forked from Moe-hacker/ruri
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangelog
183 lines (182 loc) · 6.41 KB
/
Changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# v3.9:
* Support part of bsd-style command-line usage.
* Fix built-in seccomp profile.
* Add `-X` option: `--deny-syscall`.
# v3.8:
* Support more platforms, currently supports: arm64, armv7, armhf, riscv64, i386, loong64, s390x, ppc64le and x86_64.
* Improve rootless container support.
* Add `-W` option: `--work-dir`.
* Add `-A` option: `--unmask-dirs`.
* Add `-E` option: `--user`.
* Add `-t` option: `--hostname`.
* Add `-F` option: `--ruri-fetch`.
* Add `-x` option: `--disable-network`.
* Add `-C` option: `--correct-config`.
* Add `-K` option: `--use-kvm`.
* Add `-I` option: `--char-dev`.
* Add `-i` option: `--hide-pid`.
* Add `-T` option: `--timens-offset`.
* Add `-b` option: `--background`.
* Add `-L` option: `--log-file`.
* `-c` option can now recognize other args and command to run.
* `-U` and `-P` option can now use config file.
* Rewrite cgroup support, add cpupercent limit support.
* Change MAX_MOUNTPOINTS AND MAX_ENVS from 128*2 to 512*2.
* Auto kill all processes in container when umounting container.
* We will always mount / as the first mountpoint.
* Set the size limit of /dev/shm when memory limit is set.
* Fix crash on capget().
* Fix pivot_root does not work.
* Fix unshare container when pivot_root failed.
* Enable unshare if detected ns_pid is ruri.
* Correct ns_pid for unshare container when exec command in container again.
* Fix qemu path when we pre-mount the rootfs from other source.
* Add autotest.
* Fix memory issues.
* libk2v: Add lenth check for array to avoid overflow.
* libk2v: rewrite deserialization part.
* cprintf: Correct the way to get buffer size, avoid overflow.
* General bug fixes.
# v3.7:
* Ruri can now recognize [COMMAND [ARGS]...] without absolute path.
* Add `-f` option: fork() before exec the command in container.
* Add `-P` option: show process info.
* Add `-j` option: just chroot, do not create /dev, /proc and /sys.
* Fix unshare container joining ns.
* Use pivot_root(2) instead of chroot(2) in unshare and rootless container.
* Update masked dirs/files.
* Update easter egg: `ruri AwA`.
* Add debian packege info.
* General bug fixes.
# v3.6:
* Add `uidmap` suid binary support, to fix setgroup() failed in rootless container.
* ruri can now recognize CONTAINER_DIR path start without `.` or `/`.
* `-q` option can now use qemu path on host.
* Support architecture aliases for `-a` option (e.g. arm64=>aarch64).
* General bug fixes.
# v3.5:
* Capability can now be controled by value.
* Support mount files to container.
* General bug fixes.
# v3.4:
* Default command wil be /bin/sh if /bin/su does not exist.
* Fix mount image file.
* Fix block device as root.
* Fix configure script.
* General bug fixes.
# v3.3:
* Add github action, you can now download static binary.
* Fix configure script.
* Fix CAP_LAST_CAP.
* Update libk2v.
* Add comments in configs.
* General bug fixes.
# v3.2:
* Fix mountpoint in rootless container.
* General bug fixes.
# v3.1:
* Make .rurienv immutable.
* Drop CapAmb && Clear CapInh.
* Add cgroup support for cpuset and memory.
* Add `-l` option: `--limit`.
* Update seccomp profile.
* Add a configure script.
* General bug fixes.
# v3.0:
* Remove daemon support.
* Use libk2v for config files and .rurienv file.
* Remove old `-d` `-D` `-K` `-l` `-t` `-T` option.
* Add long args support.
* `-d` option now aliases to `--drop`.
* `-D` option now aliases to `--dump-config`.
* Add `-o` option: `--output` for `-D`.
* Add `-N` option: `--no-rurienv`.
* Add `-R` option: `--read-only`.
* Add `-M` option: `--ro-mount`.
* Automatically unset $LD_PRELOAD before running container(Maybe will not work).
* Fix `-U` option might also umount other mountpoints on host.
* General bug fixes.
# v2.7:
* Catch segfault.
* Fix default mountpoint.
* Fix path_is_absolute(p) failed.
* Remove ASAN in Makefile.
* General bug fixes.
# v2.6:
* Fix uid_map and gid_map for `-r` option.
* Auto detect mountpoint type for `-m` option.
* Remove manpage && update README.md.
* General bug fixes.
# v2.5-hotfix2:
* Fix default caplist caused `could not change the root directory` and `Failed to check chroot()`
# v2.5:
* Add binfmt_misc support.
* Add `-a` option: Simulate architecture via binfmt_misc & QEMU.
* Add `-q` option: Specify the path of QEMU.
* Add `-S` option: Bind-mount /dev/, /sys/ and /proc/ from host.
* General bug fixes.
# v2.4:
* Add `-r` option: run rootless container.
* Add an easter egg: `ruri AwA`.
* Rewrite Makefile, you can `make -j$(nproc)` now.
* General bug fixes.
# v2.3:
* `-hh` => `-H`.
* Add `-T` option.
* Change src structure.
* Rewrite most of the code.
* General bug fixes.
# v2.2:
* Add new security options of Clang/GCC.
* Disable no_new_privs bit by default for seccomp.
* Disallow raising ambient capabilities via the prctl(2) PR_CAP_AMBIENT_RAISE operation.
* Protect /sys/block by mounting a tmpfs on it.
* Close other fds before exec(), (maybe useless).
* Make dev log colorful.
* General bug fixes.
# v2.1:
* Fix seccomp rule.
* Change src structure.
* Add new security options of Clang/GCC.
* General bug fixes.
# v2.0:
* Fix compile error (Thanks @dabao1955 for reporting).
# v2.0 rc2:
* Fix umount() can't work.
* (I think) Fix seccomp rule.
# v2.0 rc1:
* Remove ruri.sock after running `ruri -k`.
* Tidy all the code/files.
* General bug fixes.
# v2.0 beta4:
* Drop CAP_SYS_CHROOT and CAP_MKNOD by default
* General bug fixes.
# v2.0 beta3:
* Add `-V` option - Show version code.
* Make show_version() more beauty.
* Update help page.
* The code of ruri is over 3k lines now!
* General bug fixes.
# v2.0 beta2:
* Add a manpage.
* Add `-n` `-s` option.
* * `-n` :Set NO_NEW_PRIVS Flag
* * `-s` :Enable Seccomp
* General bug fixes.
# v2.0 beta:
* Add `-hh` option.
* General bug fixes.
# v2.0 pre:
* Rewrite all the code.
* Add daemon support for unshare containers.
* Rewrite Makefile, add clang-tidy and clang-format support.
* Openrc init of alpine workd as expected on Kali-rollowing(amd64).
* Add `-D` `-K` `-t` `-l` `-e` `-m` option:
* * -D : Run daemon.
* * -K : Kill daemon.
* * -t : Check if daemon is running.
* * -l : list all running unshare containers.
* * -e [env] [value] : Set environment variable value.
* * -m [dir] [mountpoint] : Mount dir to mountpoint.
* General bug fixes.
ruri only has v2.x