Releases · aristanetworks/bst

What's Changed

userns: normalize subid file contents before intersecting the desired map by @Snaipe in #39
cli: add --pidfile by @Snaipe in #41
init: do not open init program if within root by @Snaipe in #42
mount: make bst_devtmpfs work on /dev by @Snaipe in #43
Add support for adding addresses and routes by @Snaipe in #44
Add a --tty option by @mstory21 in #46
pty: fix signal delivery by @mstory21 in #47
Unify parent wait code using epoll by @Snaipe in #50
Some minor cleanups by @ani-sinha in #56
enter: only unmount /proc when necessary by @Snaipe in #53
enter: drop all privileges in wait loop by @Snaipe in #52
build: restrict building bst for only linux platforms by @ani-sinha in #58
cram: add documentation for the -p option by @ani-sinha in #59
docs: Add --umask to helptext by @yabberyabber in #60
Feature/cgroup resource management by @colindrewes in #62
mount: properly recursively remount read-only by @Snaipe in #64
tests: consolidate test suite to not be so dependent on host state by @Snaipe in #66
ipvlan: add support for mode flags by @Snaipe in #67
build: fortify sources by default when optimization level > 0 by @Snaipe in #65
Introduce --try-limit option by @vzxv in #68
outer_helper_spawn: fail subcgroup creation silently when all limits are non-critical by @vzxv in #70
outer_helper_spawn: fail pid burn silently when all limits are non-critical by @vzxv in #71
exe: add --close-fd to close file descriptors by @Snaipe in #72
sig: make PDEATHSIG handling non-racy by @Snaipe in #74
cgroup_helper shan't hold socket for outer_helper process by @yabberyabber in #75
helpers: make sure helpers do not hold extra file descriptors by @Snaipe in #76
outer helper: burn limits to the subcgroup, not the parent by @vzxv in #77
sig: check parent process liveness with fd read by @Snaipe in #78
env: fix environment variable parsing by @Snaipe in #81
Revisit cgroup support and make it more turnkey by @Snaipe in #80
cgroup: fix various issues with compatibility with older bst spacetimes by @Snaipe in #82
mount,dev: add support for /dev/kvm by @Snaipe in #83
cgroup,systemd: fix typo in dbus payload structure by @Snaipe in #86
cgroup,setup: set CGROUP_PATH in setup program with full path to current cgroup by @Snaipe in #85
fd: mark fds with CLOEXEC instead of closing them by @Snaipe in #84
cgroup,setup: make CGROUP_PATH optional by @Snaipe in #87
meson: prevent use of suid fallback without explicit consent by @Snaipe in #89
userns: fix id map generating with holes under specific conditions by @Snaipe in #88
cgroup: avoid using pid for cgroup name by @Snaipe in #91
cgroup,cleaner: report errors in syslog by @Snaipe in #90
cli: Create BST_VERBOSITY to enable/disable warnings by @yabberyabber in #92
cgroup,cleaner: wait on level-triggered transitions by @Snaipe in #94
Parse json output from ip command by @KrzysztofMolon in #96
tty: stop spamming VEOF on raw terminals, and cleanly handle EOF by @Snaipe in #97
cgroup: use proc fd when reading details about current process for explicitness by @Snaipe in #99
Add fuse to the fake devtmpfs by @mstory21 in #100
Refactor order of unshare operations by @yabberyabber in #101
enter: pass nsactions array rather than path array by @Snaipe in #102
tty: handle SIGHUP when allocating a tty by @mstory21 in #104
add an option to skip draining on tty close by @mstory21 in #105
cgroup: initialize controllers buffer to 0s by @travisshivers in #106
Don't write trailing nulls to pidfile by @yabberyabber in #107
cgroup,systemd: fix race in message dequeue waiting for cgroup to exist by @Snaipe in #109
share,cli: fix regression on single-ns shares by @Snaipe in #110
seccomp: emulate safe privileged system calls by @Snaipe in #61
stat,seccomp: fix 32-bit overflow on stat quantities by @Snaipe in #98
seccomp: disable mknod emulation by default by @Snaipe in #111
sec,aarch64: fix compilation errors due to nonexistent 32-bit syscall support by @Snaipe in #112
seccomp: handle ENOENT when receiving syscall by @Snaipe in #113
outer,sec: close all fds before running supervisor loop by @Snaipe in #115
outer: fix pdeathsig race causing the helper to survive its parent by @Snaipe in #114
pdeathsig: revamp parent-liveness checks and stop assuming SIGKILL kills us by @Snaipe in #116
net: use correct sizes for ipvlan mode & flags by @Snaipe in #118
pdeathsig: fall back to pipe trick instead of proc comparison by @Snaipe in #117
seccomp: skip supervisor for nested calls by @Snaipe in #119

No results found