runc/CHANGELOG.md at c8a98f08ae94680fdf091c39cc7427764d20c577

112 KiB

Raw Blame History

v1.0.0-rc11 [20yy-mm-dd]

cgroups/fs2: don't always parse /proc/self/cgroup (#2358 by @kolyshkin)
Vagrantfile: use Fedora 32 (and remove unused Podman) (#2363 by @AkihiroSuda)
docs: terminals: mention subreaper requirement (#2359 by @cyphar)
check that StartTransientUnit/StopUnit succeeds (#2331 by @lifubang)
Makefile fixes and improvements (#2357 by @kolyshkin)
fs2: fix cgroup.subtree_control EPERM on rootless + add CI (#2340 by @AkihiroSuda)
travis: run vagrant tests on the host (#2342 by @kolyshkin)
fix data inconsistent when runc update in systemd driven cgroup (#2343 by @lifubang)
cgroupv2: use default allowed devices when linux resources is null (#2318 by @lifubang)
checkpoint: don't print error if --pre-dump is set (#2327 by @kolyshkin)
Fix cgroupv2 checkpoint/restore (#2335 by @kolyshkin)
cgroupv2: allow to set EnableAllDevices=true (#2347 by @kolyshkin)
Makefile nits (#2334 by @kolyshkin)
libcontainer: fix Checkpoint wrt cgroupv2 (#2324 by @kolyshkin)
Dockerfile: use bats-core (#2336 by @kolyshkin)
libcontainer: use consts of Namespace from runtime-spec (#2330 by @KentaTada)
libcontainer: use x/sys/unix instead of the hardcoded value (#2348 by @KentaTada)
MAINTAINERS: add Kir Kolyshkin (#2326 by @AkihiroSuda)
Fix/improve checkpoint integration tests (#2332 by @kolyshkin)
cgroupv2: fix fs2 driver initialization (#2299 by @kolyshkin)
CI cleanups (#2320 by @kolyshkin)
Nits (#2325 by @kolyshkin)
cgroupv2: default join cgroup namespace in runc example (#2322 by @lifubang)
Defer netns.Close() after error check (#2317 by @tedyu)
cgroupv2: fix fs2 driver default path (#2305 by @kolyshkin)
runc exec: don't enable terminal unless -t is set (#2308 by @kolyshkin)
Initial integration tests for cgroupv2 (#2295 by @kolyshkin)
Exposing memory.numa_stats (#2278 by @iwankgb)
Properly remove intermediate directory (#2312 by @tedyu)
travis: move cgroup-v2 out of allow_failures (#2304 by @AkihiroSuda)
libcontainer: remove unneeded import (#2303 by @KentaTada)
cgroupv2: fix setting MemorySwap (#2288 by @kolyshkin)
cgroupv2: only treat -1 as "max" (#2300 by @kolyshkin)
README.md: update Go version to build (#2296 by @KentaTada)
libcontainer: use cgroups.NewStats (#2297 by @giuseppe)
Fix TestGetContainerStateAfterUpdate on cgroup v2 (#2289 by @AkihiroSuda)
Remove unused consts testScopeWait and testSliceWait (#2294 by @tklauser)
Restore close of criuServer (#2293 by @tedyu)
Use errors.As() and errors.Is() to unwrap errors (#2291 by @kolyshkin)
Added HugeTlb controller for cgroupv2 (#2235 by @Zyqsempai)
vagrant: switch from VirtualBox to KVM + increase HW resources (#2261 by @AkihiroSuda)
Use errors.Unwrap() where possible (#2280 by @kolyshkin)
isPathInPrefixList return value should be reverted (#2283 by @tedyu)
Avoid double close of criuServer (#2284 by @tedyu)
cgroupv2: don't use GetCgroupMounts for criu c/r (#2276 by @kolyshkin)
libct/isPaused: don't use GetPaths from v2 code (#2282 by @kolyshkin)
Add minimal cgroup2 checkpoint/restore support (#2259 by @adrianreber)
Actually check for syscall.ENODEV when checking if a container is paused (#2279 by @yulianedyalkova)
Separate systemd dbus connection initialization from running check (#2203 by @mrunalp)
Dockerfile: some refactoring, and switch to "buster" variant (#2234 by @thaJeztah)
update vendor (#2268 by @AkihiroSuda)
bifio.Scan.Err usage nits (#2275 by @kolyshkin)
Use faster mountinfo parser (part 1) (#2256 by @kolyshkin)
cgroup v2 cleanups (#2273 by @kolyshkin)
Retry writing to cgroup files on EINTR error (#2258 by @danail-branekov)
cgroupv2: use "max" for negative values (#2272 by @kolyshkin)
cgroupv2: don't try to set kmem for systemd case (#2270 by @kolyshkin)
fix readSync (#2193 by @milkwine)
checkpoint: remove error message with --leave-running (#2260 by @adrianreber)
Assorted minor nits in libcontainer (#2263 by @kolyshkin)
vendor: update go-systemd and godbus (#2242 by @AkihiroSuda)
Avoid duplicate calls to runner#destroy (#2267 by @tedyu)
specconv: fix null spec.Process making runc panic (#1826 by @jingxiaolu)
Use signal map from x/sys/unix (#2257 by @kolyshkin)
Dockerfile: add -f to curl (#2264 by @kolyshkin)
libcontainer/sync: Drop procConsole transaction from comments (#1737 by @wking)
Remove unreachable code paths (#1974 by @saschagrunert)
cgroup2: fix conversion (#2248 by @AkihiroSuda)
restore: fix a race condition in process.Wait() (#2226 by @avagin)
Add support for Go Modules (#2073 by @odinuge)
Makefile: set selinux and apparmor build tags (#2254 by @kolyshkin)
fix rootless container: unrelated error with root flag (#1999 by @lifubang)
sd-notify: do not hang when NOTIFY_SOCKET is used with create (#1807 by @giuseppe)
Synchronize the call to linuxContainer.Signal() (#2252 by @pkagrawal)
Use named error return for initProcess#start (#2238 by @tedyu)
Use "command -v" shell builtin instead of "which" (#2228 by @cpuguy83)
Add rootless testpath in Makefile (#1877 by @KentaTada)
travis: update configuration (#2222 by @cyphar)
Convert blkioWeight to io.weight properly (#2212 by @Zyqsempai)
vendor: opencontainers/selinux v1.3.3, and update golang.org/x/sys (#2230 by @thaJeztah)
libcontainer: dual-license nsenter/cloned_binary.c (#2232 by @cyphar)
MAINTAINERS: add Akihiro Suda to maintainers (#2231 by @thaJeztah)
Exchange deprecated systemd resources with the appropriate for cgroupv2 (#2210 by @Zyqsempai)
Fix the value corresponding to rlimitmap [key] (#2223 by @wanghuaiqing2010)
Fix MAJ:MIN io.stat parsing order (#2192 by @Zyqsempai)
Allow to set systemd unit properties via annotations (#2224 by @kolyshkin)
Added conversion for cpu.weight v2 (#2213 by @Zyqsempai)
README.md: modify the explanation of make flags (#2184 by @KentaTada)
Adding Security audit (#2190 by @amye)
Fix path for security report line (#2221 by @inductor)

v1.0.0-rc10 [2020-01-24]

VERSION: release 1.0.0~rc10 (#2217 by @cyphar)
rootfs: do not permit /proc mounts to non-directories (#2207 by @cyphar)
Handle ENODEV when accessing the freezer.state file (#2133 by @yulianedyalkova)
temporarily disable CRIU tests (#2198 by @AkihiroSuda)
cgroup2: split fs2 from fs (#2169 by @AkihiroSuda)
libcontainer: export and add new methods to allow cgroups manipulation (#2177 by @devimc)
Fix race checking for process exit and waiting for exec fifo (#2185 by @liggitt)
fix permission denied (#2086 by @win-t)
criu: Ensure other users cannot read c/r files (#2141 by @rst0git)
Makefile: allow overriding docker command (#2161 by @AkihiroSuda)
Expose network interfaces via runc events (#2174 by @saschagrunert)
.travis.yml: add Fedora 31 vagrant box (for cgroup2) (#2165 by @AkihiroSuda)
Make event types public (#2172 by @saschagrunert)
cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD error (#2168 by @AkihiroSuda)
Remove the static_build build tag. (#2154 by @jpeach)
cgroup2: port over eBPF device controller from crun (#2145 by @AkihiroSuda)
cgroup2: implement runc ps (#2149 by @AkihiroSuda)
cgroup2: cpuset_v2: skip Apply when no limit is specified (#2148 by @AkihiroSuda)
cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS (#2159 by @AkihiroSuda)
cgroup2: do not parse /proc/cgroups (#2160 by @AkihiroSuda)
Set unified mountpoint in find mnt func (#2140 by @crosbymichael)
Adds info about userns for rootless containers (#1929 by @kkallday)
io_v2.go: remove blkio v1 code (#2147 by @AkihiroSuda)
README.md: clarify cgroup2 support is not ready for production (#2146 by @AkihiroSuda)
checkpoint: Set descriptors.json file mode to 0600 (#2139 by @rst0git)
Support different field counts of cpuaact.stats (#2132 by @skilxn-go)
SECURITY: Add Security Policy (#2135 by @mrueg)

v1.0.0-rc9 [2019-10-05]

VERSION: update to 1.0.0-rc9 (#2134 by @cyphar)
*: verify operations on /proc/... are on procfs (#2130 by @cyphar)
Only allow proc mount if it is procfs (#2129 by @crosbymichael)
Change the permissions of the notify listener socket to rwx for everyone (#2041 by @jburianek)
libcontainer/nsenter: Don't import C in non-cgo file (#2126 by @titanous)
cgroup: support mount of cgroup2 (#2125 by @giuseppe)
criu image path permission error when checkpoint rootless container (#2010 by @lifubang)
man: fix man-pages (#2098 by @adrianreber)
Update dependencies (#2029 by @thaJeztah)
Update to Go 1.12 and drop obsolete versions (#2028 by @thaJeztah)
libcontainer: initial support for cgroups v2 (#2113 by @giuseppe)
Bump x/sys and update syscall for initial Risc-V support (#2123 by @carlosedp)
nsenter: minor fixes (#2122 by @AkihiroSuda)
Rename cgroups_windows.go to cgroups_unsupported.go (#2120 by @rhatdan)
cgroups/fs: check nil pointers in cgroup manager (#2103 by @sipsma)
Make get devices function public (#2107 by @sashayakovtseva)
libcontainer: update masked paths of /proc (#2119 by @KentaTada)
Remove libcontainer detection for systemd features (#2117 by @filbranden)
Avoid the dependency on cgo through go-systemd/util package (#2116 by @filbranden)
Skip searching /dev/.udev for device nodes. (#2094 by @sipsma)
doc: First process in container needs Init: true (#2089 by @anx-astocker)
integration: remove blkio.weight (unavailable in kernel 5.0) (#2082 by @AkihiroSuda)
Bump CRIU to 3.12 (#2081 by @AkihiroSuda)
Update busybox source and fix runc exec bug (#2080 by @zhlhahaha)
Update bash completion for v1.0.0 release (#2075 by @KentaTada)
Update dependency libseccomp-golang (#2074 by @odinuge)
Allow to define COMMIT by env (#2071 by @judu)
Fix cgroup hugetlb size prefix for kB (#2065 by @odinuge)
libcontainer: change seccomp test for clone syscall (#2067 by @KentaTada)
libcontainer: fix TestGetContainerState to check configs.NEWCGROUP (#2061 by @KentaTada)
libcontainer: intelrdt: add missing destroy handler in defer func (#2042 by @xiaochenshen)
main: not reopen /dev/stderr (#2057 by @giuseppe)
r.destroy can defer exec in runner.run method. (#2038 by @imxyb)
specconv: always set "type: bind" in case of MS_BIND (#2035 by @cyphar)
Move systemd.Manager initialization into a function in that module (#2047 by @filbranden)
Support for logging from children processes (#2034 by @danail-branekov)

v1.0.0-rc8 [2019-04-26]

VERSION: release 1.0.0-rc8 (#2045 by @cyphar)
Vendor in latest selinux code for keycreate errors (#2043 by @rhatdan)
Add selinux validate in runc exec (#2031 by @lifubang)
Fix SELinux failures on disabled SELinux Machines (#2032 by @rhatdan)

v1.0.0-rc7 [2019-03-28]

VERSION: release v1.0.0-rc7 (#2026 by @cyphar)
Fixes regression causing zombie runc:[1:CHILD] processes (#2023 by @LittleLightLittleFire)
Need to setup labeling of kernel keyrings. (#2012 by @rhatdan)
Use getenv not secure_getenv (#2015 by @justincormack)
Add $RUNC_USE_SYSTEMD to run tests using systemd cgroup driver (#2014 by @filbranden)
nsenter: cloned_binary: "memfd" cleanups (#1984 by @cyphar)
README: link to /org/security/ (#2001 by @vbatts)
Create bind mount mountpoints during restore (#1968 by @adrianreber)
fix preserve-fds flag may cause runc hang (#2000 by @lifubang)
exec: expose --preserve-fds (#1995 by @giuseppe)
Vendor in go-criu and use it for CRIU's RPC definition (#1963 by @adrianreber)
switched travis to xenial (#1986 by @adrianreber)
nsexec (CVE-2019-5736): avoid parsing environ (#1982 by @brauner)
Remove detection for scope properties, which have always been broken (#1978 by @filbranden)
Vendor opencontainers/runtime-spec 29686dbc (#1973 by @lowenna)
nsenter: clone /proc/self/exe to avoid exposing host binary to container (https://github.com/opencontainers/runc/commit/6635b4f0 by @cyphar)
Update vendored golang.org/x/sys to latest (#1972 by @filbranden)
libcontainer: intelrdt: fix null intelrdt path issue in Destroy() (#1955 by @xiaochenshen)
Resilience in adding of exec tasks to cgroups (#1950 by @BooleanCat)
integration: fix mis-use of libcontainer.Factory (#1967 by @cyphar)
Document 'org.criu.config' annotation (#1964 by @adrianreber)
systemd: fix setting kernel memory limit (#1960 by @giuseppe)
Add CRIU configuration file support (#1933 by @adrianreber)
rootfs: umount all procfs and sysfs with --no-pivot (#1962 by @giuseppe)
Fix .Fatalf() error message (#1952 by @JoeWrightss)
Fix some typos (#1945 by @JoeWrightss)
Modify check-config.sh in accordance with Moby Project updates (#1942 by @KentaTada)
cgroups: nokmem: error out on explicitly-set kmemcg limits (#1939 by @cyphar)
kill: allow to signal paused containers (#1943 by @giuseppe)
cr: get pid from criu notify when restore (#1944 by @Ace-Tang)
libcontainer: intelrdt: add support for Intel RDT/MBA Software Controller in runc (#1919 by @xiaochenshen)
MAINTAINERS: remove @rjnagal and @vmarmol (#1940 by @cyphar)
fix: may kill other process when container has been stopped (#1934 by @lifubang)

v1.0.0-rc6 [2018-11-22]

