/rkt

Unverified
No user is associated with the committer email.
Learn about signing commits
v1.7.0

@lucab lucab released this May 30, 2016 · 1514 commits to master since this release

Assets 10

v1.7.0

This release introduces some new security features, including a "no-new-privileges" isolator and initial (partial) restrictions on /proc and /sys access.
Cgroups handling has also been improved with regards to setup and cleaning. Many bugfixes and new documentation are included too.

New features and UX changes

  • stage1: implement no-new-privs linux isolator (#2677).
  • stage0: disable OverlayFS by default when working on ZFS (#2600).
  • stage1: (partially) restrict access to procfs and sysfs paths (#2683).
  • stage1: clean up pod cgroups on GC (#2655).
  • stage1/prepare-app: don't mount /sys/fs/cgroup in stage2 (#2681).
  • stage0: complain and abort on conflicting CLI flags (#2666).
  • stage1: update CoreOS image signing key (#2659).
  • api_service: Implement GetLogs RPC request (#2662).
  • networking: update to CNI v0.3.0 (#3696).

Bug fixes

  • api: fix image size reporting (#2501).
  • build: fix build failures on manpages/bash-completion target due to missing GOPATH (#2646).
  • dist: fix "other" permissions so rkt list can work without root/rkt-admin (#2698).
  • kvm: fix logging network plugin type (#2635).
  • kvm: transform flannel network to allow teardown (#2647).
  • rkt: fix panic on rm a non-existing pod with uuid-file (#2679).
  • stage1/init: work around cgroup/SCM_CREDENTIALS race (#2645).
  • gc: mount stage1 on GC (#2704).
  • stage1: fix network files leak on GC (#2319).

Other changes