runc/CHANGELOG.md

## v1.0.0-rc11 [20yy-mm-dd]

* cgroups/fs2: don't always parse /proc/self/cgroup (#2358 by @kolyshkin)
* Vagrantfile: use Fedora 32 (and remove unused Podman) (#2363 by @AkihiroSuda)
* docs: terminals: mention subreaper requirement (#2359 by @cyphar)
* check that StartTransientUnit/StopUnit succeeds (#2331 by @lifubang)
* Makefile fixes and improvements (#2357 by @kolyshkin)
* fs2: fix cgroup.subtree_control EPERM on rootless + add CI (#2340 by @AkihiroSuda)
* travis: run vagrant tests on the host (#2342 by @kolyshkin)
* fix data inconsistent when runc update in systemd driven cgroup (#2343 by @lifubang)
* cgroupv2: use default allowed devices when linux resources is null (#2318 by @lifubang)
* checkpoint: don't print error if --pre-dump is set (#2327 by @kolyshkin)
* Fix cgroupv2 checkpoint/restore (#2335 by @kolyshkin)
* cgroupv2: allow to set EnableAllDevices=true (#2347 by @kolyshkin)
* Makefile nits (#2334 by @kolyshkin)
* libcontainer: fix Checkpoint wrt cgroupv2 (#2324 by @kolyshkin)
* Dockerfile: use bats-core (#2336 by @kolyshkin)
* libcontainer: use consts of Namespace from runtime-spec (#2330 by @KentaTada)
* libcontainer: use x/sys/unix instead of the hardcoded value (#2348 by @KentaTada)
* MAINTAINERS: add Kir Kolyshkin (#2326 by @AkihiroSuda)
* Fix/improve checkpoint integration tests (#2332 by @kolyshkin)
* cgroupv2: fix fs2 driver initialization (#2299 by @kolyshkin)
* CI cleanups (#2320 by @kolyshkin)
* Nits (#2325 by @kolyshkin)
* cgroupv2: default join cgroup namespace in runc example (#2322 by @lifubang)
* Defer netns.Close() after error check (#2317 by @tedyu)
* cgroupv2: fix fs2 driver default path (#2305 by @kolyshkin)
* runc exec: don't enable terminal unless -t is set (#2308 by @kolyshkin)
* Initial integration tests for cgroupv2 (#2295 by @kolyshkin)
* Exposing memory.numa_stats (#2278 by @iwankgb)
* Properly remove intermediate directory (#2312 by @tedyu)
* travis: move `cgroup-v2` out of `allow_failures` (#2304 by @AkihiroSuda)
* libcontainer: remove unneeded import (#2303 by @KentaTada)
* cgroupv2: fix setting MemorySwap (#2288 by @kolyshkin)
* cgroupv2: only treat -1 as "max" (#2300 by @kolyshkin)
* README.md: update Go version to build (#2296 by @KentaTada)
* libcontainer: use cgroups.NewStats (#2297 by @giuseppe)
* Fix TestGetContainerStateAfterUpdate on cgroup v2 (#2289 by @AkihiroSuda)
* Remove unused consts testScopeWait and testSliceWait (#2294 by @tklauser)
* Restore close of criuServer (#2293 by @tedyu)
* Use errors.As() and errors.Is() to unwrap errors (#2291 by @kolyshkin)
* Added HugeTlb controller for cgroupv2 (#2235 by @Zyqsempai)
* vagrant: switch from VirtualBox to KVM + increase HW resources (#2261 by @AkihiroSuda)
* Use errors.Unwrap() where possible (#2280 by @kolyshkin)
* isPathInPrefixList return value should be reverted (#2283 by @tedyu)
* Avoid double close of criuServer (#2284 by @tedyu)
* cgroupv2: don't use GetCgroupMounts for criu c/r (#2276 by @kolyshkin)
* libct/isPaused: don't use GetPaths from v2 code (#2282 by @kolyshkin)
* Add minimal cgroup2 checkpoint/restore support (#2259 by @adrianreber)
* Actually check for syscall.ENODEV when checking if a container is paused (#2279 by @yulianedyalkova)
* Separate systemd dbus connection initialization from running check (#2203 by @mrunalp)
* Dockerfile: some refactoring, and switch to "buster" variant (#2234 by @thaJeztah)
* update vendor (#2268 by @AkihiroSuda)
* bifio.Scan.Err usage nits (#2275 by @kolyshkin)
* Use faster mountinfo parser (part 1) (#2256 by @kolyshkin)
* cgroup v2 cleanups (#2273 by @kolyshkin)
* Retry writing to cgroup files on EINTR error (#2258 by @danail-branekov)
* cgroupv2: use "max" for negative values (#2272 by @kolyshkin)
* cgroupv2: don't try to set kmem for systemd case (#2270 by @kolyshkin)
* fix readSync (#2193 by @milkwine)
* checkpoint: remove error message with --leave-running (#2260 by @adrianreber)
* Assorted minor nits in libcontainer (#2263 by @kolyshkin)
* vendor: update go-systemd and godbus (#2242 by @AkihiroSuda)
* Avoid duplicate calls to runner#destroy (#2267 by @tedyu)
* specconv: fix null spec.Process making runc panic (#1826 by @jingxiaolu)
* Use signal map from x/sys/unix (#2257 by @kolyshkin)
* Dockerfile: add -f to curl (#2264 by @kolyshkin)
* libcontainer/sync: Drop procConsole transaction from comments (#1737 by @wking)
* Remove unreachable code paths (#1974 by @saschagrunert)
* cgroup2: fix conversion (#2248 by @AkihiroSuda)
* restore: fix a race condition in process.Wait() (#2226 by @avagin)
* Add support for Go Modules (#2073 by @odinuge)
* Makefile: set selinux and apparmor build tags (#2254 by @kolyshkin)
* fix rootless container: unrelated error with root flag (#1999 by @lifubang)
* sd-notify: do not hang when NOTIFY_SOCKET is used with create (#1807 by @giuseppe)
* Synchronize the call to linuxContainer.Signal() (#2252 by @pkagrawal)
* Use named error return for initProcess#start (#2238 by @tedyu)
* Use "command -v" shell builtin instead of "which" (#2228 by @cpuguy83)
* Add rootless testpath in Makefile (#1877 by @KentaTada)
* travis: update configuration (#2222 by @cyphar)
* Convert blkioWeight to io.weight properly (#2212 by @Zyqsempai)
* vendor: opencontainers/selinux v1.3.3, and update golang.org/x/sys (#2230 by @thaJeztah)
* libcontainer: dual-license nsenter/cloned_binary.c (#2232 by @cyphar)
* MAINTAINERS: add Akihiro Suda to maintainers (#2231 by @thaJeztah)
* Exchange deprecated systemd resources with the appropriate for cgroupv2 (#2210 by @Zyqsempai)
* Fix the value corresponding to rlimitmap [key] (#2223 by @wanghuaiqing2010)
* Fix MAJ:MIN io.stat parsing order (#2192 by @Zyqsempai)
* Allow to set systemd unit properties via annotations (#2224 by @kolyshkin)
* Added conversion for cpu.weight v2 (#2213 by @Zyqsempai)
* README.md: modify the explanation of make flags (#2184 by @KentaTada)
* Adding Security audit (#2190 by @amye)
* Fix path for security report line (#2221 by @inductor)

## v1.0.0-rc10 [2020-01-24]

* VERSION: release 1.0.0~rc10 (#2217 by @cyphar)
* rootfs: do not permit /proc mounts to non-directories (#2207 by @cyphar)
* Handle ENODEV when accessing the freezer.state file (#2133 by @yulianedyalkova)
* temporarily disable CRIU tests (#2198 by @AkihiroSuda)
* cgroup2: split fs2 from fs (#2169 by @AkihiroSuda)
* libcontainer: export and add new methods to allow cgroups manipulation (#2177 by @devimc)
* Fix race checking for process exit and waiting for exec fifo (#2185 by @liggitt)
* fix permission denied (#2086 by @win-t)
* criu: Ensure other users cannot read c/r files (#2141 by @rst0git)
* Makefile: allow overriding `docker` command (#2161 by @AkihiroSuda)
* Expose network interfaces via runc events (#2174 by @saschagrunert)
* .travis.yml: add Fedora 31 vagrant box (for cgroup2) (#2165 by @AkihiroSuda)
* Make event types public (#2172 by @saschagrunert)
* cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error (#2168 by @AkihiroSuda)
* Remove the static_build build tag. (#2154 by @jpeach)
* cgroup2: port over eBPF device controller from crun (#2145 by @AkihiroSuda)
* cgroup2: implement `runc ps` (#2149 by @AkihiroSuda)
* cgroup2: cpuset_v2: skip Apply when no limit is specified (#2148 by @AkihiroSuda)
* cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS (#2159 by @AkihiroSuda)
* cgroup2: do not parse /proc/cgroups (#2160 by @AkihiroSuda)
* Set unified mountpoint in find mnt func (#2140 by @crosbymichael)
* Adds info about `userns` for rootless containers (#1929 by @kkallday)
* io_v2.go: remove blkio v1 code (#2147 by @AkihiroSuda)
* README.md: clarify cgroup2 support is not ready for production (#2146 by @AkihiroSuda)
* checkpoint: Set descriptors.json file mode to 0600 (#2139 by @rst0git)
* Support different field counts of cpuaact.stats (#2132 by @skilxn-go)
* SECURITY: Add Security Policy (#2135 by @mrueg)

## v1.0.0-rc9 [2019-10-05]

* VERSION: update to 1.0.0-rc9 (#2134 by @cyphar)
* `*`: verify operations on /proc/... are on procfs (#2130 by @cyphar)
* Only allow proc mount if it is procfs (#2129 by @crosbymichael)
* Change the permissions of the notify listener socket to rwx for everyone (#2041 by @jburianek)
* libcontainer/nsenter: Don't import C in non-cgo file (#2126 by @titanous)
* cgroup: support mount of cgroup2 (#2125 by @giuseppe)
* criu image path permission error when checkpoint rootless container (#2010 by @lifubang)
* man: fix man-pages (#2098 by @adrianreber)
* Update dependencies (#2029 by @thaJeztah)
* Update to Go 1.12 and drop obsolete versions (#2028 by @thaJeztah)
* libcontainer: initial support for cgroups v2 (#2113 by @giuseppe)
* Bump x/sys and update syscall for initial Risc-V support (#2123 by @carlosedp)
* nsenter: minor fixes (#2122 by @AkihiroSuda)
* Rename cgroups_windows.go to cgroups_unsupported.go (#2120 by @rhatdan)
* cgroups/fs: check nil pointers in cgroup manager (#2103 by @sipsma)
* Make get devices function public (#2107 by @sashayakovtseva)
* libcontainer: update masked paths of /proc (#2119 by @KentaTada)
* Remove libcontainer detection for systemd features (#2117 by @filbranden)
* Avoid the dependency on cgo through go-systemd/util package (#2116 by @filbranden)
* Skip searching /dev/.udev for device nodes. (#2094 by @sipsma)
* doc: First process in container needs `Init: true` (#2089 by @anx-astocker)
* integration: remove blkio.weight (unavailable in kernel 5.0) (#2082 by @AkihiroSuda)
* Bump CRIU to 3.12 (#2081 by @AkihiroSuda)
* Update busybox source and fix runc exec bug (#2080 by @zhlhahaha)
* Update bash completion for v1.0.0 release (#2075 by @KentaTada)
* Update dependency libseccomp-golang (#2074 by @odinuge)
* Allow to define `COMMIT` by env (#2071 by @judu)
* Fix cgroup hugetlb size prefix for kB (#2065 by @odinuge)
* libcontainer: change seccomp test for clone syscall (#2067 by @KentaTada)
* libcontainer: fix TestGetContainerState to check configs.NEWCGROUP (#2061 by @KentaTada)
* libcontainer: intelrdt: add missing destroy handler in defer func (#2042 by @xiaochenshen)
* main: not reopen /dev/stderr (#2057 by @giuseppe)
* `r.destroy` can defer exec in `runner.run` method. (#2038 by @imxyb)
* specconv: always set "type: bind" in case of MS_BIND (#2035 by @cyphar)
* Move systemd.Manager initialization into a function in that module (#2047 by @filbranden)
* Support for logging from children processes (#2034 by @danail-branekov)

## v1.0.0-rc8 [2019-04-26]

* VERSION: release 1.0.0-rc8 (#2045 by @cyphar)
* Vendor in latest selinux code for keycreate errors (#2043 by @rhatdan)
* Add selinux validate in runc exec (#2031 by @lifubang)
* Fix SELinux failures on disabled SELinux Machines (#2032 by @rhatdan)

## v1.0.0-rc7 [2019-03-28]

* VERSION: release v1.0.0-rc7 (#2026 by @cyphar)
* Fixes regression causing zombie runc:[1:CHILD] processes (#2023 by @LittleLightLittleFire)
* Need to setup labeling of kernel keyrings. (#2012 by @rhatdan)
* Use getenv not secure_getenv (#2015 by @justincormack)
* Add $RUNC_USE_SYSTEMD to run tests using systemd cgroup driver (#2014 by @filbranden)
* nsenter: cloned_binary: "memfd" cleanups (#1984 by @cyphar)
* README: link to /org/security/ (#2001 by @vbatts)
* Create bind mount mountpoints during restore (#1968 by @adrianreber)
* fix preserve-fds flag may cause runc hang (#2000 by @lifubang)
* exec: expose --preserve-fds (#1995 by @giuseppe)
* Vendor in go-criu and use it for CRIU's RPC definition (#1963 by @adrianreber)
* switched travis to xenial (#1986 by @adrianreber)
* nsexec (CVE-2019-5736): avoid parsing environ (#1982 by @brauner)
* Remove detection for scope properties, which have always been broken (#1978 by @filbranden)
* Vendor opencontainers/runtime-spec 29686dbc (#1973 by @lowenna)
* nsenter: clone /proc/self/exe to avoid exposing host binary to container (https://github.com/opencontainers/runc/commit/6635b4f0 by @cyphar)
* Update vendored golang.org/x/sys to latest (#1972 by @filbranden)
* libcontainer: intelrdt: fix null intelrdt path issue in Destroy() (#1955 by @xiaochenshen)
* Resilience in adding of exec tasks to cgroups (#1950 by @BooleanCat)
* integration: fix mis-use of libcontainer.Factory (#1967 by @cyphar)
* Document 'org.criu.config' annotation (#1964 by @adrianreber)
* systemd: fix setting kernel memory limit (#1960 by @giuseppe)
* Add CRIU configuration file support  (#1933 by @adrianreber)
* rootfs: umount all procfs and sysfs with --no-pivot (#1962 by @giuseppe)
* Fix .Fatalf() error message (#1952 by @JoeWrightss)
* Fix some typos (#1945 by @JoeWrightss)
* Modify check-config.sh in accordance with Moby Project updates (#1942 by @KentaTada)
* cgroups: nokmem: error out on explicitly-set kmemcg limits (#1939 by @cyphar)
* kill: allow to signal paused containers (#1943 by @giuseppe)
* cr: get pid from criu notify when restore (#1944 by @Ace-Tang)
* libcontainer: intelrdt: add support for Intel RDT/MBA Software Controller in runc (#1919 by @xiaochenshen)
* MAINTAINERS: remove @rjnagal and @vmarmol (#1940 by @cyphar)
* fix: may kill other process when container has been stopped (#1934 by @lifubang)