*: release v1.0.0~rc6 (#1937 by @cyphar)
Small fixes for CRIU based test cases (#1936 by @adrianreber)
libcontainer: Set 'status' in hook stdin (#1741 by @wking)
Bump CRIU to 3.11 (#1935 by @adrianreber)
add missing intelRdt parameters in 'runc update' manpage (#1930 by @linericyang)
Respect container's cgroup path (#1872 by @ostenbom)
tty: clean up epollConsole closing (#1897 by @cyphar)
Add support for cgroup namespace (#1916 by @crosbymichael)
libcontainer: map PidsLimit to systemd's TasksMax property (#1917 by @slp)
Various cleanups to address linter issues (#1911 by @theSuess)
test: fix TestDupNamespaces fail to test dup-ns error (#1925 by @Ace-Tang)
rootless: fix potential panic in shouldUseRootlessCgroupManager (#1928 by @Ace-Tang)
libcontainer: fix potential panic if spec.Process is nil (#1926 by @Ace-Tang)
SELinux labels are tied to the thread (#1814 by @rhatdan)
Makefile: rm cgo tag (#1922 by @kolyshkin)
readme: add nokmem build tag (#1923 by @Ace-Tang)
libcontainer: ability to compile without kmem (#1921 by @kolyshkin)
rootless: fix running with /proc/self/setgroups set to deny (#1918 by @giuseppe)
libcontainer: intelrdt: add user-friendly diagnostics for Intel RDT operation errors (#1913 by @xiaochenshen)
clarify license information (#1903 by @mikebrow)
Bump Travis versions (#1915 by @HaraldNordgren)
Fix travis Go: tip (#1910 by @adrianreber)
libcontainer: CurrentGroupSubGIDs -> CurrentUserSubGIDs (#1880 by @AkihiroSuda)
libcontainer: intelrdt: add support for Intel RDT/MBA in runc (#1632 by @xiaochenshen)
Disable rootless mode except RootlessCgMgr when executed as the root in userns (fix Docker-in-LXD regression) (#1862 by @AkihiroSuda)
fix build break (#1908 by @mikebrow)
Fix issue #1890: config.json with no linux config should not crash (#1894 by @marler8997)
keyring: handle ENOSYS with keyctl(KEYCTL_JOIN_SESSION_KEYRING) (#1893 by @cyphar)
tty: close epollConsole on errors (#1895 by @giuseppe)
Stop relying on number of systems for cgroups (#1817 by @jgkamat)
Update outdated nsenter README content (#1858 by @marcov)
test: add more test case for CleanPath (#1892 by @Ace-Tang)
doc: fix typo (#1886 by @halfcrazy)
fix delete other file bug when container id is .. (#1883 by @lifubang)
linux: drop check for /proc as invalid dest (#1832 by @giuseppe)
libcontainer: add /proc/loadavg to the white list of bind mount (#1882 by @accepting)
Add --rootless option to man page (#1868 by @rhatdan)
Remove unused veth setup code (#1874 by @mrunalp)
When doing a copyup, /tmp can not be a shared mount point (#1873 by @rhatdan)
Add support to checkpoint and restore into external network namespaces (#1849 by @adrianreber)
Add docker proxy settings for make test in a proxy environment (#1854 by @KentaTada)
Add an explanation for TESTPATH (#1855 by @KentaTada)
cr: don't restore net namespace by default (#1871 by @Ace-Tang)
Revert "libcontainer/rootfs_linux: minor cleanup" (#1867 by @mrunalp)
Dockerfile: update criu to v3.10 + checkpoint-restore/criu@27034e7c (#1864 by @AkihiroSuda)
Pass GOMAXPROCS to init processes (#1830 by @crosbymichael)
Fix the problem TESTFLAGS is not to be used in Makefile correctly (#1841 by @KentaTada)
Fix regression with mounts with non-absolute source path (#1845 by @alban)
cr: don't dump network devices and their configuration (#1840 by @avagin)
criu tests: rename criu feature check (#1838 by @adrianreber)
Add osusergo flag to static build (#1836 by @kolyshkin)
libcontainer: devices: fix mips builds (#1824 by @cyphar)
travis: test cross compilation (#1820 by @AkihiroSuda)
Add docs for terminals (#1730 by @deitch)
libcontainer: improve "kernel.{domainname,hostname}" sysctl handling (#1827 by @cyphar)
Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys (#1825 by @onlyjob)
libcontainer: fix compilation on GOARCH=arm GOARM=6 (32 bits) (#1819 by @tiborvass)
runc: not require uid/gid mappings if euid()==0 (#1816 by @giuseppe)
Fix race in runc exec (#1812 by @mrunalp)
cgroup: clean up isIgnorableError for skippable EROFS (#1806 by @cyphar)
Fix merge conflict (#1808 by @AkihiroSuda)
main: support rootless mode in userns (#1688 by @AkihiroSuda)
rootless: cgroup: treat EROFS as a skippable error (#1759 by @cyphar)
fix systemd cpu quota for -1 (#1805 by @derekwaynecarr)
Wrap error messages during init (#1796 by @crosbymichael)
nsenter: improve namespace creation and SELinux IPC handling (#1562 by @cyphar)
Make channel for StartTransientUnit buffered (#1781 by @filbranden)
libcontainer: allow setgroup in rootless mode (#1693 by @AkihiroSuda)
Make the setupSeccomp function public. (#1785 by @dlorenc)
libcontainer/rootfs_linux: minor cleanup (#1784 by @pierrchen)
libcontainer/specconv/spec_linux: Support empty 'type' for bind mounts (#1753 by @wking)
nsexec.c: fix GCC 8 warning (#1779 by @runcom)
Only configure networking when creating a net ns (#1777 by @nalind)
Detect whether Delegate is available on both slices and scopes (#1776 by @filbranden)
Fix systemd.Apply() to check for DBus error before waiting on a channel. (#1772 by @filbranden)
libcontainer: Don't set container state to running when exec'ing (#1771 by @sboeuf)
Fix error message (#1762 by @tamalsaha)
rootless: set sticky bit if using XDG_RUNTIME_DIR (#1760 by @cyphar)
tests: allow to load kernel modules from a test container (#1750 by @avagin)
Label the masked tmpfs with the mount label (#1756 by @rhatdan)
Add timeout while waiting for StartTransinetUnit completion signal (#1754 by @vikaschoudhary16)
cgroups/fs: fix NPE on Destroy than no cgroups are set (#1752 by @dennwc)
Minor wording enhancement in readme (#1751 by @glikson)
libcontainer/user: platform dependent calls (#1749 by @vbatts)
makefile: make "release" PHONY (#1748 by @cyphar)
Fix make shell (#1746 by @tiborvass)
Update build dependencies in Dockerfile (#1711 by @dqminh)

v1.0.0-rc5 [2018-02-27]

release v1.0.0~rc5 (https://github.com/opencontainers/runc/commit/4bb1fe4a by @cyphar)
libcontainer: setupUserNamespace is always called (#1743 by @ynirk)
fix lint error in specconv (#1736 by @allencloud)
Update console dependency to fix runc exec on BE (#1727 by @pmorjan)
adding go get instruction to readme (#1729 by @vsoch)
fix systemd slice expansion so that it could be consumed by cAdvisor (#1722 by @ravisantoshgudimetla)
libcontainer/capabilities_linux: Drop os.Getpid() call (#1724 by @wking)
man: Fix manpages related to console (#1695 by @Taeung)
Warning message if 'go-md2man' is not yet installed (#1685 by @Taeung)
chroot when no mount namespaces is provided (#1702 by @crosbymichael)
libcontainer/state_linux_test: Add a testTransitions helper (#1703 by @wking)
kill.go: Remove unnecessary checks (#1706 by @unshare)
make: validate C format (#1699 by @AkihiroSuda)
Avoid race when opening exec fifo (#1698 by @craigfurman)
libcontainer: expose annotations in hooks (#1687 by @runcom)
Pin version of gojsonschema in tests (#1682 by @BooleanCat)
Fix race against systemd (#1683 by @vikaschoudhary16)
libcontainer: Do not wait for signalled processes if subreaper is set (#1678 by @sboeuf)
RFC: libcontainer: remove dependency on libapparmor (#1675 by @tklauser)
specconv: avoid skipping gidmappings applied when uidmappings is empty (#1665 by @Mashimiao)
support unbindable,runbindable for rootfs propagation (#1655 by @Mashimiao)
Update criu_opts_linux.go (#1667 by @allencloud)
stopped container can't be checkpoint (#1669 by @Mashimiao)
enable integration test on arm64 platform (#1642 by @lubinsz)
remove placeholder for non-linux platforms (#1654 by @dqminh)
Ensure container tests do not write on the host (#1661 by @danail-branekov)
libcontainer: drop FreeBSD support (#1664 by @tklauser)
Delete xattr related code (#1660 by @danail-branekov)
systemd: adjust CPUQuotaPerSecUSec to compensate for systemd internal handling (#1651 by @sjenning)
Import docker/docker/pkg/mount into runc (#1644 by @vdemeester)
Add build 1.9 to travis (#1645 by @vdemeester)
Remove pkg/symlink from docker/docker and use cyphar/filepath-securejoin (#1622 by @vdemeester)
enable unit test on arm64 platform (#1640 by @jongwu)
specconv.Example(): add /proc/scsi to masked paths (#1641 by @AkihiroSuda)
Avoid disk usage explosion when copying busybox (#1629 by @danail-branekov)
Specconv: Test create command hooks and seccomp setup (#1626 by @fntlnz)
tests: add missing cgroups_kmem requirement (#1621 by @monstermunchkin)
WIP: Better testsuite for specconv (#1619 by @fntlnz)
tests: add various !terminal tests (#1357 by @cyphar)
libcontainer: handler errors from terminate (#1607 by @crosbymichael)
trailing punctuation in header (#1206 by @YuPengZTE)
Fix breaking change in Seccomp profile behavior (#1616 by @mheon)
libcontainer: intelrdt: fix a GetStats() issue (#1615 by @xiaochenshen)
specconv: emit an error when using MS_PRIVATE with --no-pivot (#1606 by @cyphar)
libcontainer: use Major/Minor from x/sys/unix (#1614 by @tklauser)
add additional-gids to runc exec (#1608 by @crosbymichael)
Propagate the correct argv0 when re-execing (#1453 by @petrosagg)
Support cgroups with limits as rootless (#1540 by @williammartin)
libcontainer: merge common syscall implementations (#1613 by @tklauser)
Update libseccomp-golang dependency for filter generation bugfix (#1424 by @mheon)
Add mips support (#1475 by @vstefanovic)
rootfs: switch ms_private remount of oldroot to ms_slave (#1500 by @cyphar)
libcontainer: cgroups: Write freezer state after every state check (#1610 by @sboeuf)
make localintegration fails on Ubuntu 17.04 (#1528 by @leitwolf7)
libcontainer: intelrdt: add update command support (#1590 by @xiaochenshen)
libcontainer: create Cwd when it does not exist (#1604 by @AkihiroSuda)
Set initial console size based on process spec (#1275 by @williammartin)
Bump console and sys deps (#1600 by @crosbymichael)
libcontainer: remove unnecessary type conversions (#1599 by @tklauser)
libcontainer: default mount propagation correctly (#1598 by @euank)
Delete unused variable (#1597 by @s7v7nislands)
Drop support golang 1.5 (#1593 by @s7v7nislands)
Apply cgroups earlier (#1586 by @crosbymichael)
Disable systemd in static build (#1579 by @yongtang)
Use netgo for static build (#1577 by @yongtang)
tty: move IO of master pty to be done with epoll (#1455 by @dqminh)
Support multiple users/groups mapped for the rootless case (#1529 by @giuseppe)
Delete unused function (#1588 by @s7v7nislands)
Fixes #1585 config.Namespaces is empty when accessed (#1587 by @Mashimiao)
libcontainer: intelrdt: use init() to avoid race condition (#1589 by @xiaochenshen)
init: delay seccomp application as late as possible (#1569 by @cyphar)
checkpoint: support lazy migration (#1541 by @adrianreber)
libcontainer: add support for Intel RDT/CAT in runc (#1279 by @xiaochenshen)
signal: ignore tty.resize errors (#1575 by @cyphar)
travis: drop shfmt install (#1578 by @cyphar)
fix --read-only containers under --userns-remap (#1572 by @tych0)
Fix systemd cgroup after memory type changed (#1573 by @hqhq)
init: switch away from stateDirFd entirely (#1570 by @cyphar)
Add AutoDedup option to CriuOpts (#1561 by @thegrumpylion)
Check error return values (#1560 by @tklauser)
fix panic when Linux is nil for rootless case (#1559 by @Mashimiao)
release: import umoci's release.sh script (#1554 by @cyphar)
Update state after update (#1558 by @hqhq)
makefile: enable -buildmode=pie (#1542 by @cyphar)
makefile: drop usage of --install (#1555 by @cyphar)
Fix flaky test TestNotifyOnOOM (#1556 by @hqhq)
fix panic when Linux is nil (#1551 by @crosbymichael)
Handle non-devices correctly in DeviceFromPath (#1553 by @mlaventure)
Pass back the pid of runc:[1:CHILD] so we can wait on it (#1506 by @LittleLightLittleFire)
Use CRIU VERSION RPC if available (#1535 by @adrianreber)
Revert "Merge pull request #1450 from vrothberg/sgid-non-numeric" (#1548 by @mlaventure)
Fix condition to detect device type in DeviceFromPath (#1544 by @mlaventure)
Move user pkg unix specific calls to unix file (#1545 by @mlaventure)
Remove @avagin as a maintainer (#1543 by @avagin)
Fix issues found by staticcheck (#1537 by @tklauser)
Always save own namespace paths (#1477 by @yummypeng)

v1.0.0-rc4 [2017-08-10]

