (#118 by @hqhq) +* typo: exists -> exits (#116 by @jhjeong-kr) +* the data type should be int8 for ppc64le (#115 by @brahmaroutu) +* Fix IDMapping host / container field confusion (#98 by @wking) +* Sort mount flags so it's easier to be found (#112 by @hqhq) +* typo: SICHLD -> SIGCHLD (#111 by @jhjeong-kr) +* Remove deserialization tests. (#109 by @mrunalp) +* Windows: Factor out seccomp (#52 by @lowenna) +* Windows: Factor out CloseExecFrom (#53 by @lowenna) +* Fix bug in Readme.md,change GOPATH to GOPATH/src (#100 by @zenlint) +* CI target for Makefile (#72 by @LK4D4) +* fix dockerfile (#103 by @jessfraz) +* wrong grammar: should never been --> should have never been (#99 by @jhjeong-kr) +* Add oom-kill-disable support for systemd (#97 by @hqhq) +* Add memory limit set (#90 by @hqhq) +* Fixing memory swappiness as -1 in template file for older kernels (#95 by @rajasec) +* Adds Sysctl support (#73 by @mrunalp) +* Remove sample configs from libcontainer (#89 by @hqhq) +* Treat -1 as default value for memory swappiness (#86 by @ktraghavendra) +* Update runc with types from spec repository (#82 by @crosbymichael) +* Fix build tags (#79 by @LK4D4) +* README changes for the newer spec format. (#67 by @mrunalp) +* Prefer Godep dependencies in the GOPATH (#71 by @mrunalp) +* Some new stuff for makefile (#45 by @LK4D4) +* Enable build on unsupported platforms (#68 by @mtesselH) +* fixed typo (#63 by @kennethlimcp) +* libcontainer: user: fix `GetAdditionalGroups*` API (#59 by @cyphar) +* Update config based on spec changes (#66 by @crosbymichael) +* linux: Don't prepend process' cwd if rootfs path is already absolute (#40 by @cgwalters) +* Added all dependency to install in Makefile (#32 by @7imbrook) +* Windows: Remove nsenter dependency (#49 by @lowenna) +* Adding minimum version required for docker create (#64 by @rmanyari) +* checkpoint/restore commands support 'file-locks' option. (#55 by @mapk0y) +* Corrected spelling (#61 by @blakelapierre) +* Fix absolute path getting for runc binary (#47 by @LK4D4) +* Minor README tweaks to help newbies (#23 by @duglin) +* Move libcontainer documenation to root of repo (#44 by @crosbymichael) +* Add notcie about config format changes (#42 by @crosbymichael) +* Make startup errors a bit friendlier (#30 by @estesp) +* Update usage content and fix typos (#33 by @estesp) +* Allow hyphen in "id" (based on `cwd` pathname) (#31 by @estesp) +* Allow runc to be executed as a relative path (#28 by @estesp) +* make the install steps more clear in README.md (#14 by @carmark) +* Fix function name typo (#29 by @estesp) +* Remove nsinit from comments (#22 by @lizf-os) +* Initialize memory.swappiness cgroup to -1 (#20 by @estesp) +* libcontainer: gofmt pass (#21 by @unclejack) +* Remove nsinit from libcontainer README.md (#8 by @LK4D4) +* Fix panic in seccomp test on error (#10 by @LK4D4) +* Change "... JSON Format;" to "... JSON Format:" (#11 by @justjake) + +## Initial development under docker/libcontainer + +* Remove unused code (docker/libcontainer#643 by @runcom) +* Ensure all parent dirs are properly setup (docker/libcontainer#642 by @crosbymichael) +* Fix nsinit to configure default cgroup entry for MemorySwappiness (docker/libcontainer#640 by @estesp) +* Avoid trying to access cpu.shares when it doesn't exist (docker/libcontainer#638 by @lizf-os) +* Fix kmem limit set (docker/libcontainer#637 by @hqhq) +* Fix some suspicious things in vendor (docker/libcontainer#635 by @LK4D4) +* gofmt to fix formatting (docker/libcontainer#634 by @unclejack) +* Handle SYS_setns not existing but `__NR_setns` does. (docker/libcontainer#630 by @tsuna) +* Only try to get AdditionalGroups if they are configured. (docker/libcontainer#627 by @mrunalp) +* Add the memory swappiness tuning support to libcontainer (docker/libcontainer#622 by @ktraghavendra) +* Fix nsinit README.md config link (docker/libcontainer#626 by @icecrime) +* Additional ppc architectures follow the arm datatype (docker/libcontainer#625 by @mchasal) +* Use simpler parsing of /proc/self/mountinfo for FindCgroupMountpoint (docker/libcontainer#624 by @LK4D4) +* Don't change memswap value in libcontainer (docker/libcontainer#620 by @hqhq) +* Rebased: Additional groups lookup (docker/libcontainer#603 by @dqminh) +* linux: Convert dup2 calls to dup3 (docker/libcontainer#618 by @glevand) +* Fix relabel to allow volume mounting of / (docker/libcontainer#619 by @rhatdan) +* Stop systemd unit on destroy (docker/libcontainer#617 by @LK4D4) +* Golang seccomp package (docker/libcontainer#613 by @crosbymichael) +* Fix hack/validate.sh (docker/libcontainer#614 by @LK4D4) +* make libcontainer compile on freebsd (again) (docker/libcontainer#615 by @kvasdopil) +* Update dockerproject.com links (docker/libcontainer#611 by @thaJeztah) +* hugetlb: Add support of Set and GetStats function (docker/libcontainer#567 by @Mashimiao) +* spec: Fix errors in file system mount points table. (docker/libcontainer#608 by @davexunit) +* bug fix: slice bounds out of range (docker/libcontainer#607 by @WeiZhang555) +* Fix race in stats Manager (docker/libcontainer#602 by @runcom) +* Update nsinit readme for C/R (docker/libcontainer#605 by @wonderflow) +* cgroup memory: Enchance stats support of memory (docker/libcontainer#592 by @Mashimiao) +* Process.go can compile on FreeBSD (docker/libcontainer#606 by @kvasdopil) +* integration: don't ignore exit codes of test processes (docker/libcontainer#599 by @avagin) +* WIP: Add Checkpoint and Restore support to libcontainer (docker/libcontainer#479 by @crosbymichael) +* README example for using checkpoint/restore. (docker/libcontainer#600 by @boucher) +* Windows: Initial compilation enablement (docker/libcontainer#583 by @lowenna) +* Add a flag for specifying system properties. (docker/libcontainer#562 by @mrunalp) +* Set the seed when randMacAddr (docker/libcontainer#542 by @sayuan) +* Fix nsenter package on unsupported platforms. (docker/libcontainer#596 by @dmitshur) +* cgroup: Add freeze Set When calls systemd to Apply (docker/libcontainer#589 by @Mashimiao) +* cgroups: add support for net_cls (docker/libcontainer#582 by @Mashimiao) +* Add support for kmem limit (docker/libcontainer#591 by @hqhq) +* Fix stacktrace panic (docker/libcontainer#590 by @hqhq) +* cgroup: add support for net_prio (docker/libcontainer#584 by @Mashimiao) +* croup cpu: add support for realtime throttling (docker/libcontainer#587 by @Mashimiao) +* don't fail when subsystem not mounted (docker/libcontainer#476 by @hqhq) +* Do not prevent mounts in /sys (docker/libcontainer#576 by @crosbymichael) +* Update github.com/syndtr/gocapability to 66ef2aa (docker/libcontainer#573 by @LK4D4) +* Security fixes for docker 1.6.1 (docker/libcontainer#574 by @crosbymichael) +* some fixes for SPEC (docker/libcontainer#572 by @hqhq) +* add vendor/pkg to gitignore (docker/libcontainer#570 by @hqhq) +* Replace aliased imports of logrus (docker/libcontainer#569 by @hqhq) +* integration: don't create a factory for each test case (docker/libcontainer#560 by @avagin) +* Update logrus to 0.7.3 (docker/libcontainer#566 by @tianon) +* Use logrus everywhere (docker/libcontainer#561 by @avagin) +* Adds support for setting system properties. (docker/libcontainer#535 by @mrunalp) +* remove unused functions (docker/libcontainer#558 by @hqhq) +* Split namespace syscall content for building on non-Linux (docker/libcontainer#554 by @estesp) +* cgroups/systemd: remove useless code (docker/libcontainer#555 by @avagin) +* cgroups: add support `blkio.throttle.read/write_*` (docker/libcontainer#539 by @Mashimiao) +* Add cgroup mount type for mounting container local cgroups (docker/libcontainer#553 by @crosbymichael) +* cgroups: add support of devices deny for another use of cgroup devices (docker/libcontainer#492 by @Mashimiao) +* Check for cmd.Process not-nilness in setnsProcess.terminate() (docker/libcontainer#550 by @LK4D4) +* Add support for Premount and Postmount commands. (docker/libcontainer#495 by @rhatdan) +* fix some typos in source code comments (docker/libcontainer#546 by @liubin) +* cleanup cpushares check (docker/libcontainer#537 by @hqhq) +* fix freeze systemd test (docker/libcontainer#538 by @hqhq) +* Add more explanation for nsenter (docker/libcontainer#526 by @wonderflow) +* add Set support for systemd based cgroup (docker/libcontainer#500 by @hqhq) +* We want to prevent users from accidently attempting to relabel /, /etc and /usr (docker/libcontainer#533 by @rhatdan) +* check "/sbin/apparmor_parser" in apparmor.IsEnabled() (docker/libcontainer#532 by @tifayuki) +* integration: wait all test processes (docker/libcontainer#531 by @avagin) +* Throw an error if cgroup tries to set cpu-shares more/less than the maximum/minimum permissible value. (docker/libcontainer#464 by @shishir-a412ed) +* add comments for nsexec.c (docker/libcontainer#530 by @hqhq) +* nsinit: Add a flag to enable systemd support for cgroups (docker/libcontainer#525 by @mrunalp) +* add cgroup subsystem hugetlb (docker/libcontainer#519 by @Mashimiao) +* Fix a typo in factory.go (docker/libcontainer#527 by @huikang) +* Change mount point propogation to default to slave (docker/libcontainer#520 by @rhatdan) +* Add arch support for ARMv8 and PowerPC, and fix ARMv7 (docker/libcontainer#524 by @adconrad) +* integration: use test helper for error check (docker/libcontainer#508 by @Mic92) +* Read `_LIBCONTAINER_INITPIPE` in nsexec.c (docker/libcontainer#523 by @LK4D4) +* Add cache to MemoryStats (docker/libcontainer#518 by @crosbymichael) +* Add value checking on relabel command for selinux (docker/libcontainer#509 by @rhatdan) +* Append childpipe for adding addtional Fds to container (docker/libcontainer#516 by @crosbymichael) +* cgroups: add support for blkio.weight_device (docker/libcontainer#354 by @hqhq) +* /dev/mqueue has to be labeled correctly (docker/libcontainer#515 by @rhatdan) +* Add documentation for nsinit (docker/libcontainer#501 by @wonderflow) +* Ensure that state always contains pathes to all namespaces (docker/libcontainer#514 by @LK4D4) +* bugfix and cleanup for systemd cgroup (docker/libcontainer#502 by @hqhq) +* add systemd integration test (docker/libcontainer#505 by @hqhq) +* Change nsinit root to /var/run/nsinit (docker/libcontainer#507 by @crosbymichael) +* add binary target to direct install in a container (docker/libcontainer#490 by @dqminh) +* Fix pdeathsig and ppid for supervisor running as pid1 (docker/libcontainer#504 by @crosbymichael) +* Fix: typos. (docker/libcontainer#498 by @athoune) +* fix README.md for nsinit (docker/libcontainer#493 by @hqhq) +* cgroups/systemd: Use unified subsystems (docker/libcontainer#497 by @Mashimiao) +* cgroups: return error when passing invalid argument to freezer (docker/libcontainer#494 by @Mashimiao) +* cgroups: systemd: attempt to stop test scope, if any (docker/libcontainer#489 by @philips) +* Fix finding parent for fs cgroups (docker/libcontainer#491 by @LK4D4) +* add readme for nsinit about how to build nsinit (docker/libcontainer#488 by @wonderflow) +* Use syscall.Kill instead of p.cmd.Process.Kill (docker/libcontainer#487 by @LK4D4) +* Process capabilities (docker/libcontainer#484 by @mrunalp) +* Fix minor typo in init_linux.go (docker/libcontainer#481 by @coolljt0725) +* mount: Add a flag to bind devices when user namespaces are enabled. (docker/libcontainer#480 by @mrunalp) +* remove redundant code (docker/libcontainer#475 by @hqhq) +* Update syndtr/gocapability to 8e4cdcb3c22b40d5e330ade0b68cb2e2a3cf6f98 (docker/libcontainer#478 by @LK4D4) +* Revert "cgroups: only return path when subsystem really mounted (docker/libcontainer#474 by @crosbymichael) +* path now returns the IsNotFound error (docker/libcontainer#472 by @crosbymichael) +* systemd: properly check DefaultDependencies is read only (docker/libcontainer#469 by @Snorch) +* correct comment errors for netlink_linux.go (docker/libcontainer#460 by @sunyuan3) +* Add TmpfsRoot option (docker/libcontainer#459 by @LK4D4) +* mount: Take out the base mounts and move them to the config. (docker/libcontainer#455 by @mrunalp) +* add parameter to Set api (docker/libcontainer#441 by @hqhq) +* Do not fail cgroups setup if parent cgroup does not exist. (docker/libcontainer#453 by @vishh) +* mount: sysfs also doesn't need to be labelled like mqueue. (docker/libcontainer#451 by @mrunalp) +* Fix path to /dind (docker/libcontainer#450 by @avagin) +* selinux: Adds a check for a NUL byte at the end of the string and removes it (docker/libcontainer#443 by @mrunalp) +* Add vet checks to validate script (docker/libcontainer#430 by @LK4D4) +* Update to recent busybox 2014.11 tar (docker/libcontainer#449 by @estesp) +* nsinit usability improvements (docker/libcontainer#448 by @crosbymichael) +* Mounting a tmpfs directory needs to inherit directory permissions from base (docker/libcontainer#442 by @rhatdan) +* Update logrus to 0.6.6 (docker/libcontainer#447 by @jessfraz) +* Hairpin NAT network configuration (docker/libcontainer#446 by @icecrime) +* Add information Type method for Factory (docker/libcontainer#445 by @LK4D4) +* Don't label mqueue when mounting (docker/libcontainer#444 by @ncdc) +* fix some cgroups issues (docker/libcontainer#437 by @hqhq) +* nsenter: fix the -Wunused-variable warning (docker/libcontainer#439 by @vbatts) +* add Set memoryswap test cases (docker/libcontainer#438 by @hqhq) +* Add godoc for selinux package (docker/libcontainer#435 by @pmorie) +* fix apply error when we not mount cpu subsystem (docker/libcontainer#429 by @hqhq) +* cgroups: add support for oom control (docker/libcontainer#417 by @HuKeping) +* Pass os.Environ() as environment to process from init. (docker/libcontainer#432 by @LK4D4) +* Remove overcomplicated logic of SIGCHLD from TestNsenterDeadPid (docker/libcontainer#431 by @LK4D4) +* A few minor fixes (docker/libcontainer#427 by @avagin) +* Add tty support for setnsProcess (docker/libcontainer#428 by @LK4D4) +* Adds an integration test for checking process env. (docker/libcontainer#423 by @mrunalp) +* cgroups: use Set instead of Apply in Freeze (docker/libcontainer#425 by @hqhq) +* Add the file close operation before function return to release resource (docker/libcontainer#426 by @MabinGo) +* Fix panic when genericError constructor gets nil error (docker/libcontainer#424 by @dqminh) +* add a new api Set (docker/libcontainer#376 by @hqhq) +* Make NetworkInterface public (docker/libcontainer#421 by @LK4D4) +* Implement stats for systemd (docker/libcontainer#420 by @LK4D4) +* Return init errors from setnsProcess (docker/libcontainer#419 by @LK4D4) +* Don't join rootfs if path already prefixed by it (docker/libcontainer#416 by @LK4D4) +* Fixes validate (docker/libcontainer#414 by @jessfraz) +* fix instructions in README (docker/libcontainer#410 by @hqhq) +* Add a validate script (docker/libcontainer#395 by @jessfraz) +* rename test files so we can really test them (docker/libcontainer#409 by @hqhq) +* Move tty configuration to Process (docker/libcontainer#407 by @LK4D4) +* Exit related cleanup (docker/libcontainer#400 by @mrunalp) +* Return actual ProcessState on Wait error (docker/libcontainer#406 