## v1.0.0-rc6 [2018-11-22]

* `*`: release v1.0.0~rc6 (#1937 by @cyphar)
* Small fixes for CRIU based test cases (#1936 by @adrianreber)
* libcontainer: Set 'status' in hook stdin (#1741 by @wking)
* Bump CRIU to 3.11 (#1935 by @adrianreber)
* add missing intelRdt parameters in 'runc update' manpage (#1930 by @linericyang)
* Respect container's cgroup path (#1872 by @ostenbom)
* tty: clean up epollConsole closing (#1897 by @cyphar)
* Add support for cgroup namespace (#1916 by @crosbymichael)
* libcontainer: map PidsLimit to systemd's TasksMax property (#1917 by @slp)
* Various cleanups to address linter issues (#1911 by @theSuess)
* test: fix TestDupNamespaces fail to test dup-ns error (#1925 by @Ace-Tang)
* rootless: fix potential panic in shouldUseRootlessCgroupManager (#1928 by @Ace-Tang)
* libcontainer: fix potential panic if spec.Process is nil (#1926 by @Ace-Tang)
* SELinux labels are tied to the thread (#1814 by @rhatdan)
* Makefile: rm cgo tag (#1922 by @kolyshkin)
* readme: add nokmem build tag (#1923 by @Ace-Tang)
* libcontainer: ability to compile without kmem (#1921 by @kolyshkin)
* rootless: fix running with /proc/self/setgroups set to deny (#1918 by @giuseppe)
* libcontainer: intelrdt: add user-friendly diagnostics for Intel RDT operation errors (#1913 by @xiaochenshen)
* clarify license information (#1903 by @mikebrow)
* Bump Travis versions (#1915 by @HaraldNordgren)
* Fix travis Go: tip (#1910 by @adrianreber)
* libcontainer: CurrentGroupSubGIDs -> CurrentUserSubGIDs (#1880 by @AkihiroSuda)
* libcontainer: intelrdt: add support for Intel RDT/MBA in runc (#1632 by @xiaochenshen)
* Disable rootless mode except RootlessCgMgr when executed as the root in userns (fix Docker-in-LXD regression) (#1862 by @AkihiroSuda)
* fix build break (#1908 by @mikebrow)
* Fix issue #1890: config.json with no linux config should not crash (#1894 by @marler8997)
* keyring: handle ENOSYS with keyctl(KEYCTL_JOIN_SESSION_KEYRING) (#1893 by @cyphar)
* tty: close epollConsole on errors (#1895 by @giuseppe)
* Stop relying on number of systems for cgroups (#1817 by @jgkamat)
* Update outdated nsenter README content (#1858 by @marcov)
* test: add more test case for CleanPath (#1892 by @Ace-Tang)
* doc: fix typo (#1886 by @halfcrazy)
* fix delete other file bug when container id is .. (#1883 by @lifubang)
* linux: drop check for /proc as invalid dest (#1832 by @giuseppe)
* libcontainer: add /proc/loadavg to the white list of bind mount (#1882 by @accepting)
* Add --rootless option to man page (#1868 by @rhatdan)
* Remove unused veth setup code (#1874 by @mrunalp)
* When doing a copyup, /tmp can not be a shared mount point (#1873 by @rhatdan)
* Add support to checkpoint and restore into external network namespaces (#1849 by @adrianreber)
* Add docker proxy settings for make test in a proxy environment (#1854 by @KentaTada)
* Add an explanation for TESTPATH (#1855 by @KentaTada)
* cr: don't restore net namespace by default (#1871 by @Ace-Tang)
* Revert "libcontainer/rootfs_linux: minor cleanup" (#1867 by @mrunalp)
* Dockerfile: update criu to v3.10 + checkpoint-restore/criu@27034e7c (#1864 by @AkihiroSuda)
* Pass GOMAXPROCS to init processes (#1830 by @crosbymichael)
* Fix the problem TESTFLAGS is not to be used in Makefile correctly (#1841 by @KentaTada)
* Fix regression with mounts with non-absolute source path (#1845 by @alban)
* cr: don't dump network devices and their configuration (#1840 by @avagin)
* criu tests: rename criu feature check (#1838 by @adrianreber)
* Add osusergo flag to static build (#1836 by @kolyshkin)
* libcontainer: devices: fix mips builds (#1824 by @cyphar)
* travis: test cross compilation (#1820 by @AkihiroSuda)
* Add docs for terminals (#1730 by @deitch)
* libcontainer: improve "kernel.{domainname,hostname}" sysctl handling (#1827 by @cyphar)
* Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys (#1825 by @onlyjob)
* libcontainer: fix compilation on GOARCH=arm GOARM=6 (32 bits) (#1819 by @tiborvass)
* runc: not require uid/gid mappings if euid()==0 (#1816 by @giuseppe)
* Fix race in runc exec (#1812 by @mrunalp)
* cgroup: clean up isIgnorableError for skippable EROFS (#1806 by @cyphar)
* Fix merge conflict (#1808 by @AkihiroSuda)
* main: support rootless mode in userns (#1688 by @AkihiroSuda)
* rootless: cgroup: treat EROFS as a skippable error (#1759 by @cyphar)
* fix systemd cpu quota for -1 (#1805 by @derekwaynecarr)
* Wrap error messages during init (#1796 by @crosbymichael)
* nsenter: improve namespace creation and SELinux IPC handling (#1562 by @cyphar)
* Make channel for StartTransientUnit buffered (#1781 by @filbranden)
* libcontainer: allow setgroup in rootless mode (#1693 by @AkihiroSuda)
* Make the setupSeccomp function public. (#1785 by @dlorenc)
* libcontainer/rootfs_linux: minor cleanup (#1784 by @pierrchen)
* libcontainer/specconv/spec_linux: Support empty 'type' for bind mounts (#1753 by @wking)
* nsexec.c: fix GCC 8 warning (#1779 by @runcom)
* Only configure networking when creating a net ns (#1777 by @nalind)
* Detect whether Delegate is available on both slices and scopes (#1776 by @filbranden)
* Fix systemd.Apply() to check for DBus error before waiting on a channel. (#1772 by @filbranden)
* libcontainer: Don't set container state to running when exec'ing (#1771 by @sboeuf)
* Fix error message (#1762 by @tamalsaha)
* rootless: set sticky bit if using XDG_RUNTIME_DIR (#1760 by @cyphar)
* tests: allow to load kernel modules from a test container (#1750 by @avagin)
* Label the masked tmpfs with the mount label (#1756 by @rhatdan)
* Add timeout while waiting for StartTransinetUnit completion signal (#1754 by @vikaschoudhary16)
* cgroups/fs: fix NPE on Destroy than no cgroups are set (#1752 by @dennwc)
* Minor wording enhancement in readme (#1751 by @glikson)
* libcontainer/user: platform dependent calls (#1749 by @vbatts)
* makefile: make "release" PHONY (#1748 by @cyphar)
* Fix make shell (#1746 by @tiborvass)
* Update build dependencies in Dockerfile (#1711 by @dqminh)

## v1.0.0-rc5 [2018-02-27]

* release v1.0.0~rc5 (https://github.com/opencontainers/runc/commit/4bb1fe4a by @cyphar)
* libcontainer: setupUserNamespace is always called (#1743 by @ynirk)
* fix lint error in specconv (#1736 by @allencloud)
* Update console dependency to fix runc exec on BE (#1727 by @pmorjan)
* adding go get instruction to readme (#1729 by @vsoch)
* fix systemd slice expansion so that it could be consumed by cAdvisor (#1722 by @ravisantoshgudimetla)
* libcontainer/capabilities_linux: Drop os.Getpid() call (#1724 by @wking)
* man: Fix manpages related to console (#1695 by @Taeung)
* Warning message if 'go-md2man' is not yet installed (#1685 by @Taeung)
* chroot when no mount namespaces is provided (#1702 by @crosbymichael)
* libcontainer/state_linux_test: Add a testTransitions helper (#1703 by @wking)
* kill.go: Remove unnecessary checks (#1706 by @unshare)
* make: validate C format (#1699 by @AkihiroSuda)
* Avoid race when opening exec fifo (#1698 by @craigfurman)
* libcontainer: expose annotations in hooks (#1687 by @runcom)
* Pin version of gojsonschema in tests (#1682 by @BooleanCat)
* Fix race against systemd (#1683 by @vikaschoudhary16)
* libcontainer: Do not wait for signalled processes if subreaper is set (#1678 by @sboeuf)
* RFC: libcontainer: remove dependency on libapparmor (#1675 by @tklauser)
* specconv: avoid skipping gidmappings applied when uidmappings is empty (#1665 by @Mashimiao)
* support unbindable,runbindable for rootfs propagation (#1655 by @Mashimiao)
* Update criu_opts_linux.go (#1667 by @allencloud)
* stopped container can't be checkpoint (#1669 by @Mashimiao)
* enable integration test on arm64 platform (#1642 by @lubinsz)
* remove placeholder for non-linux platforms (#1654 by @dqminh)
* Ensure container tests do not write on the host (#1661 by @danail-branekov)
* libcontainer: drop FreeBSD support (#1664 by @tklauser)
* Delete xattr related code (#1660 by @danail-branekov)
* systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling (#1651 by @sjenning)
* Import docker/docker/pkg/mount into runc (#1644 by @vdemeester)
* Add build 1.9 to travis (#1645 by @vdemeester)
* Remove pkg/symlink from docker/docker and use cyphar/filepath-securejoin (#1622 by @vdemeester)
* enable unit test on arm64 platform (#1640 by @jongwu)
* specconv.Example(): add /proc/scsi to masked paths (#1641 by @AkihiroSuda)
* Avoid disk usage explosion when copying busybox (#1629 by @danail-branekov)
* Specconv: Test create command hooks and seccomp setup (#1626 by @fntlnz)
* tests: add missing cgroups_kmem requirement (#1621 by @monstermunchkin)
* WIP: Better testsuite for specconv (#1619 by @fntlnz)
* tests: add various !terminal tests (#1357 by @cyphar)
* libcontainer: handler errors from terminate  (#1607 by @crosbymichael)
* trailing punctuation in header (#1206 by @YuPengZTE)
* Fix breaking change in Seccomp profile behavior (#1616 by @mheon)
* libcontainer: intelrdt: fix a GetStats() issue (#1615 by @xiaochenshen)
* specconv: emit an error when using MS_PRIVATE with --no-pivot (#1606 by @cyphar)
* libcontainer: use Major/Minor from x/sys/unix (#1614 by @tklauser)
* add additional-gids to runc exec (#1608 by @crosbymichael)
* Propagate the correct argv0 when re-execing (#1453 by @petrosagg)
* Support cgroups with limits as rootless (#1540 by @williammartin)
* libcontainer: merge common syscall implementations (#1613 by @tklauser)
* Update libseccomp-golang dependency for filter generation bugfix (#1424 by @mheon)
* Add mips support (#1475 by @vstefanovic)
* rootfs: switch ms_private remount of oldroot to ms_slave (#1500 by @cyphar)
* libcontainer: cgroups: Write freezer state after every state check (#1610 by @sboeuf)
* make localintegration fails on Ubuntu 17.04 (#1528 by @leitwolf7)
* libcontainer: intelrdt: add update command support (#1590 by @xiaochenshen)
* libcontainer: create Cwd when it does not exist (#1604 by @AkihiroSuda)
* Set initial console size based on process spec (#1275 by @williammartin)
* Bump console and sys deps (#1600 by @crosbymichael)
* libcontainer: remove unnecessary type conversions (#1599 by @tklauser)
* libcontainer: default mount propagation correctly (#1598 by @euank)
* Delete unused variable (#1597 by @s7v7nislands)
* Drop support golang 1.5 (#1593 by @s7v7nislands)
* Apply cgroups earlier (#1586 by @crosbymichael)
* Disable systemd in static build (#1579 by @yongtang)
* Use `netgo` for static build (#1577 by @yongtang)
* tty: move IO of master pty to be done with epoll (#1455 by @dqminh)
* Support multiple users/groups mapped for the rootless case (#1529 by @giuseppe)
* Delete unused function (#1588 by @s7v7nislands)
* Fixes #1585 config.Namespaces is empty when accessed (#1587 by @Mashimiao)
* libcontainer: intelrdt: use init() to avoid race condition (#1589 by @xiaochenshen)
* init: delay seccomp application as late as possible (#1569 by @cyphar)
* checkpoint: support lazy migration (#1541 by @adrianreber)
* libcontainer: add support for Intel RDT/CAT in runc (#1279 by @xiaochenshen)
* signal: ignore tty.resize errors (#1575 by @cyphar)
* travis: drop shfmt install (#1578 by @cyphar)
* fix --read-only containers under --userns-remap (#1572 by @tych0)
* Fix systemd cgroup after memory type changed (#1573 by @hqhq)
* init: switch away from stateDirFd entirely (#1570 by @cyphar)
* Add AutoDedup option to CriuOpts (#1561 by @thegrumpylion)
* Check error return values (#1560 by @tklauser)
* fix panic when Linux is nil for rootless case (#1559 by @Mashimiao)
* release: import umoci's release.sh script (#1554 by @cyphar)
* Update state after update (#1558 by @hqhq)
* makefile: enable -buildmode=pie (#1542 by @cyphar)
* makefile: drop usage of --install (#1555 by @cyphar)
* Fix flaky test TestNotifyOnOOM (#1556 by @hqhq)
* fix panic when Linux is nil (#1551 by @crosbymichael)
* Handle non-devices correctly in DeviceFromPath (#1553 by @mlaventure)
* Pass back the pid of runc:[1:CHILD] so we can wait on it (#1506 by @LittleLightLittleFire)
* Use CRIU VERSION RPC if available (#1535 by @adrianreber)
* Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" (#1548 by @mlaventure)
* Fix condition to detect device type in DeviceFromPath (#1544 by @mlaventure)
* Move user pkg unix specific calls to unix file (#1545 by @mlaventure)
* Remove @avagin as a maintainer (#1543 by @avagin)
* Fix issues found by staticcheck (#1537 by @tklauser)
* Always save own namespace paths (#1477 by @yummypeng)

