* crun-1.4.4

- wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
- Resolve symlinks in bind mounts when creating a user namespace.
- Fix CVE-2022-27650: exec does not set inheritable capabilities.

* crun-1.4.3

- cgroup: avoid infinite loop when deleting a cgroup if it contains
  processes that cannot be terminated.
- support additional options for idmap mounts.  It is now possible to
  specify what mappings must be used for the idmapped mount.
- open the source for a bind mount in the host.  It is useful when
  creating a user namespace so that the parent directories for the
  source directory are not required to be accessible to the users in
  the user namespace.

* crun-1.4.2

- CRIU: add pre-dump support.
- Fix running with a read-only /dev.  The /dev/console file is created
  before re-mounting /dev as read-only.
- Ignore EROFS when chowning standard stream files.
- Add validation for sysctls before applying them.
- Attempt looking up the executable after the setresuid syscall, this
  solves an issue on NFS when the executable file is not owned by root
  in the container, but the UID:GID combination configured for the
  container can access it.

* crun-1.4.1

- Fix check for an invalid path.  crun was performing the wrong check
  to validate a path, causing spurious failures at runtime.
- Allow deleting a container while in `created` state.  It goes
  against what the OCI runtime specs dictate, but it is the expected
  behavior since runc allows it.
- Fix regression when joining a container that has explicit paths for
  the namespaces.
- cgroup: do not set cpu limits if number of shares is set to 0.
  Moby uses 0 to indicate no limits.
- Fix build issues when configured with --enable-shared.
- Fix build on systems where OPEN_TREE_CLOEXEC is not defined.
- Improve diagnostics for errors returned by dbus.

* crun-1.4

- wasm: support for running on kubernetes with containerd.
- linux: add support for recursive mount options.  e.g. it is possible
  to specify "rro" to make the mount read-only recursively.
- add support for idmapped mounts through a new mount option "idmap".
- linux: improve detection of /dev target.  Previously a mount like
  `/dev/` was not properly detected as mounting /dev/ from the host.
- now crun exec uses CLONE_INTO_CGROUP on supported kernels when
  using cgroup v2.
- retry the openat2 syscall if it fails with EAGAIN.
- cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup.
- on new kernels, use setns with pidfd.
- attempt the chdir again with the specified user if it failed before
  changing credentials.
- ebpf: fix build on 32 bits systems.
- crun --version shows the configured handlers.

* crun-1.3

- add support to natively build and run WebAssembly workload and
  WebAssembly containers.
- allow to specify sub-cgroup for exec.
- chown std streams if they are not a TTY.
- attach the correct streams if the container is suspended and
  restored multiple times.
- fix race condition when enabling controllers on cgroup v2.
- the fallback code to mount cgroupfs bind mounts the current
  cgroup path instead of the host /sys.

* crun-1.2

- exec: fix regression in 1.1 where containers are being wrongly
  reported as paused.
- criu: add support for external ipc, uts and time namespaces.

* crun-1.1

- cgroup: use cgroup.kill when available. It is faster to kill a
  container through its cgroup as there is no need to recurse over the
  cgroup pids and terminate each one of them.
- exec: refuse to exec in a paused container/cgroup.
- container: Set primary process to 1 via LISTEN_PID by default if
  user configuration is missing.
- criu: Add support for external PID namespace.
- criu: fix save of external descriptors.  Now restored containers
  attach correctly their standard streams.
- utils: retry openat2 on EAGAIN.  If the openat2 syscall is
  interrupted, try again.

* crun-1.0

- cgroup: chown the current container cgroup to root in the container.
- linux: treat pidfd_open failures EINVAL as ESRCH
- cgroup: add support for setting memory.use_hierarchy on cgroup v1.
- Makefile.am: fix link error when using directly libcrun.
- Fix symlink target mangling for tmpcopyup targets.

