Tags

Changes since 1.13.0:    

!275 (merged) Enable --xattr when --security-label is used    
!274 (merged) seccomp: Allow tkill syscall    
!273 (merged) CI: Disable clippy::manual-c-str-literals warning

Changes since 1.12.0:

!269 Revert "openat: Always annotate errors with filename"    
!268 Add a note about the required FD state for --fd    
!267 Add missing `--allow-mmap` help string    
!266 Display the help text if no arguments are present    
!265 handle_dirent: Fill in fuse::Attr by Default    
!264 Make `PassthroughFs::new()` errors nicer to look at    
!263 Fix short reads/writes    
!261 Fix new clippy warnings    
!259 Make serialization infallible    
!257 Note migration argument exclusivity in --help    
!256 Verify migration arguments make sense    
!255 Support RESET_DEVICE    
!249 Introduce 'seccomp' feature    
!248 Move VhostUserFs* types from main.rs into new fs_backend module    
!245 support idmapped mounts    
!236 Add migration.md document    
!237 Add UID/GID translation layer    
!220 Add --readonly flag

!253 (merged) Fix nlink type    
!250 (merged) Always clear O_NOATIME by default    
!247 (merged) Clear S_ISGID explicitly in setxattr handler    
!246 (merged) Invalidate inode’s paths when necessary, and speed up --migration-mode=find-paths    
!244 (merged) Add file-handles migration mode    
!243 (merged) Add prefix to invalid inode/handle errors    
!242 (merged) Simplify VhostUserFsBackend::do_check_device_state()    
!241 (merged) Fix snapshotting without F_LOG_ALL    
!240 (merged) Make preserialization more resilient    
!239 (merged) Always keep the root node’s migration info set    
!238 (merged) Fix new compiler and clippy warnings    
!235 (merged) Create proper preserialization module

Changes since 1.11.0:

!232  virtio-fs/virtiofsd!232  Force-call DESTROY on INIT    
!231  virtio-fs/virtiofsd!231  Add "separate-options" capability to mark that new-style options can be used    
!230  virtio-fs/virtiofsd!230  Do not require --shared-dir to print capabilities    
!229  virtio-fs/virtiofsd!229  Enable notification on vring failure

Changes since 1.10.1:

!225  Add '--shared-dir' as required if '-o' is missing                                    
!224  Close the listener in the parent process                                             
!223  Check if both the socket parent directory and shared directory exist           
!222  deps: Bump syslog version                                                                 
!221  Increase maximum virtqueue size to 32768                                                        
!218  Hide clippy warning in readdir                                                 
!217  Remove redundant Result imports                                                    
!216  deps: Bump vhost and vhost-user-backend versions                                          
!215  Allow the user to specify --uid-map and --gid-map multiple times                     
!214  Fix new compiler and clippy warnings                                                     
!206  Migration                                                                                   
!204  Directly write uid/gidmap where possible                                                         
!199  Introduce allow-mmap flag

Changes since 1.10.0:
!212 (merged) Fix mandatory user namespaces

This release includes some bug fixes in our dependencies, and add support for up to 509 mem slots. Specifically, we update the dependencies to:

vhost-user-backend 0.13.1
vhost 0.10.0
vm-memory 0.14.0
virtio-queue 0.11.0
vmm-sys-util 0.12.1

The vmm-sys-utils update fixes an out-of-bounds memory access that could lead to a security vulnerability. And the vhost-user-backend, adds
support for 509 mem slots, and includes few bug fixes, among them, some required for our live migration support.
It also includes:
!207 (merged) Don't drop supplemental groups if /proc/self/setgroups contains "deny"

Changes since 1.8.0:

!208 Update rust-vmm dependencies
!203 Remove panic if newuidmap/newgidmap are missing
!202 README: Add guidance for adding to qemu cmdlines
!200 seccomp: allow `fstatfs64` syscall on powerpc64
!196 passthrough: Compare lowercase cache policy identifiers
!187 Support for xen vhost frontend
!176 Renaming the interop json file

Changes since 1.7.2:
!193 (merged) README: Use memfd for qemu by default    
!192 (merged) seccomp: Enable getrandom() syscall    
!173 (merged) Add a new cache policy Metadata

This is a minor fix for the v1.7.1 release, it just adds the -V/--version options

Changes since 1.7.0:

!188 Update vhost-user-backend: Fix used idx    
!186 Implement `Copy` in `SandboxMode`    
!185 Use `name_to_handle_at()` to get the mount id    
!184 oslib: Mark `writev_at()` as unsafe    
!180 Fix missing license header    
!178 virtiofsd: migrate from structopt to clap v4

Changes since 1.6.1:

!177  Downgrade env_log crate to remove binary dependencies    
!175  Upgrade rust-vmm dependencies    
!174  Allow to provide the same argument multiple times    
!172  passthrough: add KEEP_CACHE flag for directory file when cache=always    
!170  seccomp: Allow SYS_sched_yield    
!169  Fix cache timeouts    
!168  Refactor FUSE bitmask constants    
!167  passthrough: open mountinfo proc file in case we readlly need    
!166  add support for loongarch64    
!165  write: track dirty pages on `write()`    
!164  Prevent EPERM failures with O_NOATIME    
!162  Make Reader and Writer generic over bitmap    
!160  Add supplementary group extension support

Changes since v1.6.0:

!161 server: remove buffer size check for read/write
!159 Don't use unshare(CLONE_FS) when not threaded