## v1.0.0-rc4 [2017-08-10]

* VERSION: release v1.0.0-rc4 (#1532 by @cyphar)
* Updated logrus to v1 (#1526 by @stevenh)
* Remove the code that close negative descriptor (#1533 by @keloyang)
* README.md: adjust capabilities section in config.json example (#1534 by @tklauser)
* libcontainer: one more switch from syscall to x/sys/unix (#1530 by @tklauser)
* Bump the spec up to v1.0.0 (#1527 by @mrunalp)
* update gocapability (#1524 by @Mashimiao)
* libcontainer: use additional functions and constants from x/sys/unix (#1519 by @tklauser)
* list: fix various problems with owner field (#1516 by @cyphar)
* Fix integration when missing criu (#1245 by @WeiZhang555)
* Update runtime-spec to rc6+ (#1518 by @crosbymichael)
* Use Prctl() and ioctl wrapper functions from x/sys/unix (#1504 by @tklauser)
* libcontainer/user: add supplementary groups only for non-numeric users (#1450 by @vrothberg)
* Remove shfmt (#1510 by @crosbymichael)
* `*`: fix shfmt (#1505 by @cyphar)
* Expose memory.use_hierarchy in MemoryStats (#1378 by @derekwaynecarr)
* libcontainer/specconv/spec_linux: Add support for (no)lazytime (#1460 by @wking)
* runc only works on Linux so remove putative Solaris and unsupported main (#1502 by @justincormack)
* Update spec to master, switch to int64 for memory limits (#1495 by @justincormack)
* Fix checkpoint/restore tests with newer kernel (#1496 by @dqminh)
* Use keyctl wrappers from x/sys/unix (#1482 by @tklauser)
* Use Eventfd() from golang.org/x/sys/unix (#1491 by @tklauser)
* libcontainer/container_linux: Consider process state (running, zombie, etc.) in runType (#1489 by @wking)
* update READ.me for new struct configs.Config.Capabilities (#1481 by @elianka)
* tests: redirect runc log messages to stderr (#1484 by @avagin)
* libcontainer/console_linux.go: Make SaneTerminal public (#1479 by @wking)
* travis: set go_import_path to github.com/opencontainers/runc (#1388 by @avagin)
* Use Prctl() from x/sys/unix instead of own wrapper (#1478 by @tklauser)
* Update spec to 239c4e44f2a612ed85f6db9c66247aa33f4 (#1473 by @crosbymichael)
* Use `NLA_*` constants from x/sys/unix instead of syscall (#1474 by @tklauser)
* Use symlink xattr functions from x/sys/unix (#1470 by @tklauser)
* Switch examples in README.md from syscall to x/sys/unix (#1467 by @tklauser)
* vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d (#1464 by @wking)
* Allow specification of general Go build flags and ldflags (#1452 by @justincormack)
* Move libcontainer to x/sys/unix (#1442 by @clnperez)
* Fix setup cgroup before prestart hook (#1239 by @moypray)
* Handle container creation when cgroups have already been mounted in another location (#1372 by @craigfurman)
* Dump and restore containers with external terminals (#1355 by @avagin)
* Ignore error when force deleting a non-existing container (#1451 by @runcom)
* Clean up unix vs linux usage (#1447 by @justincormack)
* add createdState and runningState status testcase (#1410 by @chchliang)
* Fix comments about when to pivot_root (#1438 by @hqhq)
* tests: don't call wait_for_container after synchronous operations (#1433 by @avagin)
* Issue #1429 : Removing check for id string length (#1435 by @harche)
* update man page for `runc  update` (#1436 by @sak0)
* Remove redundant declaration of namespace slice (#1428 by @harche)
* Allow updating pids limit (#1423 by @mlaventure)
* Add a rootless section to "spec" man page and command help (#1425 by @jwendell)
* Optimizing looping over namespaces (#1418 by @harche)
* vendor: clean up to be better written (#1408 by @cyphar)
* Don't try to read freezer.state from the current directory (#1387 by @avagin)
* Fix misspelling of "properties" in various places (#1412 by @tpot)
* Update examples on README to allow rootless execution (#1414 by @jwendell)
* add testcase in generic_error_test.go (#1402 by @chchliang)
* Set container state only once during start (#1396 by @harche)
* Use opencontainers/selinux package (#1365 by @hqhq)
* Revert back to using /sbin (#1406 by @crosbymichael)
* restore: apply resource limits (#1399 by @avagin)
* checkpoint: check if system supports pre-dumping (#1371 by @adrianreber)
* could load a stopped container. (#1400 by @sak0)
* Fix console syscalls (#1398 by @clnperez)
* libcontainer: rewrite cmsg to use sys/unix (#1394 by @cyphar)
* Rootless Containers (#774 by @cyphar)
* .travis.yml: Don't require FETCH_HEAD (partial fix for failing master tests) (#1383 by @wking)
* travis: use alternate commit range (#1382 by @vbatts)

## v1.0.0-rc3 [2017-03-21]

* Bump up runc version to v1.0.0-rc3 (#1377 by @mrunalp)
* fix panic regression when config doesnt have caps (#1380 by @dqminh)
* Use uint64 for resources to keep consistency with runtime-spec (#1375 by @hqhq)
* Revert "fix minor issue" (#1374 by @cyphar)
* Add separate console socket (#1356 by @crosbymichael)
* fix minor issue (#1373 by @moypray)
* Update runtime spec to rc5 (#1370 by @mrunalp)
* Remove unused ExecFifoPath (#1366 by @hqhq)
* Update devices_unix.go for LXD (#1327 by @CarltonSemple)
* Only allow single container operation (#1363 by @hqhq)
* Remove lk4d4 as a maintainer (#1362 by @crosbymichael)
* Remove unused function in systemd cgroup (#1360 by @hqhq)
* fix cpu.cfs_quota_us changed when systemd daemon-reload using systemd. (#1344 by @xuxinkun)
* Don't fchown when inheriting io (#1354 by @crosbymichael)
* Container can be in stopped status from created status. (#1353 by @sak0)
* user: fix the parameter error (#1280 by @datawolf)
* Fix kmem accouting when use with cgroupsPath (#1350 by @hqhq)
* Carry #998: Use vndr tool for vendoring (#1340 by @dqminh)
* fix systemd-notify when using a different PID namespace (#1308 by @giuseppe)
* add pre-dump and parent-path to checkpoint (#1001 by @x1022as)
* Add --preserve-file-descriptors=N to create (#1320 by @ijc)
* small cleanup for `runc ps` man pages (#1342 by @sak0)
* Fix state when `_LIBCONTAINER` in environment (#1317 by @hqhq)
* Don't override system error (#1339 by @cpuguy83)
* ps: --format value check (#1332 by @sak0)
* update go version at travis-ci (#1335 by @mcuadros)
* Fix race condition when sync with child and grandchild (#1237 by @hqhq)
* Use %zu for printing of size_t values (#1336 by @crosbymichael)
* Fixes set memory to unlimited (#1127 by @boynux)
* fix typo (#1328 by @sak0)
* support create device with type p and u (#1321 by @Mashimiao)
* Small cleanup (#1316 by @hqhq)
* libcontainer: rootfs_linux: support overlayfs (#1314 by @runcom)
* libcontainer: selinux: fix DupSecOpt and DisableSecOpt (#1312 by @runcom)
* Only wait for processes after delivering SIGKILL in signalAllProcesses (#1285 by @stevenh)
* Correct docs typo for restoredState. (#1309 by @stevenh)
* Correct container.Destroy() docs (#1310 by @stevenh)
* Resolve InitArgs to ensure init works (#1293 by @stevenh)
* kill: requires max 2 arguments (#1305 by @giuseppe)
* libcontainer: init: only pass stateDirFd when creating a container (#1274 by @cyphar)
* Revert "DupSecOpt needs to match InitLabels" (#1303 by @runcom)
* Add godoc links to README.md files (#1284 by @stevenh)
* Ensure pipe is always closed on error in StartInitialization (#1294 by @stevenh)
* Call defer tty.Close() earlier (#1300 by @hqhq)
* fix typos by the result of golint checking  (#1205 by @YuPengZTE)
* Add nsenter details to libcontainer README.md (#1298 by @stevenh)
* Remove a compiler warning in some environments (#1291 by @justincormack)
* using golang-style assignment (#1288 by @rainrambler)
* move error check out of the for loop (#1278 by @datawolf)
* Ignore cgroup2 mountpoints (#1266 by @mrunalp)
* kill: make second argument optional (#1282 by @giuseppe)
* small refactor (#1249 by @datawolf)
* Bump golang to 1.7.4 (#1271 by @hqhq)
* Do not create cgroup dir name from combining subsystems (#1268 by @hqhq)
* Cleanup: remove redundant code (#1260 by @coolljt0725)
* Fix regression of exec command (#1265 by @WeiZhang555)
* checkpoint: handle config.Devices and config.MaskPaths (#1110 by @avagin)
* Fix the outdated comment for Error interface (#1248 by @datawolf)
* cgroups: update the comments (#1251 by @datawolf)
* remove `-i` option to avoid failure of jenkins in non-interactive mode. (#1252 by @FengtuWang)
* Fix go_vet errors (#1254 by @hqhq)
* Fix typos (#1255 by @hqhq)
* Simplify error handling on function return (#1257 by @mrunalp)
* Remove unused code and unnecessary conversion (#1258 by @mrunalp)
* Fix error shadow and error check warnings (#1259 by @mrunalp)
* Makefile: add manpage cleanup (#1232 by @Mashimiao)
* Fix leftover cgroup directory issue (#1196 by @hqhq)
* Add badge for Go Report Card (#1253 by @xlgao-zju)
* Add Travis CI badge to README (#1250 by @caniszczyk)
* `*`: fix go-vet failures (#1243 by @cyphar)
* travis: add travis-ci (#1246 by @cyphar)
* Add integration for update rt period and runtime (#1203 by @WeiZhang555)
* Split the code for remounting mount points and mounting paths. (#1222 by @justincormack)
* Check args numbers before application start (#1158 by @WeiZhang555)
* Don't add device to list if it doesn't exist anymore (#1217 by @mrunalp)
* Sync HookState struct with OCI spec (#1201 by @WeiZhang555)
* Bump runtime-spec to v1.0.0-rc3 (#1233 by @WeiZhang555)
* rename ocitools to oci-runtime-tool (#1231 by @Mashimiao)
* Clean apt archives and source directories in Dockerfile (#1226 by @nhlfr)
* validate: Check that the given namespace path is a symlink (#1221 by @sameo)
* Consoles, consoles, consoles. (#1018 by @cyphar)
* Fix thread safety of SelinuxEnabled and getSelinuxMountPoint (#1216 by @eparis)
* `*`: add information about security mailing list (#1213 by @cyphar)
* Fix typo. (#1211 by @yummypeng)
* Fix typo (#1210 by @xianlubird)
* delete unused variable (#1207 by @datawolf)
* tiny refactor (#1208 by @datawolf)
* fix typos (#1204 by @allencloud)
* Fix cpuset issue with cpuset.cpu_exclusive (#1194 by @hqhq)
* Sync with grandchild (#1154 by @hqhq)
* godeps: update go-systemd to v14 (#1199 by @squeed)
* Add shell formatting via shfmt (#1192 by @mvdan)
* Fixing error message in nsexec (#1187 by @rajasec)
* fix the pid-file option for runc exec/run/create command (#1128 by @datawolf)
* Adding update command in help-bats (#1182 by @rajasec)
* Add --all flag to kill (#1180 by @crosbymichael)
* More fix to nsexec.c's comments (#1168 by @hqhq)
* Add bash completions for new flags of `update` (#1177 by @WeiZhang555)
* Allow update rt_period_us and rt_runtime_us (#1173 by @WeiZhang555)
* add test cases for exec command (#1133 by @datawolf)
* libcontainer: io: stop screwing with \n in console output (#1146 by @cyphar)
* Move ambient capabilties behind build tag (#1172 by @crosbymichael)
* Remove panic from init (#1117 by @crosbymichael)
* fix error message (#1171 by @Crazykev)
* nsenter: fix up comments (#1165 by @cyphar)
* Fix all typos found by misspell (#1160 by @hqhq)
* Updating container state and status API in README (#1157 by @rajasec)
* Unify rootfs validation (#1159 by @hqhq)
* Small correction in update resource file usage (#1161 by @rajasec)
* Correction in util error messages (#1162 by @rajasec)
* man page update for delete command (#1163 by @rajasec)
* Clarify libseccomp installation in guide (#1164 by @resouer)
* Remove unnecessary cloneflag validation (#1153 by @hqhq)
* Detect and forbid duplicated namespace in spec (#1150 by @WeiZhang555)
* Make parent mount private before bind mounting rootfs (#1148 by @rhvgoyal)
* validator: unbreak sysctl `net.*` validation (#1149 by @cyphar)
* Check pid file (#1147 by @datawolf)
* nsenter: guarantee correct user namespace ordering (#977 by @cyphar)
* Small typo in README (#1141 by @rajasec)
* check the arguments for `runc create` (#1129 by @datawolf)
* docker/docker#27484-check if sysctls are used in host network mode. (#1138 by @gaocegege)
* rootfs: make pivot_root not use a temporary directory (#1125 by @cyphar)
* Updating bash completion for ps command (#1140 by @rajasec)
* fix nits in stderr log (#1139 by @allencloud)
* add test cases for create command (#1132 by @datawolf)
* add test cases for list command (#1131 by @datawolf)
* Add support for copying up directories into tmpfs when a tmpfs is mounted over them (#845 by @mrunalp)
* Some refactor and cleanup (#1134 by @WeiZhang555)
* Fix issue in `GetProcessStartTime` (#1136 by @yongtang)
* Ignore error when starting transient unit that already exists (#1124 by @derekwaynecarr)
* tests: mask: use test paths rather than /sys (#1121 by @cyphar)
* ps error logging improvement (#1091 by @rajasec)
* checkpoint: fix gofmt (#1120 by @cyphar)
* update the man for runc delete command (#1118 by @datawolf)
* Add num check for kill command (#1105 by @keloyang)
* Fixing runc panic for missing file mode (#1115 by @rajasec)
* Add support for r/o mount labels (#1112 by @rhatdan)
* start multi-containers with `runc start` command (#1074 by @datawolf)
* pause and resume multi-containers (#1075 by @datawolf)
* Fixing runc panic during hugetlb pages (#1116 by @rajasec)
* Valide platform on loading config.json (#1114 by @coolljt0725)
* DupSecOpt needs to match InitLabels (#1109 by @rhatdan)
* tiny fix, add a null check for specs.Resources.Pids.Limit (#1111 by @keloyang)
* remove /tmp/bats from dev_runc (#1097 by @keloyang)
* fix typos with misspell (#1108 by @dqminh)
* just fix a typo (#1107 by @datawolf)
* tiny fix (#1106 by @xlgao-zju)
* Delete: exit with non zero if one of the containers encountered an error (#1078 by @datawolf)
* Revert "simplify ps command" (#1102 by @datawolf)
* Add integration test for ps command (#784 by @hqhq)
* simplify ps command (#1092 by @datawolf)
* Don't enable kernel mem if not set (#1095 by @crosbymichael)
* systemd cgroup driver supports slice management (#1084 by @derekwaynecarr)
* Ensure we log into logrus on command error (#1089 by @mlaventure)
* Remove check for binding to / (#1090 by @crosbymichael)
* Fix typo when container does not exist (#1087 by @williammartin)

