Skip to content

@lucab lucab released this Aug 18, 2016 · 1012 commits to master since this release

This release introduces support for exporting single applications out of multi-app pods. Moreover, it adds additional support to control device manipulation inside pods. Finally all runtime security features can now be optionally disabled at the pod level via new insecure options. This version also contains multiple bugfixes and supports Go 1.7.

New features and UX changes

  • export: name flag for exporting multi-app pods (#3030).
  • stage1: limit device node creation/reading/writing with DevicePolicy= and DeviceAllow= (#3027, #3058).
  • rkt: implements --insecure-options={capabilities,paths,seccomp,run-all} (#2983).

Bug fixes

  • kvm: use a properly formatted comment for iptables chains (#3038). rkt was using the chain name as comment, which could lead to confusion.
  • pkg/label: supply mcsdir as function argument to InitLabels() (#3045).
  • api_service: improve machined call error output (#3059).
  • general: fix old appc/spec version in various files (#3055).
  • rkt/pubkey: use custom http client including timeout (#3084).
  • dist: remove quotes from rkt-api.service ExecStart (#3079).
  • build: multiple fixes (#3042, #3041, #3046).
  • configure: disable tests on host flavor with systemd <227 (#3047).

Other changes

  • travis: add go 1.7, bump go 1.5/1.6 (#3077).
  • api_service: Add lru cache to cache image info (#2910).
  • scripts: add curl as build dependency (#3070).
  • vendor: use appc/spec 0.8.6 and k8s.io/kubernetes v1.3.0 (#3063).
  • common: use fileutil.IsExecutable() (#3023).
  • build: Stop printing irrelevant invalidation messages (#3050).
  • build: Make generating clean files simpler to do (#3057).
  • Documentation: misc changes (#3053, #2911, #3035, #3036, #3037, #2945, #3083, #3076, #3033, #3064, #2932).
  • functional tests: misc fixes (#3049).
Assets 10
You can’t perform that action at this time.