runC v1.0.0-rc3 发布,一个轻量级的通用运行时容器

jopen 8年前
   <p style="text-align:center"><strong><img alt="" src="https://simg.open-open.com/show/d0e610f64bcbaa60e8b9417ac6565def.png" /></strong></p>    <p> </p>    <p><strong>runC</strong>是一个轻量级的通用运行时容器 ,runC的目标是让用户随时随地使用标准化的容器,功能和特性:</p>    <ul>     <li>完整支持Linux命名空间,包括用户命名空间。</li>     <li>原生支持Linux的所有安全功能,包括Selinux、Apparmor、seccomp、control groups、capability drop、pivot_root、uid/gid dropping等。</li>     <li>原生支持实时迁移和Windows 10容器。</li>     <li>计划为Arm、Power、Sparc等架构提供原生支持,并直接得到Arm、Intel、Qualcomm、IBM,以及整个硬件制造商生态系统的参与和支持。</li>     <li>计划为前沿硬件功能提供原生支持,例如DPDK、sr-iov、tpm、secure enclave等。</li>     <li>可移植的性能配置文件,以及成为正式标准的配置格式。</li>    </ul>    <h2>更新日志</h2>    <h3>特征:</h3>    <ul>     <li>Add slice management support to the systemd cgroup driver. Checks are</li>     <li>done to make sure that systemd supports the feature. <a href="/misc/goto?guid=4959003796476008567">#1084</a></li>     <li>Support for readonly mount labels. <a href="/misc/goto?guid=4959003796608569346">#1112</a></li>     <li>Add a tmpcopyup mount extension for tmpfs mounts that are mounted over</li>     <li>already existing directories, allowing for the contents of a volume to</li>     <li>be copied up transparently. <a href="/misc/goto?guid=4959003796738806045">#845</a></li>     <li>Switch our pivot_root usage to no longer require temporary</li>     <li>directories, improving the state of containters running in entirely</li>     <li>readonly contexts. <a href="/misc/goto?guid=4959003796849146964">#1125</a> <a href="/misc/goto?guid=4959003796981094579">#1148</a></li>     <li>Allow updating of rt_period_us and rt_runtime_us in cpuacct cgroup.</li>     <li>Reimplement console handling to use AF_UNIX sockets such that the</li>     <li>console is created inside the container's (namespaced) devpts</li>     <li>instance, solving a wide variety of historical pty bugs with runC.</li>     <li><a href="/misc/goto?guid=4959003797105977702">#1018</a> <a href="/misc/goto?guid=4959003797234101204">#1356</a></li>     <li>Support overlayfs in mounts. <a href="/misc/goto?guid=4959003797351634021">#1314</a></li>     <li>Support creating devices with types 'p' and 'u'. <a href="/misc/goto?guid=4959003797482675199">#1321</a></li>     <li>Add --preserve-fds=N to create and run commands. <a href="/misc/goto?guid=4959003797605770487">#1320</a></li>     <li>Add pre-dump and parent-path to checkpoint. <a href="/misc/goto?guid=4959003797727366593">#1001</a></li>     <li>Update to runtime-spec v1.0.0-rc5. <a href="/misc/goto?guid=4959003797855598444">#1370</a></li>    </ul>    <h3>修复:</h3>    <ul>     <li>Remove check for binding to /. <a href="/misc/goto?guid=4959003797973114038">#1090</a></li>     <li>Ensure we log to logrus on command errors. <a href="/misc/goto?guid=4959003798094969399">#1089</a></li>     <li>Don't enable kmem limits if they're not specified in the config. <a href="/misc/goto?guid=4959003798220598468">#1095</a></li>     <li>Handle cases where specs.Resources.* members would cause null<br /> dereferences. <a href="/misc/goto?guid=4959003798343770273">#1111</a> <a href="/misc/goto?guid=4959003798470961426">#1116</a></li>     <li>Fix bugs in the GetProcessStartTime implementation. <a href="/misc/goto?guid=4959003798589331612">#1136</a></li>     <li>Make sysctl config validation checks handle network namespaces more<br /> gracefully. <a href="/misc/goto?guid=4959003798718254189" title="docker/docker#27484-check if sysctls are used in host network mode.">#1138</a> <a href="/misc/goto?guid=4959003798836428471" title="validator: unbreak sysctl net.