-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathNEWS
325 lines (291 loc) · 12.9 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
libvirt Sandbox News
====================
0.8.0 - "Gobi" - 2018-06-08
---------------------------
- Deleted the virt-sandbox-service tool as it is a failed
experiment
- Require libvirt-glib >= 0.2.2
- Add af_packet kmod nedeed by dhcp clients
- Add ext4 kmod needed by common filesystems
- Add fscrypto kmod needed as a dep of other mods
- Show dhcp client output in debug mode
- Add /dev/fd symlink for /proc/self/fd
- Sync and cleanly unmount filesystems during shutdown
- Fix handling of strace debug option
- Avoid exiting too early on shutdown so we see all debug
messages and cleanly sync/unmount
- Allow setting custom env variables
- Ensure static versions of zlib and lzma are checked for
- Guest host image format from file extension if not given
- Allow switching to a specific user ID
- Improve docs on command line arg passing
- Fix bogus lib listed in pkgconfig file
- Fix misc goject introspection annotations
- Improve error message for unsupported libvirt URIs
- Search in $PATH for user specified binary
- Use squash security mode for non-root QEMU sandbox mounts
- Search for libtirpc standalone XDR library
- Avoid triggering some new compiler warnings
0.6.0 - "Dashti Margo" - 2015-07-01
-----------------------------------
- API/ABI in-compatible change, soname increased
- Prevent use of virt-sandbox-service as non-root upfront
- Fix misc memory leaks
- Block SIGHUP from the dhclient binary to prevent
accidental death if the controlling terminal is
closed & reopened
- Add support for re-creating libvirt XML from sandbox
config to facilitate upgrades
- Switch to standard gobject introspection autoconf macros
- Add ability to set filters on network interfaces
- Search /usr/lib instead of /lib for systemd unit
files, as the former is the canonical location even
when / and /usr are merged
- Only set SELinux labels on hosts that support SELinux
- Explicitly link to selinux, instead of relying on
indirect linkage
- Update compiler warning flags
- Fix misc docs comments
- Don't assume use of SELinux in virt-sandbox-service
- Fix path checks for SUSUE in virt-sandbox-service
- Add support for AppArmour profiles
- Mount /var after other FS to ensure host image is
available
- Ensure state/config dirs can be accessed when QEMU
is running non-root for qemu:///system
- Fix mounting of host images in QEMU sandboxes
- Mount images as ext4 instead of ext3
- Allow use of non-raw disk images as filesystem
mounts
- Check if required static libs are available at configure
time to prevent silent fallback to shared linking
- Require libvirt-glib >= 0.2.1
- Add support for loading lzma and gzip compressed kmods
- Check for support libvirt URIs when starting guests
to ensure clear error message upfront
- Add LIBVIRT_SANDBOX_INIT_DEBUG env variable to allow
debugging of kernel boot messages and sandbox init
process setup
- Add support for exposing block devices to sandboxes
with a predictable name under /dev/disk/by-tag/TAGNAME
- Use devtmpfs instead of tmpfs for auto-populating
/dev in QEMU sandboxes
- Allow setup of sandbox with custom root filesystem
instead of inheriting from host's root.
- Allow execution of apps from non-matched ld-linux.so
/ libc.so, eg executing F19 binaries on F22 host
- Use passthrough mode for all QEMU filesystems
0.5.1 - "Cholistan" - 2013-11-18
--------------------------------
- Fix path to systemd binary (prefers dir /lib/systemd not /bin)
- Remove obsolete commands from virt-sandbox-service man page
- Fix delete of running service container
- Allow use of custom root dirs with 'virt-sandbox --root DIR'
- Fix 'upgrade' command for virt-sandbox-service generic services
- Fix logrotate script to use virsh for listing sandboxed services
- Add 'inherit' option for virt-sandbox '-s' security context
option, to auto-copy calling process' context
- Remove non-existant '-S' option froom virt-sandbox-service man
page
- Fix line break formatting of man page
- Mention LIBVIRT_DEFAULT_URI in virt-sandbox-service man page
- Check some return values in libvirt-sandbox-init-qemu
- Remove unused variables
- Fix crash with partially specified mount option string
- Add man page docs for 'ram' mount type
- Avoid close of un-opened file descriptor
- Fix leak of file handles in init helpers
- Log a message if sandbox cleanup fails
- Cope with domain being missing when deleting container
- Improve stack trace diagnostics in virt-sandbox-service
- Fix virt-sandbox-service content copying code when faced with
non-regular files.