* crun-0.21

- honor memory swappiness set to 0
- status: add fields for owner and created timestamp
- cgroup: lookup pids controller as well when the memory controller
  is not available
- when compiled with krun, automatically use it if the current
  executable file is called "krun".

* crun-0.20.1

- container: ignore error when resetting the SELinux label for the
  keyring.

* crun-0.20

- container: call prestart hooks before rootfs is RO.
- cgroup: added support cleaning custom controllers on cgroupv1.
- spec: add support for --bundle.
- exec: add --no-new-privs.
- exec: add --process-label and --apparmor to change SELinux and
  AppArmor labels.
- cgroup: kill procs in cgroup on EBUSY.
- cgroup: ignore devices errors when running in a user namespace.
- seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
- seccomp: report correct action in error message.
- apply SELinux label to keyring.
- add custom annotation run.oci.delegate-cgroup.
- close_range fallbacks to close on EPERM.
- report error if the cgroup path was set and the cgroup could not be
  joined.

* crun-0.19.1

- on exec, honor additional_gids from the process spec, not the
  container definition.
- spec: add cgroup ns if on cgroup v2.
- systemd: support array of strings for cgroup annotation.

* crun-0.19

- join all the cgroup v1 controllers.
- raise a warning when newuidmap/newgidmap fail.
- handle eBPF access(dev_name, F_OK) call correctly.
- fix some memory leaks on errors when libcrun is used by a long
  running process.
- fix the SELinux label for masked directories.
- support default seccomp errno value.
- fail if no default seccomp action specified.
- support OCI seccomp notify listener.
- improve OOM error messages.
- ignore unknown capabilities and raise a warning.
- always remount bind mounts to drop not requested mount flags.

* crun-0.18

- fix build without CLONE_NEWCGROUP.
- fix conversion from blkio to io.
- add custom annotation to load raw BPF.
- set working directory for libkrun
- fix symlink lookup on old kernels that lack openat2
- skip +cpu on EINVAL in cgroup root.  Enabling the cpu controller is
  not permitted if there are already realtime processes running on the
  system.
- Fix permission error when using NOTIFY_SOCKET with username spaces.
- set HOME to root if the user not found.
- simplify mount logic to not use a temporary mount.
- ignore ENOSYS from keyctl.

* crun-0.17

- allow creating user namespaces without root being mapped.
- allow arbitrary IDs with single ID userns.
- use close_range(CLOSE_RANGE_CLOEXEC) where available.
- honor /sys/kernel/cgroup/delegate.
- fix an issue with hooks running in the container PID namespace.
- fix building without seccomp.
- fix building without libcap.

* crun-0.16

- CRIU support.
- fallback to openat if openat2 returns EPERM.
- ignore ENOENT for cgroup v1 mounts, if the mount fails with
  ENOENT, the controller might have been unmounted.
- fix another race reading cgroup freeze.  Reading from the cgroup
  fails with ENODEV if the cgroup was deleted in the meanwhile.

* crun-0.15.1

- add experimental support for libkrun.
- fix check for pidfd availability on older kernels.
- linux: do not set data when remounting read-only.  Fix 'ro' mounts
  on older kernels when SELinux is enabled.
- linux: label the cgroup v1 tmpfs when SELinux is enabled.
- container: truncate the pid file before writing to it.
- exec: fix check for read bytes from the sync socket.
- check the process has a cgroup before allowing pause and resume.
- linux: always create a user namespace if not running with euid == 0.
- libcrun can use a hook instead of executing a container process.
- use libyajl to generate hooks json input.
- handle correctly ENOENT for seccomp notifications.

* crun-0.15

- add support for OCI unified cgroup v2.
- add json format option to `crun list`.
- get last kernel capability dynamically instead of using a build
  time constant.
- enable all available cgroup controllers.
- support the seccomp SCMP_ACT_LOG action.
- support the seccomp SCMP_ACT_KILL_THREAD action.
- properly set a SELinux label for the mqueue mount.
- `crun kill` uses pidfd when supported.
- experimental support for seccomp notifications.
- fix bundle option for `crun create` and `crun run`.
- allow to declare path to config file.
- check /sys/kernel/security/apparmor when using AppArmor.
- doesn't accept type=bind alone anymore, but require either "bind"
  or "rbind" to be present in the mount flags.

