libvirt Sandbox News ==================== 0.6.0 - "Dashti Margo" - 2015-07-01 ----------------------------------- - API/ABI in-compatible change, soname increased - Prevent use of virt-sandbox-service as non-root upfront - Fix misc memory leaks - Block SIGHUP from the dhclient binary to prevent accidental death if the controlling terminal is closed & reopened - Add support for re-creating libvirt XML from sandbox config to facilitate upgrades - Switch to standard gobject introspection autoconf macros - Add ability to set filters on network interfaces - Search /usr/lib instead of /lib for systemd unit files, as the former is the canonical location even when / and /usr are merged - Only set SELinux labels on hosts that support SELinux - Explicitly link to selinux, instead of relying on indirect linkage - Update compiler warning flags - Fix misc docs comments - Don't assume use of SELinux in virt-sandbox-service - Fix path checks for SUSUE in virt-sandbox-service - Add support for AppArmour profiles - Mount /var after other FS to ensure host image is available - Ensure state/config dirs can be accessed when QEMU is running non-root for qemu:///system - Fix mounting of host images in QEMU sandboxes - Mount images as ext4 instead of ext3 - Allow use of non-raw disk images as filesystem mounts - Check if required static libs are available at configure time to prevent silent fallback to shared linking - Require libvirt-glib >= 0.2.1 - Add support for loading lzma and gzip compressed kmods - Check for support libvirt URIs when starting guests to ensure clear error message upfront - Add LIBVIRT_SANDBOX_INIT_DEBUG env variable to allow debugging of kernel boot messages and sandbox init process setup - Add support for exposing block devices to sandboxes with a predictable name under /dev/disk/by-tag/TAGNAME - Use devtmpfs instead of tmpfs for auto-populating /dev in QEMU sandboxes - Allow setup of sandbox with custom root filesystem instead of inheriting from host's root. - Allow execution of apps from non-matched ld-linux.so / libc.so, eg executing F19 binaries on F22 host - Use passthrough mode for all QEMU filesystems 0.5.1 - "Cholistan" - 2013-11-18 -------------------------------- - Fix path to systemd binary (prefers dir /lib/systemd not /bin) - Remove obsolete commands from virt-sandbox-service man page - Fix delete of running service container - Allow use of custom root dirs with 'virt-sandbox --root DIR' - Fix 'upgrade' command for virt-sandbox-service generic services - Fix logrotate script to use virsh for listing sandboxed services - Add 'inherit' option for virt-sandbox '-s' security context option, to auto-copy calling process' context - Remove non-existant '-S' option froom virt-sandbox-service man page - Fix line break formatting of man page - Mention LIBVIRT_DEFAULT_URI in virt-sandbox-service man page - Check some return values in libvirt-sandbox-init-qemu - Remove unused variables - Fix crash with partially specified mount option string - Add man page docs for 'ram' mount type - Avoid close of un-opened file descriptor - Fix leak of file handles in init helpers - Log a message if sandbox cleanup fails - Cope with domain being missing when deleting container - Improve stack trace diagnostics in virt-sandbox-service - Fix virt-sandbox-service content copying code when faced with non-regular files. - Improve error reporting if kernel does not exist - Allow kernel version/path/kmod to be set with virt-sandbox - Don't overmount '/root' in QEMU sandboxes by default - Fix nosuid / nodev mount options for tmpfs - Force 9p2000.u protocol version to avoid QEMU bugs - Fix cleanup when failing to start interactive sandbox - Create copy of kernel from /boot to allow relabelling - Bulk re-indent of code - Avoid crash when gateway is missing in network options - Fix symlink target created in multi-user.target.wants - Add '-p PATH' option for virt-sandbox-service clone/delete to match 'create' command option. - Only allow 'lxc:///' URIs with virt-sandbox-service until further notice - Rollback state if cloning a service sandbox fails - Add more kernel modules instead of assuming they are all builtins - Don't complain if some kmods are missing, as they may be builtins - Allow --mount to be repeated with virt-sandbox-service 0.5.0 - "Sahara Desert" - 2013-08-01 ------------------------------------ - Switch to use persistent libvirt configuration files for service sandboxes - Store service configs in /etc/libvirt-sandbox/services/$NAME/ instead of /etc/libvirt-sandbox/services/$NAME.sandbox to allow storage of multiple files per sandbox - Add a new 'virt-sandbox-service upgrade NAME' command, to be run by admin for all existing service sandboxes to upgrade their configuration to be compatible with the new release - Remove start, stop, list commands from virt-sandbox-service, with recomendation to use start, destroy & list commands in virsh instead. - Remove duplicate -u option in man page - Update man page examples - Stop generating a UNIT_sandbox.target unit, instead letting the sandbox unit tie into multi-user.target as normal - Remove unimplemented APIs for graphical sandboxes, to be re-added at a later date when actually functional - Add padding to public structs, to facilitate preservation of public ABI compatibility in future - Add note about default libvirt URIs in man page - Fix cloning of sandboxes 0.2.1 - "Owami Desert" - 2013-07-09 ----------------------------------- - Requires libvirt-glib >= 0.1.7 - ABI change: Removed GVirSandboxCleaner class - Don't add link in /var/log/journal for image based containers - Don't hold open libvirt connection when displaying service sandbox consoles - Record container UUID in config for service sandboxes - Add missing RPMs deps - Allow custom mounts to be specified