## v1.0.0-rc2 [2016-10-01]

* Bump spec and version to rc2 (#1088 by @crosbymichael)
* Set ambient capabilities where supported (#1086 by @justincormack)
* Refactor enum map range to slice range (#1081 by @ggaaooppeenngg)
* Remove the workaround which add a -- flag to runc ps command (#1065 by @keloyang)
* Fix TestGetAdditionalGroups on i686 (#1080 by @hqhq)
* [integration] add testcases for `runc delete` command (#1069 by @datawolf)
* Container must not checkpoint in created state (#1076 by @rajasec)
* Updating libcontainer README for container run (#1077 by @rajasec)
* MaskPaths: support directory (#1068 by @AkihiroSuda)
* Bug fix for make dbuild (#1072 by @keloyang)
* [unittest] add extra ErrorCode in TestErrorCode testcase (#1063 by @datawolf)
* Ps/exec parameter fix (#1051 by @keloyang)
* enhance runc delete command (#1053 by @datawolf)
* cgroup: using WriteCgroupProc to write the specified pid into the cgroup's cgroup.procs file (#1059 by @datawolf)
* update the comment for container.Pause() method on linux (#1058 by @datawolf)
* Add flag to allow getting all mounts for cgroups subsystems (#1049 by @mrunalp)
* Use same state object for state and list (#1048 by @crosbymichael)
* Fix typo (#1060 by @yummypeng)
* remove duplicate test command on integration (#1056 by @datawolf)
* Fix update cpuset on single processor box (#1052 by @hqhq)
* Update golang to 1.7.1 (#1055 by @hqhq)
* Fix error messages to give information of relabeling failed (#1046 by @rhatdan)
* Fix check config (#1023 by @zhaoleidd)
* Allow recrusive generic error (#1045 by @hqhq)
* Continue for list on errors (#1039 by @crosbymichael)
* Removing fatal error from events in stopped state (#1043 by @rajasec)
* move m.GetPaths out of the loop (#1042 by @datawolf)
* Add privileged to make dbuild (#1022 by @hqhq)
* Adding bash completion for create and run (#1027 by @rajasec)
* Update runtime-spec to current upstream (#1036 by @athomason)
* Fix make release error (#1038 by @keloyang)
* Fix runc ps issue (#1013 by @hqhq)
* Fix typo. (#1028 by @yummypeng)
* Change netclassid json tag (#1033 by @crosbymichael)
* Introduce make release (#914 by @zhaoleidd)
* Typo in README.md (#1026 by @rajasec)
* remove redundant by in annotation(nsexec.c) (#1019 by @keloyang)
* Append string "-dirty" to version if git repo is unclean (#1017 by @WeiZhang555)
* Tiny refactor: remove unused local variables (#1024 by @WeiZhang555)
* Makefile: Fix wrong dependency of "integration" target (#1020 by @forever043)
* Fix null point reference panic (#1012 by @hqhq)
* Fix default cgroup path (#1009 by @hqhq)
* Combine runctestimage and runcimage (#1008 by @hqhq)
* Fix runtime-spec repository reference in README (#1011 by @jonboulle)
* Error handling when container not exists (#1003 by @rajasec)
* Not exec a container from stopped state (#880 by @rajasec)
* cli: Workaround for ps's argument (#933 by @zhaoleidd)
* Add "--" exec cli support for command arguments (#906 by @TristanCacqueray)
* Updated the libcontainer interface comments (#815 by @rajasec)
* Return 0 for pid if container is stopped (#1002 by @crosbymichael)
* Fix and refactor init args (#934 by @macrosheep)
* Support 32 bit UID on i386 (#988 by @chlunde)
* let defer function (#997 by @xiekeyang)
* Test: Make TestCaptureTestFunc pass in localunittest (#987 by @zhaoleidd)
* Adjust man pages for create start split (#878 by @hqhq)
* Restored-from-checkpoint containers should have a start time (#995 by @estesp)
* Fix race condition when using cgroups.Paths (#970 by @hqhq)
* remove unused code (#994 by @xiekeyang)
* Disable the subreaper on exec (#993 by @crosbymichael)
* move util function (#992 by @xiekeyang)
* Fix format specifier for size_t (#989 by @mrunalp)
* nsenter: major cleanups (#950 by @cyphar)
* checkMountDesktionation: add swaps and uptime to /proc whitelist (#985 by @hallyn)
* Do not create /dev/fuse by default (#983 by @justincormack)
* Set the cpu cgroup RT sched params before joining. (#860 by @bgray)
* Adding /proc/timer_list to the masked paths list (#981 by @dims)
* tests: add requires cgroups_kmem (#972 by @brauner)
* libcontainer/configs: make hooks run safer (#980 by @LK4D4)
* Fix the err info of chdir(cwd) failure (#979 by @haiyanmeng)
* Fix the err info of mount failure (#978 by @haiyanmeng)
* Use absolute cgroup path for integration test (#974 by @hqhq)
* Cleanup GetLongBit (#968 by @hqhq)
* Remove kmem Initialization check while setting memory configuration (#962 by @dubstack)
* fix init.scope in cgroup paths (#966 by @sjenning)
* Skip updates on parent Devices cgroup (#958 by @dubstack)
* Change git -C reset to git reset (#943 by @johnbieren)
* libcontainer: rename keyctl package to keys (#963 by @guilhermebr)
* UNITTEST: Bypass userns test on platform without userns support (#964 by @zhaoleidd)
* Fix help message for memory-swap (#850 by @hqhq)
* Revert "Use update time to detect if kmem limits have been set" (#961 by @hqhq)
* Fix cgroup Set when Paths are specified (#611 by @mrunalp)
* Allow cgroup creation without attaching a pid (#956 by @dubstack)
* Add runc list man change (#954 by @hqhq)
* integration_testing: Fix a output typo (#957 by @zhaoleidd)
* Fix libcontainer/nsenter/README.md (#951 by @haiyanmeng)
* fix setting net_cls classid (#937 by @hushan)
* Fixed typo in build constraint. (#947 by @hencrice)
* configs: fix json tags for `CpuRt*` options (#949 by @cyphar)
* libcontainer: Add a helper func to set CriuPath (#936 by @macrosheep)
* Let the user explicitly specify `additionalGids` on `runc exec` (#913 by @georgethebeatle)
* Fix typo (#942 by @ggaaooppeenngg)
* address issue #797 by adding additional documentation (#939 by @mikebrow)
* Use update time to detect if kmem limits have been set (#935 by @vishh)
* Make state detection precise (#930 by @hqhq)
* Add force to delete (#928 by @mlaventure)
* Use git branch name as tag when building images (#929 by @mlaventure)
* rootfs: clean up (#925 by @cyphar)
* tests: add tests with {u,g}id != 0 (#922 by @cyphar)
* Fix ps argument manual (#919 by @zhaoleidd)
* remove unused returned variables name (#917 by @xiekeyang)
* Fix fifo usage with userns and not root users (#912 by @crosbymichael)
* cgroups: Fix issue if cgroup path contains : (#904 by @euank)
* Use cli default value for list format (#879 by @hqhq)
* Update for stopped container (#881 by @rajasec)
* tests: add debug information for failing tests (#889 by @cyphar)
* Use fifo for create / start instead of signal handling  (#886 by @crosbymichael)
* Removing unused variable for cgroup subsystem (#908 by @rajasec)
* Update readme for create start (#905 by @crosbymichael)
* Add option to disable new session keys (#874 by @crosbymichael)
* bug fix, LeafWeight nil err (#893 by @keloyang)
* fail if path to devices subsystem is missing (#896 by @brauner)
* readme: Mention the go 1.6 requirement in the README for building runc (#902 by @mrunalp)
* bats: Fix spec validation test (#900 by @mrunalp)
* godeps: bump libseccomp-golang to 32f571b70023028bd57d9288c20efbcb237f3ce0 (#894 by @cyphar)
* Add error return to action function signature (#891 by @mrunalp)
* restore: add the empty-ns option (#890 by @avagin)
* Replace github.com/codegangsta/cli by github.com/urfave/cli (#885 by @mrunalp)
* Updating README for starting the container (#877 by @rajasec)
* cleanup ps.go (#882 by @hushan)

## v1.0.0-rc1 [2016-06-04]

* Bump spec and update runc to 1.0.0-rc1 (#876 by @crosbymichael)   
* Fixed typo in docstring (#873 by @joe2far)
* Updating README with set interface (#868 by @rajasec)
* runc events hang for zero duration (#872 by @rajasec)
* Implement create and start (#827 by @crosbymichael)
* Removing the nil check for process label (#867 by @rajasec)
* Add annotations to list and state output (#869 by @crosbymichael)
* seccomp: Add ppc and s390x to seccomp/config.go (#864 by @michael-holzheu)
* bash completion step for update command (#854 by @rajasec)
* Update man pages to refect the latest cli change (#851 by @hqhq)
* Improve update memory (#857 by @hqhq)
* systemd cgroup: check for Delegate property (#865 by @dqminh)
* Disallow self-LGTMs (#863 by @hqhq)
* README: Destroy container before fatal (#852 by @hqhq)
* Add VERSION file to contain the version info (#856 by @hqhq)
* Remove use_hierarchy check when set kernel memory (#853 by @hqhq)
* Changing OCF to OCI in README (#855 by @rajasec)
* Update manuals (#843 by @zhaoleidd)
* Integration framework cleanup (#837 by @cyphar)
* checkpoint: add the empty-ns option (#849 by @avagin)
* pullapprove: use the right team (#848 by @cyphar)
* Add PullApprove support (#847 by @caniszczyk)
* Add bash completion support (#817 by @rhatdan)
* Allow + in container ID (#675 by @pankit)
* Unify log setting's error output (#844 by @zhaoleidd)
* godeps: update seccomp to 60c9953736798c4a04e90d0f3da2f933d44fd4c4 (#842 by @cyphar)
* Fix update kernel memory test (#828 by @hqhq)
* `*`: correctly chown() consoles (#836 by @cyphar)
* Update cli package (#810 by @hqhq)
* Fix outdated comment for loadSpec (#835 by @zhaoleidd)
* Fix some spelling typo in manual (#833 by @zhaoleidd)
* libcontainer: Fix Running Comment (#832 by @valasabk)
* Updated description in SPEC (#830 by @rajasec)
* Add check_config.sh for runc (#826 by @hqhq)
* Add comments for error cases in status functions (#825 by @hqhq)
* integration: fix cgroup parsing (#812 by @cyphar)
* Update nsenter README (#824 by @ggaaooppeenngg)
* Updating runc man page (#822 by @rajasec)
* Fix GetLongBit() returns value when `_SC_LONG_BIT` is not available (#823 by @mlaventure)
* libcontainer: nsenter: nsexec.c: fix warnings (#821 by @runcom)
* Revert "Need to make sure labels applied to /dev" (#816 by @cyphar)
* Adding kernel mem tcp for update command (#813 by @rajasec)
* Add man page and fix typo for update command (#809 by @hqhq)
* Runc update cgroup kmem limit (#790 by @mlaventure)
* Use full test suite on make test (#783 by @cyphar)
* Updating error condition in applying apparmor profile (#804 by @rajasec)
* Change OCF to OCI in help string and man page. (#800 by @mrunalp)
* Need to make sure labels applied to /dev (#796 by @rhatdan)
* Use '=' instead of ':' separator on labels (#793 by @bboreham)
* Correct outdated URL (#795 by @jimberlage)
* If possible, apply seccomp rules immediately before exec (#789 by @justincormack)
* Change specs to runtime-spec in integration test (#782 by @hqhq)
* Fix integration test for events (#786 by @hqhq)
* Remove sniffTest (#785 by @hqhq)
* Improve stats output format for stability  (#780 by @crosbymichael)
* Add json format to ps command (#779 by @crosbymichael)
* Add ps command (#767 by @hqhq)
* Not showing up the events for destroyed container (#768 by @rajasec)
* libcontainer: specconv: fix nil dereference in resource setup (#777 by @cyphar)
* Updating README for runc path (#776 by @rajasec)
* Adding selinux check during container start (#679 by @rajasec)
* Eliminate redundant parsing of mountinfo (#608 by @inatatsu)
* Bump up spec and add support for mount label (#773 by @mrunalp)
* Add target man in Makefile (#766 by @hqhq)
* adds client api integration tests for runc using bash w/bats (#659 by @mikebrow)
* Updating kcore in validator test (#772 by @rajasec)
* Fixing index out of range during exec of container (#740 by @rajasec)
* Add infomation about ocitools in runc spec (#765 by @hqhq)
* Makefile fixes (#738 by @codido)
* Update the comment for container pause (#758 by @rajasec)
* Add -q to list to print only container IDs (#751 by @mrunalp)
* nsexec: fix build against musl libc (#762 by @ncopa)
* Allow mounting cgroups as read-only when user namespace is configured (#763 by @mrunalp)
* Add cause to error messages (#759 by @crosbymichael)
* Typo in SPEC.md (#757 by @rajasec)
* handling error for userns (#672 by @rajasec)
* updating man page for start option (#753 by @rajasec)
* Fix OCI reference in README (#749 by @jonboulle)
* README.md: simplify Docker image example (#748 by @runcom)
* Switch from mixed jessie/testing to jessie+backports for libseccomp (#750 by @tianon)
* Get runc to build clean on Solaris (#747 by @amitkris)
* Fix trivial style errors reported by `go vet` and `golint` (#745 by @AkihiroSuda)

## v0.1.1 [2016-04-25]

* Bump to v0.1.1 for selinux mount label fix (#778 by @crosbymichael)

## v0.1.0 [2016-04-12]

* Update to version 0.1.0 (#746 by @crosbymichael)
* Makefile: install to /usr/local/sbin (#702 by @cyphar)
* Fix problem when swap memory unsupported (#744 by @hqhq)
* Add unit tests for the utils package (#739 by @albertoleal)
* Add unit tests for configs.Hooks (#717 by @albertoleal)
* HookState adhears to OCI (#724 by @glestaris)
* Fix setupDev logic in rootfs_linux.go (#742 by @LK4D4)
* Fix for runc failing when rootfs has a trailing slash (#736 by @mrunalp)
* Add label.GetFileLabel interface (#730 by @rhatdan)
* Fix broken build due to missing import (#737 by @mrunalp)
* Synchronize writes to mcs map (#735 by @mrunalp)
* Report hook output on error (#734 by @crosbymichael)
* Fix the build by removing go get for vet (#729 by @mrunalp)
* Updating README with container signal interaction (#722 by @rajasec)
* Add unit tests for validate.Validator (#718 by @albertoleal)
* Typo on Readme file. (#723 by @albertoleal)
* Fix problem when update memory and swap memory (#592 by @hqhq)
* Bump spec for masked and readonly paths (#716 by @crosbymichael)
* Fixing rlimit sigpending value (#721 by @rajasec)
* Fixup incorrect package name in a comment (#712 by @mrunalp)
* Return a more meaningful error when namespaces are disabled (#711 by @rhatdan)
* Add --no-pivot option for containers on ramdisk (#710 by @crosbymichael)
* libcontainer: user: always treat numeric ids numerically (#708 by @cyphar)
* Remove container root dir from an aborted start (#703 by @crosbymichael)
* Bump spec and implement hook timeout (#706 by @crosbymichael)
* Only perform mount labelling when necessary (#683 by @thtanaka)
* Fix hanging tests when run without root (#700 by @marcosnils)
* Refactor nsexec.c and add some comments (#686 by @hqhq)
* Use %v for map structure format (#698 by @ggaaooppeenngg)
* Fix typo (#699 by @ggaaooppeenngg)
* Fix libcontainer README.md example config (#696 by @hartzler)
* Set rlimits using prlimit in parent (#687 by @julz)
* Remove log from seccomp package (#691 by @crosbymichael)
* Export CreateLibcontainerConfig (#688 by @codido)
* Move lockthread to package level (#690 by @crosbymichael)
* fix typos (#685 by @allencloud)
* Dont cleanPath for systemd cgroup paths. (#682 by @anusha-ragunathan)
* Add support for enabling systemd cgroups  (#667 by @mrunalp)
* Show proper error from init process panic (#677 by @tonistiigi)
* fixing typo in device access error (#673 by @rajasec)
* Set oom_score_adj before we send the config to avoid race (#668 by @mrunalp)
* Fix the kmem TCP test (#669 by @mrunalp)
* Add more information in the error messages when writing to a file (#651 by @mrunalp)
* libcontainer: cgroups: deal with unlimited case for pids.max (#644 by @cyphar)
* libcontainer: cgroups: add support for kmem.tcp limits (#665 by @cyphar)
* Export user and group lookup errors as variables. (#650 by @novln)
* adds detail to runc start and spec help text (#661 by @mikebrow)
* Fixing valid-id in regex (#647 by @rajasec)
* Fix help info of init command (#658 by @hqhq)
* remove deadcode (#653 by @jessfraz)
* Sync on the pid file to ensure the write is persisted (#655 by @mrunalp)
* Create pid-file atomically (#652 by @crosbymichael)
* Destroy container along with processes before stdio (#646 by @crosbymichael)
* Don't link runc every time (#604 by @hqhq)
* Set Delegate to true for cgroups transient units (#648 by @mrunalp)
* Ensure logs are flushed (#637 by @crosbymichael)
* MAINTAINERS: add Aleksa Sarai to maintainers (#503 by @cyphar)
* Adding spec validation for exec and start (#623 by @rajasec)
* Add make uninstall command (#643 by @hqhq)
* Fix encoding gid mappings (#638 by @hqhq)
* Call Prestart hooks before restoring processes (#576 by @avagin)
* libcontainer: cgroups: add pids.max to PidsStats (#640 by @cyphar)
* Changing from logrus to fatal in list (#639 by @rajasec)
* Add gitcommit to runc builds (#636 by @crosbymichael)
* Clear groups after entering userns (#634 by @tonistiigi)
* Bump spec v0.4 (#633 by @crosbymichael)
* Revert "Return proper exit code for exec errors" (#630 by @crosbymichael)