Changes since v1.5.1:

!137 enabling a non-root user to set the UID/GID mappings inside a sandbox
!153 Fix musl SIGSYS due to missing seccomp filter
!155 Fix clippy warnings
!154 Announce submounts by default
!156 Remove unsupport syscall in linux/riscv64
!157 seccomp: fix support for ppc64le

Changes since v1.5.0:
    
!150  Bump dependencies version                                (main) ← (upd-libc)
!149  Fix clippy warnings                                      (main) ← (fix-clippy-warnings)
!146  Remove `security.capability` even if the file was op...  (main) ← (fix-setattr-xattrmap)

Changes since v1.4.0:

!144  seccomp: Allow `SYS_sigreturn` for s390x                 (main) ← (fix-s390x-crash)
!143  passthrough: Set `RWF_APPEND` on non-cached writes o...  (main) ← (fix-append-mmap)
!142  keep `DAC_OVERRIDE` after changing the uid/gid           (main) ← (fix-supgroup)
!141  passthrough: Replace `openat(2)` with `openat2(2)`       (main) ← (feat-openat2)
!140  Keep DAC_READ_SEARCH on setxattr with posix acl          (main) ← (fix-setxattr-w-filehandles)
!139  Bump rust-vmm crates dependencies                        (main) ← (update-rust-vmm)
!138  descriptor_utils: Remove unnecessary deref               (main) ← (fix-clippy-warn)
!136  sandbox: Allow non-root users run the daemon without...  (main) ← (sandbox-none-non-root)
!135  Add `umask(2)` safe wrapper                              (main) ← (ref-safe-umask)
!134  Add command line documentation details                   (main) ← (fix-cmdline-doc)
!133  Add missing license file header       ...

Changes since v1.3.0:

!127  Adds safe versions of `libc::mount()` and `libc::u...  (main) ← (ref-wrap-unsafe-mount)
!118  sandbox: Move parent process code inside sandbox       (main) ← (refactor-parent-sandbox)
!126  Update virtio-queue and vhost-user-backend deps        (main) ← !(update-deps)
!117  sandbox: Fix PR_SET_PDEATHSIG race condition           (main) ← (fix-fork-prctl-rc)
!102  Add capability to create security context (SELinux...  (main) ← (security-label)
!113  Log the errno error description on debug               (main) ← (fix-errmsg)
!125  Fix nightly clippy derive_partial_eq_without_eq wa...  (main) ← (fix-clippy-warn)
!124  Fixes failed open mount point when using file hand...  (main) ← (fix-fh-chroot)
!114  server: Reply FUSE_INIT_EXT on FUSE_INIT               (main) ← (fix-initext)

Changes since v1.1.0:

!112  Replace deprecated MAX with the associated constan...  (main) ← (fix-depr)
!111  Fix st_mode of . and .. directories in readdirplus     (main) ← (fix-readdirplus)
!110  Allow only one daemon to bind the socket               (main) ← (sckex)
!109  Update inode file handles documentation                (main) ← (doc_fh)
!108  Log the FUSE opcode name and inode on debug            (main) ← (opcode_name)
!107  Fix daemon startup with new glibc versions (>=2.35)    (main) ← (ps-allow-rseq)
!106  Switch to building statically linked binaries for ...  (main) ← (static_build)
!105  Do not call setgroups() for unprivileged user name...  (main) ← (no-setgroups-unpriv-namespace)
!104  Increment the rlimit_nofile for all sandbox modes      (main) ← (rlimit_nofile)
!103  Expand "map" type rule                                 (main) ← (fix_map_type)
!101  Set the number of written bytes for used descs         (main) ← (used-len)
!100  Add (and prefer) “prefer” alias to --inode-file-ha...  (main) ← (file-handles-prefer-alias)
!99   Add statx musl support                                 (main) ← (musl-static)
!98   Set edition to 2018 in rustfmt.toml and update som...  (main) ← (update-deps)
!97   Extend the documentation                               (main) ← (ext_doc)
!96   Check whether the root’s file handle is usable         (main) ← (check-root-nodes-handle)
!95   Add posix ACLs support                                 (main) ← (posix_acl)
!94   virtiofsd: Add capability to handle extended fuse ...  (main) ← (fuse-init-ext)
!92   Setxattr:  get the correct structure based on whet...  (main) ← (srvst)
!91   vhost_user_backend: Remove nested RwLock               (main) ← (backend-no-mut)
!88   passthrough: Use application-specific inode storage    (main) ← (inode-store)
!87   process_queue_pool: Only acquire the VringMutex lo...  (main) ← (pool-lock-once)
!86   Modify the list of enabled capabilities from the c...  (main) ← (modcaps)
!84   passthrough: Reset config on FUSE_DESTROY              (main) ← (reset-bools)
!82   passthrough: Fix InodeData reference counting          (main) ← (fix-25)
!80   Parent exits with signal received by child             (main) ← (issue_21)

Changes since v1.0.0:
- xattr mapping add a new type "unsupported" (!67)
- sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65)
- sandbox: Propagate exit code from child to parent (!64)
- xattrmap: Fix documentation for type "map" (!68)
- Adds compatibility options (!61)
- Replace crate seccomp-sys with libseccomp-sys (!71)
- Drop membership of all supplementary groups (CVE-2022-0358) (!77)
- Adds killpriv_v2/no_killpriv_v2 options (!62)