| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: crun | Distribution: SUSE Linux Enterprise 15 SP5 |
| Version: 1.6 | Vendor: openSUSE |
| Release: bp155.1.6 | Build date: Mon May 22 15:06:13 2023 |
| Group: Unspecified | Build host: obs-arm-11 |
| Size: 697088 | Source RPM: crun-1.6-bp155.1.6.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/containers/crun | |
| Summary: OCI runtime written in C | |
crun is a runtime for running OCI containers. It is built with libkrun support
GPL-2.0-or-later
* Thu Sep 29 2022 Dario Faggioli <dfaggioli@suse.com>
- Update to 1.6
* runc compatibility: -v now prints the version string.
* build: fix build with glibc 2.36.
* container: drop intermediate userns custom feature.
* cgroup: change the delegate cgroup semantic so that the cgroup
is created in the container payload after the cgroup namespace
is created.
* seccomp: use helper process to send file descriptor to the listener
socket. It enables to be notified on every syscall without hanging
the main process.
* linux: add a fallback to using kill(2) if pidfd_send_signal(2)
fails with ENOSYS.
* krun: add support for krun-sev.
* wasmtime: always grant file system capability for workdir inside
the container.
* wasmtime: inherit arguments list from the handler instead of the
current process.
* wasmedge: use released wasmedge library instead of libwasmedge_c.so.
- Update to 1.5
* add mono based native .NET handler
* new Wasmtime backend for running WebAssembly
* add support for wasmedge 0.10 and dropping support for wasmedge 0.9.x
* dropping support for experimental WasmEdgeProcess from wasmedge handler
* honor process user's uid when setting the HOME environment variable
* create the current working directory if it is missing in the container
* fallback to using a tmpfs mount if umount of /sys and /proc fails
* fallback to netlink to setup lo device
* fix creating devices in the rootfs
* fallback to using io.weight if io.bfq.weight doesn't exist
* remove tun/tap from the default allow list
* linux: devices mounts have noexec and nosuid
* fix copyup of files from the container to the tmpfs
* honor $PATH for newgidmap and newguidmap
* krun: limit the number of vCPUs to 8
* cgroup: add support for cpu.idle
* Mon May 09 2022 Frederic Crozat <fcrozat@suse.com>
- Update to 1.4.5:
+ CRIU: add support for different manage cgroups modes.
+ linux: the hook processes inherit the crun process
environment if there is no environment block specified in the
OCI configuration.
° exec: fix double free when using --apparmor and
- -process-label.
* Tue Apr 12 2022 Dario Faggioli <dfaggioli@suse.com>
- It'd be nice to run the test suite with %check. It however, still
does not work properly inside OBS workers. Add it commented and
explain it
* Tue Apr 12 2022 Dario Faggioli <dfaggioli@suse.com>
- switch to latest upstream version (1.4.4)
- big jump from 0.21! Here's a short summary, for details,
see: https://github.com/containers/crun/releases
* 1.4.4
wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
Resolve symlinks in bind mounts when creating a user namespace.
Fix CVE-2022-27650: exec does not set inheritable capabilities.
* 1.4.3
cgroup: avoid potential infinite loop when deleting a cgroup.
support additional options for idmap mounts.
open the source for a bind mount in the host.
* 1.4.2
CRIU: add pre-dump support.
Fix running with a read-only /dev.
Ignore EROFS when chowning standard stream files.
Add validation for sysctls before applying them.
* 1.4.1
Fix check for an invalid path.
Allow deleting a container while in created state.
cgroup: do not set cpu limits if number of shares is set to 0.
* 1.4
wasm: support for running on kubernetes with containerd.
linux: add support for recursive mount options.
add support for idmapped mounts through a new mount option "idmap".
linux: improve detection of /dev target.
now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2.
retry the openat2 syscall if it fails with EAGAIN.
cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup.
on new kernels, use setns with pidfd.
attempt the chdir again with the specified user if it failed before changing credentials.
* 1.3
add support to natively build and run WebAssembly workload and WebAssembly containers.
allow to specify sub-cgroup for exec.
chown std streams if they are not a TTY.
attach the correct streams if the container is suspended and restored multiple times.
fix race condition when enabling controllers on cgroup v2.