## v0.0.9 [2016-03-10]

* nsexec: don't use CLONE_PARENT and CLONE_NEWPID together (#632 by @adfernandes)
* Improve error handling in runc (#628 by @crosbymichael)
* Create pid file when not exist (#597 by @rajasec)
* Handling error condition in loadspec (#622 by @rajasec)
* Add man pages (#614 by @mrunalp)
* Remove duplicated included head file (#616 by @hqhq)
* Serialize CommandHooks to state so that PostStop hooks execute during 'runc delete' (#618 by @teddyking)
* Add the most basic sniff tests of runc (#554 by @duglin)
* Cleanup systemd apply (#491 by @hqhq)
* Remove no longer used uid/gid mapping functions (#621 by @estesp)
* Properly setuid/setgid after entering userns (#606 by @estesp)
* Stub RunningInUserNS for non-Linux (#620 by @estesp)
* Update specs dep and runc functionality (#619 by @crosbymichael)
* Eliminating checkpoint state in container (#610 by @rajasec)
* Fix build error on centos6 (#609 by @hustcat)
* Fix handling of unsupported namespaces (#607 by @codido)
* adds the spec required state command (#605 by @mikebrow)
* Set sysfs readonly in config (#603 by @hqhq)
* Update masked and ro paths (#595 by @crosbymichael)
* Move setns within nsexec (#454 by @mlaventure)
* Fix to allow for build in different path (#600 by @duglin)
* Fix race between Apply and GetStats (#601 by @LK4D4)
* Adding linux label to test file (#579 by @rajasec)
* Updating swapiness value in README (#598 by @rajasec)
* Add hqhq to MAINTAINERS (#599 by @hqhq)
* Fix setting OomScoreAdj from OCI spec (#590 by @tonistiigi)
* Use single decoder instance for one stream (#596 by @hushan)
* Remount /dev as ro after it is populated (#585 by @crosbymichael)
* Build runC binary via a Docker container (#443 by @BenHall)
* Add bundle to runc list (#587 by @crosbymichael)
* Return proper exit code for exec errors (#591 by @crosbymichael)
* Wait for pipes to write all data before exit (#593 by @crosbymichael)
* Allow extra mount types (#594 by @crosbymichael)
* Removing pivot directory in defer (#588 by @rajasec)
* Make runc buildable everywhere (#328 by @hqhq)
* Create unique session key name for every container (#582 by @stefanberger)
* Add validation for sysctl (#303 by @mrunalp)
* Added error check in Getfilecon (#584 by @rajasec)
* Handle memory swappiness default properly (#580 by @estesp)
* Move pre-start hooks after container mounts (#568 by @mrunalp)
* Make sure container is destroyed on error (#583 by @crosbymichael)
* adding --format json to list command (#571 by @mikebrow)
* Move the process outside of the systemd cgroup (#577 by @crosbymichael)
* Look for " - " instead of just - as separator (#573 by @LK4D4)
* Removing tty0 tty1 from allowed devices (#567 by @rajasec)
* Check if tty is nil in handler (#570 by @crosbymichael)
* Fix CgroupsPath interpretation (#569 by @mlaventure)
* updating usage for runc, and all runc commands that now use <container id> as the first argument (#546 by @mikebrow)
* Do not set devices cgroup entries if in a user namespace (#564 by @hallyn)
* libcontainer: integration: fix flaky pids limit tests (#553 by @cyphar)
* Remove unneeded cgroups path removal (#556 by @hqhq)
* panic during start of failed detached container (#558 by @rajasec)
* Prevent a panic when container fails to start (#563 by @mlaventure)
* Add support for NoNewPrivileges (#557 by @mrunalp)
* Change softlink name to /dev/core (#561 by @rajasec)
* Register signal handlers earlier to avoid zombies (#562 by @julz)
* libcontainer: cgroups: fs: fix innerPath (#552 by @cyphar)
* Remove procStart (#526 by @hqhq)
* It's /proc/stat, not /proc/stats (#560 by @chenchun)
* Adding tty closure for restore operation (#550 by @rajasec)

## v0.0.8 [2016-02-10]

* Close tty on error before handler (#549 by @crosbymichael)
* Replace Cgroup Parent and Name fields by CgroupsPath (#497 by @mlaventure)
* Adding pids subsystem in SPEC.md (#545 by @rajasec)
* Create some util funcs that are common between start and exec (#537 by @duglin)
* Require container id as arg1 (#541 by @crosbymichael)
* `*`: use coreos/go-systemd/activation for socket activation (#542 by @runcom)
* Update spec to v0.3.0 (#536 by @crosbymichael)
* Fixing capabilities name in SPEC.md (#540 by @rajasec)
* Fixing usage in resume command (#539 by @rajasec)
* Load process.json for exec and add detach (#525 by @crosbymichael)
* Create a new session key for every container (#488 by @stefanberger)
* Added error string for process operations (#493 by @rajasec)
* Remove usage of GetMounts from GetCgroupMounts (#496 by @LK4D4)
* Add limit value to memory stats (#529 by @mlaventure)
* Add a compatibility header for CentOS/RHEL 6 (#524 by @adfernandes)
* Update list command and created methods (#522 by @crosbymichael)
* Remove version check in runc (#521 by @crosbymichael)
* update exec to pass args and --tty on run (#479 by @jessfraz)
* Remove double exec from command list (#523 by @crosbymichael)
* Add detach to runc (#474 by @crosbymichael)
* Fix the comment about sendConfig (#517 by @hqhq)
* adds list command (#507 by @mikebrow)
* cgroup: systemd: further systemd slice validation (#518 by @cyphar)

## v0.0.7 [2016-01-26]

* Bump runc version to 0.0.7 (#512 by @LK4D4)
* Do not use stream encoders for pipe communication (#515 by @crosbymichael)
* Update github.com/opencontainers/specs to a7b50925d8996923d99e (#514 by @mrunalp)
* cgroup: systemd: properly expand systemd slice names (#511 by @cyphar)
* Remove the nullState (#513 by @duglin)
* Adding user namespace in README (#504 by @rajasec)
* Fix various state bugs for pause and destroy (#499 by @crosbymichael)
* Revert "update date in README" (#510 by @hqhq)
* update date in README (#441 by @xlgao-zju)
* Add spec version to runC version cli (#405 by @marcosnils)
* Add build status badge (#505 by @marcosnils)
* Only set cwd when not empty (#494 by @crosbymichael)
* cgroups: set memory cgroups in Set (#495 by @cyphar)
* Remove some hard coded strings (#486 by @duglin)
* Fix comment of swap limit (#490 by @hqhq)
* Add support for just joining in apply using cgroup paths (#466 by @mrunalp)
* Embed Resources for backward compatibility (#476 by @hqhq)
* add seccomp.IsEnabled() function (#471 by @jessfraz)
* cleanup old hack dir (#481 by @jessfraz)
* Check that cwd is absolute (#480 by @mrunalp)
* Make cwd required (#475 by @mrunalp)
* selinux: add SelinuxSetEnforceMode implementation (#461 by @ahmetb)
* Update README of libcontainer (#462 by @hqhq)
* update go version to 1.5.3 in dockerfile and cleanup (#478 by @jessfraz)
* libcontainer: Add support for memcg pressure notifications (#426 by @codido)
* Only validate post-hyphen field length on cgroup mounts (#472 by @dadgar)
* Do not allow access to /dev/tty{0,1} (#455 by @hallyn)
* cgroup: add PIDs cgroup controller support (#446 by @cyphar)
* Add --console to specify path to use from runc (#459 by @crosbymichael)
* cgroups: fs: fix cgroup.Parent path sanitisation (#451 by @cyphar)
* Handle running nested in a user namespace (#458 by @hallyn)
* Revert to non-recursive GetPids, add recursive GetAllPids (#463 by @jimmidyson)
* Adding selinux label (#421 by @rajasec)
* make localtest failure with selinux enabled (#419 by @rajasec)
* Add white list for bind mount check (#452 by @hqhq)
* Cleanup Godeps (#448 by @hqhq)
* Implement Container States (#311 by @crosbymichael)
* Fix typo word in SPEC.md (#449 by @HackToday)
* Revert "cgroups: add pids controller support" (#445 by @mrunalp)
* cgroups: add pids controller support (#58 by @cyphar)
* Add NLA_HDRLEN workaround for gccgo (#437 by @clnperez)
* Move the cgroups setting into a Resources struct (#434 by @mrunalp)
* Move linux only Process.InitializeIO behind the linux build flag. (#436 by @calavera)
* Replace docker units package with new docker/go-units. (#435 by @calavera)
* Move STDIO initialization to libcontainer.Process (#430 by @crosbymichael)

## v0.0.6 [2015-12-11]

* update version for release 0.0.6 (#439 by @xlgao-zju)
* systemd: support cgroup parent with specified slice (#336 by @hqhq)
* fix minor typo (#432 by @xlgao-zju)
* Remove the timeframe for v1 spec (#431 by @hqhq)
* nsexec: replace usage of environment variable with netlink message (#340 by @dqminh)
* Export console New func (#428 by @crosbymichael)
* libcontainer: configs: create cgroup_unsupported.go in order to build on darwin as well (#420 by @runcom)
* libcontainer: network_linux.go: fix go vet (#424 by @runcom)
* Fixing xattr test step issue (#423 by @rajasec)
* README.md: clarify OCI JSON files (#371 by @hqhq)
* Fixing minor typo in usage (#415 by @rajasec)
* Adding error conditions when apparmor disabled (#411 by @rajasec)

## v0.0.5 [2015-11-20]

* Bump version constant to 0.0.5 in preparation for a new release (#410 by @tianon)
* godeps: update go-systemd to v4 and godbus/dbus to v3 (#408 by @runcom)
* libcontainer: configs: extend unsupported os (#407 by @runcom)
* Bind mount device nodes on EPERM (#357 by @ashahab-altiscale)
* adding support for --bundle (#373 by @mikebrow)
* static binary \o/ (#401 by @jessfraz)
* Fix comment to be consistent with the code (#403 by @hqhq)
* Add seccomp trace support (#398 by @crosbymichael)
* Some cgroup cleanups (#388 by @hqhq)
* Validate process configuration for runc exec (#391 by @mrunalp)
* Add poststart hooks (#392 by @mrunalp)
* Change my email address (#394 by @avagin)
* Fix race setting process opts (#393 by @crosbymichael)
* Windows: Refactor Container interface (#360 by @lowenna)
* Windows: Factor down criu_opts (#361 by @lowenna)
* Windows: Refactor state struct (#359 by @lowenna)
* Unify behavior for memory cgroup (#343 by @hqhq)
* README.md: fix description for runc with systemd (#375 by @hqhq)
* Docker needs to know whether the user requested a relabel (#377 by @rhatdan)
* Add more context around some error cases (#379 by @duglin)
* Remove naked return (#355 by @keloyang)
* Windows: Tidy libcontainer\devices (#365 by @lowenna)
* Windows: Refactor configs/cgroup.go (#362 by @lowenna)
* Fixes build tags on `cgroups\fs\*.go` (#364 by @lowenna)
* Add criu related debug output (#238 by @adrianreber)
* libcontainer/SPEC.md: fix /dev/stdio symlinks (#337 by @alban)
* Fixing typo in the comment for exit (#358 by @rajasec)
* Remove fatalf function; unused. (#354 by @warpfork)
* Add name to cgroup subsystem and set order (#335 by @crosbymichael)
* Add the conversion of architectures for seccomp config (#345 by @keloyang)
* Correct intuition for setupDev (#352 by @hqhq)
* Set cpuset.cpus and cpuset.mems before join the cgroup (#334 by @hqhq)
* Add ability to use json structured logging format. (#333 by @warpfork)
* Reorder checks in Walk to avoid panics (#332 by @LK4D4)
* Get PIDs from cgroups recursively (#330 by @LK4D4)
* Add option to support criu manage cgroups mode for dump and restore (#184 by @huikang)
* Add Andrey Vagin as maintainer (#177 by @LK4D4)
* Validate label options (#320 by @rhatdan)
* Add additional groups support (#324 by @mrunalp)
* Fix for race from error on process start (#316 by @cpuguy83)
* change named to names (#326 by @xlgao-zju)
* nsexec: Align clone child stack ptr to 16 (#319 by @dodgerblue)
* bump docker pkgs (#317 by @runcom)
* Add memory reservation support for systemd (#305 by @hqhq)
* Adapt spec 96bcd043aa8a28f6f64c95ad61329765f01de1ba (#276 by @runcom)
* Systemd name (#315 by @mrunalp)
* Allow numeric groups for containers without /etc/group (#313 by @ghost)
* Fix name in MAINTAINERS list (#314 by @LK4D4)
* change uid to gid in func HostGID (#312 by @xlgao-zju)
* Create container_private, container_slave and container_shared modes for rootfsPropagation (#208 by @rhvgoyal)
* Systemd: Join perf_event cgroup (#306 by @hqhq)
* Fix reOpenDevNull (#309 by @chenchun)
* Only remount if requested flags differ from current (#307 by @estesp)
* /proc and /sys do not support labeling (#304 by @rhatdan)
* Run tests for all HugetlbSizes (#308 by @LK4D4)
* Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b4 (#302 by @mrunalp)
* no need to use p.cmd.Process.Pid in function, use p.pid() instead. (#292 by @keloyang)
* Add prestart/poststop hooks to runc (#160 by @mrunalp)
* Move mount methods out of configs pkg (#299 by @crosbymichael)
* simple refactor for the options of `runc spec` (#270 by @laijs)
* README.md: Update the config example (#271 by @laijs)
* Libcontainer: Add support for multiple architectures in Seccomp (#295 by @mheon)
* Change mount dest after resolving symlinks (#296 by @crosbymichael)
* Cleanup unused func arguments (#283 by @runcom)
* Enter existing user namespace if present (#288 by @codido)
* Ignore changing /dev/null permissions if used in STDIO (#289 by @crosbymichael)
* script: test_Dockerfile: install criu from source (#291 by @runcom)
* Fix STDIO permissions when container user not root (#280 by @crosbymichael)
* Fix STDIO ownership for non-tty processes (#279 by @crosbymichael)
* script: test_Dockerfile: update criu version (#278 by @runcom)
* libcontainer: Allow passing mount propagation flags (#264 by @rhvgoyal)
* update the command usage for `runc start` (#269 by @laijs)
* Add CAP prefix for capabilities (#257 by @mrunalp)
* close config file after loaded (#272 by @laijs)
* update the command usage of `runc` (#268 by @laijs)
* Adjust runc to new opencontainers/specs version (#242 by @LK4D4)
* Add testing docs in README (#237 by @hqhq)
* New netlink library (#43 by @LK4D4)
* Fixing checkpoint issue (#248 by @rajasec)
* Minor comments fix (#251 by @hqhq)
* Always remount for bind mount (#236 by @hqhq)
* make localtest failure on removing seccomp flag in Makefile (#266 by @rajasec)
* c/r: create cgroups to restore a container (#253 by @avagin)
* Add all support build tags for runc features (#265 by @crosbymichael)