VERSION: release v1.0.0-rc4 (#1532 by @cyphar)
Updated logrus to v1 (#1526 by @stevenh)
Remove the code that close negative descriptor (#1533 by @keloyang)
README.md: adjust capabilities section in config.json example (#1534 by @tklauser)
libcontainer: one more switch from syscall to x/sys/unix (#1530 by @tklauser)
Bump the spec up to v1.0.0 (#1527 by @mrunalp)
update gocapability (#1524 by @Mashimiao)
libcontainer: use additional functions and constants from x/sys/unix (#1519 by @tklauser)
list: fix various problems with owner field (#1516 by @cyphar)
Fix integration when missing criu (#1245 by @WeiZhang555)
Update runtime-spec to rc6+ (#1518 by @crosbymichael)
Use Prctl() and ioctl wrapper functions from x/sys/unix (#1504 by @tklauser)
libcontainer/user: add supplementary groups only for non-numeric users (#1450 by @vrothberg)
Remove shfmt (#1510 by @crosbymichael)
*: fix shfmt (#1505 by @cyphar)
Expose memory.use_hierarchy in MemoryStats (#1378 by @derekwaynecarr)
libcontainer/specconv/spec_linux: Add support for (no)lazytime (#1460 by @wking)
runc only works on Linux so remove putative Solaris and unsupported main (#1502 by @justincormack)
Update spec to master, switch to int64 for memory limits (#1495 by @justincormack)
Fix checkpoint/restore tests with newer kernel (#1496 by @dqminh)
Use keyctl wrappers from x/sys/unix (#1482 by @tklauser)
Use Eventfd() from golang.org/x/sys/unix (#1491 by @tklauser)
libcontainer/container_linux: Consider process state (running, zombie, etc.) in runType (#1489 by @wking)
update READ.me for new struct configs.Config.Capabilities (#1481 by @elianka)
tests: redirect runc log messages to stderr (#1484 by @avagin)
libcontainer/console_linux.go: Make SaneTerminal public (#1479 by @wking)
travis: set go_import_path to github.com/opencontainers/runc (#1388 by @avagin)
Use Prctl() from x/sys/unix instead of own wrapper (#1478 by @tklauser)
Update spec to 239c4e44f2 (#1473 by @crosbymichael)
Use NLA_* constants from x/sys/unix instead of syscall (#1474 by @tklauser)
Use symlink xattr functions from x/sys/unix (#1470 by @tklauser)
Switch examples in README.md from syscall to x/sys/unix (#1467 by @tklauser)
vendor.conf: Bump golang.org/x/sys to a55a76086885b80f79961eacb876ebd8caf3868d (#1464 by @wking)
Allow specification of general Go build flags and ldflags (#1452 by @justincormack)
Move libcontainer to x/sys/unix (#1442 by @clnperez)
Fix setup cgroup before prestart hook (#1239 by @moypray)
Handle container creation when cgroups have already been mounted in another location (#1372 by @craigfurman)
Dump and restore containers with external terminals (#1355 by @avagin)
Ignore error when force deleting a non-existing container (#1451 by @runcom)
Clean up unix vs linux usage (#1447 by @justincormack)
add createdState and runningState status testcase (#1410 by @chchliang)
Fix comments about when to pivot_root (#1438 by @hqhq)
tests: don't call wait_for_container after synchronous operations (#1433 by @avagin)
Issue #1429 : Removing check for id string length (#1435 by @harche)
update man page for runc update (#1436 by @sak0)
Remove redundant declaration of namespace slice (#1428 by @harche)
Allow updating pids limit (#1423 by @mlaventure)
Add a rootless section to "spec" man page and command help (#1425 by @jwendell)
Optimizing looping over namespaces (#1418 by @harche)
vendor: clean up to be better written (#1408 by @cyphar)
Don't try to read freezer.state from the current directory (#1387 by @avagin)
Fix misspelling of "properties" in various places (#1412 by @tpot)
Update examples on README to allow rootless execution (#1414 by @jwendell)
add testcase in generic_error_test.go (#1402 by @chchliang)
Set container state only once during start (#1396 by @harche)
Use opencontainers/selinux package (#1365 by @hqhq)
Revert back to using /sbin (#1406 by @crosbymichael)
restore: apply resource limits (#1399 by @avagin)
checkpoint: check if system supports pre-dumping (#1371 by @adrianreber)
could load a stopped container. (#1400 by @sak0)
Fix console syscalls (#1398 by @clnperez)
libcontainer: rewrite cmsg to use sys/unix (#1394 by @cyphar)
Rootless Containers (#774 by @cyphar)
.travis.yml: Don't require FETCH_HEAD (partial fix for failing master tests) (#1383 by @wking)
travis: use alternate commit range (#1382 by @vbatts)

v1.0.0-rc3 [2017-03-21]

Bump up runc version to v1.0.0-rc3 (#1377 by @mrunalp)
fix panic regression when config doesnt have caps (#1380 by @dqminh)
Use uint64 for resources to keep consistency with runtime-spec (#1375 by @hqhq)
Revert "fix minor issue" (#1374 by @cyphar)
Add separate console socket (#1356 by @crosbymichael)
fix minor issue (#1373 by @moypray)
Update runtime spec to rc5 (#1370 by @mrunalp)
Remove unused ExecFifoPath (#1366 by @hqhq)
Update devices_unix.go for LXD (#1327 by @CarltonSemple)
Only allow single container operation (#1363 by @hqhq)
Remove lk4d4 as a maintainer (#1362 by @crosbymichael)
Remove unused function in systemd cgroup (#1360 by @hqhq)
fix cpu.cfs_quota_us changed when systemd daemon-reload using systemd. (#1344 by @xuxinkun)
Don't fchown when inheriting io (#1354 by @crosbymichael)
Container can be in stopped status from created status. (#1353 by @sak0)
user: fix the parameter error (#1280 by @datawolf)
Fix kmem accouting when use with cgroupsPath (#1350 by @hqhq)
Carry #998: Use vndr tool for vendoring (#1340 by @dqminh)
fix systemd-notify when using a different PID namespace (#1308 by @giuseppe)
add pre-dump and parent-path to checkpoint (#1001 by @x1022as)
Add --preserve-file-descriptors=N to create (#1320 by @ijc)
small cleanup for runc ps man pages (#1342 by @sak0)
Fix state when _LIBCONTAINER in environment (#1317 by @hqhq)
Don't override system error (#1339 by @cpuguy83)
ps: --format value check (#1332 by @sak0)
update go version at travis-ci (#1335 by @mcuadros)
Fix race condition when sync with child and grandchild (#1237 by @hqhq)
Use %zu for printing of size_t values (#1336 by @crosbymichael)
Fixes set memory to unlimited (#1127 by @boynux)
fix typo (#1328 by @sak0)
support create device with type p and u (#1321 by @Mashimiao)
Small cleanup (#1316 by @hqhq)
libcontainer: rootfs_linux: support overlayfs (#1314 by @runcom)
libcontainer: selinux: fix DupSecOpt and DisableSecOpt (#1312 by @runcom)
Only wait for processes after delivering SIGKILL in signalAllProcesses (#1285 by @stevenh)
Correct docs typo for restoredState. (#1309 by @stevenh)
Correct container.Destroy() docs (#1310 by @stevenh)
Resolve InitArgs to ensure init works (#1293 by @stevenh)
kill: requires max 2 arguments (#1305 by @giuseppe)
libcontainer: init: only pass stateDirFd when creating a container (#1274 by @cyphar)
Revert "DupSecOpt needs to match InitLabels" (#1303 by @runcom)
Add godoc links to README.md files (#1284 by @stevenh)
Ensure pipe is always closed on error in StartInitialization (#1294 by @stevenh)
Call defer tty.Close() earlier (#1300 by @hqhq)
fix typos by the result of golint checking (#1205 by @YuPengZTE)
Add nsenter details to libcontainer README.md (#1298 by @stevenh)
Remove a compiler warning in some environments (#1291 by @justincormack)
using golang-style assignment (#1288 by @rainrambler)
move error check out of the for loop (#1278 by @datawolf)
Ignore cgroup2 mountpoints (#1266 by @mrunalp)
kill: make second argument optional (#1282 by @giuseppe)
small refactor (#1249 by @datawolf)
Bump golang to 1.7.4 (#1271 by @hqhq)
Do not create cgroup dir name from combining subsystems (#1268 by @hqhq)
Cleanup: remove redundant code (#1260 by @coolljt0725)
Fix regression of exec command (#1265 by @WeiZhang555)
checkpoint: handle config.Devices and config.MaskPaths (#1110 by @avagin)
Fix the outdated comment for Error interface (#1248 by @datawolf)
cgroups: update the comments (#1251 by @datawolf)
remove -i option to avoid failure of jenkins in non-interactive mode. (#1252 by @FengtuWang)
Fix go_vet errors (#1254 by @hqhq)
Fix typos (#1255 by @hqhq)
Simplify error handling on function return (#1257 by @mrunalp)
Remove unused code and unnecessary conversion (#1258 by @mrunalp)
Fix error shadow and error check warnings (#1259 by @mrunalp)
Makefile: add manpage cleanup (#1232 by @Mashimiao)
Fix leftover cgroup directory issue (#1196 by @hqhq)
Add badge for Go Report Card (#1253 by @xlgao-zju)
Add Travis CI badge to README (#1250 by @caniszczyk)
*: fix go-vet failures (#1243 by @cyphar)
travis: add travis-ci (#1246 by @cyphar)
Add integration for update rt period and runtime (#1203 by @WeiZhang555)
Split the code for remounting mount points and mounting paths. (#1222 by @justincormack)
Check args numbers before application start (#1158 by @WeiZhang555)
Don't add device to list if it doesn't exist anymore (#1217 by @mrunalp)
Sync HookState struct with OCI spec (#1201 by @WeiZhang555)
Bump runtime-spec to v1.0.0-rc3 (#1233 by @WeiZhang555)
rename ocitools to oci-runtime-tool (#1231 by @Mashimiao)
Clean apt archives and source directories in Dockerfile (#1226 by @nhlfr)
validate: Check that the given namespace path is a symlink (#1221 by @sameo)
Consoles, consoles, consoles. (#1018 by @cyphar)
Fix thread safety of SelinuxEnabled and getSelinuxMountPoint (#1216 by @eparis)
*: add information about security mailing list (#1213 by @cyphar)
Fix typo. (#1211 by @yummypeng)
Fix typo (#1210 by @xianlubird)
delete unused variable (#1207 by @datawolf)
tiny refactor (#1208 by @datawolf)
fix typos (#1204 by @allencloud)
Fix cpuset issue with cpuset.cpu_exclusive (#1194 by @hqhq)
Sync with grandchild (#1154 by @hqhq)
godeps: update go-systemd to v14 (#1199 by @squeed)
Add shell formatting via shfmt (#1192 by @mvdan)
Fixing error message in nsexec (#1187 by @rajasec)
fix the pid-file option for runc exec/run/create command (#1128 by @datawolf)
Adding update command in help-bats (#1182 by @rajasec)
Add --all flag to kill (#1180 by @crosbymichael)
More fix to nsexec.c's comments (#1168 by @hqhq)
Add bash completions for new flags of update (#1177 by @WeiZhang555)
Allow update rt_period_us and rt_runtime_us (#1173 by @WeiZhang555)
add test cases for exec command (#1133 by @datawolf)
libcontainer: io: stop screwing with \n in console output (#1146 by @cyphar)
Move ambient capabilties behind build tag (#1172 by @crosbymichael)
Remove panic from init (#1117 by @crosbymichael)
fix error message (#1171 by @Crazykev)
nsenter: fix up comments (#1165 by @cyphar)
Fix all typos found by misspell (#1160 by @hqhq)
Updating container state and status API in README (#1157 by @rajasec)
Unify rootfs validation (#1159 by @hqhq)
Small correction in update resource file usage (#1161 by @rajasec)
Correction in util error messages (#1162 by @rajasec)
man page update for delete command (#1163 by @rajasec)
Clarify libseccomp installation in guide (#1164 by @resouer)
Remove unnecessary cloneflag validation (#1153 by @hqhq)
Detect and forbid duplicated namespace in spec (#1150 by @WeiZhang555)
Make parent mount private before bind mounting rootfs (#1148 by @rhvgoyal)
validator: unbreak sysctl net.* validation (#1149 by @cyphar)
Check pid file (#1147 by @datawolf)
nsenter: guarantee correct user namespace ordering (#977 by @cyphar)
Small typo in README (#1141 by @rajasec)
check the arguments for runc create (#1129 by @datawolf)
docker/docker#27484-check if sysctls are used in host network mode. (#1138 by @gaocegege)
rootfs: make pivot_root not use a temporary directory (#1125 by @cyphar)
Updating bash completion for ps command (#1140 by @rajasec)
fix nits in stderr log (#1139 by @allencloud)
add test cases for create command (#1132 by @datawolf)
add test cases for list command (#1131 by @datawolf)
Add support for copying up directories into tmpfs when a tmpfs is mounted over them (#845 by @mrunalp)
Some refactor and cleanup (#1134 by @WeiZhang555)
Fix issue in GetProcessStartTime (#1136 by @yongtang)
Ignore error when starting transient unit that already exists (#1124 by @derekwaynecarr)
tests: mask: use test paths rather than /sys (#1121 by @cyphar)
ps error logging improvement (#1091 by @rajasec)
checkpoint: fix gofmt (#1120 by @cyphar)
update the man for runc delete command (#1118 by @datawolf)
Add num check for kill command (#1105 by @keloyang)
Fixing runc panic for missing file mode (#1115 by @rajasec)
Add support for r/o mount labels (#1112 by @rhatdan)
start multi-containers with runc start command (#1074 by @datawolf)
pause and resume multi-containers (#1075 by @datawolf)
Fixing runc panic during hugetlb pages (#1116 by @rajasec)
Valide platform on loading config.json (#1114 by @coolljt0725)
DupSecOpt needs to match InitLabels (#1109 by @rhatdan)
tiny fix, add a null check for specs.Resources.Pids.Limit (#1111 by @keloyang)
remove /tmp/bats from dev_runc (#1097 by @keloyang)
fix typos with misspell (#1108 by @dqminh)
just fix a typo (#1107 by @datawolf)
tiny fix (#1106 by @xlgao-zju)
Delete: exit with non zero if one of the containers encountered an error (#1078 by @datawolf)
Revert "simplify ps command" (#1102 by @datawolf)
Add integration test for ps command (#784 by @hqhq)
simplify ps command (#1092 by @datawolf)
Don't enable kernel mem if not set (#1095 by @crosbymichael)
systemd cgroup driver supports slice management (#1084 by @derekwaynecarr)
Ensure we log into logrus on command error (#1089 by @mlaventure)
Remove check for binding to / (#1090 by @crosbymichael)
Fix typo when container does not exist (#1087 by @williammartin)

v1.0.0-rc2 [2016-10-01]

