1.11

• cgroup: honor cpu burst.
• systemd: set CPUQuota and CPUPeriod on the scope cgroup.
• linux: append tmpfs mode if missing for mounts. This is the same behavior of runc.
• cgroup: always use the user session for rootless.

1.10

• support for Intel Resource Director Technology (RDT).
• new mount option "copy-symlink". When provided for a mount, if the source is a symlink, then it is copied in the container instead of attempting a mount.
• linux: open mounts before setgroups if in a userns. This solves a problem where a directory that was previously accessible to the user, become inaccessible after setgroups causing the bind mount to fail.

1.9.2

• cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration.

1.9.1

• utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink.
• build: fix build on CentOS 7
• linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed.
• utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory.

1.9

• linux: support arbitrary idmapped mounts. Now it is possible to specify a mapping for any type of mount, not only bind mounts.
• linux: add support for "ridmap" mount option to support recursive idmapped mounts.
• crun delete: call systemd's reset-failed. In case systemd cgroup driver is used, and the systemd unit has failed (e.g. oom-killed), systemd won't remove the unit (that is, unless the "CollectMode: inactive-or-failed" property is set).
• linux: fix check for oom_score_adj. Write the oom_score_adj file even when the new value is 0.
• features: Support mountExtensions.
• linux: correctly handle unknown signal string when it doesn't start with a digit.
• linux: do not attempt to join again already joined namespace.
• wasmer: use latest wasix API.

1.8.7

• linux: fix a race condition when an exec was performed immediately after the start and the setns with the procfd failed.
• features: Fix annotations formatting.
• linux: do not write some errors twice.
• libcrun: handle SIGWINCH by resizing the terminal file descriptor.

1.8.6

• crun: new command "crun features".
• linux: fix handling of idmapped mounts when the container joins an existing PID namespace.
• linux: support io_priority from the OCI specs.
• linux: handle correctly the case where the status file is not written yet for a container.
• crun: fix segfault for "ps" when the container is not using cgroups.
• cgroup: allow setting swap to 0.

1.8.5

• scheduler: use definition from the OCI configuration file instead of the custom label that is now dropped and not supported anymore.
• cgroup: fix creating cgroup under "domain threaded".
• cgroup, systemd: set the memory limit on the system scope.
• restore tty settings from the correct file descriptor. It was previously restoring the settings from the wrong file descriptor causing the tty settings to be changed on the calling terminal.
• criu: check if the criu_join_ns_add function exists. Fix a segfault with new versions of CRIU.
• linux: do not precreate devs with euid > 0. Fix creating devices when running the OCI runtime as non root user.
• linux: improve PID detection on systems that lack pidfd. While there is still a window of time that the PID could be recycled, now it is now reduced to a minimum.
• criu: fix memory leak.
• logging: improve error message when dlopen fails.

1.8.4

• fix build on CentOS 7.
• drop custom annotation to set the time namespace and use the OCI specs instead.
• cgroup: workaround cpu quota/period issue with v1. Sometimes setting CPU quota period fails when a new period is lower, and a parent cgroup has CPU quota limit set.
• cgroup: fix set quota to -1 on cgroup v1.
• criu: drop loading unused functions.

1.8.3

v1.8.3