-
Notifications
You must be signed in to change notification settings - Fork 165
/
NEWS
28 lines (21 loc) · 1.3 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Version 2.0 [2024-02-28]
• This version runs only on systems supporting CGroup v2, which are
basically all new Linux systems. If you need to stick with CGroup v1,
please use Isolate 1.10.1.
• If you are running systemd, Isolate now comes with isolate.service
that delegates a subtree of the cgroup hierarchy to Isolate.
On systems without systemd, you have to set up the delegation
yourself and set its root in Isolate's configuration file.
• The --cg-timing switch has been removed. In control group mode,
this mode of timing is always used.
• Added a simple protocol for locking sandboxes. When a sandbox is
initialized using "isolate --init", it is reserved for the calling
user until "isolate --cleanup" is used. It is also not allowed
to call "isolate --run" multiple times in parallel on the same box.
• "isolate --init" resets the sandbox if it already existed.
• Root can operate sandboxes on behalf of other users using
--as-uid and --as-gid options.
• Configuration can specify than only root is allowed to create new
sandboxes. Together with the previous feature, it allows for creation
of system-wide daemons allocating sandboxes to users. One such daemon
will probably appear in a future release of Isolate.