Bump spec and version to rc2 (#1088 by @crosbymichael)
Set ambient capabilities where supported (#1086 by @justincormack)
Refactor enum map range to slice range (#1081 by @ggaaooppeenngg)
Remove the workaround which add a -- flag to runc ps command (#1065 by @keloyang)
Fix TestGetAdditionalGroups on i686 (#1080 by @hqhq)
[integration] add testcases for runc delete command (#1069 by @datawolf)
Container must not checkpoint in created state (#1076 by @rajasec)
Updating libcontainer README for container run (#1077 by @rajasec)
MaskPaths: support directory (#1068 by @AkihiroSuda)
Bug fix for make dbuild (#1072 by @keloyang)
[unittest] add extra ErrorCode in TestErrorCode testcase (#1063 by @datawolf)
Ps/exec parameter fix (#1051 by @keloyang)
enhance runc delete command (#1053 by @datawolf)
cgroup: using WriteCgroupProc to write the specified pid into the cgroup's cgroup.procs file (#1059 by @datawolf)
update the comment for container.Pause() method on linux (#1058 by @datawolf)
Add flag to allow getting all mounts for cgroups subsystems (#1049 by @mrunalp)
Use same state object for state and list (#1048 by @crosbymichael)
Fix typo (#1060 by @yummypeng)
remove duplicate test command on integration (#1056 by @datawolf)
Fix update cpuset on single processor box (#1052 by @hqhq)
Update golang to 1.7.1 (#1055 by @hqhq)
Fix error messages to give information of relabeling failed (#1046 by @rhatdan)
Fix check config (#1023 by @zhaoleidd)
Allow recrusive generic error (#1045 by @hqhq)
Continue for list on errors (#1039 by @crosbymichael)
Removing fatal error from events in stopped state (#1043 by @rajasec)
move m.GetPaths out of the loop (#1042 by @datawolf)
Add privileged to make dbuild (#1022 by @hqhq)
Adding bash completion for create and run (#1027 by @rajasec)
Update runtime-spec to current upstream (#1036 by @athomason)
Fix make release error (#1038 by @keloyang)
Fix runc ps issue (#1013 by @hqhq)
Fix typo. (#1028 by @yummypeng)
Change netclassid json tag (#1033 by @crosbymichael)
Introduce make release (#914 by @zhaoleidd)
Typo in README.md (#1026 by @rajasec)
remove redundant by in annotation(nsexec.c) (#1019 by @keloyang)
Append string "-dirty" to version if git repo is unclean (#1017 by @WeiZhang555)
Tiny refactor: remove unused local variables (#1024 by @WeiZhang555)
Makefile: Fix wrong dependency of "integration" target (#1020 by @forever043)
Fix null point reference panic (#1012 by @hqhq)
Fix default cgroup path (#1009 by @hqhq)
Combine runctestimage and runcimage (#1008 by @hqhq)
Fix runtime-spec repository reference in README (#1011 by @jonboulle)
Error handling when container not exists (#1003 by @rajasec)
Not exec a container from stopped state (#880 by @rajasec)
cli: Workaround for ps's argument (#933 by @zhaoleidd)
Add "--" exec cli support for command arguments (#906 by @TristanCacqueray)
Updated the libcontainer interface comments (#815 by @rajasec)
Return 0 for pid if container is stopped (#1002 by @crosbymichael)
Fix and refactor init args (#934 by @macrosheep)
Support 32 bit UID on i386 (#988 by @chlunde)
let defer function (#997 by @xiekeyang)
Test: Make TestCaptureTestFunc pass in localunittest (#987 by @zhaoleidd)
Adjust man pages for create start split (#878 by @hqhq)
Restored-from-checkpoint containers should have a start time (#995 by @estesp)
Fix race condition when using cgroups.Paths (#970 by @hqhq)
remove unused code (#994 by @xiekeyang)
Disable the subreaper on exec (#993 by @crosbymichael)
move util function (#992 by @xiekeyang)
Fix format specifier for size_t (#989 by @mrunalp)
nsenter: major cleanups (#950 by @cyphar)
checkMountDesktionation: add swaps and uptime to /proc whitelist (#985 by @hallyn)
Do not create /dev/fuse by default (#983 by @justincormack)
Set the cpu cgroup RT sched params before joining. (#860 by @bgray)
Adding /proc/timer_list to the masked paths list (#981 by @dims)
tests: add requires cgroups_kmem (#972 by @brauner)
libcontainer/configs: make hooks run safer (#980 by @LK4D4)
Fix the err info of chdir(cwd) failure (#979 by @haiyanmeng)
Fix the err info of mount failure (#978 by @haiyanmeng)
Use absolute cgroup path for integration test (#974 by @hqhq)
Cleanup GetLongBit (#968 by @hqhq)
Remove kmem Initialization check while setting memory configuration (#962 by @dubstack)
fix init.scope in cgroup paths (#966 by @sjenning)
Skip updates on parent Devices cgroup (#958 by @dubstack)
Change git -C reset to git reset (#943 by @johnbieren)
libcontainer: rename keyctl package to keys (#963 by @guilhermebr)
UNITTEST: Bypass userns test on platform without userns support (#964 by @zhaoleidd)
Fix help message for memory-swap (#850 by @hqhq)
Revert "Use update time to detect if kmem limits have been set" (#961 by @hqhq)
Fix cgroup Set when Paths are specified (#611 by @mrunalp)
Allow cgroup creation without attaching a pid (#956 by @dubstack)
Add runc list man change (#954 by @hqhq)
integration_testing: Fix a output typo (#957 by @zhaoleidd)
Fix libcontainer/nsenter/README.md (#951 by @haiyanmeng)
fix setting net_cls classid (#937 by @hushan)
Fixed typo in build constraint. (#947 by @hencrice)
configs: fix json tags for CpuRt* options (#949 by @cyphar)
libcontainer: Add a helper func to set CriuPath (#936 by @macrosheep)
Let the user explicitly specify additionalGids on runc exec (#913 by @georgethebeatle)
Fix typo (#942 by @ggaaooppeenngg)
address issue #797 by adding additional documentation (#939 by @mikebrow)
Use update time to detect if kmem limits have been set (#935 by @vishh)
Make state detection precise (#930 by @hqhq)
Add force to delete (#928 by @mlaventure)
Use git branch name as tag when building images (#929 by @mlaventure)
rootfs: clean up (#925 by @cyphar)
tests: add tests with {u,g}id != 0 (#922 by @cyphar)
Fix ps argument manual (#919 by @zhaoleidd)
remove unused returned variables name (#917 by @xiekeyang)
Fix fifo usage with userns and not root users (#912 by @crosbymichael)
cgroups: Fix issue if cgroup path contains : (#904 by @euank)
Use cli default value for list format (#879 by @hqhq)
Update for stopped container (#881 by @rajasec)
tests: add debug information for failing tests (#889 by @cyphar)
Use fifo for create / start instead of signal handling (#886 by @crosbymichael)
Removing unused variable for cgroup subsystem (#908 by @rajasec)
Update readme for create start (#905 by @crosbymichael)
Add option to disable new session keys (#874 by @crosbymichael)
bug fix, LeafWeight nil err (#893 by @keloyang)
fail if path to devices subsystem is missing (#896 by @brauner)
readme: Mention the go 1.6 requirement in the README for building runc (#902 by @mrunalp)
bats: Fix spec validation test (#900 by @mrunalp)
godeps: bump libseccomp-golang to 32f571b70023028bd57d9288c20efbcb237f3ce0 (#894 by @cyphar)
Add error return to action function signature (#891 by @mrunalp)
restore: add the empty-ns option (#890 by @avagin)
Replace github.com/codegangsta/cli by github.com/urfave/cli (#885 by @mrunalp)
Updating README for starting the container (#877 by @rajasec)
cleanup ps.go (#882 by @hushan)

v1.0.0-rc1 [2016-06-04]

Bump spec and update runc to 1.0.0-rc1 (#876 by @crosbymichael)
Fixed typo in docstring (#873 by @joe2far)
Updating README with set interface (#868 by @rajasec)
runc events hang for zero duration (#872 by @rajasec)
Implement create and start (#827 by @crosbymichael)
Removing the nil check for process label (#867 by @rajasec)
Add annotations to list and state output (#869 by @crosbymichael)
seccomp: Add ppc and s390x to seccomp/config.go (#864 by @michael-holzheu)
bash completion step for update command (#854 by @rajasec)
Update man pages to refect the latest cli change (#851 by @hqhq)
Improve update memory (#857 by @hqhq)
systemd cgroup: check for Delegate property (#865 by @dqminh)
Disallow self-LGTMs (#863 by @hqhq)
README: Destroy container before fatal (#852 by @hqhq)
Add VERSION file to contain the version info (#856 by @hqhq)
Remove use_hierarchy check when set kernel memory (#853 by @hqhq)
Changing OCF to OCI in README (#855 by @rajasec)
Update manuals (#843 by @zhaoleidd)
Integration framework cleanup (#837 by @cyphar)
checkpoint: add the empty-ns option (#849 by @avagin)
pullapprove: use the right team (#848 by @cyphar)
Add PullApprove support (#847 by @caniszczyk)
Add bash completion support (#817 by @rhatdan)
Allow + in container ID (#675 by @pankit)
Unify log setting's error output (#844 by @zhaoleidd)
godeps: update seccomp to 60c9953736798c4a04e90d0f3da2f933d44fd4c4 (#842 by @cyphar)
Fix update kernel memory test (#828 by @hqhq)
*: correctly chown() consoles (#836 by @cyphar)
Update cli package (#810 by @hqhq)
Fix outdated comment for loadSpec (#835 by @zhaoleidd)
Fix some spelling typo in manual (#833 by @zhaoleidd)
libcontainer: Fix Running Comment (#832 by @valasabk)
Updated description in SPEC (#830 by @rajasec)
Add check_config.sh for runc (#826 by @hqhq)
Add comments for error cases in status functions (#825 by @hqhq)
integration: fix cgroup parsing (#812 by @cyphar)
Update nsenter README (#824 by @ggaaooppeenngg)
Updating runc man page (#822 by @rajasec)
Fix GetLongBit() returns value when _SC_LONG_BIT is not available (#823 by @mlaventure)
libcontainer: nsenter: nsexec.c: fix warnings (#821 by @runcom)
Revert "Need to make sure labels applied to /dev" (#816 by @cyphar)
Adding kernel mem tcp for update command (#813 by @rajasec)
Add man page and fix typo for update command (#809 by @hqhq)
Runc update cgroup kmem limit (#790 by @mlaventure)
Use full test suite on make test (#783 by @cyphar)
Updating error condition in applying apparmor profile (#804 by @rajasec)
Change OCF to OCI in help string and man page. (#800 by @mrunalp)
Need to make sure labels applied to /dev (#796 by @rhatdan)
Use '=' instead of ':' separator on labels (#793 by @bboreham)
Correct outdated URL (#795 by @jimberlage)
If possible, apply seccomp rules immediately before exec (#789 by @justincormack)
Change specs to runtime-spec in integration test (#782 by @hqhq)
Fix integration test for events (#786 by @hqhq)
Remove sniffTest (#785 by @hqhq)
Improve stats output format for stability (#780 by @crosbymichael)
Add json format to ps command (#779 by @crosbymichael)
Add ps command (#767 by @hqhq)
Not showing up the events for destroyed container (#768 by @rajasec)
libcontainer: specconv: fix nil dereference in resource setup (#777 by @cyphar)
Updating README for runc path (#776 by @rajasec)
Adding selinux check during container start (#679 by @rajasec)
Eliminate redundant parsing of mountinfo (#608 by @inatatsu)
Bump up spec and add support for mount label (#773 by @mrunalp)
Add target man in Makefile (#766 by @hqhq)
adds client api integration tests for runc using bash w/bats (#659 by @mikebrow)
Updating kcore in validator test (#772 by @rajasec)
Fixing index out of range during exec of container (#740 by @rajasec)
Add infomation about ocitools in runc spec (#765 by @hqhq)
Makefile fixes (#738 by @codido)
Update the comment for container pause (#758 by @rajasec)
Add -q to list to print only container IDs (#751 by @mrunalp)
nsexec: fix build against musl libc (#762 by @ncopa)
Allow mounting cgroups as read-only when user namespace is configured (#763 by @mrunalp)
Add cause to error messages (#759 by @crosbymichael)
Typo in SPEC.md (#757 by @rajasec)
handling error for userns (#672 by @rajasec)
updating man page for start option (#753 by @rajasec)
Fix OCI reference in README (#749 by @jonboulle)
README.md: simplify Docker image example (#748 by @runcom)
Switch from mixed jessie/testing to jessie+backports for libseccomp (#750 by @tianon)
Get runc to build clean on Solaris (#747 by @amitkris)
Fix trivial style errors reported by go vet and golint (#745 by @AkihiroSuda)

v0.1.1 [2016-04-25]

Bump to v0.1.1 for selinux mount label fix (#778 by @crosbymichael)

v0.1.0 [2016-04-12]

Update to version 0.1.0 (#746 by @crosbymichael)
Makefile: install to /usr/local/sbin (#702 by @cyphar)
Fix problem when swap memory unsupported (#744 by @hqhq)
Add unit tests for the utils package (#739 by @albertoleal)
Add unit tests for configs.Hooks (#717 by @albertoleal)
HookState adhears to OCI (#724 by @glestaris)
Fix setupDev logic in rootfs_linux.go (#742 by @LK4D4)
Fix for runc failing when rootfs has a trailing slash (#736 by @mrunalp)
Add label.GetFileLabel interface (#730 by @rhatdan)
Fix broken build due to missing import (#737 by @mrunalp)
Synchronize writes to mcs map (#735 by @mrunalp)
Report hook output on error (#734 by @crosbymichael)
Fix the build by removing go get for vet (#729 by @mrunalp)
Updating README with container signal interaction (#722 by @rajasec)
Add unit tests for validate.Validator (#718 by @albertoleal)
Typo on Readme file. (#723 by @albertoleal)
Fix problem when update memory and swap memory (#592 by @hqhq)
Bump spec for masked and readonly paths (#716 by @crosbymichael)
Fixing rlimit sigpending value (#721 by @rajasec)
Fixup incorrect package name in a comment (#712 by @mrunalp)
Return a more meaningful error when namespaces are disabled (#711 by @rhatdan)
Add --no-pivot option for containers on ramdisk (#710 by @crosbymichael)
libcontainer: user: always treat numeric ids numerically (#708 by @cyphar)
Remove container root dir from an aborted start (#703 by @crosbymichael)
Bump spec and implement hook timeout (#706 by @crosbymichael)
Only perform mount labelling when necessary (#683 by @thtanaka)
Fix hanging tests when run without root (#700 by @marcosnils)
Refactor nsexec.c and add some comments (#686 by @hqhq)
Use %v for map structure format (#698 by @ggaaooppeenngg)
Fix typo (#699 by @ggaaooppeenngg)
Fix libcontainer README.md example config (#696 by @hartzler)
Set rlimits using prlimit in parent (#687 by @julz)
Remove log from seccomp package (#691 by @crosbymichael)
Export CreateLibcontainerConfig (#688 by @codido)
Move lockthread to package level (#690 by @crosbymichael)
fix typos (#685 by @allencloud)
Dont cleanPath for systemd cgroup paths. (#682 by @anusha-ragunathan)
Add support for enabling systemd cgroups (#667 by @mrunalp)
Show proper error from init process panic (#677 by @tonistiigi)
fixing typo in device access error (#673 by @rajasec)
Set oom_score_adj before we send the config to avoid race (#668 by @mrunalp)
Fix the kmem TCP test (#669 by @mrunalp)
Add more information in the error messages when writing to a file (#651 by @mrunalp)
libcontainer: cgroups: deal with unlimited case for pids.max (#644 by @cyphar)
libcontainer: cgroups: add support for kmem.tcp limits (#665 by @cyphar)
Export user and group lookup errors as variables. (#650 by @novln)
adds detail to runc start and spec help text (#661 by @mikebrow)
Fixing valid-id in regex (#647 by @rajasec)
Fix help info of init command (#658 by @hqhq)
remove deadcode (#653 by @jessfraz)
Sync on the pid file to ensure the write is persisted (#655 by @mrunalp)
Create pid-file atomically (#652 by @crosbymichael)
Destroy container along with processes before stdio (#646 by @crosbymichael)
Don't link runc every time (#604 by @hqhq)
Set Delegate to true for cgroups transient units (#648 by @mrunalp)
Ensure logs are flushed (#637 by @crosbymichael)
MAINTAINERS: add Aleksa Sarai to maintainers (#503 by @cyphar)
Adding spec validation for exec and start (#623 by @rajasec)
Add make uninstall command (#643 by @hqhq)
Fix encoding gid mappings (#638 by @hqhq)
Call Prestart hooks before restoring processes (#576 by @avagin)
libcontainer: cgroups: add pids.max to PidsStats (#640 by @cyphar)
Changing from logrus to fatal in list (#639 by @rajasec)
Add gitcommit to runc builds (#636 by @crosbymichael)
Clear groups after entering userns (#634 by @tonistiigi)
Bump spec v0.4 (#633 by @crosbymichael)
Revert "Return proper exit code for exec errors" (#630 by @crosbymichael)

v0.0.9 [2016-03-10]