## v0.0.4 [2015-09-11]

* Add seccomp build tag (#220 by @crosbymichael)
* Implement hooks in libcontainer code base (#261 by @crosbymichael)
* Fix bug in find cgroup mount point dir (#259 by @hqhq)
* Some cgroups cleanup (#250 by @hqhq)
* Restorefixforrunningcontainer (#239 by @rajasec)
* Fix cgroup mount tests (#235 by @hqhq)
* Adding oom_score_adj as a container config param (#232 by @vishh)
* cleanup: outdated comment (#233 by @shishir-a412ed)
* Make label.Relabel safer. (#165 by @calavera)
* Add --log flag (#179 by @crosbymichael)
* Add caveat will only build on Linux as per #9 (#229 by @booyaa)
* Systemd integration with runc, for on-demand socket activation (#231 by @shishir-a412ed)
* Remove hard-coded default for tcp connections (#221 by @crosbymichael)
* Restore container cleanup (#214 by @rajasec)
* Update README config file devices (#224 by @marcosnils)
* Adding rlimit in spec (#223 by @rajasec)
* Connect Seccomp configuration in Spec to backend (#228 by @mheon)
* Error should be checked after loadSpec (#230 by @shishir-a412ed)
* Add a 'start' command (#210 by @duglin)
* Add hooks for passing explicit veth pairs for forwarding to CRIU (#215 by @boucher)
* Add the criu log file path to the failure message. (#219 by @boucher)
* Convert Seccomp support to use Libseccomp (#70 by @mheon)
* Add exec command (#205 by @tonistiigi)
* Simple Cleanups (#212 by @laijs)
* richer information error message for terminal (#213 by @laijs)
* Integrate security settings (#211 by @mrunalp)
* Update device specs (#193 by @tonistiigi)
* Adding securityfs mount (#183 by @rajasec)
* Ensure the cleanup jobs in the deferrer are executed on error (#206 by @mountkin)
* Fix cgroups again (#194 by @LK4D4)
* Fixing netlink build error on ppc64le with gccgo (#199 by @clnperez)
* Add pause/resume commands (#204 by @tonistiigi)
* make localtest fills up /tmp with /tmp/libcontainer (#209 by @rajasec)
* Add the default signal (SIGTERM) for runc kill (#197 by @laijs)
* Simplify the return on process wait (#196 by @laijs)
* container id is the cgroup name (#192 by @fabiokung)
* Minor update to usage/help text (#188 by @duglin)
* Fix cgroup parent searching (#191 by @LK4D4)
* Change example JSON to refer to "pid" namespace rather than "process." (#182 by @willmtemple)
* Rename process namespace to pid (#180 by @LK4D4)
* Fix minor stylistic issues (#181 by @mrunalp)
* Don't make modifications to /dev when it is bind mounted (#96 by @mrunalp)
* Runc kill (#178 by @crosbymichael)
* Use signal handler for restore (#174 by @crosbymichael)

## v0.0.3 [2015-08-04]

* Add signal API to Container interface (#175 by @crosbymichael)
* Go1.5 compatibility fix (#166 by @codido)
* Use /proc/self/exe as default for InitPath (#151 by @LK4D4)
* Update go systemd dbus v3 (#150 by @runcom)
* Update spec (#173 by @mrunalp)
* Add debug message when unable to execute criu (#172 by @huikang)
* Remove reference to nsinit (#168 by @runcom)
* Remove dind (#164 by @LK4D4)
* tests: dump/restore a container with cgroups (#163 by @avagin)
* Simplify and fix os.MkdirAll() usage (#162 by @kolyshkin)
* Change default state directory to /run/oci (#159 by @LK4D4)
* Add test arguments to Makefile targets (#161 by @marcosnils)
* Update README.md to correct comment about spec and user (#158 by @estesp)
* Only add network info if NEWNET is set (#157 by @crosbymichael)
* Fix files not closed in mountinfo parsing function (#156 by @mrunalp)
* signal: Fix leak (#154 by @mrunalp)
* systemd integration with container runtime for supporting sd_notify protocol (#129 by @shishir-a412ed)
* Remount /sys/fs/cgroup as RO if MS_RDONLY was passed (#145 by @LK4D4)
* test: propagate the error to the caller (#152 by @laijs)
* bring the loopback interface up inside containers (#147 by @fabiokung)
* typo: tempory -> temporary (#148 by @jhjeong-kr)
* Update maintainers guide (#138 by @crosbymichael)
* avoid infinite loop with GCCGO (#114 by @brahmaroutu)
* Create symlinks for merged cgroups (#144 by @LK4D4)
* ct: give criu informations about cgroup mounts (#142 by @avagin)
* Fix subsystem path with abs parent (#143 by @LK4D4)

## v0.0.2 [2015-07-17]

* Revert "Remount /sys/fs/cgroup as readonly always" (#137 by @mrunalp)
* Substract source mount from cgroup dir (#135 by @LK4D4)
* Remount /sys/fs/cgroup as readonly always (#136 by @LK4D4)

## v0.0.1 [2015-07-16]

* Cgroups mount fix (#130 by @LK4D4)
* Fix handling name= cgroups (#131 by @LK4D4)
* Add cgroup mount in the recommended config (#91 by @hqhq)
* Fixed two typos (#117 by @jhjeong-kr)
* Add memory swappiness support (#120 by @lizf-os)
* Correct tmpfs mount for cgroup (#127 by @hqhq)
* Fix error when memory cgroup not mounted (#118 by @hqhq)
* typo: exists -> exits (#116 by @jhjeong-kr)
* the data type should be int8 for ppc64le (#115 by @brahmaroutu)
* Fix IDMapping host / container field confusion (#98 by @wking)
* Sort mount flags so it's easier to be found (#112 by @hqhq)
* typo: SICHLD -> SIGCHLD (#111 by @jhjeong-kr)
* Remove deserialization tests. (#109 by @mrunalp)
* Windows: Factor out seccomp (#52 by @lowenna)
* Windows: Factor out CloseExecFrom (#53 by @lowenna)
* Fix bug in Readme.md,change GOPATH to GOPATH/src (#100 by @zenlint)
* CI target for Makefile (#72 by @LK4D4)
* fix dockerfile (#103 by @jessfraz)
* wrong grammar: should never been --> should have never been (#99 by @jhjeong-kr)
* Add oom-kill-disable support for systemd (#97 by @hqhq)
* Add memory limit set (#90 by @hqhq)
* Fixing memory swappiness as -1 in template file for older kernels (#95 by @rajasec)
* Adds Sysctl support (#73 by @mrunalp)
* Remove sample configs from libcontainer (#89 by @hqhq)
* Treat -1 as default value for memory swappiness (#86 by @ktraghavendra)
* Update runc with types from spec repository (#82 by @crosbymichael)
* Fix build tags (#79 by @LK4D4)
* README changes for the newer spec format. (#67 by @mrunalp)
* Prefer Godep dependencies in the GOPATH (#71 by @mrunalp)
* Some new stuff for makefile (#45 by @LK4D4)
* Enable build on unsupported platforms (#68 by @mtesselH)
* fixed typo (#63 by @kennethlimcp)
* libcontainer: user: fix `GetAdditionalGroups*` API (#59 by @cyphar)
* Update config based on spec changes (#66 by @crosbymichael)
* linux: Don't prepend process' cwd if rootfs path is already absolute (#40 by @cgwalters)
* Added all dependency to install in Makefile (#32 by @7imbrook)
* Windows: Remove nsenter dependency (#49 by @lowenna)
* Adding minimum version required for docker create (#64 by @rmanyari)
* checkpoint/restore commands support 'file-locks' option. (#55 by @mapk0y)
* Corrected spelling (#61 by @blakelapierre)
* Fix absolute path getting for runc binary (#47 by @LK4D4)
* Minor README tweaks to help newbies (#23 by @duglin)
* Move libcontainer documenation to root of repo (#44 by @crosbymichael)
* Add notcie about config format changes (#42 by @crosbymichael)
* Make startup errors a bit friendlier (#30 by @estesp)
* Update usage content and fix typos (#33 by @estesp)
* Allow hyphen in "id" (based on `cwd` pathname) (#31 by @estesp)
* Allow runc to be executed as a relative path (#28 by @estesp)
* make the install steps more clear in README.md (#14 by @carmark)
* Fix function name typo (#29 by @estesp)
* Remove nsinit from comments (#22 by @lizf-os)
* Initialize memory.swappiness cgroup to -1 (#20 by @estesp)
* libcontainer: gofmt pass (#21 by @unclejack)
* Remove nsinit from libcontainer README.md (#8 by @LK4D4)
* Fix panic in seccomp test on error (#10 by @LK4D4)
* Change "... JSON Format;" to "... JSON Format:" (#11 by @justjake)