* 1.2
exec: fix regression in 1.1 where containers are being wrongly reported as paused.
criu: add support for external ipc, uts and time namespaces.
* 1.1
cgroup: use cgroup.kill when available.
exec: refuse to exec in a paused container/cgroup.
container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing.
criu: Add support for external PID namespace.
criu: fix save of external descriptors.
utils: retry openat2 on EAGAIN.
* 1.0
cgroup: chown the current container cgroup to root in the container.
linux: treat pidfd_open failures EINVAL as ESRCH.
cgroup: add support for setting memory.use_hierarchy on cgroup v1.
Makefile.am: fix link error when using directly libcrun.
Fix symlink target mangling for tmpcopyup targets.
- fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself)
- update and fixup dependencies
* Tue Nov 02 2021 Dario Faggioli <dfaggioli@suse.com>
- Add libprotobuf-c-devel as an explicit dependency, for fixing
the build;
- Get rid of rpmlintrc, as it's no longer needed.
* Mon Aug 23 2021 Dario Faggioli <dfaggioli@suse.com>
- make libkrun support conditional, so we can have crun (without
libkrun, of course) on all arches, which may help with
bsc#1188914.
* Fri Aug 06 2021 Frederic Crozat <fcrozat@suse.com>
- Drop libkrun-dlopen.patch and adapt to libkrun new package name,
it is a plugin, not a regular shared library.
* Fri Aug 06 2021 Frederic Crozat <fcrozat@suse.com>
- Add libkrun-dlopen.patch: use soname when dlopening libkrun.
* Wed Jul 28 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to 0.21
- honor memory swappiness set to 0
- status: add fields for owner and created timestamp
- cgroup: lookup pids controller as well when the memory controller
is not available
- when compiled with krun, automatically use it if the current
executable file is called "krun".
- container: ignore error when resetting the SELinux label for the
keyring.
- container: call prestart hooks before rootfs is RO.
- cgroup: added support cleaning custom controllers on cgroupv1.
- spec: add support for --bundle.
- exec: add --no-new-privs.
- exec: add --process-label and --apparmor to change SELinux and
AppArmor labels.
- cgroup: kill procs in cgroup on EBUSY.
- cgroup: ignore devices errors when running in a user namespace.
- seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
- seccomp: report correct action in error message.
- apply SELinux label to keyring.
- add custom annotation run.oci.delegate-cgroup.
- close_range fallbacks to close on EPERM.
- report error if the cgroup path was set and the cgroup could not be
joined.
- on exec, honor additional_gids from the process spec, not the
container definition.
- spec: add cgroup ns if on cgroup v2.
- systemd: support array of strings for cgroup annotation.
- join all the cgroup v1 controllers.
- raise a warning when newuidmap/newgidmap fail.
- handle eBPF access(dev_name, F_OK) call correctly.
- fix some memory leaks on errors when libcrun is used by a long
running process.
- fix the SELinux label for masked directories.
- support default seccomp errno value.
- fail if no default seccomp action specified.
- support OCI seccomp notify listener.
- improve OOM error messages.
- ignore unknown capabilities and raise a warning.
- always remount bind mounts to drop not requested mount flags.
* Tue Mar 23 2021 Dario Faggioli <dfaggioli@suse.com>
- Add a mention to crun-rpmlintrc in the spec file
* Fri Mar 19 2021 Dario Faggioli <dfaggioli@suse.com>
- Since we're building with libkrun support, let's enable only the
arch-es for which we do have libkrun
* Sat Mar 13 2021 Dario Faggioli <dfaggioli@suse.com>
- Suppress the (false positive) rpmlint warning
* Sat Mar 13 2021 Dario Faggioli <dfaggioli@suse.com>
- Some fixes to the spec file (add some %doc, remove unused macros, etc)
* Thu Mar 11 2021 Dario Faggioli <dfaggioli@suse.com>
- Initial package for 0.18
Based on the package by Giuseppe Scrivano <gscrivan@redhat.com>
/usr/bin/crun /usr/bin/krun /usr/share/doc/packages/crun /usr/share/doc/packages/crun/README.md /usr/share/doc/packages/crun/SECURITY.md /usr/share/licenses/crun /usr/share/licenses/crun/COPYING /usr/share/man/man1/crun.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 20:15:22 2024