Tags

v1.13.3

Changes since 1.13.2:

!301 Allow pwritev() and readv() seccomp filter
!300 Replace preadv64() by preadv2()
!298 Add Intellij IDEA configuration to .gitignore
!297 Correct current working directory references
!296 Switch to previous WD instead of root
!295 Do not call pivot_root(2) on the root filesystem
!294 Fix Clippy Warnings.
!293 CI: Build documentation and publish it to pages
!290 Set --inode-file-handles default value to "prefer"

v1.13.2

Changes since 1.13.1:
!286 (merged) Call setgroups syscall directly
!285 (merged) README.md: expand section on non-privileged running
!282 (merged) Fix/silence new clippy warnings
!278 (merged) Fix new clippy warning(s)/CI
!277 (merged) Document root-less usage using util-linux's unshare
!262 (merged) Limit guest FD allocation

v1.13.1

Changes since 1.13.0:    

!275 (merged) Enable --xattr when --security-label is used    
!274 (merged) seccomp: Allow tkill syscall    
!273 (merged) CI: Disable clippy::manual-c-str-literals warning

v1.13.0

Changes since 1.12.0:

!269 Revert "openat: Always annotate errors with filename"    
!268 Add a note about the required FD state for --fd    
!267 Add missing `--allow-mmap` help string    
!266 Display the help text if no arguments are present    
!265 handle_dirent: Fill in fuse::Attr by Default    
!264 Make `PassthroughFs::new()` errors nicer to look at    
!263 Fix short reads/writes    
!261 Fix new clippy warnings    
!259 Make serialization infallible    
!257 Note migration argument exclusivity in --help    
!256 Verify migration arguments make sense    
!255 Support RESET_DEVICE    
!249 Introduce 'seccomp' feature    
!248 Move VhostUserFs* types from main.rs into new fs_backend module    
!245 support idmapped mounts    
!236 Add migration.md document    
!237 Add UID/GID translation layer    
!220 Add --readonly flag

v1.12.0

!253 (merged) Fix nlink type    
!250 (merged) Always clear O_NOATIME by default    
!247 (merged) Clear S_ISGID explicitly in setxattr handler    
!246 (merged) Invalidate inode’s paths when necessary, and speed up --migration-mode=find-paths    
!244 (merged) Add file-handles migration mode    
!243 (merged) Add prefix to invalid inode/handle errors    
!242 (merged) Simplify VhostUserFsBackend::do_check_device_state()    
!241 (merged) Fix snapshotting without F_LOG_ALL    
!240 (merged) Make preserialization more resilient    
!239 (merged) Always keep the root node’s migration info set    
!238 (merged) Fix new compiler and clippy warnings    
!235 (merged) Create proper preserialization module

v1.11.1

Changes since 1.11.0:

!232  virtio-fs/virtiofsd!232  Force-call DESTROY on INIT    
!231  virtio-fs/virtiofsd!231  Add "separate-options" capability to mark that new-style options can be used    
!230  virtio-fs/virtiofsd!230  Do not require --shared-dir to print capabilities    
!229  virtio-fs/virtiofsd!229  Enable notification on vring failure

v1.11.0

Changes since 1.10.1:

!225  Add '--shared-dir' as required if '-o' is missing                                    
!224  Close the listener in the parent process                                             
!223  Check if both the socket parent directory and shared directory exist           
!222  deps: Bump syslog version                                                                 
!221  Increase maximum virtqueue size to 32768                                                        
!218  Hide clippy warning in readdir                                                 
!217  Remove redundant Result imports                                                    
!216  deps: Bump vhost and vhost-user-backend versions                                          
!215  Allow the user to specify --uid-map and --gid-map multiple times                     
!214  Fix new compiler and clippy warnings                                                     
!206  Migration                                                                                   
!204  Directly write uid/gidmap where possible                                                         
!199  Introduce allow-mmap flag

v1.10.1

Changes since 1.10.0:
!212 (merged) Fix mandatory user namespaces

v1.10.0

This release includes some bug fixes in our dependencies, and add support for up to 509 mem slots. Specifically, we update the dependencies to:

vhost-user-backend 0.13.1
vhost 0.10.0
vm-memory 0.14.0
virtio-queue 0.11.0
vmm-sys-util 0.12.1

The vmm-sys-utils update fixes an out-of-bounds memory access that could lead to a security vulnerability. And the vhost-user-backend, adds
support for 509 mem slots, and includes few bug fixes, among them, some required for our live migration support.
It also includes:
!207 (merged) Don't drop supplemental groups if /proc/self/setgroups contains "deny"

v1.9.0

Changes since 1.8.0:

!208 Update rust-vmm dependencies
!203 Remove panic if newuidmap/newgidmap are missing
!202 README: Add guidance for adding to qemu cmdlines
!200 seccomp: allow `fstatfs64` syscall on powerpc64
!196 passthrough: Compare lowercase cache policy identifiers
!187 Support for xen vhost frontend
!176 Renaming the interop json file

v1.8.0

Changes since 1.7.2:
!193 (merged) README: Use memfd for qemu by default    
!192 (merged) seccomp: Enable getrandom() syscall    
!173 (merged) Add a new cache policy Metadata

v1.7.2

This is a minor fix for the v1.7.1 release, it just adds the -V/--version options

v1.7.1

Changes since 1.7.0:

!188 Update vhost-user-backend: Fix used idx    
!186 Implement `Copy` in `SandboxMode`    
!185 Use `name_to_handle_at()` to get the mount id    
!184 oslib: Mark `writev_at()` as unsafe    
!180 Fix missing license header    
!178 virtiofsd: migrate from structopt to clap v4

v1.7.0

Changes since 1.6.1:

!177  Downgrade env_log crate to remove binary dependencies    
!175  Upgrade rust-vmm dependencies    
!174  Allow to provide the same argument multiple times    
!172  passthrough: add KEEP_CACHE flag for directory file when cache=always    
!170  seccomp: Allow SYS_sched_yield    
!169  Fix cache timeouts    
!168  Refactor FUSE bitmask constants    
!167  passthrough: open mountinfo proc file in case we readlly need    
!166  add support for loongarch64    
!165  write: track dirty pages on `write()`    
!164  Prevent EPERM failures with O_NOATIME    
!162  Make Reader and Writer generic over bitmap    
!160  Add supplementary group extension support

v1.6.1

Changes since v1.6.0:

!161 server: remove buffer size check for read/write
!159 Don't use unshare(CLONE_FS) when not threaded

v1.6.0

Changes since v1.5.1:

!137 enabling a non-root user to set the UID/GID mappings inside a sandbox
!153 Fix musl SIGSYS due to missing seccomp filter
!155 Fix clippy warnings
!154 Announce submounts by default
!156 Remove unsupport syscall in linux/riscv64
!157 seccomp: fix support for ppc64le

v1.5.1

Changes since v1.5.0:
    
!150  Bump dependencies version                                (main) ← (upd-libc)
!149  Fix clippy warnings                                      (main) ← (fix-clippy-warnings)
!146  Remove `security.capability` even if the file was op...  (main) ← (fix-setattr-xattrmap)

v1.5.0

Changes since v1.4.0:

!144  seccomp: Allow `SYS_sigreturn` for s390x                 (main) ← (fix-s390x-crash)
!143  passthrough: Set `RWF_APPEND` on non-cached writes o...  (main) ← (fix-append-mmap)
!142  keep `DAC_OVERRIDE` after changing the uid/gid           (main) ← (fix-supgroup)
!141  passthrough: Replace `openat(2)` with `openat2(2)`       (main) ← (feat-openat2)
!140  Keep DAC_READ_SEARCH on setxattr with posix acl          (main) ← (fix-setxattr-w-filehandles)
!139  Bump rust-vmm crates dependencies                        (main) ← (update-rust-vmm)
!138  descriptor_utils: Remove unnecessary deref               (main) ← (fix-clippy-warn)
!136  sandbox: Allow non-root users run the daemon without...  (main) ← (sandbox-none-non-root)
!135  Add `umask(2)` safe wrapper                              (main) ← (ref-safe-umask)
!134  Add command line documentation details                   (main) ← (fix-cmdline-doc)
!133  Add missing license file header       ...

v1.4.0

Changes since v1.3.0:

!127  Adds safe versions of `libc::mount()` and `libc::u...  (main) ← (ref-wrap-unsafe-mount)
!118  sandbox: Move parent process code inside sandbox       (main) ← (refactor-parent-sandbox)
!126  Update virtio-queue and vhost-user-backend deps        (main) ← !(update-deps)
!117  sandbox: Fix PR_SET_PDEATHSIG race condition           (main) ← (fix-fork-prctl-rc)
!102  Add capability to create security context (SELinux...  (main) ← (security-label)
!113  Log the errno error description on debug               (main) ← (fix-errmsg)
!125  Fix nightly clippy derive_partial_eq_without_eq wa...  (main) ← (fix-clippy-warn)
!124  Fixes failed open mount point when using file hand...  (main) ← (fix-fh-chroot)
!114  server: Reply FUSE_INIT_EXT on FUSE_INIT               (main) ← (fix-initext)

v1.3.0