* crun-0.14.1

- fix a regression in crun-0.14 where openat2(2) would fail when bind
  mounting a symlink.
- various small fixes to allow running regression tests outside of
  source tree.

* crun-0.14

- cgroup, systemd: create container under subcgroup.  Now a "/container"
  sub-cgroup is created and fully managed by libcrun.  This is a different
  behaviour than what runc does.
- libcrun: use the openat2 syscall available since Linux 5.6.
- container: allow hooks output to file through an annotation.
- linux: support joining PID/IPC namespace not owned by the user namespace.
  Requires Linux 5.3.
- linux: avoid double fork for creating the init process if not needed.
- linux: fix an issue where the basename for $NOTIFY_SOCKET is different
  than /notify.
- rootless: allow /dev/{tty,ptmx} to be present in linux.devices.
- cgroup: fix an issue on CentOS 7.8 when using net_cls and net_prio.
- seccomp: honor errnoRet from OCI spec runtime.
- exec: set setresuid/setresgid before setting up the terminal.
- cgroup, v2: fix crun update with both --memory -1 --memory-swap -1.
- cgroup, v2: fixing setting unlimited swap.
- cgroup, v2: allow to set unlimited swap per se.
- cgroup, v2: treat negative numbers as "max"
- cgroup, v2: raise error if swap is set without memory limit.
- cgroup: ignore cpu resources if set to 0.
- libcrun: audit errno in crun_make_error calls
- libcrun: fix read_pid_stat usage.
- linux: fix double close on the same file descriptor.
- container: Prevent deletion of not stopped container
- status: Use process start time for identification
- CRIU: several improvements.
- linux: fix path lookups for relative paths containing '/'.
- linux: use the SELinux mount label for the notify socket.
- status: delete doesn't fail if the process already exited.

* crun-0.13

- license: change license to gplv2+ and lgpl2.1+.
- criu: initial support for `container restore`.
- state: If a container is paused, report its state as 'paused'.
- cgroup: use the memory controller to ready PIDs.  The pid controller
  is not available on kernels older than 4.3.
- linux: drop context= for remount.  Older linux versions complain
  when the selinux label is specified on a remount.
- utils: fix mount on not writeable path.
- cgroup: support systemd properties via annotations.
- systemd: do not set hard-code collectmode value.  It can be set
  through an annotation.
- cgroup: write the correct blkio settings.
- exec: do not inherit env variables from main pid.
- ebpf: fix endianness issue on s390x.
- linux: fix recursive mount on cgroup v1.

* crun-0.12.2.1

- when not using a cgroup namespace, mount only the cgroup v1 subpath.

* crun-0.12.2

- do not require read permissions on /
- add support for the "time" namespace via a custom annotation
- fix mount of cgroup v1 when using a cgroup namespace
- set default umask to 0022
- use the correct path for notify socket with "crun run -d"
- always use setsid
- use correct indices for seccomp generation
- fixed several issues with cgroup v2 and the cgroupfs driver

* crun-0.12.1

- fix the order of clone syscall arguments on s390 and cris.
- if no mode is specified use 0666 for devices.
- fix running with a relative bundle directory.
- fix some regressions in the mounts path resolution.
- drop a warning when cgroup are not available for rootless.

* crun-0.12

- masked paths use only MS_UNBINDABLE
- mount doesn't specify mount data when there are no options
- support new hook types: createRuntime, createContainer and startContainer
- safer mount options.  A temporary mount is prepared outside of the
  rootfs before being moved to it.
- apply selinux/apparmor before the pivot_root.
- handle correctly proc remounts.  It is now supported to specify hidepid=
- fix exec if a namespace is not available.
- handle swap limit with the same semantic as on cgroup v1.
- bring network device up.
- reset all signal handlers to default.