nsexec: don't use CLONE_PARENT and CLONE_NEWPID together (#632 by @adfernandes)
Improve error handling in runc (#628 by @crosbymichael)
Create pid file when not exist (#597 by @rajasec)
Handling error condition in loadspec (#622 by @rajasec)
Add man pages (#614 by @mrunalp)
Remove duplicated included head file (#616 by @hqhq)
Serialize CommandHooks to state so that PostStop hooks execute during 'runc delete' (#618 by @teddyking)
Add the most basic sniff tests of runc (#554 by @duglin)
Cleanup systemd apply (#491 by @hqhq)
Remove no longer used uid/gid mapping functions (#621 by @estesp)
Properly setuid/setgid after entering userns (#606 by @estesp)
Stub RunningInUserNS for non-Linux (#620 by @estesp)
Update specs dep and runc functionality (#619 by @crosbymichael)
Eliminating checkpoint state in container (#610 by @rajasec)
Fix build error on centos6 (#609 by @hustcat)
Fix handling of unsupported namespaces (#607 by @codido)
adds the spec required state command (#605 by @mikebrow)
Set sysfs readonly in config (#603 by @hqhq)
Update masked and ro paths (#595 by @crosbymichael)
Move setns within nsexec (#454 by @mlaventure)
Fix to allow for build in different path (#600 by @duglin)
Fix race between Apply and GetStats (#601 by @LK4D4)
Adding linux label to test file (#579 by @rajasec)
Updating swapiness value in README (#598 by @rajasec)
Add hqhq to MAINTAINERS (#599 by @hqhq)
Fix setting OomScoreAdj from OCI spec (#590 by @tonistiigi)
Use single decoder instance for one stream (#596 by @hushan)
Remount /dev as ro after it is populated (#585 by @crosbymichael)
Build runC binary via a Docker container (#443 by @BenHall)
Add bundle to runc list (#587 by @crosbymichael)
Return proper exit code for exec errors (#591 by @crosbymichael)
Wait for pipes to write all data before exit (#593 by @crosbymichael)
Allow extra mount types (#594 by @crosbymichael)
Removing pivot directory in defer (#588 by @rajasec)
Make runc buildable everywhere (#328 by @hqhq)
Create unique session key name for every container (#582 by @stefanberger)
Add validation for sysctl (#303 by @mrunalp)
Added error check in Getfilecon (#584 by @rajasec)
Handle memory swappiness default properly (#580 by @estesp)
Move pre-start hooks after container mounts (#568 by @mrunalp)
Make sure container is destroyed on error (#583 by @crosbymichael)
adding --format json to list command (#571 by @mikebrow)
Move the process outside of the systemd cgroup (#577 by @crosbymichael)
Look for " - " instead of just - as separator (#573 by @LK4D4)
Removing tty0 tty1 from allowed devices (#567 by @rajasec)
Check if tty is nil in handler (#570 by @crosbymichael)
Fix CgroupsPath interpretation (#569 by @mlaventure)
updating usage for runc, and all runc commands that now use as the first argument (#546 by @mikebrow)
Do not set devices cgroup entries if in a user namespace (#564 by @hallyn)
libcontainer: integration: fix flaky pids limit tests (#553 by @cyphar)
Remove unneeded cgroups path removal (#556 by @hqhq)
panic during start of failed detached container (#558 by @rajasec)
Prevent a panic when container fails to start (#563 by @mlaventure)
Add support for NoNewPrivileges (#557 by @mrunalp)
Change softlink name to /dev/core (#561 by @rajasec)
Register signal handlers earlier to avoid zombies (#562 by @julz)
libcontainer: cgroups: fs: fix innerPath (#552 by @cyphar)
Remove procStart (#526 by @hqhq)
It's /proc/stat, not /proc/stats (#560 by @chenchun)
Adding tty closure for restore operation (#550 by @rajasec)

v0.0.8 [2016-02-10]

Close tty on error before handler (#549 by @crosbymichael)
Replace Cgroup Parent and Name fields by CgroupsPath (#497 by @mlaventure)
Adding pids subsystem in SPEC.md (#545 by @rajasec)
Create some util funcs that are common between start and exec (#537 by @duglin)
Require container id as arg1 (#541 by @crosbymichael)
*: use coreos/go-systemd/activation for socket activation (#542 by @runcom)
Update spec to v0.3.0 (#536 by @crosbymichael)
Fixing capabilities name in SPEC.md (#540 by @rajasec)
Fixing usage in resume command (#539 by @rajasec)
Load process.json for exec and add detach (#525 by @crosbymichael)
Create a new session key for every container (#488 by @stefanberger)
Added error string for process operations (#493 by @rajasec)
Remove usage of GetMounts from GetCgroupMounts (#496 by @LK4D4)
Add limit value to memory stats (#529 by @mlaventure)
Add a compatibility header for CentOS/RHEL 6 (#524 by @adfernandes)
Update list command and created methods (#522 by @crosbymichael)
Remove version check in runc (#521 by @crosbymichael)
update exec to pass args and --tty on run (#479 by @jessfraz)
Remove double exec from command list (#523 by @crosbymichael)
Add detach to runc (#474 by @crosbymichael)
Fix the comment about sendConfig (#517 by @hqhq)
adds list command (#507 by @mikebrow)
cgroup: systemd: further systemd slice validation (#518 by @cyphar)

v0.0.7 [2016-01-26]

Bump runc version to 0.0.7 (#512 by @LK4D4)
Do not use stream encoders for pipe communication (#515 by @crosbymichael)
Update github.com/opencontainers/specs to a7b50925d8 (#514 by @mrunalp)
cgroup: systemd: properly expand systemd slice names (#511 by @cyphar)
Remove the nullState (#513 by @duglin)
Adding user namespace in README (#504 by @rajasec)
Fix various state bugs for pause and destroy (#499 by @crosbymichael)
Revert "update date in README" (#510 by @hqhq)
update date in README (#441 by @xlgao-zju)
Add spec version to runC version cli (#405 by @marcosnils)
Add build status badge (#505 by @marcosnils)
Only set cwd when not empty (#494 by @crosbymichael)
cgroups: set memory cgroups in Set (#495 by @cyphar)
Remove some hard coded strings (#486 by @duglin)
Fix comment of swap limit (#490 by @hqhq)
Add support for just joining in apply using cgroup paths (#466 by @mrunalp)
Embed Resources for backward compatibility (#476 by @hqhq)
add seccomp.IsEnabled() function (#471 by @jessfraz)
cleanup old hack dir (#481 by @jessfraz)
Check that cwd is absolute (#480 by @mrunalp)
Make cwd required (#475 by @mrunalp)
selinux: add SelinuxSetEnforceMode implementation (#461 by @ahmetb)
Update README of libcontainer (#462 by @hqhq)
update go version to 1.5.3 in dockerfile and cleanup (#478 by @jessfraz)
libcontainer: Add support for memcg pressure notifications (#426 by @codido)
Only validate post-hyphen field length on cgroup mounts (#472 by @dadgar)
Do not allow access to /dev/tty{0,1} (#455 by @hallyn)
cgroup: add PIDs cgroup controller support (#446 by @cyphar)
Add --console to specify path to use from runc (#459 by @crosbymichael)
cgroups: fs: fix cgroup.Parent path sanitisation (#451 by @cyphar)
Handle running nested in a user namespace (#458 by @hallyn)
Revert to non-recursive GetPids, add recursive GetAllPids (#463 by @jimmidyson)
Adding selinux label (#421 by @rajasec)
make localtest failure with selinux enabled (#419 by @rajasec)
Add white list for bind mount check (#452 by @hqhq)
Cleanup Godeps (#448 by @hqhq)
Implement Container States (#311 by @crosbymichael)
Fix typo word in SPEC.md (#449 by @HackToday)
Revert "cgroups: add pids controller support" (#445 by @mrunalp)
cgroups: add pids controller support (#58 by @cyphar)
Add NLA_HDRLEN workaround for gccgo (#437 by @clnperez)
Move the cgroups setting into a Resources struct (#434 by @mrunalp)
Move linux only Process.InitializeIO behind the linux build flag. (#436 by @calavera)
Replace docker units package with new docker/go-units. (#435 by @calavera)
Move STDIO initialization to libcontainer.Process (#430 by @crosbymichael)

v0.0.6 [2015-12-11]

update version for release 0.0.6 (#439 by @xlgao-zju)
systemd: support cgroup parent with specified slice (#336 by @hqhq)
fix minor typo (#432 by @xlgao-zju)
Remove the timeframe for v1 spec (#431 by @hqhq)
nsexec: replace usage of environment variable with netlink message (#340 by @dqminh)
Export console New func (#428 by @crosbymichael)
libcontainer: configs: create cgroup_unsupported.go in order to build on darwin as well (#420 by @runcom)
libcontainer: network_linux.go: fix go vet (#424 by @runcom)
Fixing xattr test step issue (#423 by @rajasec)
README.md: clarify OCI JSON files (#371 by @hqhq)
Fixing minor typo in usage (#415 by @rajasec)
Adding error conditions when apparmor disabled (#411 by @rajasec)

v0.0.5 [2015-11-20]

Bump version constant to 0.0.5 in preparation for a new release (#410 by @tianon)
godeps: update go-systemd to v4 and godbus/dbus to v3 (#408 by @runcom)
libcontainer: configs: extend unsupported os (#407 by @runcom)
Bind mount device nodes on EPERM (#357 by @ashahab-altiscale)
adding support for --bundle (#373 by @mikebrow)
static binary \o/ (#401 by @jessfraz)
Fix comment to be consistent with the code (#403 by @hqhq)
Add seccomp trace support (#398 by @crosbymichael)
Some cgroup cleanups (#388 by @hqhq)
Validate process configuration for runc exec (#391 by @mrunalp)
Add poststart hooks (#392 by @mrunalp)
Change my email address (#394 by @avagin)
Fix race setting process opts (#393 by @crosbymichael)
Windows: Refactor Container interface (#360 by @lowenna)
Windows: Factor down criu_opts (#361 by @lowenna)
Windows: Refactor state struct (#359 by @lowenna)
Unify behavior for memory cgroup (#343 by @hqhq)
README.md: fix description for runc with systemd (#375 by @hqhq)
Docker needs to know whether the user requested a relabel (#377 by @rhatdan)
Add more context around some error cases (#379 by @duglin)
Remove naked return (#355 by @keloyang)
Windows: Tidy libcontainer\devices (#365 by @lowenna)
Windows: Refactor configs/cgroup.go (#362 by @lowenna)
Fixes build tags on cgroups\fs\*.go (#364 by @lowenna)
Add criu related debug output (#238 by @adrianreber)
libcontainer/SPEC.md: fix /dev/stdio symlinks (#337 by @alban)
Fixing typo in the comment for exit (#358 by @rajasec)
Remove fatalf function; unused. (#354 by @warpfork)
Add name to cgroup subsystem and set order (#335 by @crosbymichael)
Add the conversion of architectures for seccomp config (#345 by @keloyang)
Correct intuition for setupDev (#352 by @hqhq)
Set cpuset.cpus and cpuset.mems before join the cgroup (#334 by @hqhq)
Add ability to use json structured logging format. (#333 by @warpfork)
Reorder checks in Walk to avoid panics (#332 by @LK4D4)
Get PIDs from cgroups recursively (#330 by @LK4D4)
Add option to support criu manage cgroups mode for dump and restore (#184 by @huikang)
Add Andrey Vagin as maintainer (#177 by @LK4D4)
Validate label options (#320 by @rhatdan)
Add additional groups support (#324 by @mrunalp)
Fix for race from error on process start (#316 by @cpuguy83)
change named to names (#326 by @xlgao-zju)
nsexec: Align clone child stack ptr to 16 (#319 by @dodgerblue)
bump docker pkgs (#317 by @runcom)
Add memory reservation support for systemd (#305 by @hqhq)
Adapt spec 96bcd043aa (#276 by @runcom)
Systemd name (#315 by @mrunalp)
Allow numeric groups for containers without /etc/group (#313 by @ghost)
Fix name in MAINTAINERS list (#314 by @LK4D4)
change uid to gid in func HostGID (#312 by @xlgao-zju)
Create container_private, container_slave and container_shared modes for rootfsPropagation (#208 by @rhvgoyal)
Systemd: Join perf_event cgroup (#306 by @hqhq)
Fix reOpenDevNull (#309 by @chenchun)
Only remount if requested flags differ from current (#307 by @estesp)
/proc and /sys do not support labeling (#304 by @rhatdan)
Run tests for all HugetlbSizes (#308 by @LK4D4)
Update github.com/syndtr/gocapability/capability to 2c00daeb6c3b4 (#302 by @mrunalp)
no need to use p.cmd.Process.Pid in function, use p.pid() instead. (#292 by @keloyang)
Add prestart/poststop hooks to runc (#160 by @mrunalp)
Move mount methods out of configs pkg (#299 by @crosbymichael)
simple refactor for the options of runc spec (#270 by @laijs)
README.md: Update the config example (#271 by @laijs)
Libcontainer: Add support for multiple architectures in Seccomp (#295 by @mheon)
Change mount dest after resolving symlinks (#296 by @crosbymichael)
Cleanup unused func arguments (#283 by @runcom)
Enter existing user namespace if present (#288 by @codido)
Ignore changing /dev/null permissions if used in STDIO (#289 by @crosbymichael)
script: test_Dockerfile: install criu from source (#291 by @runcom)
Fix STDIO permissions when container user not root (#280 by @crosbymichael)
Fix STDIO ownership for non-tty processes (#279 by @crosbymichael)
script: test_Dockerfile: update criu version (#278 by @runcom)
libcontainer: Allow passing mount propagation flags (#264 by @rhvgoyal)
update the command usage for runc start (#269 by @laijs)
Add CAP prefix for capabilities (#257 by @mrunalp)
close config file after loaded (#272 by @laijs)
update the command usage of runc (#268 by @laijs)
Adjust runc to new opencontainers/specs version (#242 by @LK4D4)
Add testing docs in README (#237 by @hqhq)
New netlink library (#43 by @LK4D4)
Fixing checkpoint issue (#248 by @rajasec)
Minor comments fix (#251 by @hqhq)
Always remount for bind mount (#236 by @hqhq)
make localtest failure on removing seccomp flag in Makefile (#266 by @rajasec)
c/r: create cgroups to restore a container (#253 by @avagin)
Add all support build tags for runc features (#265 by @crosbymichael)

v0.0.4 [2015-09-11]

Add seccomp build tag (#220 by @crosbymichael)
Implement hooks in libcontainer code base (#261 by @crosbymichael)
Fix bug in find cgroup mount point dir (#259 by @hqhq)
Some cgroups cleanup (#250 by @hqhq)
Restorefixforrunningcontainer (#239 by @rajasec)
Fix cgroup mount tests (#235 by @hqhq)
Adding oom_score_adj as a container config param (#232 by @vishh)
cleanup: outdated comment (#233 by @shishir-a412ed)
Make label.Relabel safer. (#165 by @calavera)
Add --log flag (#179 by @crosbymichael)
Add caveat will only build on Linux as per #9 (#229 by @booyaa)
Systemd integration with runc, for on-demand socket activation (#231 by @shishir-a412ed)
Remove hard-coded default for tcp connections (#221 by @crosbymichael)
Restore container cleanup (#214 by @rajasec)
Update README config file devices (#224 by @marcosnils)
Adding rlimit in spec (#223 by @rajasec)
Connect Seccomp configuration in Spec to backend (#228 by @mheon)
Error should be checked after loadSpec (#230 by @shishir-a412ed)
Add a 'start' command (#210 by @duglin)
Add hooks for passing explicit veth pairs for forwarding to CRIU (#215 by @boucher)
Add the criu log file path to the failure message. (#219 by @boucher)
Convert Seccomp support to use Libseccomp (#70 by @mheon)
Add exec command (#205 by @tonistiigi)
Simple Cleanups (#212 by @laijs)
richer information error message for terminal (#213 by @laijs)
Integrate security settings (#211 by @mrunalp)
Update device specs (#193 by @tonistiigi)
Adding securityfs mount (#183 by @rajasec)
Ensure the cleanup jobs in the deferrer are executed on error (#206 by @mountkin)
Fix cgroups again (#194 by @LK4D4)
Fixing netlink build error on ppc64le with gccgo (#199 by @clnperez)
Add pause/resume commands (#204 by @tonistiigi)
make localtest fills up /tmp with /tmp/libcontainer (#209 by @rajasec)
Add the default signal (SIGTERM) for runc kill (#197 by @laijs)
Simplify the return on process wait (#196 by @laijs)
container id is the cgroup name (#192 by @fabiokung)
Minor update to usage/help text (#188 by @duglin)
Fix cgroup parent searching (#191 by @LK4D4)
Change example JSON to refer to "pid" namespace rather than "process." (#182 by @willmtemple)
Rename process namespace to pid (#180 by @LK4D4)
Fix minor stylistic issues (#181 by @mrunalp)
Don't make modifications to /dev when it is bind mounted (#96 by @mrunalp)
Runc kill (#178 by @crosbymichael)
Use signal handler for restore (#174 by @crosbymichael)

v0.0.3 [2015-08-04]