* validation">#1149</a></li>     <li>Guarantee correct namespace creation ordering. This is part of the<br /> rootless container patchset, and is also required in certain SELinux<br /> setups. <a href="/misc/goto?guid=4959003798943738120">#977</a></li>     <li>Stop screwing around with '\n' in console output. <a href="/misc/goto?guid=4959003799053617301">#1146</a></li>     <li>Fix cpuset.cpu_exclusive handling. <a href="/misc/goto?guid=4959003799153593555">#1194</a></li>     <li>Sync HookState with the OCI specification. <a href="/misc/goto?guid=4959003799237984191">#1201</a></li>     <li>Split remounting mountpoints and bindmounts, resolving issues with<br /> mount options being dropped in certain cases. <a href="/misc/goto?guid=4959003799334175391">#1222</a></li>     <li>Fix leftover cgroup directory issue. <a href="/misc/goto?guid=4959003799423527096">#1196</a></li>     <li>Handle config.Devices and config.MaskPaths in checkpoint. <a href="/misc/goto?guid=4959003799510938743">#1110</a>.</li>     <li>Don't create combined cgroup subsystem names. <a href="/misc/goto?guid=4959003799593084735">#1268</a></li>     <li>Ignore cgroupv2 mountpoints, fixing issues with systemd v232. <a href="/misc/goto?guid=4959003204630142078">#1266</a></li>     <li>Race condition when synchronising with children and grandchildren in<br /> nsexec.c. <a href="/misc/goto?guid=4959003799705562969">#1237</a></li>     <li>Fix state checks to no longer depend on _LIBCONTAINER being present in<br /> the environment, fixing both bugs as well as being part of the<br /> rootless container patchset. <a href="/misc/goto?guid=4959003799792025344">#1317</a></li>     <li>Fix systemd-notify when using different PID namespaces, and allow<br /> detach+notify socket. <a href="/misc/goto?guid=4959003799876865931" title="fix systemd-notify when using a different PID namespace">#1308</a></li>     <li>Don't fchown when inheriting stdio, which is necessary for rootless<br /> containers in certain scenarios. <a href="/misc/goto?guid=4959003799953712078">#1354</a></li>     <li>Fix cpu.cfs_quota_us being changed when systemd is reloaded. <a href="/misc/goto?guid=4959003800045073090">#1344</a></li>     <li>Add devices to whitelist for LXD, to make runC under LXC/LXD work<br /> better. <a href="/misc/goto?guid=4959003800122771792">#1327</a></li>     <li>Many improvements to testing. <a href="/misc/goto?guid=4959003800202449951">#1121</a> <a href="/misc/goto?guid=4959003800282444113">#1131</a> <a href="/misc/goto?guid=4959003800369740244">#1132</a> <a href="/misc/goto?guid=4959003800440868464">#1147</a></li>    </ul>    <h3>安全:</h3>    <ul>     <li>Several fixes for CVE-2016-9962. <a href="/misc/goto?guid=4959003800529396917">5d93fed</a> <a href="/misc/goto?guid=4959003800615499306">#1274</a></li>    </ul>    <h2>下载</h2>    <ul>     <li><a href="/misc/goto?guid=4959003800693323651" rel="nofollow"><strong>runc-linux-amd64</strong></a></li>     <li><a href="/misc/goto?guid=4959003800767304297" rel="nofollow"><strong>runc-linux-amd64.asc</strong></a></li>     <li><a href="/misc/goto?guid=4959003800851685885" rel="nofollow"><strong>Source code</strong> (zip)</a></li>     <li><a href="/misc/goto?guid=4959003800928941309" rel="nofollow"><strong>Source code</strong> (tar.gz)</a></li>    </ul>    <p>本站原创,转载时保留以下信息:<br /> 本文转自:深度开源(open-open.com)<br /> 原文地址:<a href="http://www.open-open.com/news/view/6fe29773">http://www.open-open.com/news/view/6fe29773</a></p>