Releases: cloudfoundry/garden-runc-release
Releases · cloudfoundry/garden-runc-release
GRR v1.0.2
- Swap to using
iptables-restore
due to regulariptables
becoming extremely slow with lots of rules on recent kernels - Minor changes to experimental image_plugin api
GRR v1.0.1
Minor fix and some work on the image plugin API
- Hostnames are now truncated where the handle is super-long (https://www.pivotaltracker.com/story/show/132858029)
- Various improvements to image_plugin API for grootfs
GRR v1.0.0
no big deal
GRR v0.9.2
Minor update.
- fixes a bug in the case where there are so many existing iptables rules when garden is started that
iptables -S
output exceeds the maximum pipe capacity (https://www.pivotaltracker.com/story/show/132142837)
GRR v0.9.1
- Make destroy more resilient to guardian being abruptly killed
- Bump golang version to 1.7
- Don't create a new session keyring for every container (there's a significant performance penalty for creating a new keyring under load, and
runc
now supports not doing it). - Reduce log level of some frequent log messages
GRR v0.9.0
- Ensure deletes are atomic: even if garden is killed during deletes, the delete can now be completed on restart
- Forward logs to syslog (via #16, thanks @keymon!)
- Changes to enable container to container networking plugin (via cloudfoundry/guardian#48, thanks @jaydunk!)
0.8.0
Fixes a bug where the PATH environment variable was not properly set if another environment variable containing the string "PATH=" was specified
GRR v0.7.0
Minor fixes.
- Set a default window size (80x24) when no size is specified and a TTY is attached
- Ensure aufs module is auto-loaded (when available) even if no graph path is specified
GRR v0.6.0
Mostly a bug-fixin'-and-PR-mergin' release. Enjoy, get it while it's hot!
- Improve handling of re-attaching to processes after restart
- Fix bug where output was lost if a process exited while writing to a TTY
- Make semantics of
Lookup
match garden-linux to avoid flakes in other components (specificLookup
pretends not to know about containers untilCreate
has returned successfully) - PR: Don't run internal ("kawasaki") networker if an external network plugin path has been provided (enables container-to-container networking plugin to be tried experimentally in production), thanks @rosenhouse!
- PR: Support for execveat syscall in case of ppc64 arch, thanks @barthy1!
- PR: Remove destination filter from MASQUERADE rules, thanks @geofffranks!
- PR: Increase max keyrings from 500 to 1000000, thanks @RochesterinNYC!
- PR: Make rootfs a parameter to be passed in to guardian ifrit runner, thanks @nimakaviani & @jenspinney!
0.5.0
Much good stuff:
- AppArmor! Unprivileged containers are now secured with a default apparmor profile. This is based on the default docker apparmor profile for maximum compatibility
- The
shared_mounts
bosh property is gone, we now do the right thing for anything in/var/vcap/data
- We now use the new OCI "create/start" split to run network plugins, allowing much more flexibility in how this works and cleaning up the code a lot
- Iodaemon is gone, we now use a binary called 'dadoo' to do a roughly similar job
- Reattaching after restart should now be more bulletproof, for example getting the exit code should work
- Code now imported via
code.cloudfoundry.org
domain