to virt-sandbox-service - Fix misc bugs in sandbox creation/deletion - Use 'guest bind' for configuring image based service sandboxes - Allow NIC MAC address to be chosen - Include systemd-initctl.socket in service sandboxes by default to allow libvirt initiated graceful shutdown 0.2.0 - "Nubian Desert" - 2013-05-07 ------------------------------------ - Requires systemd >= 198 - Fix termination of interactive sandbox client to avoid loosing final I/O - Stop hardcoding default security label - Misc docs typos / fixes - Fix infinite loop handling security opts - Mandate enablement of introspection - Handle NULL broadcast address for NICs - Don't assume /var/log/journal exists - Improve rollback if creation of service sandbox fails - Block host NICs from sandbox - Sanity check requested network config - Fix sandbox journal location to be a dir not a file - Fix parsing of --security option - Change virt-sandbox-service to use --security opts instead of SELinux specific -l/-t/-d args - Replace use of YUM with RPM to improve performance - Send dhclient output to /dev/null - Avoid getting stuck in waitpid if non-primary process exits - Allow choice of host virtual networks - Support network config with virt-sandbox-service - Do not create any NIC in service sandbox by default - Cope with SELinux label lacking a category pair - Delay dropping credentials until after ttys are opened - Fix tty permissions in QEMU init helper to be 0700 instead of 0777 - Add support for non-systemd service containers - Add support for i18n of all output strings - Remove hardcoding of lxc:/// in virt-sandbox-service - Correctly handle EOF from raw console - Improve I/O performance of virt-sandbox - Allow custom uid/gid for generic service sandboxes - Do not run debug shell in service sandboxes - Add --package option to virt-sandbox-service for cases where the unit file is not owned by an RPM - Use drop in systemd service override, instead of includes - Support templated systemd service units 0.1.2 - "Namib Desert" - 2013-03-05 ----------------------------------- - Requires libvirt >= 1.0.2 - Split virt-sandbox-service manpage into separate docs, one for each sub-command - Fix handling of GLib.GError exceptions - Containerize /var/lib/nfs/rpc_pipefs too - Add ability to execute arbitrary commands inside the container using namespace attach - Fix docs for virt-sandbox mount options - Better wording about escape sequence for consoles - Create journal file if it doesn't already exist - Create /etc/rc.d/init.d inside container to block legacy init scripts starting - Skip binding files/dirs which don't exist in host 0.1.1 - "Libyan Desert" - 2012-12-10 ------------------------------------ - Fix typos in POD docs for some classes - Only depend on libvirt-daemon-{kvm,qemu,lxc}, not full libvirt RPM. - Switch to YUM for extracting package file list - Bind mount whole of /var rather than only some subdirs - Validate unit files exist before creating sandbox - Fixes to population of files in /etc and /var - Finish 'clone' command for copying sandboxes - Populate /etc/machine-id file - Fix systemd dependancies for bulk start/stop of containers - Symlink container journal directory into host filesystem - Rename sandbox.target to multi-user.target - Fix attachment to running containers 0.1.0 - "Karoo" - 2012-08-10 ---------------------------- - ABI+API incompatible with previous library, so new soname - Some changes to CLI args for virt-sandbox command - Many fixes to virt-sandbox-service - Use /run/libvirt-sandbox instead of /root/.cache/libvirt when run as root - Fix typo setting RUNDIR - Re-add /kernel suffix to kmod search dir - Add APIs to select kernel version - Fix SEGV when attaching consoles to NULL stdin - Add logrotate script for virt-sandbox-service - Turn GVirSandboxConsole into an abstract class - Configurable keysequence for breaking out of console (defaults to Ctrl+]) - Fix handling of strace debugging - Add APIs to select kmod directory prefix - Require glib >= 2.32 - Refactor APIs for configuring sandbox mounts - Maintain a single sorted list of mounts - Add support for RAM filesystems - Setup tmpfs for /run and /tmp in sandbox services - Remove need to provide executable for sandbox services, just rely on systemd unit filename - Enable admin customization of systemd services in sandbox services - Rewrite part of virt-sandbox-service in C to reduce long term memory overhead - Create custom systemd startup sequence 0.0.3 - "Kalahari Desert" - 2012-04-13 -------------------------------------- - Ensure root/config filesystems are readonly in KVM - Add support for mounting host disk images in guests - Add support for binding guest filesystems to new locations - Add support for an optional interactive shell for debugging or administrative purposes - Add a virt-sandbox-service script for preparing sandboxes for system services, integrating with systemd - Misc compiler warning fixes - Replace invocation of insmod with direct syscalls - Refactor API to separate interactive sandbox functionality from base class & service sandbox functionality - Rewrite host/guest I/O handling to separate stdout from stderr correctly, improve reliability of startup/shutdown handshakes and propagate exit status back to host - Exec away the first hypervisor specific init process, so generic init process get PID 1 - Turn on reboot-on-panic in KVM to ensure guest exists on fatal problems 0.0.2 - "Blue Desert" - 2012-01-12 ---------------------------------- - Add ability to attach to an existing sandbox - Update to require libvirt-gobject 0.0.4 - Add ability to run privileged apps - Add support for an admin debug shell - Switch to use /etc/libvirt-sandbox/scratch for config 0.0.1 - "Tatti Desert" - 2012-01-11 ----------------------------------- - First release