## Initial development under docker/libcontainer

* Remove unused code (docker/libcontainer#643 by @runcom)
* Ensure all parent dirs are properly setup (docker/libcontainer#642 by @crosbymichael)
* Fix nsinit to configure default cgroup entry for MemorySwappiness (docker/libcontainer#640 by @estesp)
* Avoid trying to access cpu.shares when it doesn't exist (docker/libcontainer#638 by @lizf-os)
* Fix kmem limit set (docker/libcontainer#637 by @hqhq)
* Fix some suspicious things in vendor (docker/libcontainer#635 by @LK4D4)
* gofmt to fix formatting (docker/libcontainer#634 by @unclejack)
* Handle SYS_setns not existing but `__NR_setns` does. (docker/libcontainer#630 by @tsuna)
* Only try to get AdditionalGroups if they are configured. (docker/libcontainer#627 by @mrunalp)
* Add the memory swappiness tuning support to libcontainer (docker/libcontainer#622 by @ktraghavendra)
* Fix nsinit README.md config link (docker/libcontainer#626 by @icecrime)
* Additional ppc architectures follow the arm datatype (docker/libcontainer#625 by @mchasal)
* Use simpler parsing of /proc/self/mountinfo for FindCgroupMountpoint (docker/libcontainer#624 by @LK4D4)
* Don't change memswap value in libcontainer (docker/libcontainer#620 by @hqhq)
* Rebased: Additional groups lookup (docker/libcontainer#603 by @dqminh)
* linux: Convert dup2 calls to dup3 (docker/libcontainer#618 by @glevand)
* Fix relabel to allow volume mounting of / (docker/libcontainer#619 by @rhatdan)
* Stop systemd unit on destroy (docker/libcontainer#617 by @LK4D4)
* Golang seccomp package (docker/libcontainer#613 by @crosbymichael)
* Fix hack/validate.sh (docker/libcontainer#614 by @LK4D4)
* make libcontainer compile on freebsd (again) (docker/libcontainer#615 by @kvasdopil)
* Update dockerproject.com links (docker/libcontainer#611 by @thaJeztah)
* hugetlb: Add support of Set and GetStats function (docker/libcontainer#567 by @Mashimiao)
* spec: Fix errors in file system mount points table. (docker/libcontainer#608 by @davexunit)
* bug fix: slice bounds out of range (docker/libcontainer#607 by @WeiZhang555)
* Fix race in stats Manager (docker/libcontainer#602 by @runcom)
* Update nsinit readme for C/R (docker/libcontainer#605 by @wonderflow)
* cgroup memory: Enchance stats support of memory (docker/libcontainer#592 by @Mashimiao)
* Process.go can compile on FreeBSD (docker/libcontainer#606 by @kvasdopil)
* integration: don't ignore exit codes of test processes (docker/libcontainer#599 by @avagin)
* WIP: Add Checkpoint and Restore support to libcontainer (docker/libcontainer#479 by @crosbymichael)
* README example for using checkpoint/restore. (docker/libcontainer#600 by @boucher)
* Windows: Initial compilation enablement (docker/libcontainer#583 by @lowenna)
* Add a flag for specifying system properties. (docker/libcontainer#562 by @mrunalp)
* Set the seed when randMacAddr (docker/libcontainer#542 by @sayuan)
* Fix nsenter package on unsupported platforms. (docker/libcontainer#596 by @dmitshur)
* cgroup: Add freeze Set When calls systemd to Apply (docker/libcontainer#589 by @Mashimiao)
* cgroups: add support for net_cls (docker/libcontainer#582 by @Mashimiao)
* Add support for kmem limit (docker/libcontainer#591 by @hqhq)
* Fix stacktrace panic (docker/libcontainer#590 by @hqhq)
* cgroup: add support for net_prio (docker/libcontainer#584 by @Mashimiao)
* croup cpu: add support for realtime throttling (docker/libcontainer#587 by @Mashimiao)
* don't fail when subsystem not mounted (docker/libcontainer#476 by @hqhq)
* Do not prevent mounts in /sys (docker/libcontainer#576 by @crosbymichael)
* Update github.com/syndtr/gocapability to 66ef2aa (docker/libcontainer#573 by @LK4D4)
* Security fixes for docker 1.6.1 (docker/libcontainer#574 by @crosbymichael)
* some fixes for SPEC (docker/libcontainer#572 by @hqhq)
* add vendor/pkg to gitignore (docker/libcontainer#570 by @hqhq)
* Replace aliased imports of logrus (docker/libcontainer#569 by @hqhq)
* integration: don't create a factory for each test case (docker/libcontainer#560 by @avagin)
* Update logrus to 0.7.3 (docker/libcontainer#566 by @tianon)
* Use logrus everywhere (docker/libcontainer#561 by @avagin)
* Adds support for setting system properties. (docker/libcontainer#535 by @mrunalp)
* remove unused functions (docker/libcontainer#558 by @hqhq)
* Split namespace syscall content for building on non-Linux (docker/libcontainer#554 by @estesp)
* cgroups/systemd: remove useless code (docker/libcontainer#555 by @avagin)
* cgroups: add support `blkio.throttle.read/write_*` (docker/libcontainer#539 by @Mashimiao)
* Add cgroup mount type for mounting container local cgroups (docker/libcontainer#553 by @crosbymichael)
* cgroups: add support of devices deny for another use of cgroup devices (docker/libcontainer#492 by @Mashimiao)
* Check for cmd.Process not-nilness in setnsProcess.terminate() (docker/libcontainer#550 by @LK4D4)
* Add support for Premount and Postmount commands. (docker/libcontainer#495 by @rhatdan)
* fix some typos in source code comments (docker/libcontainer#546 by @liubin)
* cleanup cpushares check (docker/libcontainer#537 by @hqhq)
* fix freeze systemd test (docker/libcontainer#538 by @hqhq)
* Add more explanation for nsenter (docker/libcontainer#526 by @wonderflow)
* add Set support for systemd based cgroup (docker/libcontainer#500 by @hqhq)
* We want to prevent users from accidently attempting to relabel /, /etc and /usr (docker/libcontainer#533 by @rhatdan)
* check "/sbin/apparmor_parser" in apparmor.IsEnabled() (docker/libcontainer#532 by @tifayuki)
* integration: wait all test processes (docker/libcontainer#531 by @avagin)
* Throw an error if cgroup tries to set cpu-shares more/less than the maximum/minimum permissible value. (docker/libcontainer#464 by @shishir-a412ed)
* add comments for nsexec.c (docker/libcontainer#530 by @hqhq)
* nsinit: Add a flag to enable systemd support for cgroups (docker/libcontainer#525 by @mrunalp)
* add cgroup subsystem hugetlb (docker/libcontainer#519 by @Mashimiao)
* Fix a typo in factory.go (docker/libcontainer#527 by @huikang)
* Change mount point propogation to default to slave (docker/libcontainer#520 by @rhatdan)
* Add arch support for ARMv8 and PowerPC, and fix ARMv7 (docker/libcontainer#524 by @adconrad)
* integration: use test helper for error check (docker/libcontainer#508 by @Mic92)
* Read `_LIBCONTAINER_INITPIPE` in nsexec.c (docker/libcontainer#523 by @LK4D4)
* Add cache to MemoryStats (docker/libcontainer#518 by @crosbymichael)
* Add value checking on relabel command for selinux (docker/libcontainer#509 by @rhatdan)
* Append childpipe for adding addtional Fds to container (docker/libcontainer#516 by @crosbymichael)
* cgroups: add support for blkio.weight_device (docker/libcontainer#354 by @hqhq)
* /dev/mqueue has to be labeled correctly (docker/libcontainer#515 by @rhatdan)
* Add documentation for nsinit (docker/libcontainer#501 by @wonderflow)
* Ensure that state always contains pathes to all namespaces (docker/libcontainer#514 by @LK4D4)
* bugfix and cleanup for systemd cgroup (docker/libcontainer#502 by @hqhq)
* add systemd integration test (docker/libcontainer#505 by @hqhq)
* Change nsinit root to /var/run/nsinit (docker/libcontainer#507 by @crosbymichael)
* add binary target to direct install in a container (docker/libcontainer#490 by @dqminh)
* Fix pdeathsig and ppid for supervisor running as pid1 (docker/libcontainer#504 by @crosbymichael)
* Fix: typos. (docker/libcontainer#498 by @athoune)
* fix README.md for nsinit (docker/libcontainer#493 by @hqhq)
* cgroups/systemd: Use unified subsystems (docker/libcontainer#497 by @Mashimiao)
* cgroups: return error when passing invalid argument to freezer (docker/libcontainer#494 by @Mashimiao)
* cgroups: systemd: attempt to stop test scope, if any (docker/libcontainer#489 by @philips)
* Fix finding parent for fs cgroups (docker/libcontainer#491 by @LK4D4)
* add readme for nsinit about how to build nsinit (docker/libcontainer#488 by @wonderflow)
* Use syscall.Kill instead of p.cmd.Process.Kill (docker/libcontainer#487 by @LK4D4)
* Process capabilities (docker/libcontainer#484 by @mrunalp)
* Fix minor typo in init_linux.go (docker/libcontainer#481 by @coolljt0725)
* mount: Add a flag to bind devices when user namespaces are enabled. (docker/libcontainer#480 by @mrunalp)
* remove redundant code (docker/libcontainer#475 by @hqhq)
* Update syndtr/gocapability to 8e4cdcb3c22b40d5e330ade0b68cb2e2a3cf6f98 (docker/libcontainer#478 by @LK4D4)
* Revert "cgroups: only return path when subsystem really mounted (docker/libcontainer#474 by @crosbymichael)
* path now returns the IsNotFound error (docker/libcontainer#472 by @crosbymichael)
* systemd: properly check DefaultDependencies is read only (docker/libcontainer#469 by @Snorch)
* correct comment errors for netlink_linux.go (docker/libcontainer#460 by @sunyuan3)
* Add TmpfsRoot option (docker/libcontainer#459 by @LK4D4)
* mount: Take out the base mounts and move them to the config. (docker/libcontainer#455 by @mrunalp)
* add parameter to Set api (docker/libcontainer#441 by @hqhq)
* Do not fail cgroups setup if parent cgroup does not exist. (docker/libcontainer#453 by @vishh)
* mount: sysfs also doesn't need to be labelled like mqueue. (docker/libcontainer#451 by @mrunalp)
* Fix path to /dind (docker/libcontainer#450 by @avagin)
* selinux: Adds a check for a NUL byte at the end of the string and removes it (docker/libcontainer#443 by @mrunalp)
* Add vet checks to validate script (docker/libcontainer#430 by @LK4D4)
* Update to recent busybox 2014.11 tar (docker/libcontainer#449 by @estesp)
* nsinit usability improvements (docker/libcontainer#448 by @crosbymichael)
* Mounting a tmpfs directory needs to inherit directory permissions from base (docker/libcontainer#442 by @rhatdan)
* Update logrus to 0.6.6 (docker/libcontainer#447 by @jessfraz)
* Hairpin NAT network configuration (docker/libcontainer#446 by @icecrime)
* Add information Type method for Factory (docker/libcontainer#445 by @LK4D4)
* Don't label mqueue when mounting (docker/libcontainer#444 by @ncdc)
* fix some cgroups issues (docker/libcontainer#437 by @hqhq)
* nsenter: fix the -Wunused-variable warning (docker/libcontainer#439 by @vbatts)
* add Set memoryswap test cases (docker/libcontainer#438 by @hqhq)
* Add godoc for selinux package (docker/libcontainer#435 by @pmorie)
* fix apply error when we not mount cpu subsystem (docker/libcontainer#429 by @hqhq)
* cgroups: add support for oom control (docker/libcontainer#417 by @HuKeping)
* Pass os.Environ() as environment to process from init. (docker/libcontainer#432 by @LK4D4)
* Remove overcomplicated logic of SIGCHLD from TestNsenterDeadPid (docker/libcontainer#431 by @LK4D4)
* A few minor fixes (docker/libcontainer#427 by @avagin)
* Add tty support for setnsProcess (docker/libcontainer#428 by @LK4D4)
* Adds an integration test for checking process env. (docker/libcontainer#423 by @mrunalp)
* cgroups: use Set instead of Apply in Freeze (docker/libcontainer#425 by @hqhq)
* Add the file close operation before function return to release resource (docker/libcontainer#426 by @MabinGo)
* Fix panic when genericError constructor gets nil error (docker/libcontainer#424 by @dqminh)
* add a new api Set (docker/libcontainer#376 by @hqhq)
* Make NetworkInterface public (docker/libcontainer#421 by @LK4D4)
* Implement stats for systemd (docker/libcontainer#420 by @LK4D4)
* Return init errors from setnsProcess (docker/libcontainer#419 by @LK4D4)
* Don't join rootfs if path already prefixed by it (docker/libcontainer#416 by @LK4D4)
* Fixes validate (docker/libcontainer#414 by @jessfraz)
* fix instructions in README (docker/libcontainer#410 by @hqhq)
* Add a validate script (docker/libcontainer#395 by @jessfraz)
* rename test files so we can really test them (docker/libcontainer#409 by @hqhq)
* Move tty configuration to Process (docker/libcontainer#407 by @LK4D4)
* Exit related cleanup (docker/libcontainer#400 by @mrunalp)
* Return actual ProcessState on Wait error (docker/libcontainer#406 by @LK4D4)
* Add default InitArgs for factory (docker/libcontainer#405 by @LK4D4)
* Add init path support to allow full control of init binary (docker/libcontainer#404 by @crosbymichael)
* Make possible to call config methods on values (docker/libcontainer#403 by @LK4D4)
* Fix comment for container.Start (docker/libcontainer#402 by @LK4D4)
* remove drone (docker/libcontainer#401 by @jessfraz)
* Linux has added a new capability audit_read (docker/libcontainer#383 by @rhatdan)
* Use configs.NamespaceType as key for State.NamespacePathes (docker/libcontainer#397 by @LK4D4)
* Update copyright year in NOTICE (docker/libcontainer#391 by @thaJeztah)
* process: add Wait() and Pid() methods (docker/libcontainer#392 by @avagin)
* Change os-prefix file naming to standard postfix naming (docker/libcontainer#394 by @LK4D4)
* nsenter: noop reference to C constructor (docker/libcontainer#390 by @vbatts)
* Merge API Branch into Master (docker/libcontainer#388 by @crosbymichael)
* Merge master into api (docker/libcontainer#389 by @crosbymichael)
* Validation for user namespace in the config. (docker/libcontainer#386 by @mrunalp)
* Fixes bug where rootfs was empty instead of pwd when not specified. (docker/libcontainer#387 by @mrunalp)
* Make usernamespaces work without sidecar process (docker/libcontainer#385 by @crosbymichael)
* Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us (docker/libcontainer#371 by @coolljt0725)
* Update api branch with master changes (docker/libcontainer#382 by @crosbymichael)
* Add functional API for Factory configuration (docker/libcontainer#381 by @crosbymichael)
* Add config generation for simple user namespace testing. (docker/libcontainer#379 by @mrunalp)
* Fixed some typos and tried to make comments read better. (docker/libcontainer#378 by @mrunalp)
* Add a constant for the container console path. (docker/libcontainer#377 by @mrunalp)
* Use netlink to set hairpin mode (docker/libcontainer#373 by @LK4D4)
* Refactor system mounts to be placed on the config (docker/libcontainer#375 by @crosbymichael)
* Fix compilation with golang 1.3(uid/gid mappings is unsupported) (docker/libcontainer#374 by @LK4D4)
* Changes required to keep gcc 5.0 quiet and happy. (docker/libcontainer#372 by @rhatdan)
* Ensure state is persisted (docker/libcontainer#370 by @crosbymichael)
* API Refactoring  (docker/libcontainer#367 by @crosbymichael)
* integration: check a container with userns (docker/libcontainer#360 by @avagin)
* Resurrect hairpin NAT (docker/libcontainer#366 by @icecrime)
* handle SIGCHLD when running as child subreaper (docker/libcontainer#369 by @dqminh)
* add dqminh as maintainer (docker/libcontainer#343 by @dqminh)
* fix typo for GetHostRootGid (docker/libcontainer#361 by @hqhq)
* Retry getting the cgroup root at apply time. (docker/libcontainer#362 by @vmarmol)
* cgroups: systemd: set DefaultDependencies=false if possible (docker/libcontainer#359 by @philips)
* namespaces: allow to use pid namespace without mount namespace (docker/libcontainer#358 by @avagin)
* Flatten config structures and remove namespace package (docker/libcontainer#357 by @crosbymichael)
* Add vet check to .drone.yml (docker/libcontainer#356 by @LK4D4)
* namespaces: send config, network state and other arguments in one packet (docker/libcontainer#355 by @avagin)
* Merge remote-tracking branch 'origin/master' into api-rebase (docker/libcontainer#351 by @avagin)
* Update github.com/godbus/dbus to v2 (docker/libcontainer#353 by @LK4D4)
* Created man page for nsinit (docker/libcontainer#341 by @shishir-a412ed)
* cgroups: always create device cgroup on systemd (docker/libcontainer#344 by @hqhq)
* nsenter: remove a proxy process (docker/libcontainer#348 by @avagin)
* Use Wait4 instead of cmd.Wait (docker/libcontainer#349 by @LK4D4)
* Fix a minor typo (docker/libcontainer#347 by @guoxiuyan)
* Support read-only root filesystems (docker/libcontainer#345 by @fabiokung)
* new-api: implement Wait, WaitProcess (docker/libcontainer#342 by @avagin)
* add support for blkio.weight (docker/libcontainer#337 by @hqhq)
* Checks namespace flags for user ns code path. (docker/libcontainer#340 by @mrunalp)
* namespace: don't change namespaces which are not belonged to the CT  (docker/libcontainer#324 by @avagin)
* new-api: implement Pause() and Resume() (docker/libcontainer#339 by @avagin)
* Adds user namespace support to libcontainer (docker/libcontainer#304 by @mrunalp)
* cgroups: set a freezer state before calling FreezerGroup.Set() (docker/libcontainer#338 by @avagin)
* nsenter waits for parent signal before forking (docker/libcontainer#336 by @dqminh)
* new-api: integration: check that a process can be executed in an existing CT (docker/libcontainer#334 by @avagin)
* new-api: add Console to ProcessConfig (docker/libcontainer#333 by @avagin)
* cgroups: don't change a freezer state if an operation failed (docker/libcontainer#335 by @avagin)
* Vendors glog dependency for the api branch. (docker/libcontainer#332 by @mrunalp)
* new-api: implement fs and systemd cgroup managers (docker/libcontainer#330 by @avagin)
* new-api: execute a process inside an existing container  (docker/libcontainer#311 by @avagin)
* Fix exit codes when dying on a signal (docker/libcontainer#328 by @icecrime)
* Add nsinit command to display oom notifications (docker/libcontainer#329 by @crosbymichael)
* Update ROADMAP.md to correctly reflect current arch status (docker/libcontainer#326 by @estesp)
* Refactor kill all pids (docker/libcontainer#327 by @crosbymichael)
* A few fixes for nsenter (docker/libcontainer#315 by @avagin)
* killall processes in a cgroup if you are not using the pid namespace (docker/libcontainer#320 by @rhatdan)
* Adds functionality to specify additional groups to join. (docker/libcontainer#322 by @mrunalp)
* Don't get stats for cgroups that don't exist. (docker/libcontainer#321 by @vmarmol)
* Use the child subreaper option only when available (docker/libcontainer#318 by @mrunalp)
* Changes Dockerfile to use go 1.4 (docker/libcontainer#317 by @mrunalp)
* Fix vet errors (docker/libcontainer#316 by @LK4D4)
* Namespaces methods should act on pointer (docker/libcontainer#314 by @crosbymichael)
* Add lk4d4 as maintainer (docker/libcontainer#313 by @crosbymichael)
* Add type for namespaces for better UI (replacement of #302) (docker/libcontainer#312 by @LK4D4)
* OOM Notify refactoring (docker/libcontainer#307 by @LK4D4)
* Allow non local mac-address. (docker/libcontainer#310 by @jessfraz)
* Fix removing of cgroups if something still alive in container (docker/libcontainer#308 by @LK4D4)
* define PR_SET_CHILD_SUBREAPER if not set (docker/libcontainer#300 by @dqminh)
* Changed docker hub pointer to dockercore (docker/libcontainer#293 by @gaberger)
* Use namespace.Exec() and namespace.Init() to execute processes in CT (docker/libcontainer#306 by @avagin)
* Prepare ground for moving on new API (docker/libcontainer#299 by @avagin)
* user: fix function signatures (docker/libcontainer#301 by @cyphar)
* Adding a function that allows to remove an address set on an interface (docker/libcontainer#297 by @Ketouem)
* add spec for exec a new process inside a container (docker/libcontainer#290 by @dqminh)
* user: MAINTAINERS: add cyphar (myself) as a maintainer (docker/libcontainer#294 by @cyphar)
* cgroups: add failcnt test (docker/libcontainer#295 by @hqhq)
* Set rlimit for execin process (docker/libcontainer#289 by @dqminh)
* cgroup: add support to set MemorySwap (docker/libcontainer#288 by @hqhq)
* add support for testing execin (docker/libcontainer#287 by @dqminh)
* cgroups: add support for cpuset.mems (docker/libcontainer#285 by @hqhq)
* Change namespaces config to include path for setns (docker/libcontainer#279 by @crosbymichael)
* Set child sub reaper option on nsenter  (docker/libcontainer#273 by @vishh)
* Introducing macvtap device to netlink package (docker/libcontainer#278 by @milosgajdos)
* Add container spec (docker/libcontainer#282 by @crosbymichael)
* Add support for setting rlimit for contianer (docker/libcontainer#280 by @cpuguy83)
* Add support for ppc64, ppc64le, s390x (docker/libcontainer#277 by @yoheiueda)
* netlink: add NetworkSetTxQueueLen to set qlen (docker/libcontainer#276 by @unclejack)
* Add call to label to allow it to tell kernel how to label created files (docker/libcontainer#275 by @rhatdan)
* Remove hairpin nat on veth create (docker/libcontainer#274 by @crosbymichael)
* libcontainer: setup cpuset cgroup by default (docker/libcontainer#271 by @crosbymichael)
* Use cgroup paths for stats and removal (docker/libcontainer#267 by @crosbymichael)
* Use SYS_SETUID32 for system.Setuid() on Linux for ARM (docker/libcontainer#269 by @aholler)
* Provide better sethostname error message (docker/libcontainer#268 by @crosbymichael)
* Update the path to project from hack (docker/libcontainer#265 by @crosbymichael)
* Set correct env variables for `docker exec` commands (docker/libcontainer#264 by @dqminh)
* Updated cover tool import path. (docker/libcontainer#262 by @hansrodtang)
* Fix typo in json tag (docker/libcontainer#260 by @donhcd)
* Fix the return code check for ParseIP. (docker/libcontainer#259 by @mrunalp)
* Refactor and expose private functions within `libcontainer/user`. (docker/libcontainer#158 by @cyphar)
* Make AddRoute() works with a provided source ip address. (docker/libcontainer#250 by @zhgwenming)
* enable hairpin mode on virtual interface bridge port (docker/libcontainer#62 by @phemmer)
* Remove syncpipe pkg (docker/libcontainer#252 by @crosbymichael)
* Fix vet errors (docker/libcontainer#254 by @LK4D4)
* Add drone.yml file (docker/libcontainer#255 by @crosbymichael)
* Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael)
* use system.Set{u,g}id to fix Set{u,g}id on Go 1.4 (docker/libcontainer#251 by @unclejack)
* Add new interfaces for label/selinux (docker/libcontainer#247 by @rhatdan)
* Mount /dev/mqueue by default (docker/libcontainer#246 by @rhatdan)
* Allow IPC namespace to be shared between containers or with the host (docker/libcontainer#245 by @crosbymichael)
* Only fetch network stats we use. (docker/libcontainer#244 by @vmarmol)
* ADDITIONAL CGROUPS BLKIO STATS (docker/libcontainer#243 by @ashahab-altiscale)
* Fix link re contributing in README (docker/libcontainer#238 by @lucafavatella)
* ErrNotSupportedPlatform is undefined define it (docker/libcontainer#236 by @harshavardhana)
* devices: filter /dev/console out of the node list (docker/libcontainer#235 by @alexoj)
* Rename the file as per github convention. (docker/libcontainer#234 by @mrunalp)
* Fix an endian bug for the ioctl argument (docker/libcontainer#231 by @yoheiueda)
* Add development environment instructions (docker/libcontainer#229 by @dave-tucker)
* Adds support for Setuid/Setgid calls that has been removed from go 1.4 (docker/libcontainer#228 by @mrunalp)
* Add integration test framework (docker/libcontainer#226 by @crosbymichael)
* Make joinDevices public. (docker/libcontainer#209 by @imain)
* Adds a tx_queuelen setting for veth in the network configuration  (docker/libcontainer#221 by @mrunalp)
* xattr: Disallow build on non linux platforms (docker/libcontainer#219 by @harshavardhana)
* Set apparmor profile in execin (docker/libcontainer#224 by @crosbymichael)
* Do not check if SELinux is enabled on lowlevel calls to set processlabel (docker/libcontainer#222 by @rhatdan)
* cgroups: Export ParseCgroupFile (docker/libcontainer#216 by @cbosdo)
* Fix "go install -v . ./.git/logs/refs/heads ./.git/refs/heads ..." (docker/libcontainer#213 by @tianon)
* Add more entropy to veth pair creation (docker/libcontainer#212 by @crosbymichael)
* Update system/xattrs_linux.go (docker/libcontainer#202 by @harshavardhana)
* Expose parameter to set interface MAC address (docker/libcontainer#208 by @MalteJ)
* Added support for VLAN and MAC VLAN interfaces plus did a bit of refactoring. (docker/libcontainer#206 by @milosgajdos)
* Fix leaking file descriptor in NetNs strategy (docker/libcontainer#205 by @hugoduncan)
* Adding IPv6 network support (docker/libcontainer#203 by @MalteJ)
* Saturate negative memory stat values at '0'. (docker/libcontainer#201 by @vishh)
* Add RootFs field to configuration options in libcontainer's Config (docker/libcontainer#199 by @SaiedKazemi)
* Refactored and added more tests.Cleaned up netlink a bit. (docker/libcontainer#197 by @milosgajdos)
* netlink: Add NetworkSetMacAddress (docker/libcontainer#194 by @lmars)
* netlink: Add uint32Attr helper (docker/libcontainer#192 by @titanous)
* Netlink cleanup (docker/libcontainer#190 by @titanous)
* Add rich errors to the API (docker/libcontainer#185 by @Zteve)
* Cache cgroup root mount location. (docker/libcontainer#189 by @vmarmol)
* Devices error injection (docker/libcontainer#186 by @Zteve)
* Allow mounts to be supplied with the MS_SLAVE option. (docker/libcontainer#184 by @erikh)
* Correct Create() api call description in Factory interface. (docker/libcontainer#172 by @Zteve)
* Remove sampling from libcontainer CPU stats. (docker/libcontainer#174 by @vmarmol)
* Get UID and GID for device nodes (docker/libcontainer#173 by @crosbymichael)
* syncpipe: consume from parent before closing child (docker/libcontainer#170 by @bernerdschaefer)
* Update container to have an ID provided by the user (docker/libcontainer#166 by @crosbymichael)
* Use `blkio.throttle.*` stats when CFQ is not in use (docker/libcontainer#167 by @discordianfish)
* Add support for user defined mounts in tmpfs (docker/libcontainer#168 by @crosbymichael)
* Use --privileged in Makefile (docker/libcontainer#164 by @crosbymichael)
* Allow docker to free container labels when containers are removed. (docker/libcontainer#162 by @rhatdan)
* Return NotFound error for cgroups abs paths (docker/libcontainer#161 by @crosbymichael)
* Remove dependency from docker/pkg/systemd (docker/libcontainer#159 by @LK4D4)
* Enter cgroups as part of NsEnter (docker/libcontainer#143 by @vishh)
* Fix warnings from go vet (docker/libcontainer#156 by @LK4D4)
* Implement execin by using registered functions (docker/libcontainer#155 by @crosbymichael)
* Fixes logic for calculating percentage (docker/libcontainer#147 by @lynxbat)
* Expose setting interface by fd in network pkg (docker/libcontainer#152 by @crosbymichael)
* Modification of erikh/netlink-remove-address PR (docker/libcontainer#149 by @milosgajdos)
* Add travis status badge (docker/libcontainer#153 by @LK4D4)
* Add myself as maintainer. (docker/libcontainer#151 by @mrunalp)
* Refactor execin send config over pipe (docker/libcontainer#146 by @crosbymichael)
* RtAttr packaging fix. Added NetworkLinkDel() func and a new test. (docker/libcontainer#139 by @milosgajdos)
* Move nsenter C code to separate file (docker/libcontainer#144 by @crosbymichael)
* Change nsenter to support docker 'runin' (docker/libcontainer#141 by @vishh)
* Add "update-vendor.sh" script and vendor our current deps... (docker/libcontainer#140 by @tianon)
* Lock the thread first thing in init. (docker/libcontainer#137 by @mrunalp)
* DefaultCreateCommand supports command w/ flags (docker/libcontainer#136 by @bernerdschaefer)
* Only import "testing" from `*_test.go` (docker/libcontainer#135 by @peterbourgon)
* Update more "dotcloud/docker" refs to "docker/docker" (docker/libcontainer#134 by @tianon)
* Move "pkg/user" into libcontainer... (docker/libcontainer#103 by @tianon)
* fix the order of setns() (docker/libcontainer#58 by @maebashi)
* Implement system.GetClockTicks for all platforms (docker/libcontainer#133 by @bernerdschaefer)
* Make fs.GetStats() work when used from inside a docker container. (docker/libcontainer#130 by @vishh)
* Add label.InitLabels functioni. Allows generation of labels based on options (docker/libcontainer#105 by @rhatdan)
* Correct nsenter fprintf syntax (docker/libcontainer#128 by @crosbymichael)
* Update imports for new docker location (docker/libcontainer#127 by @crosbymichael)
* Add a couple tweaks to the Dockerfile (docker/libcontainer#123 by @tianon)
* Fix veth network stats. (docker/libcontainer#121 by @vishh)
* Null-term ioctl ifr_name strings #125 (docker/libcontainer#126 by @dhammika)
* Add missing "--rm" on "make sh" (docker/libcontainer#122 by @tianon)
* Add busybox rootfs so we can run containers (docker/libcontainer#120 by @crosbymichael)
* Minor fixes to network stats (docker/libcontainer#119 by @vishh)
* Add integration tests with nice makefile (docker/libcontainer#117 by @crosbymichael)
* Adding RunIn to run a user specified command in an existing container. (docker/libcontainer#64 by @vishh)
* Add "linux/arm" to Travis (docker/libcontainer#115 by @tianon)
* Small fix for GetAllCgroups(). (docker/libcontainer#114 by @vmarmol)
* Reopening stdin, stdout and stderr if they are pointing to /dev/null. (docker/libcontainer#107 by @vishh)
* Add netlink hooks to delete a bridge dev #44 (docker/libcontainer#46 by @dhammika)
* Add more Travis matrix targets (being explicit about CGO) (docker/libcontainer#113 by @tianon)
* Add linux/386 testing back to Travis (docker/libcontainer#112 by @tianon)
* Fix 386 and arm cross-compile (docker/libcontainer#111 by @tianon)
* Initially mount /sys as ro instead of remount (docker/libcontainer#110 by @crosbymichael)
* Update a few build tags to be more generic, ... (docker/libcontainer#104 by @tianon)
* Add Start to container API (docker/libcontainer#102 by @crosbymichael)
* Add linux build tags for selinux (docker/libcontainer#101 by @crosbymichael)
* Add dockerfile (docker/libcontainer#100 by @crosbymichael)
* Remove terminal handling in libcontainer (docker/libcontainer#99 by @crosbymichael)
* Don't set the MTU for loopback interfaces. (docker/libcontainer#98 by @thockin)
* Remove the dep on dotcloud/docker/pkg/system (docker/libcontainer#97 by @crosbymichael)
* Remove unsupported file (docker/libcontainer#90 by @crosbymichael)
* Remove FreezerStats. (docker/libcontainer#89 by @vmarmol)
* Remove unused arg from namespaces.NsEnter (docker/libcontainer#88 by @pmorie)
* Add cgroup status for systemd implementation (docker/libcontainer#87 by @crosbymichael)
* Move syncpipe into separate package (docker/libcontainer#86 by @crosbymichael)
* Allow caller to change the SELinux labels on a directory tree. (docker/libcontainer#47 by @rhatdan)
* remove 2 duplicate caps (docker/libcontainer#85 by @vieux)
* Update Travis to test all the packages (docker/libcontainer#84 by @tianon)
* Add a standalone test utility for cgroup package. (docker/libcontainer#79 by @rjnagal)
* Use conventional factory terminology (docker/libcontainer#83 by @glyn)
* Add Load method to factory (docker/libcontainer#81 by @crosbymichael)
* Fix spelling (docker/libcontainer#77 by @leetreveil)
* Change checks for non-existent cgroup file to a more concise form. (docker/libcontainer#80 by @rjnagal)
* Adding Initialize() to create a new container. (docker/libcontainer#76 by @vmarmol)
* Rename package correctly so the binary is nsinit (docker/libcontainer#78 by @crosbymichael)
* Ignore stats that are not available (docker/libcontainer#75 by @vmarmol)
* Basic version of libcontainer API. (docker/libcontainer#67 by @vmarmol)
* Add a cleanup method to cgroup fs. This will help in building a (docker/libcontainer#74 by @rjnagal)
* Add cross-compilation testing to .travis.yml (docker/libcontainer#60 by @tianon)
* Separate nsinit main from implementation (docker/libcontainer#61 by @vishh)
* Add pause and unpause commands to nsinit (docker/libcontainer#56 by @crosbymichael)
* Rename nsinit spec to config and only display raw json (docker/libcontainer#55 by @crosbymichael)
* Report child error to parent (docker/libcontainer#54 by @crosbymichael)
* Adding per container network stats (docker/libcontainer#25 by @vishh)
* Improve nsinit usage instructions (docker/libcontainer#43 by @glyn)
* Create state (docker/libcontainer#50 by @crosbymichael)
* Add oom notify event (docker/libcontainer#48 by @crosbymichael)
* Strongly type context on the Config (docker/libcontainer#51 by @crosbymichael)
* Rename Container -> Config. (docker/libcontainer#39 by @vmarmol)
* Refactoring libcontainer to avoid cyclic dependencies in the future. (docker/libcontainer#41 by @vishh)
* Update readme with API change explination (docker/libcontainer#40 by @crosbymichael)
* Add sample config files (docker/libcontainer#38 by @crosbymichael)
* Don't fail getting stats of unknown hierarchies. (docker/libcontainer#37 by @vmarmol)
* Replacing docker-dev with libcontainer mailing list. (docker/libcontainer#35 by @vmarmol)
* CpuStats.CpuUsage includes TotalUsage (docker/libcontainer#34 by @bernerdschaefer)
* Add option parsing to nsenter and enable specifying commands with arguments (docker/libcontainer#27 by @mrunalp)
* Require two LGTMs for non-maintainer changes. (docker/libcontainer#29 by @vmarmol)
* Update travis to run unit tests (docker/libcontainer#32 by @crosbymichael)
* Update sample json file for quick testing (docker/libcontainer#31 by @crosbymichael)
* Revert "Mount cgroups in the container" (docker/libcontainer#30 by @crosbymichael)
* Ignore isnotexist errors for restrict paths (docker/libcontainer#24 by @crosbymichael)
* Use lstat to check device symlinks (docker/libcontainer#26 by @crosbymichael)
* Fix invalid fd race (docker/libcontainer#17 by @alexlarsson)
* Use PATH_MAX as buffer size for buffers containing paths. (docker/libcontainer#21 by @mrunalp)
* Mount cgroup in container (docker/libcontainer#15 by @alexlarsson)
* nsenter: fixing the cpp order (docker/libcontainer#20 by @vbatts)
* Initial hacker documentation (docker/libcontainer#10 by @glyn)
* Add Travis (docker/libcontainer#14 by @tianon)
* nsenter: fix setns() for rhel6 (glibc-2.12) (docker/libcontainer#12 by @vbatts)
* Grammar in README (docker/libcontainer#11 by @timthelion)
* Fix vet errors (docker/libcontainer#8 by @LK4D4)
* Add build flag for nsenter file (docker/libcontainer#5 by @crosbymichael)
* Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael)

