Releases: quark-zju/lrun
Releases · quark-zju/lrun
v1.2.1
v1.1.4
v1.1.3
v1.1.2
v1.1.1
- New utility helping create chroot environments - lrun-mirrorfs.
- New powerful file open filter.
- Add sanity check on cgroup option keys.
- No freeze when killing processes using the legacy method.
- Fix incorrect exitcode and signal reported by lrun sometimes.
v1.0.0
v0.9.9
- Improved syscall filter, see
--help-syscalls. Drop support for libseccomp 1.x - Support common unit suffixes in size-related options, ex.
--max-memory 0.5g - Help message adapts to terminal width
--nice negative-valuerequires rootpkg-configis now optional- Fixed a security issue introduced in 0.9.6, lrun < 0.9.9 should not be used if the user running it cannot be trusted
- Other tests and improvements
v0.9.8
- Add
--remount-rooption. Used together with--bindfs, this makes it easier to mark a subtree as read-only. - Add
--no-new-privsoption. This allows lrun to run nested lrun, chromium, sudo, ping, etc (root-only). - Other bug fixes and improvements
v0.9.7
Added several checks to prevent non-root users from using lrun for privilege escalation.
--bindfs dst srcrequires the user to be able to readsrcand writedst--tmpfs dst sizerequires the user to be able to writedst. Two exceptions are--tmpfs /home 0and--tmpfs /sys 0--cmdis disabled for non-root users.
v0.9.6
- Spawn pid 1 (init) in new pid namespace. Force the user process reponse to signals from the namespace. Require Linux >= 3.8
- New
--remount-devoption to make it easier to integrate with some FUSE mirror/filter filesystem --versionnow prints out important compilation flags- Lock cgroup. Two lrun instances with a same
--cgnamewill work as expected - Lock when writing debug logs (disabled if compiled with NDEBUG)
- Some refactoring, cleaning bug fixes, and more tests