libvirt Sandbox News
====================
0.6.0 - "Dashti Margo" - 2015-07-01
-----------------------------------
- API/ABI in-compatible change, soname increased
- Prevent use of virt-sandbox-service as non-root upfront
- Fix misc memory leaks
- Block SIGHUP from the dhclient binary to prevent
accidental death if the controlling terminal is
closed & reopened
- Add support for re-creating libvirt XML from sandbox
config to facilitate upgrades
- Switch to standard gobject introspection autoconf macros
- Add ability to set filters on network interfaces
- Search /usr/lib instead of /lib for systemd unit
files, as the former is the canonical location even
when / and /usr are merged
- Only set SELinux labels on hosts that support SELinux
- Explicitly link to selinux, instead of relying on
indirect linkage
- Update compiler warning flags
- Fix misc docs comments
- Don't assume use of SELinux in virt-sandbox-service
- Fix path checks for SUSUE in virt-sandbox-service
- Add support for AppArmour profiles
- Mount /var after other FS to ensure host image is
available
- Ensure state/config dirs can be accessed when QEMU
is running non-root for qemu:///system
- Fix mounting of host images in QEMU sandboxes
- Mount images as ext4 instead of ext3
- Allow use of non-raw disk images as filesystem
mounts
- Check if required static libs are available at configure
time to prevent silent fallback to shared linking
- Require libvirt-glib >= 0.2.1
- Add support for loading lzma and gzip compressed kmods
- Check for support libvirt URIs when starting guests
to ensure clear error message upfront
- Add LIBVIRT_SANDBOX_INIT_DEBUG env variable to allow
debugging of kernel boot messages and sandbox init
process setup
- Add support for exposing block devices to sandboxes
with a predictable name under /dev/disk/by-tag/TAGNAME
- Use devtmpfs instead of tmpfs for auto-populating
/dev in QEMU sandboxes
- Allow setup of sandbox with custom root filesystem
instead of inheriting from host's root.
- Allow execution of apps from non-matched ld-linux.so
/ libc.so, eg executing F19 binaries on F22 host
- Use passthrough mode for all QEMU filesystems
0.5.1 - "Cholistan" - 2013-11-18
--------------------------------
- Fix path to systemd binary (prefers dir /lib/systemd not /bin)
- Remove obsolete commands from virt-sandbox-service man page
- Fix delete of running service container
- Allow use of custom root dirs with 'virt-sandbox --root DIR'
- Fix 'upgrade' command for virt-sandbox-service generic services
- Fix logrotate script to use virsh for listing sandboxed services
- Add 'inherit' option for virt-sandbox '-s' security context
option, to auto-copy calling process' context
- Remove non-existant '-S' option froom virt-sandbox-service man
page
- Fix line break formatting of man page
- Mention LIBVIRT_DEFAULT_URI in virt-sandbox-service man page
- Check some return values in libvirt-sandbox-init-qemu
- Remove unused variables
- Fix crash with partially specified mount option string
- Add man page docs for 'ram' mount type
- Avoid close of un-opened file descriptor
- Fix leak of file handles in init helpers
- Log a message if sandbox cleanup fails
- Cope with domain being missing when deleting container
- Improve stack trace diagnostics in virt-sandbox-service
- Fix virt-sandbox-service content copying code when faced with
non-regular files.
- Improve error reporting if kernel does not exist
- Allow kernel version/path/kmod to be set with virt-sandbox
- Don't overmount '/root' in QEMU sandboxes by default
- Fix nosuid / nodev mount options for tmpfs
- Force 9p2000.u protocol version to avoid QEMU bugs
- Fix cleanup when failing to start interactive sandbox
- Create copy of kernel from /boot to allow relabelling
- Bulk re-indent of code
- Avoid crash when gateway is missing in network options
- Fix symlink target created in multi-user.target.wants
- Add '-p PATH' option for virt-sandbox-service clone/delete
to match 'create' command option.
- Only allow 'lxc:///' URIs with virt-sandbox-service
until further notice
- Rollback state if cloning a service sandbox fails
- Add more kernel modules instead of assuming they are
all builtins
- Don't complain if some kmods are missing, as they may
be builtins
- Allow --mount to be repeated with virt-sandbox-service
0.5.0 - "Sahara Desert" - 2013-08-01
------------------------------------
- Switch to use persistent libvirt configuration files for
service sandboxes
- Store service configs in /etc/libvirt-sandbox/services/$NAME/
instead of /etc/libvirt-sandbox/services/$NAME.sandbox to
allow storage of multiple files per sandbox
- Add a new 'virt-sandbox-service upgrade NAME' command,
to be run by admin for all existing service sandboxes to
upgrade their configuration to be compatible with the new
release
- Remove start, stop, list commands from virt-sandbox-service,
with recomendation to use start, destroy & list commands in
virsh instead.
