1.8.6

• crun: new command "crun features".
• linux: fix handling of idmapped mounts when the container joins an existing PID namespace.
• linux: support io_priority from the OCI specs.
• linux: handle correctly the case where the status file is not written yet for a container.
• crun: fix segfault for "ps" when the container is not using cgroups.
• cgroup: allow setting swap to 0.

1.8.5

• scheduler: use definition from the OCI configuration file instead of the custom label that is now dropped and not supported anymore.
• cgroup: fix creating cgroup under "domain threaded".
• cgroup, systemd: set the memory limit on the system scope.
• restore tty settings from the correct file descriptor. It was previously restoring the settings from the wrong file descriptor causing the tty settings to be changed on the calling terminal.
• criu: check if the criu_join_ns_add function exists. Fix a segfault with new versions of CRIU.
• linux: do not precreate devs with euid > 0. Fix creating devices when running the OCI runtime as non root user.
• linux: improve PID detection on systems that lack pidfd. While there is still a window of time that the PID could be recycled, now it is now reduced to a minimum.
• criu: fix memory leak.
• logging: improve error message when dlopen fails.

1.8.4

• fix build on CentOS 7.
• drop custom annotation to set the time namespace and use the OCI specs instead.
• cgroup: workaround cpu quota/period issue with v1. Sometimes setting CPU quota period fails when a new period is lower, and a parent cgroup has CPU quota limit set.
• cgroup: fix set quota to -1 on cgroup v1.
• criu: drop loading unused functions.

1.8.3

v1.8.3

1.8.2

• lua bindings for libcrun.
• wasmedge: add current directory to preopen paths.
• linux: inherit parent mount flags when making a path masked.
• libcrun: custom annotation to set the scheduler for the container process.
• cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1.
• cgroup: initialize rt limits when using systemd.
• tty: chown the tty to the exec user instead of the user specified to create the container.
• cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup.

1.8.1

• linux: idmapped mounts expect the same configuration as the user namespace mappings. Before they were expecting the inverted
  mapping. It is a breaking change, but the behavior was aligned to what runc will do as well.
• krun: always allow /dev/kvm in the cgroup configuration.
• handlers: disable exec for handlers that do not support it.
• selinux: allow setting fscontext using a custom annotation.
• cgroup: reset systemd unit if start fails.
• cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
• cgroup: always delete the cgroup on errors. On some errors it could have been leaked before.

1.8

• linux: precreate devices on the host.
• cgroup: support cpuset mounted with noprefix.
• linux: mount the source cgroup if cgroupns=host.
• libcrun: don't clone self from read-only mount.
• build: fix build without dlfcn.h.
• linux: set PR_SET_DUMPABLE.
• utils: fix applying AppArmor profile.
• linux: write setgroups=deny when mapping a single uid/gid.
• cgroup: fix enter cgroupv1 mount on RHEL 7.

1.7.2

• criu: hardcode library name to libcriu.so.2.
• cgroup: always enable all controllers, even if the cgroup was already joined. Regression caused by crun-1.7.

1.7.1

• criu: load libcriu dynamically.
• seccomp: initialize libgcrypt.
• handlers: fix rewriting the argv if the full cmdline doesn't fit.
• utils: honor SELinux label when using a custom handler.
• utils: honor AppArmor label when using a custom handler.
• krun: copy the OCI configuration file into the container.
• utils: fix creating the default user namespace when running with euid != 0.
• Add setlinebuf() when --debug and --log=file: are used.
• Fix timestamp format in the error messages.
• krun: disable libkrun's collection of env vars.

1.7

• seccomp: use a cache for the generated BPF.
• add support for setting the domainname through the OCI spec.
• handlers: define wasm and krun.
• wasmtime: add support for compiling .wat format.
• cgroup: honor checkBeforeUpdate on cgroupv2.
• crun: chown std streams before joining the user namespace.
• crun: display rundir in --version output.
• container: with cgroupfs use clone3 to join directly the target cgroup.
• linux: create parent directories for created devices with mode 0755.
• wasm: inherit environment variables in the WasmEdge handler.