Add signal API to Container interface (#175 by @crosbymichael)
Go1.5 compatibility fix (#166 by @codido)
Use /proc/self/exe as default for InitPath (#151 by @LK4D4)
Update go systemd dbus v3 (#150 by @runcom)
Update spec (#173 by @mrunalp)
Add debug message when unable to execute criu (#172 by @huikang)
Remove reference to nsinit (#168 by @runcom)
Remove dind (#164 by @LK4D4)
tests: dump/restore a container with cgroups (#163 by @avagin)
Simplify and fix os.MkdirAll() usage (#162 by @kolyshkin)
Change default state directory to /run/oci (#159 by @LK4D4)
Add test arguments to Makefile targets (#161 by @marcosnils)
Update README.md to correct comment about spec and user (#158 by @estesp)
Only add network info if NEWNET is set (#157 by @crosbymichael)
Fix files not closed in mountinfo parsing function (#156 by @mrunalp)
signal: Fix leak (#154 by @mrunalp)
systemd integration with container runtime for supporting sd_notify protocol (#129 by @shishir-a412ed)
Remount /sys/fs/cgroup as RO if MS_RDONLY was passed (#145 by @LK4D4)
test: propagate the error to the caller (#152 by @laijs)
bring the loopback interface up inside containers (#147 by @fabiokung)
typo: tempory -> temporary (#148 by @jhjeong-kr)
Update maintainers guide (#138 by @crosbymichael)
avoid infinite loop with GCCGO (#114 by @brahmaroutu)
Create symlinks for merged cgroups (#144 by @LK4D4)
ct: give criu informations about cgroup mounts (#142 by @avagin)
Fix subsystem path with abs parent (#143 by @LK4D4)

v0.0.2 [2015-07-17]

Revert "Remount /sys/fs/cgroup as readonly always" (#137 by @mrunalp)
Substract source mount from cgroup dir (#135 by @LK4D4)
Remount /sys/fs/cgroup as readonly always (#136 by @LK4D4)

v0.0.1 [2015-07-16]

Cgroups mount fix (#130 by @LK4D4)
Fix handling name= cgroups (#131 by @LK4D4)
Add cgroup mount in the recommended config (#91 by @hqhq)
Fixed two typos (#117 by @jhjeong-kr)
Add memory swappiness support (#120 by @lizf-os)
Correct tmpfs mount for cgroup (#127 by @hqhq)
Fix error when memory cgroup not mounted (#118 by @hqhq)
typo: exists -> exits (#116 by @jhjeong-kr)
the data type should be int8 for ppc64le (#115 by @brahmaroutu)
Fix IDMapping host / container field confusion (#98 by @wking)
Sort mount flags so it's easier to be found (#112 by @hqhq)
typo: SICHLD -> SIGCHLD (#111 by @jhjeong-kr)
Remove deserialization tests. (#109 by @mrunalp)
Windows: Factor out seccomp (#52 by @lowenna)
Windows: Factor out CloseExecFrom (#53 by @lowenna)
Fix bug in Readme.md,change GOPATH to GOPATH/src (#100 by @zenlint)
CI target for Makefile (#72 by @LK4D4)
fix dockerfile (#103 by @jessfraz)
wrong grammar: should never been --> should have never been (#99 by @jhjeong-kr)
Add oom-kill-disable support for systemd (#97 by @hqhq)
Add memory limit set (#90 by @hqhq)
Fixing memory swappiness as -1 in template file for older kernels (#95 by @rajasec)
Adds Sysctl support (#73 by @mrunalp)
Remove sample configs from libcontainer (#89 by @hqhq)
Treat -1 as default value for memory swappiness (#86 by @ktraghavendra)
Update runc with types from spec repository (#82 by @crosbymichael)
Fix build tags (#79 by @LK4D4)
README changes for the newer spec format. (#67 by @mrunalp)
Prefer Godep dependencies in the GOPATH (#71 by @mrunalp)
Some new stuff for makefile (#45 by @LK4D4)
Enable build on unsupported platforms (#68 by @mtesselH)
fixed typo (#63 by @kennethlimcp)
libcontainer: user: fix GetAdditionalGroups* API (#59 by @cyphar)
Update config based on spec changes (#66 by @crosbymichael)
linux: Don't prepend process' cwd if rootfs path is already absolute (#40 by @cgwalters)
Added all dependency to install in Makefile (#32 by @7imbrook)
Windows: Remove nsenter dependency (#49 by @lowenna)
Adding minimum version required for docker create (#64 by @rmanyari)
checkpoint/restore commands support 'file-locks' option. (#55 by @mapk0y)
Corrected spelling (#61 by @blakelapierre)
Fix absolute path getting for runc binary (#47 by @LK4D4)
Minor README tweaks to help newbies (#23 by @duglin)
Move libcontainer documenation to root of repo (#44 by @crosbymichael)
Add notcie about config format changes (#42 by @crosbymichael)
Make startup errors a bit friendlier (#30 by @estesp)
Update usage content and fix typos (#33 by @estesp)
Allow hyphen in "id" (based on cwd pathname) (#31 by @estesp)
Allow runc to be executed as a relative path (#28 by @estesp)
make the install steps more clear in README.md (#14 by @carmark)
Fix function name typo (#29 by @estesp)
Remove nsinit from comments (#22 by @lizf-os)
Initialize memory.swappiness cgroup to -1 (#20 by @estesp)
libcontainer: gofmt pass (#21 by @unclejack)
Remove nsinit from libcontainer README.md (#8 by @LK4D4)
Fix panic in seccomp test on error (#10 by @LK4D4)
Change "... JSON Format;" to "... JSON Format:" (#11 by @justjake)