- Remove duplicate -u option in man page
- Update man page examples
- Stop generating a UNIT_sandbox.target unit, instead letting
the sandbox unit tie into multi-user.target as normal
- Remove unimplemented APIs for graphical sandboxes, to be
re-added at a later date when actually functional
- Add padding to public structs, to facilitate preservation
of public ABI compatibility in future
- Add note about default libvirt URIs in man page
- Fix cloning of sandboxes
0.2.1 - "Owami Desert" - 2013-07-09
-----------------------------------
- Requires libvirt-glib >= 0.1.7
- ABI change: Removed GVirSandboxCleaner class
- Don't add link in /var/log/journal for image based containers
- Don't hold open libvirt connection when displaying service
sandbox consoles
- Record container UUID in config for service sandboxes
- Add missing RPMs deps
- Allow custom mounts to be specified to virt-sandbox-service
- Fix misc bugs in sandbox creation/deletion
- Use 'guest bind' for configuring image based service sandboxes
- Allow NIC MAC address to be chosen
- Include systemd-initctl.socket in service sandboxes by default
to allow libvirt initiated graceful shutdown
0.2.0 - "Nubian Desert" - 2013-05-07
------------------------------------
- Requires systemd >= 198
- Fix termination of interactive sandbox client to
avoid loosing final I/O
- Stop hardcoding default security label
- Misc docs typos / fixes
- Fix infinite loop handling security opts
- Mandate enablement of introspection
- Handle NULL broadcast address for NICs
- Don't assume /var/log/journal exists
- Improve rollback if creation of service sandbox fails
- Block host NICs from sandbox
- Sanity check requested network config
- Fix sandbox journal location to be a dir not a file
- Fix parsing of --security option
- Change virt-sandbox-service to use --security opts
instead of SELinux specific -l/-t/-d args
- Replace use of YUM with RPM to improve performance
- Send dhclient output to /dev/null
- Avoid getting stuck in waitpid if non-primary process
exits
- Allow choice of host virtual networks
- Support network config with virt-sandbox-service
- Do not create any NIC in service sandbox by default
- Cope with SELinux label lacking a category pair
- Delay dropping credentials until after ttys are opened
- Fix tty permissions in QEMU init helper to be 0700 instead
of 0777
- Add support for non-systemd service containers
- Add support for i18n of all output strings
- Remove hardcoding of lxc:/// in virt-sandbox-service
- Correctly handle EOF from raw console
- Improve I/O performance of virt-sandbox
- Allow custom uid/gid for generic service sandboxes
- Do not run debug shell in service sandboxes
- Add --package option to virt-sandbox-service for cases
where the unit file is not owned by an RPM
- Use drop in systemd service override, instead of
includes
- Support templated systemd service units
0.1.2 - "Namib Desert" - 2013-03-05
-----------------------------------
- Requires libvirt >= 1.0.2
- Split virt-sandbox-service manpage into separate docs,
one for each sub-command
- Fix handling of GLib.GError exceptions
- Containerize /var/lib/nfs/rpc_pipefs too
- Add ability to execute arbitrary commands inside the
container using namespace attach
- Fix docs for virt-sandbox mount options
- Better wording about escape sequence for consoles
- Create journal file if it doesn't already exist
- Create /etc/rc.d/init.d inside container to block
legacy init scripts starting
- Skip binding files/dirs which don't exist in host
0.1.1 - "Libyan Desert" - 2012-12-10
------------------------------------
- Fix typos in POD docs for some classes
- Only depend on libvirt-daemon-{kvm,qemu,lxc}, not
full libvirt RPM.
- Switch to YUM for extracting package file list
- Bind mount whole of /var rather than only some subdirs
- Validate unit files exist before creating sandbox
- Fixes to population of files in /etc and /var
- Finish 'clone' command for copying sandboxes
- Populate /etc/machine-id file
- Fix systemd dependancies for bulk start/stop of containers
- Symlink container journal directory into host filesystem
- Rename sandbox.target to multi-user.target
- Fix attachment to running containers
0.1.0 - "Karoo" - 2012-08-10
----------------------------
- ABI+API incompatible with previous library, so new soname
- Some changes to CLI args for virt-sandbox command
- Many fixes to virt-sandbox-service
- Use /run/libvirt-sandbox instead of /root/.cache/libvirt
when run as root
- Fix typo setting RUNDIR
- Re-add /kernel suffix to kmod search dir
- Add APIs to select kernel version
- Fix SEGV when attaching consoles to NULL stdin
- Add logrotate script for virt-sandbox-service
- Turn GVirSandboxConsole into an abstract class
- Configurable keysequence for breaking out of console
(defaults to Ctrl+])
- Fix handling of strace debugging
- Add APIs to select kmod directory prefix
- Require glib >= 2.32
- Refactor APIs for configuring sandbox mounts
- Maintain a single sorted list of mounts
- Add support for RAM filesystems
- Setup tmpfs for /run and /tmp in sandbox services
- Remove need to provide executable for sandbox services,
just rely on systemd unit filename
- Enable admin customization of systemd services in sandbox
services
- Rewrite part of virt-sandbox-service in C to reduce
long term memory overhead
- Create custom systemd startup sequence
0.0.3 - "Kalahari Desert" - 2012-04-13
--------------------------------------
- Ensure root/config filesystems are readonly in KVM
- Add support for mounting host disk images in guests
- Add support for binding guest filesystems to new locations
- Add support for an optional interactive shell for debugging
or administrative purposes
- Add a virt-sandbox-service script for preparing sandboxes
for system services, integrating with systemd
- Misc compiler warning fixes
- Replace invocation of insmod with direct syscalls
- Refactor API to separate interactive sandbox functionality
from base class & service sandbox functionality
- Rewrite host/guest I/O handling to separate stdout from
stderr correctly, improve reliability of startup/shutdown
handshakes and propagate exit status back to host
- Exec away the first hypervisor specific init process,
so generic init process get PID 1
- Turn on reboot-on-panic in KVM to ensure guest exists on
fatal problems
0.0.2 - "Blue Desert" - 2012-01-12
----------------------------------
- Add ability to attach to an existing sandbox
- Update to require libvirt-gobject 0.0.4
- Add ability to run privileged apps
- Add support for an admin debug shell
- Switch to use /etc/libvirt-sandbox/scratch for config
0.0.1 - "Tatti Desert" - 2012-01-11
-----------------------------------
- First release
distrib
>
Mageia
>
6
>
x86_64
>
media
>
core-release
>
by-pkgid
>
7af56fbf98c0321db6c64f15a357b468
>
files
>
8