- Improve error reporting if kernel does not exist
- Allow kernel version/path/kmod to be set with virt-sandbox
- Don't overmount '/root' in QEMU sandboxes by default
- Fix nosuid / nodev mount options for tmpfs
- Force 9p2000.u protocol version to avoid QEMU bugs
- Fix cleanup when failing to start interactive sandbox
- Create copy of kernel from /boot to allow relabelling
- Bulk re-indent of code
- Avoid crash when gateway is missing in network options
- Fix symlink target created in multi-user.target.wants
- Add '-p PATH' option for virt-sandbox-service clone/delete
to match 'create' command option.
- Only allow 'lxc:///' URIs with virt-sandbox-service
until further notice
- Rollback state if cloning a service sandbox fails
- Add more kernel modules instead of assuming they are
all builtins
- Don't complain if some kmods are missing, as they may
be builtins
- Allow --mount to be repeated with virt-sandbox-service
0.5.0 - "Sahara Desert" - 2013-08-01
------------------------------------
- Switch to use persistent libvirt configuration files for
service sandboxes
- Store service configs in /etc/libvirt-sandbox/services/$NAME/
instead of /etc/libvirt-sandbox/services/$NAME.sandbox to
allow storage of multiple files per sandbox
- Add a new 'virt-sandbox-service upgrade NAME' command,
to be run by admin for all existing service sandboxes to
upgrade their configuration to be compatible with the new
release
- Remove start, stop, list commands from virt-sandbox-service,
with recomendation to use start, destroy & list commands in
virsh instead.
- Remove duplicate -u option in man page
- Update man page examples
- Stop generating a UNIT_sandbox.target unit, instead letting
the sandbox unit tie into multi-user.target as normal
- Remove unimplemented APIs for graphical sandboxes, to be
re-added at a later date when actually functional
- Add padding to public structs, to facilitate preservation
of public ABI compatibility in future
- Add note about default libvirt URIs in man page
- Fix cloning of sandboxes
0.2.1 - "Owami Desert" - 2013-07-09
-----------------------------------
- Requires libvirt-glib >= 0.1.7
- ABI change: Removed GVirSandboxCleaner class
- Don't add link in /var/log/journal for image based containers
- Don't hold open libvirt connection when displaying service
sandbox consoles
- Record container UUID in config for service sandboxes
- Add missing RPMs deps
- Allow custom mounts to be specified to virt-sandbox-service
- Fix misc bugs in sandbox creation/deletion
- Use 'guest bind' for configuring image based service sandboxes
- Allow NIC MAC address to be chosen
- Include systemd-initctl.socket in service sandboxes by default
to allow libvirt initiated graceful shutdown
0.2.0 - "Nubian Desert" - 2013-05-07
------------------------------------
- Requires systemd >= 198
- Fix termination of interactive sandbox client to
avoid loosing final I/O
- Stop hardcoding default security label
- Misc docs typos / fixes
- Fix infinite loop handling security opts
- Mandate enablement of introspection
- Handle NULL broadcast address for NICs
- Don't assume /var/log/journal exists
- Improve rollback if creation of service sandbox fails
- Block host NICs from sandbox
- Sanity check requested network config
- Fix sandbox journal location to be a dir not a file
- Fix parsing of --security option
- Change virt-sandbox-service to use --security opts
instead of SELinux specific -l/-t/-d args
- Replace use of YUM with RPM to improve performance
- Send dhclient output to /dev/null
- Avoid getting stuck in waitpid if non-primary process
exits
- Allow choice of host virtual networks
- Support network config with virt-sandbox-service
- Do not create any NIC in service sandbox by default
- Cope with SELinux label lacking a category pair
- Delay dropping credentials until after ttys are opened
- Fix tty permissions in QEMU init helper to be 0700 instead
of 0777
- Add support for non-systemd service containers
- Add support for i18n of all output strings
- Remove hardcoding of lxc:/// in virt-sandbox-service
- Correctly handle EOF from raw console
- Improve I/O performance of virt-sandbox