Initial development under docker/libcontainer

Remove unused code (docker/libcontainer#643 by @runcom)
Ensure all parent dirs are properly setup (docker/libcontainer#642 by @crosbymichael)
Fix nsinit to configure default cgroup entry for MemorySwappiness (docker/libcontainer#640 by @estesp)
Avoid trying to access cpu.shares when it doesn't exist (docker/libcontainer#638 by @lizf-os)
Fix kmem limit set (docker/libcontainer#637 by @hqhq)
Fix some suspicious things in vendor (docker/libcontainer#635 by @LK4D4)
gofmt to fix formatting (docker/libcontainer#634 by @unclejack)
Handle SYS_setns not existing but __NR_setns does. (docker/libcontainer#630 by @tsuna)
Only try to get AdditionalGroups if they are configured. (docker/libcontainer#627 by @mrunalp)
Add the memory swappiness tuning support to libcontainer (docker/libcontainer#622 by @ktraghavendra)
Fix nsinit README.md config link (docker/libcontainer#626 by @icecrime)
Additional ppc architectures follow the arm datatype (docker/libcontainer#625 by @mchasal)
Use simpler parsing of /proc/self/mountinfo for FindCgroupMountpoint (docker/libcontainer#624 by @LK4D4)
Don't change memswap value in libcontainer (docker/libcontainer#620 by @hqhq)
Rebased: Additional groups lookup (docker/libcontainer#603 by @dqminh)
linux: Convert dup2 calls to dup3 (docker/libcontainer#618 by @glevand)
Fix relabel to allow volume mounting of / (docker/libcontainer#619 by @rhatdan)
Stop systemd unit on destroy (docker/libcontainer#617 by @LK4D4)
Golang seccomp package (docker/libcontainer#613 by @crosbymichael)
Fix hack/validate.sh (docker/libcontainer#614 by @LK4D4)
make libcontainer compile on freebsd (again) (docker/libcontainer#615 by @kvasdopil)
Update dockerproject.com links (docker/libcontainer#611 by @thaJeztah)
hugetlb: Add support of Set and GetStats function (docker/libcontainer#567 by @Mashimiao)
spec: Fix errors in file system mount points table. (docker/libcontainer#608 by @davexunit)
bug fix: slice bounds out of range (docker/libcontainer#607 by @WeiZhang555)
Fix race in stats Manager (docker/libcontainer#602 by @runcom)
Update nsinit readme for C/R (docker/libcontainer#605 by @wonderflow)
cgroup memory: Enchance stats support of memory (docker/libcontainer#592 by @Mashimiao)
Process.go can compile on FreeBSD (docker/libcontainer#606 by @kvasdopil)
integration: don't ignore exit codes of test processes (docker/libcontainer#599 by @avagin)
WIP: Add Checkpoint and Restore support to libcontainer (docker/libcontainer#479 by @crosbymichael)
README example for using checkpoint/restore. (docker/libcontainer#600 by @boucher)
Windows: Initial compilation enablement (docker/libcontainer#583 by @lowenna)
Add a flag for specifying system properties. (docker/libcontainer#562 by @mrunalp)
Set the seed when randMacAddr (docker/libcontainer#542 by @sayuan)
Fix nsenter package on unsupported platforms. (docker/libcontainer#596 by @dmitshur)
cgroup: Add freeze Set When calls systemd to Apply (docker/libcontainer#589 by @Mashimiao)
cgroups: add support for net_cls (docker/libcontainer#582 by @Mashimiao)
Add support for kmem limit (docker/libcontainer#591 by @hqhq)
Fix stacktrace panic (docker/libcontainer#590 by @hqhq)
cgroup: add support for net_prio (docker/libcontainer#584 by @Mashimiao)
croup cpu: add support for realtime throttling (docker/libcontainer#587 by @Mashimiao)
don't fail when subsystem not mounted (docker/libcontainer#476 by @hqhq)
Do not prevent mounts in /sys (docker/libcontainer#576 by @crosbymichael)
Update github.com/syndtr/gocapability to 66ef2aa (docker/libcontainer#573 by @LK4D4)
Security fixes for docker 1.6.1 (docker/libcontainer#574 by @crosbymichael)
some fixes for SPEC (docker/libcontainer#572 by @hqhq)
add vendor/pkg to gitignore (docker/libcontainer#570 by @hqhq)
Replace aliased imports of logrus (docker/libcontainer#569 by @hqhq)
integration: don't create a factory for each test case (docker/libcontainer#560 by @avagin)
Update logrus to 0.7.3 (docker/libcontainer#566 by @tianon)
Use logrus everywhere (docker/libcontainer#561 by @avagin)
Adds support for setting system properties. (docker/libcontainer#535 by @mrunalp)
remove unused functions (docker/libcontainer#558 by @hqhq)
Split namespace syscall content for building on non-Linux (docker/libcontainer#554 by @estesp)
cgroups/systemd: remove useless code (docker/libcontainer#555 by @avagin)
cgroups: add support blkio.throttle.read/write_* (docker/libcontainer#539 by @Mashimiao)
Add cgroup mount type for mounting container local cgroups (docker/libcontainer#553 by @crosbymichael)
cgroups: add support of devices deny for another use of cgroup devices (docker/libcontainer#492 by @Mashimiao)
Check for cmd.Process not-nilness in setnsProcess.terminate() (docker/libcontainer#550 by @LK4D4)
Add support for Premount and Postmount commands. (docker/libcontainer#495 by @rhatdan)
fix some typos in source code comments (docker/libcontainer#546 by @liubin)
cleanup cpushares check (docker/libcontainer#537 by @hqhq)
fix freeze systemd test (docker/libcontainer#538 by @hqhq)
Add more explanation for nsenter (docker/libcontainer#526 by @wonderflow)
add Set support for systemd based cgroup (docker/libcontainer#500 by @hqhq)
We want to prevent users from accidently attempting to relabel /, /etc and /usr (docker/libcontainer#533 by @rhatdan)
check "/sbin/apparmor_parser" in apparmor.IsEnabled() (docker/libcontainer#532 by @tifayuki)
integration: wait all test processes (docker/libcontainer#531 by @avagin)
Throw an error if cgroup tries to set cpu-shares more/less than the maximum/minimum permissible value. (docker/libcontainer#464 by @shishir-a412ed)
add comments for nsexec.c (docker/libcontainer#530 by @hqhq)
nsinit: Add a flag to enable systemd support for cgroups (docker/libcontainer#525 by @mrunalp)
add cgroup subsystem hugetlb (docker/libcontainer#519 by @Mashimiao)
Fix a typo in factory.go (docker/libcontainer#527 by @huikang)
Change mount point propogation to default to slave (docker/libcontainer#520 by @rhatdan)
Add arch support for ARMv8 and PowerPC, and fix ARMv7 (docker/libcontainer#524 by @adconrad)
integration: use test helper for error check (docker/libcontainer#508 by @Mic92)
Read _LIBCONTAINER_INITPIPE in nsexec.c (docker/libcontainer#523 by @LK4D4)
Add cache to MemoryStats (docker/libcontainer#518 by @crosbymichael)
Add value checking on relabel command for selinux (docker/libcontainer#509 by @rhatdan)
Append childpipe for adding addtional Fds to container (docker/libcontainer#516 by @crosbymichael)
cgroups: add support for blkio.weight_device (docker/libcontainer#354 by @hqhq)
/dev/mqueue has to be labeled correctly (docker/libcontainer#515 by @rhatdan)
Add documentation for nsinit (docker/libcontainer#501 by @wonderflow)
Ensure that state always contains pathes to all namespaces (docker/libcontainer#514 by @LK4D4)
bugfix and cleanup for systemd cgroup (docker/libcontainer#502 by @hqhq)
add systemd integration test (docker/libcontainer#505 by @hqhq)
Change nsinit root to /var/run/nsinit (docker/libcontainer#507 by @crosbymichael)
add binary target to direct install in a container (docker/libcontainer#490 by @dqminh)
Fix pdeathsig and ppid for supervisor running as pid1 (docker/libcontainer#504 by @crosbymichael)
Fix: typos. (docker/libcontainer#498 by @athoune)
fix README.md for nsinit (docker/libcontainer#493 by @hqhq)
cgroups/systemd: Use unified subsystems (docker/libcontainer#497 by @Mashimiao)
cgroups: return error when passing invalid argument to freezer (docker/libcontainer#494 by @Mashimiao)
cgroups: systemd: attempt to stop test scope, if any (docker/libcontainer#489 by @philips)
Fix finding parent for fs cgroups (docker/libcontainer#491 by @LK4D4)
add readme for nsinit about how to build nsinit (docker/libcontainer#488 by @wonderflow)
Use syscall.Kill instead of p.cmd.Process.Kill (docker/libcontainer#487 by @LK4D4)
Process capabilities (docker/libcontainer#484 by @mrunalp)
Fix minor typo in init_linux.go (docker/libcontainer#481 by @coolljt0725)
mount: Add a flag to bind devices when user namespaces are enabled. (docker/libcontainer#480 by @mrunalp)
remove redundant code (docker/libcontainer#475 by @hqhq)
Update syndtr/gocapability to 8e4cdcb3c22b40d5e330ade0b68cb2e2a3cf6f98 (docker/libcontainer#478 by @LK4D4)
Revert "cgroups: only return path when subsystem really mounted (docker/libcontainer#474 by @crosbymichael)
path now returns the IsNotFound error (docker/libcontainer#472 by @crosbymichael)
systemd: properly check DefaultDependencies is read only (docker/libcontainer#469 by @Snorch)
correct comment errors for netlink_linux.go (docker/libcontainer#460 by @sunyuan3)
Add TmpfsRoot option (docker/libcontainer#459 by @LK4D4)
mount: Take out the base mounts and move them to the config. (docker/libcontainer#455 by @mrunalp)
add parameter to Set api (docker/libcontainer#441 by @hqhq)
Do not fail cgroups setup if parent cgroup does not exist. (docker/libcontainer#453 by @vishh)
mount: sysfs also doesn't need to be labelled like mqueue. (docker/libcontainer#451 by @mrunalp)
Fix path to /dind (docker/libcontainer#450 by @avagin)
selinux: Adds a check for a NUL byte at the end of the string and removes it (docker/libcontainer#443 by @mrunalp)
Add vet checks to validate script (docker/libcontainer#430 by @LK4D4)
Update to recent busybox 2014.11 tar (docker/libcontainer#449 by @estesp)
nsinit usability improvements (docker/libcontainer#448 by @crosbymichael)
Mounting a tmpfs directory needs to inherit directory permissions from base (docker/libcontainer#442 by @rhatdan)
Update logrus to 0.6.6 (docker/libcontainer#447 by @jessfraz)
Hairpin NAT network configuration (docker/libcontainer#446 by @icecrime)
Add information Type method for Factory (docker/libcontainer#445 by @LK4D4)
Don't label mqueue when mounting (docker/libcontainer#444 by @ncdc)
fix some cgroups issues (docker/libcontainer#437 by @hqhq)
nsenter: fix the -Wunused-variable warning (docker/libcontainer#439 by @vbatts)
add Set memoryswap test cases (docker/libcontainer#438 by @hqhq)
Add godoc for selinux package (docker/libcontainer#435 by @pmorie)
fix apply error when we not mount cpu subsystem (docker/libcontainer#429 by @hqhq)
cgroups: add support for oom control (docker/libcontainer#417 by @HuKeping)
Pass os.Environ() as environment to process from init. (docker/libcontainer#432 by @LK4D4)
Remove overcomplicated logic of SIGCHLD from TestNsenterDeadPid (docker/libcontainer#431 by @LK4D4)
A few minor fixes (docker/libcontainer#427 by @avagin)
Add tty support for setnsProcess (docker/libcontainer#428 by @LK4D4)
Adds an integration test for checking process env. (docker/libcontainer#423 by @mrunalp)
cgroups: use Set instead of Apply in Freeze (docker/libcontainer#425 by @hqhq)
Add the file close operation before function return to release resource (docker/libcontainer#426 by @MabinGo)
Fix panic when genericError constructor gets nil error (docker/libcontainer#424 by @dqminh)
add a new api Set (docker/libcontainer#376 by @hqhq)
Make NetworkInterface public (docker/libcontainer#421 by @LK4D4)
Implement stats for systemd (docker/libcontainer#420 by @LK4D4)
Return init errors from setnsProcess (docker/libcontainer#419 by @LK4D4)
Don't join rootfs if path already prefixed by it (docker/libcontainer#416 by @LK4D4)
Fixes validate (docker/libcontainer#414 by @jessfraz)
fix instructions in README (docker/libcontainer#410 by @hqhq)
Add a validate script (docker/libcontainer#395 by @jessfraz)
rename test files so we can really test them (docker/libcontainer#409 by @hqhq)
Move tty configuration to Process (docker/libcontainer#407 by @LK4D4)
Exit related cleanup (docker/libcontainer#400 by @mrunalp)
Return actual ProcessState on Wait error (docker/libcontainer#406 by @LK4D4)
Add default InitArgs for factory (docker/libcontainer#405 by @LK4D4)
Add init path support to allow full control of init binary (docker/libcontainer#404 by @crosbymichael)
Make possible to call config methods on values (docker/libcontainer#403 by @LK4D4)
Fix comment for container.Start (docker/libcontainer#402 by @LK4D4)
remove drone (docker/libcontainer#401 by @jessfraz)
Linux has added a new capability audit_read (docker/libcontainer#383 by @rhatdan)
Use configs.NamespaceType as key for State.NamespacePathes (docker/libcontainer#397 by @LK4D4)
Update copyright year in NOTICE (docker/libcontainer#391 by @thaJeztah)
process: add Wait() and Pid() methods (docker/libcontainer#392 by @avagin)
Change os-prefix file naming to standard postfix naming (docker/libcontainer#394 by @LK4D4)
nsenter: noop reference to C constructor (docker/libcontainer#390 by @vbatts)
Merge API Branch into Master (docker/libcontainer#388 by @crosbymichael)
Merge master into api (docker/libcontainer#389 by @crosbymichael)
Validation for user namespace in the config. (docker/libcontainer#386 by @mrunalp)
Fixes bug where rootfs was empty instead of pwd when not specified. (docker/libcontainer#387 by @mrunalp)
Make usernamespaces work without sidecar process (docker/libcontainer#385 by @crosbymichael)
Add systemd support cpu.cfs_quota_us and cpu.cfs_period_us (docker/libcontainer#371 by @coolljt0725)
Update api branch with master changes (docker/libcontainer#382 by @crosbymichael)
Add functional API for Factory configuration (docker/libcontainer#381 by @crosbymichael)
Add config generation for simple user namespace testing. (docker/libcontainer#379 by @mrunalp)
Fixed some typos and tried to make comments read better. (docker/libcontainer#378 by @mrunalp)
Add a constant for the container console path. (docker/libcontainer#377 by @mrunalp)
Use netlink to set hairpin mode (docker/libcontainer#373 by @LK4D4)
Refactor system mounts to be placed on the config (docker/libcontainer#375 by @crosbymichael)
Fix compilation with golang 1.3(uid/gid mappings is unsupported) (docker/libcontainer#374 by @LK4D4)
Changes required to keep gcc 5.0 quiet and happy. (docker/libcontainer#372 by @rhatdan)
Ensure state is persisted (docker/libcontainer#370 by @crosbymichael)
API Refactoring (docker/libcontainer#367 by @crosbymichael)
integration: check a container with userns (docker/libcontainer#360 by @avagin)
Resurrect hairpin NAT (docker/libcontainer#366 by @icecrime)
handle SIGCHLD when running as child subreaper (docker/libcontainer#369 by @dqminh)
add dqminh as maintainer (docker/libcontainer#343 by @dqminh)
fix typo for GetHostRootGid (docker/libcontainer#361 by @hqhq)
Retry getting the cgroup root at apply time. (docker/libcontainer#362 by @vmarmol)
cgroups: systemd: set DefaultDependencies=false if possible (docker/libcontainer#359 by @philips)
namespaces: allow to use pid namespace without mount namespace (docker/libcontainer#358 by @avagin)
Flatten config structures and remove namespace package (docker/libcontainer#357 by @crosbymichael)
Add vet check to .drone.yml (docker/libcontainer#356 by @LK4D4)
namespaces: send config, network state and other arguments in one packet (docker/libcontainer#355 by @avagin)
Merge remote-tracking branch 'origin/master' into api-rebase (docker/libcontainer#351 by @avagin)
Update github.com/godbus/dbus to v2 (docker/libcontainer#353 by @LK4D4)
Created man page for nsinit (docker/libcontainer#341 by @shishir-a412ed)
cgroups: always create device cgroup on systemd (docker/libcontainer#344 by @hqhq)
nsenter: remove a proxy process (docker/libcontainer#348 by @avagin)
Use Wait4 instead of cmd.Wait (docker/libcontainer#349 by @LK4D4)
Fix a minor typo (docker/libcontainer#347 by @guoxiuyan)
Support read-only root filesystems (docker/libcontainer#345 by @fabiokung)
new-api: implement Wait, WaitProcess (docker/libcontainer#342 by @avagin)
add support for blkio.weight (docker/libcontainer#337 by @hqhq)
Checks namespace flags for user ns code path. (docker/libcontainer#340 by @mrunalp)
namespace: don't change namespaces which are not belonged to the CT (docker/libcontainer#324 by @avagin)
new-api: implement Pause() and Resume() (docker/libcontainer#339 by @avagin)
Adds user namespace support to libcontainer (docker/libcontainer#304 by @mrunalp)
cgroups: set a freezer state before calling FreezerGroup.Set() (docker/libcontainer#338 by @avagin)
nsenter waits for parent signal before forking (docker/libcontainer#336 by @dqminh)
new-api: integration: check that a process can be executed in an existing CT (docker/libcontainer#334 by @avagin)
new-api: add Console to ProcessConfig (docker/libcontainer#333 by @avagin)
cgroups: don't change a freezer state if an operation failed (docker/libcontainer#335 by @avagin)
Vendors glog dependency for the api branch. (docker/libcontainer#332 by @mrunalp)
new-api: implement fs and systemd cgroup managers (docker/libcontainer#330 by @avagin)
new-api: execute a process inside an existing container (docker/libcontainer#311 by @avagin)
Fix exit codes when dying on a signal (docker/libcontainer#328 by @icecrime)
Add nsinit command to display oom notifications (docker/libcontainer#329 by @crosbymichael)
Update ROADMAP.md to correctly reflect current arch status (docker/libcontainer#326 by @estesp)
Refactor kill all pids (docker/libcontainer#327 by @crosbymichael)
A few fixes for nsenter (docker/libcontainer#315 by @avagin)
killall processes in a cgroup if you are not using the pid namespace (docker/libcontainer#320 by @rhatdan)
Adds functionality to specify additional groups to join. (docker/libcontainer#322 by @mrunalp)
Don't get stats for cgroups that don't exist. (docker/libcontainer#321 by @vmarmol)
Use the child subreaper option only when available (docker/libcontainer#318 by @mrunalp)
Changes Dockerfile to use go 1.4 (docker/libcontainer#317 by @mrunalp)
Fix vet errors (docker/libcontainer#316 by @LK4D4)
Namespaces methods should act on pointer (docker/libcontainer#314 by @crosbymichael)
Add lk4d4 as maintainer (docker/libcontainer#313 by @crosbymichael)
Add type for namespaces for better UI (replacement of #302) (docker/libcontainer#312 by @LK4D4)
OOM Notify refactoring (docker/libcontainer#307 by @LK4D4)
Allow non local mac-address. (docker/libcontainer#310 by @jessfraz)
Fix removing of cgroups if something still alive in container (docker/libcontainer#308 by @LK4D4)
define PR_SET_CHILD_SUBREAPER if not set (docker/libcontainer#300 by @dqminh)
Changed docker hub pointer to dockercore (docker/libcontainer#293 by @gaberger)
Use namespace.Exec() and namespace.Init() to execute processes in CT (docker/libcontainer#306 by @avagin)
Prepare ground for moving on new API (docker/libcontainer#299 by @avagin)
user: fix function signatures (docker/libcontainer#301 by @cyphar)
Adding a function that allows to remove an address set on an interface (docker/libcontainer#297 by @Ketouem)
add spec for exec a new process inside a container (docker/libcontainer#290 by @dqminh)
user: MAINTAINERS: add cyphar (myself) as a maintainer (docker/libcontainer#294 by @cyphar)
cgroups: add failcnt test (docker/libcontainer#295 by @hqhq)
Set rlimit for execin process (docker/libcontainer#289 by @dqminh)
cgroup: add support to set MemorySwap (docker/libcontainer#288 by @hqhq)
add support for testing execin (docker/libcontainer#287 by @dqminh)
cgroups: add support for cpuset.mems (docker/libcontainer#285 by @hqhq)
Change namespaces config to include path for setns (docker/libcontainer#279 by @crosbymichael)
Set child sub reaper option on nsenter (docker/libcontainer#273 by @vishh)
Introducing macvtap device to netlink package (docker/libcontainer#278 by @milosgajdos)
Add container spec (docker/libcontainer#282 by @crosbymichael)
Add support for setting rlimit for contianer (docker/libcontainer#280 by @cpuguy83)
Add support for ppc64, ppc64le, s390x (docker/libcontainer#277 by @yoheiueda)
netlink: add NetworkSetTxQueueLen to set qlen (docker/libcontainer#276 by @unclejack)
Add call to label to allow it to tell kernel how to label created files (docker/libcontainer#275 by @rhatdan)
Remove hairpin nat on veth create (docker/libcontainer#274 by @crosbymichael)
libcontainer: setup cpuset cgroup by default (docker/libcontainer#271 by @crosbymichael)
Use cgroup paths for stats and removal (docker/libcontainer#267 by @crosbymichael)
Use SYS_SETUID32 for system.Setuid() on Linux for ARM (docker/libcontainer#269 by @aholler)
Provide better sethostname error message (docker/libcontainer#268 by @crosbymichael)
Update the path to project from hack (docker/libcontainer#265 by @crosbymichael)
Set correct env variables for docker exec commands (docker/libcontainer#264 by @dqminh)
Updated cover tool import path. (docker/libcontainer#262 by @hansrodtang)
Fix typo in json tag (docker/libcontainer#260 by @donhcd)
Fix the return code check for ParseIP. (docker/libcontainer#259 by @mrunalp)
Refactor and expose private functions within libcontainer/user. (docker/libcontainer#158 by @cyphar)
Make AddRoute() works with a provided source ip address. (docker/libcontainer#250 by @zhgwenming)
enable hairpin mode on virtual interface bridge port (docker/libcontainer#62 by @phemmer)
Remove syncpipe pkg (docker/libcontainer#252 by @crosbymichael)
Fix vet errors (docker/libcontainer#254 by @LK4D4)
Add drone.yml file (docker/libcontainer#255 by @crosbymichael)
Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael)
use system.Set{u,g}id to fix Set{u,g}id on Go 1.4 (docker/libcontainer#251 by @unclejack)
Add new interfaces for label/selinux (docker/libcontainer#247 by @rhatdan)
Mount /dev/mqueue by default (docker/libcontainer#246 by @rhatdan)
Allow IPC namespace to be shared between containers or with the host (docker/libcontainer#245 by @crosbymichael)
Only fetch network stats we use. (docker/libcontainer#244 by @vmarmol)
ADDITIONAL CGROUPS BLKIO STATS (docker/libcontainer#243 by @ashahab-altiscale)
Fix link re contributing in README (docker/libcontainer#238 by @lucafavatella)
ErrNotSupportedPlatform is undefined define it (docker/libcontainer#236 by @harshavardhana)
devices: filter /dev/console out of the node list (docker/libcontainer#235 by @alexoj)
Rename the file as per github convention. (docker/libcontainer#234 by @mrunalp)
Fix an endian bug for the ioctl argument (docker/libcontainer#231 by @yoheiueda)
Add development environment instructions (docker/libcontainer#229 by @dave-tucker)
Adds support for Setuid/Setgid calls that has been removed from go 1.4 (docker/libcontainer#228 by @mrunalp)
Add integration test framework (docker/libcontainer#226 by @crosbymichael)
Make joinDevices public. (docker/libcontainer#209 by @imain)
Adds a tx_queuelen setting for veth in the network configuration (docker/libcontainer#221 by @mrunalp)
xattr: Disallow build on non linux platforms (docker/libcontainer#219 by @harshavardhana)
Set apparmor profile in execin (docker/libcontainer#224 by @crosbymichael)
Do not check if SELinux is enabled on lowlevel calls to set processlabel (docker/libcontainer#222 by @rhatdan)
cgroups: Export ParseCgroupFile (docker/libcontainer#216 by @cbosdo)
Fix "go install -v . ./.git/logs/refs/heads ./.git/refs/heads ..." (docker/libcontainer#213 by @tianon)
Add more entropy to veth pair creation (docker/libcontainer#212 by @crosbymichael)
Update system/xattrs_linux.go (docker/libcontainer#202 by @harshavardhana)
Expose parameter to set interface MAC address (docker/libcontainer#208 by @MalteJ)
Added support for VLAN and MAC VLAN interfaces plus did a bit of refactoring. (docker/libcontainer#206 by @milosgajdos)
Fix leaking file descriptor in NetNs strategy (docker/libcontainer#205 by @hugoduncan)
Adding IPv6 network support (docker/libcontainer#203 by @MalteJ)
Saturate negative memory stat values at '0'. (docker/libcontainer#201 by @vishh)
Add RootFs field to configuration options in libcontainer's Config (docker/libcontainer#199 by @SaiedKazemi)
Refactored and added more tests.Cleaned up netlink a bit. (docker/libcontainer#197 by @milosgajdos)
netlink: Add NetworkSetMacAddress (docker/libcontainer#194 by @lmars)
netlink: Add uint32Attr helper (docker/libcontainer#192 by @titanous)
Netlink cleanup (docker/libcontainer#190 by @titanous)
Add rich errors to the API (docker/libcontainer#185 by @Zteve)
Cache cgroup root mount location. (docker/libcontainer#189 by @vmarmol)
Devices error injection (docker/libcontainer#186 by @Zteve)
Allow mounts to be supplied with the MS_SLAVE option. (docker/libcontainer#184 by @erikh)
Correct Create() api call description in Factory interface. (docker/libcontainer#172 by @Zteve)
Remove sampling from libcontainer CPU stats. (docker/libcontainer#174 by @vmarmol)
Get UID and GID for device nodes (docker/libcontainer#173 by @crosbymichael)
syncpipe: consume from parent before closing child (docker/libcontainer#170 by @bernerdschaefer)
Update container to have an ID provided by the user (docker/libcontainer#166 by @crosbymichael)
Use blkio.throttle.* stats when CFQ is not in use (docker/libcontainer#167 by @discordianfish)
Add support for user defined mounts in tmpfs (docker/libcontainer#168 by @crosbymichael)
Use --privileged in Makefile (docker/libcontainer#164 by @crosbymichael)
Allow docker to free container labels when containers are removed. (docker/libcontainer#162 by @rhatdan)
Return NotFound error for cgroups abs paths (docker/libcontainer#161 by @crosbymichael)
Remove dependency from docker/pkg/systemd (docker/libcontainer#159 by @LK4D4)
Enter cgroups as part of NsEnter (docker/libcontainer#143 by @vishh)
Fix warnings from go vet (docker/libcontainer#156 by @LK4D4)
Implement execin by using registered functions (docker/libcontainer#155 by @crosbymichael)
Fixes logic for calculating percentage (docker/libcontainer#147 by @lynxbat)
Expose setting interface by fd in network pkg (docker/libcontainer#152 by @crosbymichael)
Modification of erikh/netlink-remove-address PR (docker/libcontainer#149 by @milosgajdos)
Add travis status badge (docker/libcontainer#153 by @LK4D4)
Add myself as maintainer. (docker/libcontainer#151 by @mrunalp)
Refactor execin send config over pipe (docker/libcontainer#146 by @crosbymichael)
RtAttr packaging fix. Added NetworkLinkDel() func and a new test. (docker/libcontainer#139 by @milosgajdos)
Move nsenter C code to separate file (docker/libcontainer#144 by @crosbymichael)
Change nsenter to support docker 'runin' (docker/libcontainer#141 by @vishh)
Add "update-vendor.sh" script and vendor our current deps... (docker/libcontainer#140 by @tianon)
Lock the thread first thing in init. (docker/libcontainer#137 by @mrunalp)
DefaultCreateCommand supports command w/ flags (docker/libcontainer#136 by @bernerdschaefer)
Only import "testing" from *_test.go (docker/libcontainer#135 by @peterbourgon)
Update more "dotcloud/docker" refs to "docker/docker" (docker/libcontainer#134 by @tianon)
Move "pkg/user" into libcontainer... (docker/libcontainer#103 by @tianon)
fix the order of setns() (docker/libcontainer#58 by @maebashi)
Implement system.GetClockTicks for all platforms (docker/libcontainer#133 by @bernerdschaefer)
Make fs.GetStats() work when used from inside a docker container. (docker/libcontainer#130 by @vishh)
Add label.InitLabels functioni. Allows generation of labels based on options (docker/libcontainer#105 by @rhatdan)
Correct nsenter fprintf syntax (docker/libcontainer#128 by @crosbymichael)
Update imports for new docker location (docker/libcontainer#127 by @crosbymichael)
Add a couple tweaks to the Dockerfile (docker/libcontainer#123 by @tianon)
Fix veth network stats. (docker/libcontainer#121 by @vishh)
Null-term ioctl ifr_name strings #125 (docker/libcontainer#126 by @dhammika)
Add missing "--rm" on "make sh" (docker/libcontainer#122 by @tianon)
Add busybox rootfs so we can run containers (docker/libcontainer#120 by @crosbymichael)
Minor fixes to network stats (docker/libcontainer#119 by @vishh)
Add integration tests with nice makefile (docker/libcontainer#117 by @crosbymichael)
Adding RunIn to run a user specified command in an existing container. (docker/libcontainer#64 by @vishh)
Add "linux/arm" to Travis (docker/libcontainer#115 by @tianon)
Small fix for GetAllCgroups(). (docker/libcontainer#114 by @vmarmol)
Reopening stdin, stdout and stderr if they are pointing to /dev/null. (docker/libcontainer#107 by @vishh)
Add netlink hooks to delete a bridge dev #44 (docker/libcontainer#46 by @dhammika)
Add more Travis matrix targets (being explicit about CGO) (docker/libcontainer#113 by @tianon)
Add linux/386 testing back to Travis (docker/libcontainer#112 by @tianon)
Fix 386 and arm cross-compile (docker/libcontainer#111 by @tianon)
Initially mount /sys as ro instead of remount (docker/libcontainer#110 by @crosbymichael)
Update a few build tags to be more generic, ... (docker/libcontainer#104 by @tianon)
Add Start to container API (docker/libcontainer#102 by @crosbymichael)
Add linux build tags for selinux (docker/libcontainer#101 by @crosbymichael)
Add dockerfile (docker/libcontainer#100 by @crosbymichael)
Remove terminal handling in libcontainer (docker/libcontainer#99 by @crosbymichael)
Don't set the MTU for loopback interfaces. (docker/libcontainer#98 by @thockin)
Remove the dep on dotcloud/docker/pkg/system (docker/libcontainer#97 by @crosbymichael)
Remove unsupported file (docker/libcontainer#90 by @crosbymichael)
Remove FreezerStats. (docker/libcontainer#89 by @vmarmol)
Remove unused arg from namespaces.NsEnter (docker/libcontainer#88 by @pmorie)
Add cgroup status for systemd implementation (docker/libcontainer#87 by @crosbymichael)
Move syncpipe into separate package (docker/libcontainer#86 by @crosbymichael)
Allow caller to change the SELinux labels on a directory tree. (docker/libcontainer#47 by @rhatdan)
remove 2 duplicate caps (docker/libcontainer#85 by @vieux)
Update Travis to test all the packages (docker/libcontainer#84 by @tianon)
Add a standalone test utility for cgroup package. (docker/libcontainer#79 by @rjnagal)
Use conventional factory terminology (docker/libcontainer#83 by @glyn)
Add Load method to factory (docker/libcontainer#81 by @crosbymichael)
Fix spelling (docker/libcontainer#77 by @leetreveil)
Change checks for non-existent cgroup file to a more concise form. (docker/libcontainer#80 by @rjnagal)
Adding Initialize() to create a new container. (docker/libcontainer#76 by @vmarmol)
Rename package correctly so the binary is nsinit (docker/libcontainer#78 by @crosbymichael)
Ignore stats that are not available (docker/libcontainer#75 by @vmarmol)
Basic version of libcontainer API. (docker/libcontainer#67 by @vmarmol)
Add a cleanup method to cgroup fs. This will help in building a (docker/libcontainer#74 by @rjnagal)
Add cross-compilation testing to .travis.yml (docker/libcontainer#60 by @tianon)
Separate nsinit main from implementation (docker/libcontainer#61 by @vishh)
Add pause and unpause commands to nsinit (docker/libcontainer#56 by @crosbymichael)
Rename nsinit spec to config and only display raw json (docker/libcontainer#55 by @crosbymichael)
Report child error to parent (docker/libcontainer#54 by @crosbymichael)
Adding per container network stats (docker/libcontainer#25 by @vishh)
Improve nsinit usage instructions (docker/libcontainer#43 by @glyn)
Create state (docker/libcontainer#50 by @crosbymichael)
Add oom notify event (docker/libcontainer#48 by @crosbymichael)
Strongly type context on the Config (docker/libcontainer#51 by @crosbymichael)
Rename Container -> Config. (docker/libcontainer#39 by @vmarmol)
Refactoring libcontainer to avoid cyclic dependencies in the future. (docker/libcontainer#41 by @vishh)
Update readme with API change explination (docker/libcontainer#40 by @crosbymichael)
Add sample config files (docker/libcontainer#38 by @crosbymichael)
Don't fail getting stats of unknown hierarchies. (docker/libcontainer#37 by @vmarmol)
Replacing docker-dev with libcontainer mailing list. (docker/libcontainer#35 by @vmarmol)
CpuStats.CpuUsage includes TotalUsage (docker/libcontainer#34 by @bernerdschaefer)
Add option parsing to nsenter and enable specifying commands with arguments (docker/libcontainer#27 by @mrunalp)
Require two LGTMs for non-maintainer changes. (docker/libcontainer#29 by @vmarmol)
Update travis to run unit tests (docker/libcontainer#32 by @crosbymichael)
Update sample json file for quick testing (docker/libcontainer#31 by @crosbymichael)
Revert "Mount cgroups in the container" (docker/libcontainer#30 by @crosbymichael)
Ignore isnotexist errors for restrict paths (docker/libcontainer#24 by @crosbymichael)
Use lstat to check device symlinks (docker/libcontainer#26 by @crosbymichael)
Fix invalid fd race (docker/libcontainer#17 by @alexlarsson)
Use PATH_MAX as buffer size for buffers containing paths. (docker/libcontainer#21 by @mrunalp)
Mount cgroup in container (docker/libcontainer#15 by @alexlarsson)
nsenter: fixing the cpp order (docker/libcontainer#20 by @vbatts)
Initial hacker documentation (docker/libcontainer#10 by @glyn)
Add Travis (docker/libcontainer#14 by @tianon)
nsenter: fix setns() for rhel6 (glibc-2.12) (docker/libcontainer#12 by @vbatts)
Grammar in README (docker/libcontainer#11 by @timthelion)
Fix vet errors (docker/libcontainer#8 by @LK4D4)
Add build flag for nsenter file (docker/libcontainer#5 by @crosbymichael)
Update email address in maintainer file (docker/libcontainer#3 by @crosbymichael)