by @LK4D4) +* Add default InitArgs for factory (docker/libcontainer#405 by @LK4D4) +* Add init path support to allow full control of init binary (docker/libcontainer#404 by @crosbymichael) +* Make possible to call config methods on values (docker/libcontainer#403 by @LK4D4) +* Fix comment for container.Start (docker/libcontainer#402 by @LK4D4) +* remove drone (docker/libcontainer#401 by @jessfraz) +* Linux has added a new capability audit_read (docker/libcontainer#383 by @rhatdan) +* Use configs.NamespaceType as key for State.NamespacePathes (docker/libcontainer#397 by @LK4D4) +* Update copyright year in NOTICE (docker/libcontainer#391 by @thaJeztah) +* process: add Wait() and Pid() methods (docker/libcontainer#392 by @avagin) +* Change os-prefix file naming to standard postfix naming (docker/libcontainer#394 by @LK4D4) +* nsenter: noop reference to C constructor (docker/libcontainer#390 by @vbatts) +* Merge API Branch into Master (docker/libcontainer#388 by @crosbymichael) +* Merge master into api (docker/libcontainer#389 by @crosbymichael) +* Validation for user namespace in the config. (docker/libcontainer#386 by @mrunalp) +* Fixes bug where rootfs was empty instead of pwd when not specified. (docker/libcontainer#387 by @mrunalp) +* Make usernamespaces work without sidecar process (docker/libcontainer#385 by @crosbymichael) +* Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us (docker/libcontainer#371 by @coolljt0725) +* Update api branch with master changes (docker/libcontainer#382 by @crosbymichael) +* Add functional API for Factory configuration (docker/libcontainer#381 by @crosbymichael) +* Add config generation for simple user namespace testing. (docker/libcontainer#379 by @mrunalp) +* Fixed some typos and tried to make comments read better. (docker/libcontainer#378 by @mrunalp) +* Add a constant for the container console path. (docker/libcontainer#377 by @mrunalp) +* Use netlink to set hairpin mode (docker/libcontainer#373 by @LK4D4) +* Refactor system mounts to be placed on the config (docker/libcontainer#375 by @crosbymichael) +* Fix compilation with golang 1.3(uid/gid mappings is unsupported) (docker/libcontainer#374 by @LK4D4) +* Changes required to keep gcc 5.0 quiet and happy. (docker/libcontainer#372 by @rhatdan) +* Ensure state is persisted (docker/libcontainer#370 by @crosbymichael) +* API Refactoring (docker/libcontainer#367 by @crosbymichael) +* integration: check a container with userns (docker/libcontainer#360 by @avagin) +* Resurrect hairpin NAT (docker/libcontainer#366 by @icecrime) +* handle SIGCHLD when running as child subreaper (docker/libcontainer#369 by @dqminh) +* add dqminh as maintainer (docker/libcontainer#343 by @dqminh) +* fix typo for GetHostRootGid (docker/libcontainer#361 by @hqhq) +* Retry getting the cgroup root at apply time. (docker/libcontainer#362 by @vmarmol) +* cgroups: systemd: set DefaultDependencies=false if possible (docker/libcontainer#359 by @philips) +* namespaces: allow to use pid namespace without mount namespace (docker/libcontainer#358 by @avagin) +* Flatten config structures and remove namespace package (docker/libcontainer#357 by @crosbymichael) +* Add vet check to .drone.yml (docker/libcontainer#356 by @LK4D4) +* namespaces: send config, network state and other arguments in one packet (docker/libcontainer#355 by @avagin) +* Merge remote-tracking branch 'origin/master' into api-rebase (docker/libcontainer#351 by @avagin) +* Update github.com/godbus/dbus to v2 (docker/libcontainer#353 by @LK4D4) +* Created man page for nsinit (docker/libcontainer#341 by @shishir-a412ed) +* cgroups: always create device cgroup on systemd (docker/libcontainer#344 by @hqhq) +* nsenter: remove a proxy process (docker/libcontainer#348 by @avagin) +* Use Wait4 instead of cmd.Wait (docker/libcontainer#349 by @LK4D4) +* Fix a minor typo (docker/libcontainer#347 by @guoxiuyan) +* Support read-only root filesystems (docker/libcontainer#345 by @fabiokung) +* new-api: implement Wait, WaitProcess (docker/libcontainer#342 by @avagin) +* add support for blkio.weight (docker/libcontainer#337 by @hqhq) +* Checks namespace flags for user ns code path. (docker/libcontainer#340 by @mrunalp) +* namespace: don't change namespaces which are not belonged to the CT (docker/libcontainer#324 by @avagin) +* new-api: implement Pause() and Resume() (docker/libcontainer#339 by @avagin) +* Adds user namespace support to libcontainer (docker/libcontainer#304 by @mrunalp) +* cgroups: set a freezer state before calling FreezerGroup.Set() (docker/libcontainer#338 by @avagin) +* nsenter waits for parent signal before forking (docker/libcontainer#336 by @dqminh) +* new-api: integration: check that a process can be executed in an existing CT (docker/libcontainer#334 by @avagin) +* new-api: add Console to ProcessConfig (docker/libcontainer#333 by @avagin) +* cgroups: don't change a freezer state if an operation failed (docker/libcontainer#335 by @avagin) +* Vendors glog dependency for the api branch. (docker/libcontainer#332 by @mrunalp) +* new-api: implement fs and systemd cgroup managers (docker/libcontainer#330 by @avagin) +* new-api: execute a process inside an existing container (docker/libcontainer#311 by @avagin) +* Fix exit codes when dying on a signal (docker/libcontainer#328 by @icecrime) +* Add nsinit command to display oom notifications (docker/libcontainer#329 by @crosbymichael) +* Update ROADMAP.md to correctly reflect current arch status (docker/libcontainer#326 by @estesp) +* Refactor kill all pids (docker/libcontainer#327 by @crosbymichael) +* A few fixes for nsenter (docker/libcontainer#315 by @avagin) +* killall processes in a cgroup if you are not using the pid namespace (docker/libcontainer#320 by @rhatdan) +* Adds functionality to specify additional groups to join. (docker/libcontainer#322 by @mrunalp) +* Don't get stats for cgroups that don't exist. (docker/libcontainer#321 by @vmarmol) +* Use the child subreaper option only when available (docker/libcontainer#318 by @mrunalp) +* Changes Dockerfile to use go 1.4 (docker/libcontainer#317 by @mrunalp) +* Fix vet errors (docker/libcontainer#316 by @LK4D4) +* Namespaces methods should act on pointer (docker/libcontainer#314 by @crosbymichael) +* Add lk4d4 as maintainer (docker/libcontainer#313 by @crosbymichael) +* Add type for namespaces for better UI (replacement of #302) (docker/libcontainer#312 by @LK4D4) +* OOM Notify refactoring (docker/libcontainer#307 by @LK4D4) +* Allow non local mac-address. (docker/libcontainer#310 by @jessfraz) +* Fix removing of cgroups if something still alive in container (docker/libcontainer#308 by @LK4D4) +* define PR_SET_CHILD_SUBREAPER if not set (docker/libcontainer#300 by @dqminh) +* Changed docker hub pointer to dockercore (docker/libcontainer#293 by @gaberger) +* Use namespace.Exec() and namespace.Init() to execute processes in CT (docker/libcontainer#306 by @avagin) +* Prepare ground for moving on new API (docker/libcontainer#299 by @avagin) +* user: fix function signatures (docker/libcontainer#301 by @cyphar) +* Adding a function that allows to remove an address set on an interface (docker/libcontainer#297 by @Ketouem) +* add spec for exec a new process inside a container (docker/libcontainer#290 by @dqminh) +* user: MAINTAINERS: add cyphar (myself) as a maintainer (docker/libcontainer#294 by @cyphar) +* cgroups: add failcnt test (docker/libcontainer#295 by @hqhq) +* Set rlimit for execin process (docker/libcontainer#289 by @dqminh) +* cgroup: add support to set MemorySwap (docker/libcontainer#288 by @hqhq) +* add support for testing execin (docker/libcontainer#287 by @dqminh) +* cgroups: add support for cpuset.mems (docker/libcontainer#285 by @hqhq) +* Change namespaces config to include path for setns (docker/libcontainer#279 by @crosbymichael) +* Set child sub reaper option on nsenter (docker/libcontainer#273 by @vishh) +* Introducing macvtap device to netlink package (docker/libcontainer#278 by @milosgajdos) +* Add container spec (docker/libcontainer#282 by @crosbymichael) +* Add support for setting rlimit for contianer (docker/libcontainer#280 by @cpuguy83) +* Add support for ppc64, ppc64le, s390x (docker/libcontainer#277 by @yoheiueda) +* netlink: add NetworkSetTxQueueLen to set qlen (docker/libcontainer#276 by @unclejack) +* Add call to label to allow it to tell kernel how to label created files (docker/libcontainer#275 by @rhatdan) +* Remove hairpin nat on veth create (docker/libcontainer#274 by @crosbymichael) +* libcontainer: setup cpuset cgroup by default (docker/libcontainer#271 by @crosbymichael) +* Use cgroup paths for stats and removal (docker/libcontainer#267 by @crosbymichael) +* Use SYS_SETUID32 for system.Setuid() on Linux for ARM (docker/libcontainer#269 by @aholler) +* Provide better sethostname error message (docker/libcontainer#268 by @crosbymichael) +* Update the path to project from hack (docker/libcontainer#265 by @crosbymichael) +* Set correct env variables for `docker exec` commands (docker/libcontainer#264 by @dqminh) +* Updated cover tool import path. (docker/libcontainer#262 by @hansrodtang) +* Fix typo in json tag (docker/libcontainer#260 by @donhcd) +* Fix the return code check for ParseIP. (docker/libcontainer#259 by @mrunalp) +* Refactor and expose private functions within `libcontainer/user`. (docker/libcontainer#158 by @cyphar) +* Make AddRoute() works with a provided source ip address. (docker/libcontainer#250 by @zhgwenming) +* enable hairpin mode on virtual interface bridge port (docker/libcontainer#62 by @phemmer) +* Remove syncpipe pkg (docker/libcontainer#252 by @crosbymichael) +* Fix vet errors (docker/libcontainer#254 by @LK4D4) +* Add drone.yml file (docker/libcontainer#255 by @crosbymichael) +* Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael) +* use system.Set{u,g}id to fix Set{u,g}id on Go 1.4 (docker/libcontainer#251 by @unclejack) +* Add new interfaces for label/selinux (docker/libcontainer#247 by @rhatdan) +* Mount /dev/mqueue by default (docker/libcontainer#246 by @rhatdan) +* Allow IPC namespace to be shared