Skip to content
Tags give the ability to mark specific points in history as being important
  • v1.10.1 Release: v1.10.1
    Changes since 1.10.0:
    !212 (merged) Fix mandatory user namespaces
  • v1.10.0 Release: v1.10.0
    This release includes some bug fixes in our dependencies, and add support for up to 509 mem slots. Specifically, we update the dependencies to:
    vhost-user-backend 0.13.1
    vhost 0.10.0
    vm-memory 0.14.0
    virtio-queue 0.11.0
    vmm-sys-util 0.12.1
    The vmm-sys-utils update fixes an out-of-bounds memory access that could lead to a security vulnerability. And the vhost-user-backend, adds
    support for 509 mem slots, and includes few bug fixes, among them, some required for our live migration support.
    It also includes:
    !207 (merged) Don't drop supplemental groups if /proc/self/setgroups contains "deny"
  • v1.9.0 Release: v1.9.0
    Changes since 1.8.0:
    !208 Update rust-vmm dependencies
    !203 Remove panic if newuidmap/newgidmap are missing
    !202 README: Add guidance for adding to qemu cmdlines
    !200 seccomp: allow `fstatfs64` syscall on powerpc64
    !196 passthrough: Compare lowercase cache policy identifiers
    !187 Support for xen vhost frontend
    !176 Renaming the interop json file
  • v1.8.0 Release: v1.8.0
    Changes since 1.7.2:
    !193 (merged) README: Use memfd for qemu by default    
    !192 (merged) seccomp: Enable getrandom() syscall    
    !173 (merged) Add a new cache policy Metadata
  • v1.7.2 Release: v1.7.2
    This is a minor fix for the v1.7.1 release, it just adds the -V/--version options
  • v1.7.1 Release: v1.7.1
    Changes since 1.7.0:
    !188 Update vhost-user-backend: Fix used idx    
    !186 Implement `Copy` in `SandboxMode`    
    !185 Use `name_to_handle_at()` to get the mount id    
    !184 oslib: Mark `writev_at()` as unsafe    
    !180 Fix missing license header    
    !178 virtiofsd: migrate from structopt to clap v4
  • v1.7.0 Release: v1.7.0
    Changes since 1.6.1:
    !177  Downgrade env_log crate to remove binary dependencies    
    !175  Upgrade rust-vmm dependencies    
    !174  Allow to provide the same argument multiple times    
    !172  passthrough: add KEEP_CACHE flag for directory file when cache=always    
    !170  seccomp: Allow SYS_sched_yield    
    !169  Fix cache timeouts    
    !168  Refactor FUSE bitmask constants    
    !167  passthrough: open mountinfo proc file in case we readlly need    
    !166  add support for loongarch64    
    !165  write: track dirty pages on `write()`    
    !164  Prevent EPERM failures with O_NOATIME    
    !162  Make Reader and Writer generic over bitmap    
    !160  Add supplementary group extension support
  • v1.6.1 Release: v1.6.1
    Changes since v1.6.0:
    !161 server: remove buffer size check for read/write
    !159 Don't use unshare(CLONE_FS) when not threaded
  • v1.6.0 Release: v1.6.0
    Changes since v1.5.1:
    !137 enabling a non-root user to set the UID/GID mappings inside a sandbox
    !153 Fix musl SIGSYS due to missing seccomp filter
    !155 Fix clippy warnings
    !154 Announce submounts by default
    !156 Remove unsupport syscall in linux/riscv64
    !157 seccomp: fix support for ppc64le
  • v1.5.1 Release: v1.5.1
    Changes since v1.5.0:
    !150  Bump dependencies version                                (main) ← (upd-libc)
    !149  Fix clippy warnings                                      (main) ← (fix-clippy-warnings)
    !146  Remove `security.capability` even if the file was op...  (main) ← (fix-setattr-xattrmap)
  • v1.5.0 Release: v1.5.0
    Changes since v1.4.0:
    !144  seccomp: Allow `SYS_sigreturn` for s390x                 (main) ← (fix-s390x-crash)
    !143  passthrough: Set `RWF_APPEND` on non-cached writes o...  (main) ← (fix-append-mmap)
    !142  keep `DAC_OVERRIDE` after changing the uid/gid           (main) ← (fix-supgroup)
    !141  passthrough: Replace `openat(2)` with `openat2(2)`       (main) ← (feat-openat2)
    !140  Keep DAC_READ_SEARCH on setxattr with posix acl          (main) ← (fix-setxattr-w-filehandles)
    !139  Bump rust-vmm crates dependencies                        (main) ← (update-rust-vmm)
    !138  descriptor_utils: Remove unnecessary deref               (main) ← (fix-clippy-warn)
    !136  sandbox: Allow non-root users run the daemon without...  (main) ← (sandbox-none-non-root)
    !135  Add `umask(2)` safe wrapper                              (main) ← (ref-safe-umask)
    !134  Add command line documentation details                   (main) ← (fix-cmdline-doc)
    !133  Add missing license file header       ...
