Skip to content

@alexlarsson alexlarsson released this Nov 27, 2019

The biggest feature in this release is the support for joining
existing user and pid namespaces. This doesn't work in the setuid
mode (at the moment).

Other changes:

  • Stores namespace info in status json
  • In setuid mode pid 1 is now marked dumpable
  • Now builds with musl libc
Alexander Larsson (17):
      Tests: Fix test count
      setuid mode: Properly drop privs in monitor and pid1
      Mark init process as dumpable so we can see stuff in its /proc
      Add support for --userns and --userns2
      tests: test --userns
      utils: Add some utility function to pass pids over a socket
      utils: Add fork_intermediate_child() helper
      Add support for --pidns
      Add tests for --pidns
      tests: Better error message if assert_files_equal fails
      Fix typo in comment
      Drop cap bounding set also in --userns case
      Allow --uid and --gid with --userns
      tests: Fix --userns tests
      --userns --uid: Only swtich user if needed
      Merge pull request #338 from containers/reuse-namespaces
      Bump 0.4.0

Christian Kellner (3):
      bwrap: set opt_unshare_cgroup when _try succeeds
      bwrap: include the pid namespace id in status/json
      tests: check namespace info in json

Colin Walters (1):
      Post-release version bump

Jonathan Lebon (1):
      ci: Bump to fedora/29/atomic

shawrkbait (1):
      Add work-around for TEMP_FAILURE_RETRY to support musl

Git-EVTag-v0-SHA512: d3f07f58b50c579b27470722edfc87b741465ca37ff4d40c9f715d610a69a80a6e6035a0dee678158c1dd77edb0b06bed3ffd6393a784d4ed975c092eb151952

Assets 3
You can’t perform that action at this time.