between containers or with the host (docker/libcontainer#245 by @crosbymichael) +* Only fetch network stats we use. (docker/libcontainer#244 by @vmarmol) +* ADDITIONAL CGROUPS BLKIO STATS (docker/libcontainer#243 by @ashahab-altiscale) +* Fix link re contributing in README (docker/libcontainer#238 by @lucafavatella) +* ErrNotSupportedPlatform is undefined define it (docker/libcontainer#236 by @harshavardhana) +* devices: filter /dev/console out of the node list (docker/libcontainer#235 by @alexoj) +* Rename the file as per github convention. (docker/libcontainer#234 by @mrunalp) +* Fix an endian bug for the ioctl argument (docker/libcontainer#231 by @yoheiueda) +* Add development environment instructions (docker/libcontainer#229 by @dave-tucker) +* Adds support for Setuid/Setgid calls that has been removed from go 1.4 (docker/libcontainer#228 by @mrunalp) +* Add integration test framework (docker/libcontainer#226 by @crosbymichael) +* Make joinDevices public. (docker/libcontainer#209 by @imain) +* Adds a tx_queuelen setting for veth in the network configuration (docker/libcontainer#221 by @mrunalp) +* xattr: Disallow build on non linux platforms (docker/libcontainer#219 by @harshavardhana) +* Set apparmor profile in execin (docker/libcontainer#224 by @crosbymichael) +* Do not check if SELinux is enabled on lowlevel calls to set processlabel (docker/libcontainer#222 by @rhatdan) +* cgroups: Export ParseCgroupFile (docker/libcontainer#216 by @cbosdo) +* Fix "go install -v . ./.git/logs/refs/heads ./.git/refs/heads ..." (docker/libcontainer#213 by @tianon) +* Add more entropy to veth pair creation (docker/libcontainer#212 by @crosbymichael) +* Update system/xattrs_linux.go (docker/libcontainer#202 by @harshavardhana) +* Expose parameter to set interface MAC address (docker/libcontainer#208 by @MalteJ) +* Added support for VLAN and MAC VLAN interfaces plus did a bit of refactoring. (docker/libcontainer#206 by @milosgajdos) +* Fix leaking file descriptor in NetNs strategy (docker/libcontainer#205 by @hugoduncan) +* Adding IPv6 network support (docker/libcontainer#203 by @MalteJ) +* Saturate negative memory stat values at '0'. (docker/libcontainer#201 by @vishh) +* Add RootFs field to configuration options in libcontainer's Config (docker/libcontainer#199 by @SaiedKazemi) +* Refactored and added more tests.Cleaned up netlink a bit. (docker/libcontainer#197 by @milosgajdos) +* netlink: Add NetworkSetMacAddress (docker/libcontainer#194 by @lmars) +* netlink: Add uint32Attr helper (docker/libcontainer#192 by @titanous) +* Netlink cleanup (docker/libcontainer#190 by @titanous) +* Add rich errors to the API (docker/libcontainer#185 by @Zteve) +* Cache cgroup root mount location. (docker/libcontainer#189 by @vmarmol) +* Devices error injection (docker/libcontainer#186 by @Zteve) +* Allow mounts to be supplied with the MS_SLAVE option. (docker/libcontainer#184 by @erikh) +* Correct Create() api call description in Factory interface. (docker/libcontainer#172 by @Zteve) +* Remove sampling from libcontainer CPU stats. (docker/libcontainer#174 by @vmarmol) +* Get UID and GID for device nodes (docker/libcontainer#173 by @crosbymichael) +* syncpipe: consume from parent before closing child (docker/libcontainer#170 by @bernerdschaefer) +* Update container to have an ID provided by the user (docker/libcontainer#166 by @crosbymichael) +* Use `blkio.throttle.*` stats when CFQ is not in use (docker/libcontainer#167 by @discordianfish) +* Add support for user defined mounts in tmpfs (docker/libcontainer#168 by @crosbymichael) +* Use --privileged in Makefile (docker/libcontainer#164 by @crosbymichael) +* Allow docker to free container labels when containers are removed. (docker/libcontainer#162 by @rhatdan) +* Return NotFound error for cgroups abs paths (docker/libcontainer#161 by @crosbymichael) +* Remove dependency from docker/pkg/systemd (docker/libcontainer#159 by @LK4D4) +* Enter cgroups as part of NsEnter (docker/libcontainer#143 by @vishh) +* Fix warnings from go vet (docker/libcontainer#156 by @LK4D4) +* Implement execin by using registered functions (docker/libcontainer#155 by @crosbymichael) +* Fixes logic for calculating percentage (docker/libcontainer#147 by @lynxbat) +* Expose setting interface by fd in network pkg (docker/libcontainer#152 by @crosbymichael) +* Modification of erikh/netlink-remove-address PR (docker/libcontainer#149 by @milosgajdos) +* Add travis status badge (docker/libcontainer#153 by @LK4D4) +* Add myself as maintainer. (docker/libcontainer#151 by @mrunalp) +* Refactor execin send config over pipe (docker/libcontainer#146 by @crosbymichael) +* RtAttr packaging fix. Added NetworkLinkDel() func and a new test. (docker/libcontainer#139 by @milosgajdos) +* Move nsenter C code to separate file (docker/libcontainer#144 by @crosbymichael) +* Change nsenter to support docker 'runin' (docker/libcontainer#141 by @vishh) +* Add "update-vendor.sh" script and vendor our current deps... (docker/libcontainer#140 by @tianon) +* Lock the thread first thing