Skip to content

1.20

Latest
Latest
Compare
Choose a tag to compare
@giuseppe giuseppe released this 05 Feb 08:39
· 1 commit to main since this release
1.20
This tag was signed with the committer’s verified signature.
giuseppe Giuseppe Scrivano
GPG key ID: 67E38F7A8BA21772
Verified
Learn about vigilant mode.
9c9a76a
This commit was signed with the committer’s verified signature.
giuseppe Giuseppe Scrivano
GPG key ID: 67E38F7A8BA21772
Verified
Learn about vigilant mode.
  • krun: fix CVE-2025-24965. The .krun_config.json file could be created outside of the container rootfs.
  • cgroup: reverted the removal of tun/tap from the default allow list, this was done in crun-1.5. The tun/tap device is now added by default again.
  • CRIU: do not set network_lock unless explicitly specified.
  • status: disallow container names containing slashes in their name.
  • linux: Improved error message when failing to set the net.ipv4.ping_group_range sysctl.
  • scheduler: Ignore ENOSYS errors when resetting the CPU affinity mask.
  • linux: return a better error message when pidfd_open fails with EINVAL.
  • cgroup: display the absolute path to cgroup.controllers when a controller is unavailable.
  • exec: always call setsid. Now processes created through exec get the correct process group id.
Assets 26
Loading