- Allow custom uid/gid for generic service sandboxes
- Do not run debug shell in service sandboxes
- Add --package option to virt-sandbox-service for cases
where the unit file is not owned by an RPM
- Use drop in systemd service override, instead of
includes
- Support templated systemd service units
0.1.2 - "Namib Desert" - 2013-03-05
-----------------------------------
- Requires libvirt >= 1.0.2
- Split virt-sandbox-service manpage into separate docs,
one for each sub-command
- Fix handling of GLib.GError exceptions
- Containerize /var/lib/nfs/rpc_pipefs too
- Add ability to execute arbitrary commands inside the
container using namespace attach
- Fix docs for virt-sandbox mount options
- Better wording about escape sequence for consoles
- Create journal file if it doesn't already exist
- Create /etc/rc.d/init.d inside container to block
legacy init scripts starting
- Skip binding files/dirs which don't exist in host
0.1.1 - "Libyan Desert" - 2012-12-10
------------------------------------
- Fix typos in POD docs for some classes
- Only depend on libvirt-daemon-{kvm,qemu,lxc}, not
full libvirt RPM.
- Switch to YUM for extracting package file list
- Bind mount whole of /var rather than only some subdirs
- Validate unit files exist before creating sandbox
- Fixes to population of files in /etc and /var
- Finish 'clone' command for copying sandboxes
- Populate /etc/machine-id file
- Fix systemd dependancies for bulk start/stop of containers
- Symlink container journal directory into host filesystem
- Rename sandbox.target to multi-user.target
- Fix attachment to running containers
0.1.0 - "Karoo" - 2012-08-10
----------------------------
- ABI+API incompatible with previous library, so new soname
- Some changes to CLI args for virt-sandbox command
- Many fixes to virt-sandbox-service
- Use /run/libvirt-sandbox instead of /root/.cache/libvirt
when run as root
- Fix typo setting RUNDIR
- Re-add /kernel suffix to kmod search dir
- Add APIs to select kernel version
- Fix SEGV when attaching consoles to NULL stdin
- Add logrotate script for virt-sandbox-service
- Turn GVirSandboxConsole into an abstract class
- Configurable keysequence for breaking out of console
(defaults to Ctrl+])
- Fix handling of strace debugging
- Add APIs to select kmod directory prefix
- Require glib >= 2.32
- Refactor APIs for configuring sandbox mounts
- Maintain a single sorted list of mounts
- Add support for RAM filesystems
- Setup tmpfs for /run and /tmp in sandbox services
- Remove need to provide executable for sandbox services,
just rely on systemd unit filename
- Enable admin customization of systemd services in sandbox
services
- Rewrite part of virt-sandbox-service in C to reduce
long term memory overhead
- Create custom systemd startup sequence
0.0.3 - "Kalahari Desert" - 2012-04-13
--------------------------------------
- Ensure root/config filesystems are readonly in KVM
- Add support for mounting host disk images in guests
- Add support for binding guest filesystems to new locations
- Add support for an optional interactive shell for debugging
or administrative purposes
- Add a virt-sandbox-service script for preparing sandboxes
for system services, integrating with systemd
- Misc compiler warning fixes
- Replace invocation of insmod with direct syscalls
- Refactor API to separate interactive sandbox functionality
from base class & service sandbox functionality
- Rewrite host/guest I/O handling to separate stdout from
stderr correctly, improve reliability of startup/shutdown
handshakes and propagate exit status back to host
- Exec away the first hypervisor specific init process,
so generic init process get PID 1
- Turn on reboot-on-panic in KVM to ensure guest exists on
fatal problems
0.0.2 - "Blue Desert" - 2012-01-12
----------------------------------
- Add ability to attach to an existing sandbox
- Update to require libvirt-gobject 0.0.4
- Add ability to run privileged apps
- Add support for an admin debug shell
- Switch to use /etc/libvirt-sandbox/scratch for config
0.0.1 - "Tatti Desert" - 2012-01-11
-----------------------------------
- First release