in init. (docker/libcontainer#137 by @mrunalp) +* DefaultCreateCommand supports command w/ flags (docker/libcontainer#136 by @bernerdschaefer) +* Only import "testing" from `*_test.go` (docker/libcontainer#135 by @peterbourgon) +* Update more "dotcloud/docker" refs to "docker/docker" (docker/libcontainer#134 by @tianon) +* Move "pkg/user" into libcontainer... (docker/libcontainer#103 by @tianon) +* fix the order of setns() (docker/libcontainer#58 by @maebashi) +* Implement system.GetClockTicks for all platforms (docker/libcontainer#133 by @bernerdschaefer) +* Make fs.GetStats() work when used from inside a docker container. (docker/libcontainer#130 by @vishh) +* Add label.InitLabels functioni. Allows generation of labels based on options (docker/libcontainer#105 by @rhatdan) +* Correct nsenter fprintf syntax (docker/libcontainer#128 by @crosbymichael) +* Update imports for new docker location (docker/libcontainer#127 by @crosbymichael) +* Add a couple tweaks to the Dockerfile (docker/libcontainer#123 by @tianon) +* Fix veth network stats. (docker/libcontainer#121 by @vishh) +* Null-term ioctl ifr_name strings #125 (docker/libcontainer#126 by @dhammika) +* Add missing "--rm" on "make sh" (docker/libcontainer#122 by @tianon) +* Add busybox rootfs so we can run containers (docker/libcontainer#120 by @crosbymichael) +* Minor fixes to network stats (docker/libcontainer#119 by @vishh) +* Add integration tests with nice makefile (docker/libcontainer#117 by @crosbymichael) +* Adding RunIn to run a user specified command in an existing container. (docker/libcontainer#64 by @vishh) +* Add "linux/arm" to Travis (docker/libcontainer#115 by @tianon) +* Small fix for GetAllCgroups(). (docker/libcontainer#114 by @vmarmol) +* Reopening stdin, stdout and stderr if they are pointing to /dev/null. (docker/libcontainer#107 by @vishh) +* Add netlink hooks to delete a bridge dev #44 (docker/libcontainer#46 by @dhammika) +* Add more Travis matrix targets (being explicit about CGO) (docker/libcontainer#113 by @tianon) +* Add linux/386 testing back to Travis (docker/libcontainer#112 by @tianon) +* Fix 386 and arm cross-compile (docker/libcontainer#111 by @tianon) +* Initially mount /sys as ro instead of remount (docker/libcontainer#110 by @crosbymichael) +* Update a few build tags to be more generic, ... (docker/libcontainer#104 by @tianon) +* Add Start to container API (docker/libcontainer#102 by @crosbymichael) +* Add linux build tags for selinux (docker/libcontainer#101 by @crosbymichael) +* Add dockerfile (docker/libcontainer#100 by @crosbymichael) +* Remove terminal handling in libcontainer (docker/libcontainer#99 by @crosbymichael) +* Don't set the MTU for loopback interfaces. (docker/libcontainer#98 by @thockin) +* Remove the dep on dotcloud/docker/pkg/system (docker/libcontainer#97 by @crosbymichael) +* Remove unsupported file (docker/libcontainer#90 by @crosbymichael) +* Remove FreezerStats. (docker/libcontainer#89 by @vmarmol) +* Remove unused arg from namespaces.NsEnter (docker/libcontainer#88 by @pmorie) +* Add cgroup status for systemd implementation (docker/libcontainer#87 by @crosbymichael) +* Move syncpipe into separate package (docker/libcontainer#86 by @crosbymichael) +* Allow caller to change the SELinux labels on a directory tree. (docker/libcontainer#47 by @rhatdan) +* remove 2 duplicate caps (docker/libcontainer#85 by @vieux) +* Update Travis to test all the packages (docker/libcontainer#84 by @tianon) +* Add a standalone test utility for cgroup package. (docker/libcontainer#79 by @rjnagal) +* Use conventional factory terminology (docker/libcontainer#83 by @glyn) +* Add Load method to factory (docker/libcontainer#81 by @crosbymichael) +* Fix spelling (docker/libcontainer#77 by @leetreveil) +* Change checks for non-existent cgroup file to a more concise form. (docker/libcontainer#80 by @rjnagal) +* Adding Initialize() to create a new container. (docker/libcontainer#76 by @vmarmol) +* Rename package correctly so the binary is nsinit (docker/libcontainer#78 by @crosbymichael) +* Ignore stats that are not available (docker/libcontainer#75 by @vmarmol) +* Basic version of libcontainer API. (docker/libcontainer#67 by @vmarmol) +* Add a cleanup method to cgroup fs. This will help in building a (docker/libcontainer#74 by @rjnagal) +* Add cross-compilation testing to .travis.yml (docker/libcontainer#60 by @tianon) +* Separate nsinit main from implementation (docker/libcontainer#61 by @vishh) +* Add pause and unpause commands to nsinit (docker/libcontainer#56 by @crosbymichael) +* Rename nsinit spec to config and only display raw json (docker/libcontainer#55 by @crosbymichael) +* Report child error to parent (docker/libcontainer#54 by @crosbymichael) +* Adding per container network stats (docker/libcontainer#25 by @vishh) +* Improve nsinit usage instructions (docker/libcontainer#43 by @glyn) +* Create state (docker/libcontainer#50 by @crosbymichael) +* Add oom notify event (docker/libcontainer#48 by @crosbymichael) +* Strongly type context on the Config (docker/libcontainer#51 by @crosbymichael) +* Rename Container -> Config. (docker/libcontainer#39 by @vmarmol) +* Refactoring libcontainer to avoid cyclic dependencies in the future. (docker/libcontainer#41 by @vishh) +* Update readme with API change explination (docker/libcontainer#40 by @crosbymichael) +* Add sample config files (docker/libcontainer#38 by @crosbymichael) +* Don't fail getting stats of unknown hierarchies. (docker/libcontainer#37 by @vmarmol) +* Replacing docker-dev with libcontainer mailing list. (docker/libcontainer#35 by @vmarmol) +* CpuStats.CpuUsage includes TotalUsage (docker/libcontainer#34 by @bernerdschaefer) +* Add option parsing to nsenter and enable specifying commands with arguments (docker/libcontainer#27 by @mrunalp) +* Require two LGTMs for non-maintainer changes. (docker/libcontainer#29 by @vmarmol) +* Update travis to run unit tests (docker/libcontainer#32 by @crosbymichael) +* Update sample json file for quick testing (docker/libcontainer#31 by @crosbymichael) +* Revert "Mount cgroups in the container" (docker/libcontainer#30 by @crosbymichael) +* Ignore isnotexist errors for restrict paths (docker/libcontainer#24 by @crosbymichael) +* Use lstat to check device symlinks (docker/libcontainer#26 by @crosbymichael) +* Fix invalid fd race (docker/libcontainer#17 by @alexlarsson) +* Use PATH_MAX as buffer size for buffers containing paths. (docker/libcontainer#21 by @mrunalp) +* Mount cgroup in container (docker/libcontainer#15 by @alexlarsson) +* nsenter: fixing the cpp order (docker/libcontainer#20 by @vbatts) +* Initial hacker documentation (docker/libcontainer#10 by @glyn) +* Add Travis (docker/libcontainer#14 by @tianon) +* nsenter: fix setns() for rhel6 (glibc-2.12) (docker/libcontainer#12 by @vbatts) +* Grammar in README (docker/libcontainer#11 by @timthelion) +* Fix vet errors (docker/libcontainer#8 by @LK4D4) +* Add build flag for nsenter file (docker/libcontainer#5 by @crosbymichael) +* Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael) + +## Initial development under moby/moby (formerly docker/docker) + +* Add more stats to libcontainer. (moby/moby#6198 by @vishh) +* Add per cpu usage to libcontainer stats (moby/moby#6153 by @vishh) +* Refactor device handling code (moby/moby#6097 by @timthelion) +* SETUID/SETGID not required for changing user (moby/moby#6083 by @bernerdschaefer) +* libcontainer support for arbitrary route table entries (moby/moby#5868 by @jhspaybar) +* Add device nodes recursively (moby/moby#5995 by @vieux) +* Move get pid into cgroup implementation (moby/moby#5976 by @crosbymichael) +* Mount /dev in tmpfs for privileged containers (moby/moby#5922 by @crosbymichael) +* Make /proc writable, but not /proc/sys and /proc/sysrq-trigger (moby/moby#5903 by @alexlarsson) +* Add PDEATHSIG support to nsinit library (moby/moby#5792 by @bernerdschaefer) +* fix panic when passing empty environment (moby/moby#5833 by @srid) +* Change libcontainer to drop all capabilities by default. (moby/moby#5810 by @vmarmol) +* "nsinit exec ..." forwards signals to container (moby/moby#5791 by @bernerdschaefer) +* Remove the bind mount for dev/console which override the mknod/label (moby/moby#5781 by @creack) +* libcontainer: Create dirs/files as needed for bind mounts (moby/moby#5748 by @crosbymichael) +* Check supplied hostname before using it. (moby/moby#5630 by @rjnagal) +* Don't restrict lxc because of apparmor (moby/moby#5556 by @crosbymichael) +* Mount /proc and /sys read-only, except in privileged containers (moby/moby#5529 by @crosbymichael) +* Add selinux label support for processes and mount (moby/moby#5448 by @crosbymichael) +* Close extraneous file descriptors in containers (moby/moby#5464 by @tianon) +* Remove "root" and "" special cases in libcontainer (moby/moby#5449 by @tianon) +* Refactor cgroups into subsystems and support metrics (moby/moby#5328 by @crosbymichael) +* Avoid "invalid memory address or nil pointer dereference" panic (moby/moby#5143 by @kzys) +* Change shm mode to 1777 (moby/moby#5131 by @crosbymichael) +* Fix libcontainer network support on rhel6 (moby/moby#5115 by @alexlarsson) +* apparmor: docker-default: Include base abstraction (moby/moby#5049 by @Supermathie) +* fixed two readme typos (moby/moby#5025 by @dstine) +* These two patches should fix problems we see with running docker in the wild. (moby/moby#4953 by @rhatdan) +* Cleanly shutdown docker (moby/moby#4867 by @crosbymichael) +* remove setupDev from libcontainer (moby/moby#4942 by @vieux) +* Add logger to libcontainer (moby/moby#4645 by @crosbymichael) +* Always symlink /dev/ptmx for libcontainer (moby/moby#4656 by @crosbymichael) +* Move all bind-mounts in the container inside the namespace (moby/moby#4422 by @alexlarsson) +* No pivot root because of ramdisk (moby/moby#4512 by @crosbymichael) +* Use CGO for apparmor profile switch (moby/moby#4506 by @creack) +* remove dbus from apparmor profile for Ubuntu 12.04 (moby/moby#4503 by @unclejack) +* Add find tests and remove panic in DEBUG (moby/moby#4452 by @crosbymichael)