## Initial development under moby/moby (formerly docker/docker)

* Add more stats to libcontainer. (moby/moby#6198 by @vishh)
* Add per cpu usage to libcontainer  stats  (moby/moby#6153 by @vishh)
* Refactor device handling code (moby/moby#6097 by @timthelion)
* SETUID/SETGID not required for changing user (moby/moby#6083 by @bernerdschaefer)
* libcontainer support for arbitrary route table entries (moby/moby#5868 by @jhspaybar)
* Add device nodes recursively (moby/moby#5995 by @vieux)
* Move get pid into cgroup implementation (moby/moby#5976 by @crosbymichael)
* Mount /dev in tmpfs for privileged containers (moby/moby#5922 by @crosbymichael)
* Make /proc writable, but not /proc/sys and /proc/sysrq-trigger (moby/moby#5903 by @alexlarsson)
* Add PDEATHSIG support to nsinit library (moby/moby#5792 by @bernerdschaefer)
* fix panic when passing empty environment (moby/moby#5833 by @srid)
* Change libcontainer to drop all capabilities by default. (moby/moby#5810 by @vmarmol)
* "nsinit exec ..." forwards signals to container (moby/moby#5791 by @bernerdschaefer)
* Remove the bind mount for dev/console which override the mknod/label (moby/moby#5781 by @creack)
* libcontainer: Create dirs/files as needed for bind mounts (moby/moby#5748 by @crosbymichael)
* Check supplied hostname before using it. (moby/moby#5630 by @rjnagal)
* Don't restrict lxc because of apparmor (moby/moby#5556 by @crosbymichael)
* Mount /proc and /sys read-only, except in privileged containers (moby/moby#5529 by @crosbymichael)
* Add selinux label support for processes and mount (moby/moby#5448 by @crosbymichael)
* Close extraneous file descriptors in containers (moby/moby#5464 by @tianon)
* Remove "root" and "" special cases in libcontainer (moby/moby#5449 by @tianon)
* Refactor cgroups into subsystems and support metrics (moby/moby#5328 by @crosbymichael)
* Avoid "invalid memory address or nil pointer dereference" panic (moby/moby#5143 by @kzys)
* Change shm mode to 1777 (moby/moby#5131 by @crosbymichael)
* Fix libcontainer network support on rhel6 (moby/moby#5115 by @alexlarsson)
* apparmor: docker-default: Include base abstraction (moby/moby#5049 by @Supermathie)
* fixed two readme typos (moby/moby#5025 by @dstine)
* These two patches should fix problems we see with running docker in the wild. (moby/moby#4953 by @rhatdan)
* Cleanly shutdown docker (moby/moby#4867 by @crosbymichael)
* remove setupDev from libcontainer (moby/moby#4942 by @vieux)
* Add logger to libcontainer (moby/moby#4645 by @crosbymichael)
* Always symlink /dev/ptmx for libcontainer (moby/moby#4656 by @crosbymichael)
* Move all bind-mounts in the container inside the namespace (moby/moby#4422 by @alexlarsson)
* No pivot root because of ramdisk (moby/moby#4512 by @crosbymichael)
* Use CGO for apparmor profile switch (moby/moby#4506 by @creack)
* remove dbus from apparmor profile for Ubuntu 12.04 (moby/moby#4503 by @unclejack)
* Add find tests and remove panic in DEBUG (moby/moby#4452 by @crosbymichael)