You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cgroup, systemd: create container under subcgroup. Now a "/container" sub-cgroup is created and fully managed by libcrun. This is a different behaviour than what runc does.
libcrun: use the openat2 syscall available since Linux 5.6.
container: allow hooks output to file through an annotation.
linux: support joining PID/IPC namespace not owned by the user namespace. Requires Linux 5.3.
linux: avoid double fork for creating the init process if not needed.
linux: fix an issue where the basename for $NOTIFY_SOCKET is different than /notify.
rootless: allow /dev/{tty,ptmx} to be present in linux.devices.
cgroup: fix an issue on CentOS 7.8 when using net_cls and net_prio.
seccomp: honor errnoRet from OCI spec runtime.
exec: set setresuid/setresgid before setting up the terminal.
cgroup, v2: fix crun update with both --memory -1 --memory-swap -1.
cgroup, v2: fixing setting unlimited swap.
cgroup, v2: allow to set unlimited swap per se.
cgroup, v2: treat negative numbers as "max"
cgroup, v2: raise error if swap is set without memory limit.
cgroup: ignore cpu resources if set to 0.
libcrun: audit errno in crun_make_error calls
libcrun: fix read_pid_stat usage.
linux: fix double close on the same file descriptor.
container: Prevent deletion of not stopped container
status: Use process start time for identification
CRIU: several improvements.
linux: fix path lookups for relative paths containing '/'.
linux: use the SELinux mount label for the notify socket.
status: delete doesn't fail if the process already exited.
