@stevvooe stevvooe released this Sep 25, 2018 · 700 commits to master since this release

Assets 3

Welcome to the v1.1.4 release of containerd!

This is the fourth patch release for the containerd 1.1 release. This
release includes several fixes in both the CRI plugin and containerd
behavior as more real-world testing is occurring on containerd-based
Kubernetes clusters.

Containerd now handles a large number of layers using the overlayfs
snapshotter properly. Also, supplemental GIDs found in /etc/groups for
the running user are added to the OCI spec "additionalGids" array.

The additional GIDs change and also setting HOSTNAME in the environment
of containers running in a pod are both fixed in this release, matching
expected Docker engine behavior.


Fix a potential content store bug, backported from 1.2

CRI Plugin

Add HOSTNAME to container default environment. Add additional GIDs for
running container user to the OCI spec. Fixed an issue that a directory
mount can override sub-directory mount. Fixed an issue that a container
can't be stopped when container processes are accidentally moved out of
container cgroups. Fix an issue that invalid SELinux format is not


Add a --allow-new-privs flag on ctr run to allow testing an OCI spec
that does not set NoNewPrivileges on by default.

Overlayfs Snapshotter

Supports > 128 layers properly.

Please see the changelog for full details.

Please try out the release binaries and report any issues at


  • Lantao Liu
  • Phil Estes
  • Kir Kolyshkin
  • Derek McGowan
  • Michael Crosby
  • Akihiro Suda
  • Darren Stahl
  • Brian Goff
  • Stephen J Day
  • Yanqiang Miao
  • Claudia Beresford
  • Michael Wan
  • Wei Fu


  • 9f2e07b Merge pull request #2675 from estesp/release-1.1.4-prep
  • b9819f4 Merge pull request #2677 from dmcgowan/update-continuity-1.1
  • b97db28 Update continuity vendor
  • a9c2bd6 Merge pull request #2668 from estesp/cherry-pick-no-new-privs-flag
  • 17d70e2 Prepare for v1.1.4 fix release
  • 3561269 Add flag to ctr for running with NoNewPrivileges: false
  • 013c509 Merge pull request #2654 from estesp/cherrypick-commit-fix
  • 6f4c738 Merge pull request #2657 from Random-Liu/update-cri-release-1.1
  • 8dcb03e [release/1.1] Update cri to f117382467baf182382c44332bfbf488effc34bb.
  • 56f9c44 Add testcase for commit already exist
  • 00a121f Always check exists on commit error
  • 57508dc Merge pull request #2645 from Random-Liu/cherrypick-#2641-release-1.1
  • 9823a56 Backport #2641 to release/1.1.
  • b28cd80 Merge pull request #2637 from estesp/cherrypick-supplemental-grps
  • 19735b5 Add With-helper for supplemental gid support
  • db009b3 Merge pull request #2600 from estesp/cherrypick-overlayfs-mounts
  • 8a2991c Support >= 128 layers in overlayfs snapshots
  • d725c75 Don't fail on setting -ve oom score when rootless

Changes from containerd/aufs

  • ffa3997 update containerd

Changes from containerd/continuity

  • 7f53d41 Merge pull request #134 from dmcgowan/remove-unnecessary-fs-root-check
  • 18a1c09 Remove unreachable block in fs path cleanup
  • 508d86a Merge pull request #123 from kolyshkin/path-error
  • aae7d98 Merge pull request #127 from AkihiroSuda/sync-testutil
  • f04dbc0 Merge pull request #133 from kolyshkin/context
  • 508ef95 travis CI: rm go 1.8
  • 3448067 Switch from x/net/context to context
  • c2ac4ec Merge pull request #129 from estesp/fileheaders
  • cc3f87e Merge pull request #131 from estesp/fixup-vendor
  • d1610d5 Fixup vendor/ with latest run of vndr
  • f9cc5ee Add fileheaders with ltag tool
  • f768f56 testutil: sync with containerd
  • f44b615 Merge pull request #124 from HusterWan/zr/expose-func
  • 4469d34 feature: expose atomicWriterFile function as AtomicWriteFile
  • f5b895a driver/{Mknod,Mkfifo,Lchmod}: return PathError
  • c7c5070 Merge pull request #121 from kolyshkin/xattr
  • a408b7b sysx/xattr: unify implementation
  • 363bb7e vendor: bump golang.org/x/sys to 77b0e4315053
  • 0e47603 sysx: add README
  • 0377f7d Merge pull request #120 from kolyshkin/lchmod-linux-go111
  • 6d0b394 context.Apply: no need to skip chmod on symlinks
  • 94af800 Lchmod(): fix for Linux/Go 1.11
  • 9ab0ec6 Lchmod(): simplify and optimize
  • 2b69c16 sysx.Fchmodat(): remove
  • d2ce1bc sysx/xattr_darwin.go: rm duplicate Fchmodat def
  • 246e490 Merge pull request #111 from cpuguy83/disk_usage_cancellation
  • ab18c4f Merge pull request #115 from cpuguy83/update_travis
  • d3c2351 Merge pull request #113 from darstahl/ResolveRoot
  • 7f1a8b2 Make sure travis tests on latest go version.
  • 5633c24 Stop resolving symlink in containWithRoot
  • 7a71e24 Fix vet failure
  • 8100e75 Resolve context root to follow symlinks as root directories
  • 6cde904 Support cancellation via context in DiskUsage.

Changes from containerd/cri

  • f1173824 Merge pull request #917 from Random-Liu/cherrypick-#914-release-1.0
  • c6ff3436 Add integration test
  • 422d9a50 Fix addition group ids.
  • 591302eb Update containerd to 57508dc.
  • a1cd0f7d Merge pull request #905 from Random-Liu/cherrypick-#901
  • e26747d2 Revert "Add HOSTNAME to env by default for pod containers"
  • 32cc9ad6 Fix hostname env.
  • bb98fad0 Merge pull request #902 from Random-Liu/cherrypick-#892-release-1.0
  • 7166d5c8 Sort volume mount.
  • c65ca355 Merge pull request #896 from estesp/cherrypick-rel1.0-hostname-env
  • 546a3153 Add HOSTNAME to env by default for pod containers
  • be086e15 Merge pull request #887 from Random-Liu/cherrypick-#885-release-1.0
  • 0367114b Fix an issue that container/sandbox can't be stopped.
  • 264b6b63 Merge pull request #876 from miaoyq/cherry-pick-#873-to-1.0
  • 753c8af5 update selinux to b6fa367
  • 6a62ebeb verify selinux level format

Dependency Changes

Previous release can be found at v1.1.3

  • github.com/containerd/aufs a7fbd554da7a9eafbe5a460a421313a9fd18d988 -> ffa39970e26ad01d81f540b21e65f9c1841a5f92
  • github.com/containerd/continuity a60600ad77f38aaa70165825f61e2ea72e51c9b1 -> 7f53d412b9eb1cbf744c2063185d703a0ee34700
  • github.com/containerd/cri v1.0.5 -> f117382467baf182382c44332bfbf488effc34bb
  • github.com/opencontainers/selinux 4a2974bf1ee960774ffd517717f1f45325af0206 -> b6fa367ed7f534f9ba25391cc2d467085dbb445a
  • golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993 -> 1b2967e3c290b7c545b3db0deeda16e9be4f98a2