  • v1.4.0 Release: v1.4.0
    Changes since v1.3.0:
    !127  Adds safe versions of `libc::mount()` and `libc::u...  (main) ← (ref-wrap-unsafe-mount)
    !118  sandbox: Move parent process code inside sandbox       (main) ← (refactor-parent-sandbox)
    !126  Update virtio-queue and vhost-user-backend deps        (main) ← !(update-deps)
    !117  sandbox: Fix PR_SET_PDEATHSIG race condition           (main) ← (fix-fork-prctl-rc)
    !102  Add capability to create security context (SELinux...  (main) ← (security-label)
    !113  Log the errno error description on debug               (main) ← (fix-errmsg)
    !125  Fix nightly clippy derive_partial_eq_without_eq wa...  (main) ← (fix-clippy-warn)
    !124  Fixes failed open mount point when using file hand...  (main) ← (fix-fh-chroot)
    !114  server: Reply FUSE_INIT_EXT on FUSE_INIT               (main) ← (fix-initext)
  • v1.3.0 Release: v1.3.0
  • v1.2.0 Release: v1.2.0
    Changes since v1.1.0:
    !112  Replace deprecated MAX with the associated constan...  (main) ← (fix-depr)
    !111  Fix st_mode of . and .. directories in readdirplus     (main) ← (fix-readdirplus)
    !110  Allow only one daemon to bind the socket               (main) ← (sckex)
    !109  Update inode file handles documentation                (main) ← (doc_fh)
    !108  Log the FUSE opcode name and inode on debug            (main) ← (opcode_name)
    !107  Fix daemon startup with new glibc versions (>=2.35)    (main) ← (ps-allow-rseq)
    !106  Switch to building statically linked binaries for ...  (main) ← (static_build)
    !105  Do not call setgroups() for unprivileged user name...  (main) ← (no-setgroups-unpriv-namespace)
    !104  Increment the rlimit_nofile for all sandbox modes      (main) ← (rlimit_nofile)
    !103  Expand "map" type rule                                 (main) ← (fix_map_type)
    !101  Set the number of written bytes for used descs         (main) ← (used-len)
    !100  Add (and prefer) “prefer” alias to --inode-file-ha...  (main) ← (file-handles-prefer-alias)
    !99   Add statx musl support                                 (main) ← (musl-static)
    !98   Set edition to 2018 in rustfmt.toml and update som...  (main) ← (update-deps)
    !97   Extend the documentation                               (main) ← (ext_doc)
    !96   Check whether the root’s file handle is usable         (main) ← (check-root-nodes-handle)
    !95   Add posix ACLs support                                 (main) ← (posix_acl)
    !94   virtiofsd: Add capability to handle extended fuse ...  (main) ← (fuse-init-ext)
    !92   Setxattr:  get the correct structure based on whet...  (main) ← (srvst)
    !91   vhost_user_backend: Remove nested RwLock               (main) ← (backend-no-mut)
    !88   passthrough: Use application-specific inode storage    (main) ← (inode-store)
    !87   process_queue_pool: Only acquire the VringMutex lo...  (main) ← (pool-lock-once)
    !86   Modify the list of enabled capabilities from the c...  (main) ← (modcaps)
    !84   passthrough: Reset config on FUSE_DESTROY              (main) ← (reset-bools)
    !82   passthrough: Fix InodeData reference counting          (main) ← (fix-25)
    !80   Parent exits with signal received by child             (main) ← (issue_21)
  • v1.1.0
    Changes since v1.0.0:
    - xattr mapping add a new type "unsupported" (!67)
    - sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65)
    - sandbox: Propagate exit code from child to parent (!64)
    - xattrmap: Fix documentation for type "map" (!68)
    - Adds compatibility options (!61)
    - Replace crate seccomp-sys with libseccomp-sys (!71)
    - Drop membership of all supplementary groups (CVE-2022-0358) (!77)
    - Adds killpriv_v2/no_killpriv_v2 options (!62)
  • v1.0.0
    First stable release.