1.9

• linux: support arbitrary idmapped mounts. Now it is possible to specify a mapping for any type of mount, not only bind mounts.
• linux: add support for "ridmap" mount option to support recursive idmapped mounts.
• crun delete: call systemd's reset-failed. In case systemd cgroup driver is used, and the systemd unit has failed (e.g. oom-killed), systemd won't remove the unit (that is, unless the "CollectMode: inactive-or-failed" property is set).
• linux: fix check for oom_score_adj. Write the oom_score_adj file even when the new value is 0.
• features: Support mountExtensions.
• linux: correctly handle unknown signal string when it doesn't start with a digit.
• linux: do not attempt to join again already joined namespace.
• wasmer: use latest wasix API.

1.8.7

• linux: fix a race condition when an exec was performed immediately after the start and the setns with the procfd failed.
• features: Fix annotations formatting.
• linux: do not write some errors twice.
• libcrun: handle SIGWINCH by resizing the terminal file descriptor.

1.8.6

• crun: new command "crun features".
• linux: fix handling of idmapped mounts when the container joins an existing PID namespace.
• linux: support io_priority from the OCI specs.
• linux: handle correctly the case where the status file is not written yet for a container.
• crun: fix segfault for "ps" when the container is not using cgroups.
• cgroup: allow setting swap to 0.

1.8.5

• scheduler: use definition from the OCI configuration file instead of the custom label that is now dropped and not supported anymore.
• cgroup: fix creating cgroup under "domain threaded".
• cgroup, systemd: set the memory limit on the system scope.
• restore tty settings from the correct file descriptor. It was previously restoring the settings from the wrong file descriptor causing the tty settings to be changed on the calling terminal.
• criu: check if the criu_join_ns_add function exists. Fix a segfault with new versions of CRIU.
• linux: do not precreate devs with euid > 0. Fix creating devices when running the OCI runtime as non root user.
• linux: improve PID detection on systems that lack pidfd. While there is still a window of time that the PID could be recycled, now it is now reduced to a minimum.
• criu: fix memory leak.
• logging: improve error message when dlopen fails.

1.8.4

• fix build on CentOS 7.
• drop custom annotation to set the time namespace and use the OCI specs instead.
• cgroup: workaround cpu quota/period issue with v1. Sometimes setting CPU quota period fails when a new period is lower, and a parent cgroup has CPU quota limit set.
• cgroup: fix set quota to -1 on cgroup v1.
• criu: drop loading unused functions.

1.8.3

v1.8.3

1.8.2

• lua bindings for libcrun.
• wasmedge: add current directory to preopen paths.
• linux: inherit parent mount flags when making a path masked.
• libcrun: custom annotation to set the scheduler for the container process.
• cgroup: fallback to blkio.bfq files if blkio is not available on cgroup v1.
• cgroup: initialize rt limits when using systemd.
• tty: chown the tty to the exec user instead of the user specified to create the container.
• cgroup: fallback to create cgroupfs as sibling of the current cgroup if there is none specified and it cannot be created in the root cgroup.

1.8.1

• linux: idmapped mounts expect the same configuration as the user namespace mappings. Before they were expecting the inverted
  mapping. It is a breaking change, but the behavior was aligned to what runc will do as well.
• krun: always allow /dev/kvm in the cgroup configuration.
• handlers: disable exec for handlers that do not support it.
• selinux: allow setting fscontext using a custom annotation.
• cgroup: reset systemd unit if start fails.
• cgroup: rmdir the entire systemd scope. It fixes a leak on cgroupv1.
• cgroup: always delete the cgroup on errors. On some errors it could have been leaked before.

1.8

• linux: precreate devices on the host.
• cgroup: support cpuset mounted with noprefix.
• linux: mount the source cgroup if cgroupns=host.
• libcrun: don't clone self from read-only mount.
• build: fix build without dlfcn.h.
• linux: set PR_SET_DUMPABLE.
• utils: fix applying AppArmor profile.
• linux: write setgroups=deny when mapping a single uid/gid.
• cgroup: fix enter cgroupv1 mount on RHEL 7.

1.7.2

• criu: hardcode library name to libcriu.so.2.
• cgroup: always enable all controllers, even if the cgroup was already joined. Regression caused by crun-1.7.