Initial development under moby/moby (formerly docker/docker)

Add more stats to libcontainer. (moby/moby#6198 by @vishh)
Add per cpu usage to libcontainer stats (moby/moby#6153 by @vishh)
Refactor device handling code (moby/moby#6097 by @timthelion)
SETUID/SETGID not required for changing user (moby/moby#6083 by @bernerdschaefer)
libcontainer support for arbitrary route table entries (moby/moby#5868 by @jhspaybar)
Add device nodes recursively (moby/moby#5995 by @vieux)
Move get pid into cgroup implementation (moby/moby#5976 by @crosbymichael)
Mount /dev in tmpfs for privileged containers (moby/moby#5922 by @crosbymichael)
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger (moby/moby#5903 by @alexlarsson)
Add PDEATHSIG support to nsinit library (moby/moby#5792 by @bernerdschaefer)
fix panic when passing empty environment (moby/moby#5833 by @srid)
Change libcontainer to drop all capabilities by default. (moby/moby#5810 by @vmarmol)
"nsinit exec ..." forwards signals to container (moby/moby#5791 by @bernerdschaefer)
Remove the bind mount for dev/console which override the mknod/label (moby/moby#5781 by @creack)
libcontainer: Create dirs/files as needed for bind mounts (moby/moby#5748 by @crosbymichael)
Check supplied hostname before using it. (moby/moby#5630 by @rjnagal)
Don't restrict lxc because of apparmor (moby/moby#5556 by @crosbymichael)
Mount /proc and /sys read-only, except in privileged containers (moby/moby#5529 by @crosbymichael)
Add selinux label support for processes and mount (moby/moby#5448 by @crosbymichael)
Close extraneous file descriptors in containers (moby/moby#5464 by @tianon)
Remove "root" and "" special cases in libcontainer (moby/moby#5449 by @tianon)
Refactor cgroups into subsystems and support metrics (moby/moby#5328 by @crosbymichael)
Avoid "invalid memory address or nil pointer dereference" panic (moby/moby#5143 by @kzys)
Change shm mode to 1777 (moby/moby#5131 by @crosbymichael)
Fix libcontainer network support on rhel6 (moby/moby#5115 by @alexlarsson)
apparmor: docker-default: Include base abstraction (moby/moby#5049 by @Supermathie)
fixed two readme typos (moby/moby#5025 by @dstine)
These two patches should fix problems we see with running docker in the wild. (moby/moby#4953 by @rhatdan)
Cleanly shutdown docker (moby/moby#4867 by @crosbymichael)
remove setupDev from libcontainer (moby/moby#4942 by @vieux)
Add logger to libcontainer (moby/moby#4645 by @crosbymichael)
Always symlink /dev/ptmx for libcontainer (moby/moby#4656 by @crosbymichael)
Move all bind-mounts in the container inside the namespace (moby/moby#4422 by @alexlarsson)
No pivot root because of ramdisk (moby/moby#4512 by @crosbymichael)
Use CGO for apparmor profile switch (moby/moby#4506 by @creack)
remove dbus from apparmor profile for Ubuntu 12.04 (moby/moby#4503 by @unclejack)
Add find tests and remove panic in DEBUG (moby/moby#4452 by @crosbymichael)

112 KiB Raw Blame History

v1.0.0-rc11 [20yy-mm-dd]

v1.0.0-rc10 [2020-01-24]

v1.0.0-rc9 [2019-10-05]

v1.0.0-rc8 [2019-04-26]

v1.0.0-rc7 [2019-03-28]

v1.0.0-rc6 [2018-11-22]

v1.0.0-rc5 [2018-02-27]

v1.0.0-rc4 [2017-08-10]

v1.0.0-rc3 [2017-03-21]

v1.0.0-rc2 [2016-10-01]

v1.0.0-rc1 [2016-06-04]

v0.1.1 [2016-04-25]

v0.1.0 [2016-04-12]

v0.0.9 [2016-03-10]

v0.0.8 [2016-02-10]

v0.0.7 [2016-01-26]

v0.0.6 [2015-12-11]

v0.0.5 [2015-11-20]

v0.0.4 [2015-09-11]

v0.0.3 [2015-08-04]

v0.0.2 [2015-07-17]

v0.0.1 [2015-07-16]

Initial development under docker/libcontainer

Initial development under moby/moby (formerly docker/docker)

112 KiB

Raw Blame History