* crun-0.11

- cgroups2: map memory reservation to memory.low
- statx fallbacks to stat on EINVAL
- utils: do not fail if the path we are trying to create already
  exists
- generate seccomp profile in the parent process, not in the container
  init process.  Memory usage is more reliable now and a container can
  run with ~250K of max memory.
- support for Linux personality.
- support for umask.
- support for the hugetlb controller on cgroup v2.
- PIDs from a cgroup are read recursively.
- do not fork on "create".
- now by default seccomp doesn't fail on an unknown syscall.  The
  previous behavior can be enabled with an annotation.
- fix joining cgroup on cgroup v2 when a named hierarchy is also
  present.
- fix creating user namespaces with more than 2^32 IDs mapped.
- on exec, keep the SELinux label or AppArmor profile from the
- container configuration.
- runtime specific annotation are prefixed with run.oci.

* crun-0.10.6

- when running with a terminal, change the ownership for the terminal
  to the specified user
- spec: honor the --rootless flag
- linux: make sure the source path is resolved when checking the file
  type.  Regression introduced with 0.10.5.

* crun-0.10.5

- fix CVE-2019-18837
- fix running on CentOS/RHEL 8
- report errors opening the console socket
- not leave config.json around if the container could not be created

* crun-0.10.4

- ignore errors creating /dev/console
- add an annotation "io.crun.keep_original_groups", if it is set then
  crun won't drop additional groups when creating the container

* crun-0.10.3

- systemd: set collectmode=inactive-or-failed
- fix build on Alpine
- use the current working directory to lookup local paths
- improve the error message when a hook fails
- add granular enable/disable configure options

* crun-0.10.2

- fix a regression in 0.10.1 where cgroups v1 could not be created
- correctly chown cgroups when using a user namespace so that systemd
  can run in a container that uses a user namespace

* crun-0.10.1

- linux: Keep MS_RDONLY when remounting bind mount of a read-only
  source.  It solves an issue on Fedora Silverblue where /usr is
  mounted read only.
- fix exec of rootless containers when cgroups are not available

* crun-0.10

- support for AppArmor
- fix for CVE-2019-16884, make sure writes to /proc for the SELinux
  and AppArmor labels are on procfs.
- exec supports --preserve-fds
- seccomp: fix lookup for pseudo syscalls, seccomp now works fine on
  non native archs
- cgroup: ignore rootless errors if manager != systemd
- error: always write errors to stderr
- chroot: follow symlinks for the last component
- set $HOME if it is not already defined

* crun-0.9.1

- fix an issue with tmpcopyup that didn't work correctly with symlinks
- create a new cgroup namespace before mounting the cgroup file
  system, so that it uses the correct namespace

* crun-0.9

- fix exec into containers running systemd on cgroups v2
- kill: honor --all
- kill: when not using a PID namespace, use the freezer controller to
  prevent the container forking new processes
- linux: handle tmpcopyup option to copy files from the rootfs to the
  new mounted tmpfs.
- OCI: honor seccomp options.  If not specified any seccomp option,
  now crun will default to using SECCOMP_FILTER_FLAG_SPEC_ALLOW |
  SECCOMP_FILTER_FLAG_LOG when using the seccomp(2)
  syscall

* crun-0.8

- executable lookup. Now create fails immediately if the specified
  executable doesn't exist
- subreaper enabled only when crun is attached
- fix notify socket when used from create and prevent it hanging
  indefinitely when the container exits
- correctly write cpu controller resources when using cgroups v2
- support for the freezer controller when using cgroups v2
- honor unspecified minor/major number for devices when using cgroups v2
- reintroduce --no-pivot
- do not add a cgroup path again if it was already specified in the
  OCI configuration
