聯想手機徹底沒救?員工吐槽都是內斗的結果_IT新聞_博客園
runC是一個輕量級的通用運行時容器 ,runC的目標是讓用戶隨時隨地使用標準化的容器,功能和特性:
- 完整支持Linux命名空間,包括用戶命名空間。
- 原生支持Linux的所有安全功能,包括Selinux、Apparmor、seccomp、control groups、capability drop、pivot_root、uid/gid dropping等。
- 原生支持實時遷移和Windows 10容器。
- 計劃為Arm、Power、Sparc等架構提供原生支持,并直接得到Arm、Intel、Qualcomm、IBM,以及整個硬件制造商生態系統的參與和支持。
- 計劃為前沿硬件功能提供原生支持,例如DPDK、sr-iov、tpm、secure enclave等。
- 可移植的性能配置文件,以及成為正式標準的配置格式。
更新日志
- Add slice management support to the systemd cgroup driver. Checks are
done to make sure that systemd supports the feature. #1084 - Support for readonly mount labels. #1112
- Add a tmpcopyup mount extension for tmpfs mounts that are mounted over
already existing directories, allowing for the contents of a volume to
be copied up transparently. #845
- Switch our pivot_root usage to no longer require temporary
directories, improving the state of containters running in entirely
readonly contexts. #1125 #1148 - Allow updating of rt_period_us and rt_runtime_us in cpuacct cgroup.
- Reimplement console handling to use AF_UNIX sockets such that the
console is created inside the container's (namespaced) devpts
instance, solving a wide variety of historical pty bugs with runC.
#1018 #1356 - Support overlayfs in mounts. #1314
- Support creating devices with types 'p' and 'u'. #1321
- Add --preserve-fds=N to create and run commands. #1320
- Add pre-dump and parent-path to checkpoint. #1001
- Update to runtime-spec v1.0.0-rc5. #1370
- Remove check for binding to /. #1090
- Ensure we log to logrus on command errors. #1089
- Don't enable kmem limits if they're not specified in the config. #1095
- Handle cases where specs.Resources.* members would cause null
dereferences. #1111 #1116 - Fix bugs in the GetProcessStartTime implementation. #1136
- Make sysctl config validation checks handle network namespaces more
gracefully. #1138 #1149 - Guarantee correct namespace creation ordering. This is part of the
rootless container patchset, and is also required in certain SELinux
setups. #977 - Stop screwing around with '\n' in console output. #1146
- Fix cpuset.cpu_exclusive handling. #1194
- Sync HookState with the OCI specification. #1201
- Split remounting mountpoints and bindmounts, resolving issues with
mount options being dropped in certain cases. #1222 - Fix leftover cgroup directory issue. #1196
- Handle config.Devices and config.MaskPaths in checkpoint. #1110.
- Don't create combined cgroup subsystem names. #1268
- Ignore cgroupv2 mountpoints, fixing issues with systemd v232. #1266
- Race condition when synchronising with children and grandchildren in
nsexec.c. #1237 - Fix state checks to no longer depend on _LIBCONTAINER being present in
the environment, fixing both bugs as well as being part of the
rootless container patchset. #1317 - Fix systemd-notify when using different PID namespaces, and allow
detach+notify socket. #1308 - Don't fchown when inheriting stdio, which is necessary for rootless
containers in certain scenarios. #1354 - Fix cpu.cfs_quota_us being changed when systemd is reloaded. #1344
- Add devices to whitelist for LXD, to make runC under LXC/LXD work
better. #1327 - Many improvements to testing. #1121 #1131 #1132 #1147
下載
本站原創,轉載時保留以下信息:
本文轉自:深度開源(open-open.com)
原文地址:http://www.baiduhome.net/news/view/6f69c4f9
本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!