Welcome to the v1.1.4 release of containerd!
This is the fourth patch release for the `containerd` 1.1 release. This
release includes several fixes in both the CRI plugin and containerd
behavior as more real-world testing is occurring on containerd-based
Kubernetes clusters.
Containerd now handles a large number of layers using the overlayfs
snapshotter properly. Also, supplemental GIDs found in `/etc/groups` for
the running user are added to the OCI spec "additionalGids" array.
The additional GIDs change and also setting `HOSTNAME` in the environment
of containers running in a pod are both fixed in this release, matching
expected Docker engine behavior.
## Containerd
Fix a potential content store bug, backported from 1.2
## CRI Plugin
Add `HOSTNAME` to container default environment. Add additional GIDs for
running container user to the OCI spec. Fixed an issue that a directory
mount can override sub-directory mount. Fixed an issue that a container
can't be stopped when container processes are accidentally moved out of
container cgroups. Fix an issue that invalid SELinux format is not
rejected.
## ctr
Add a `--allow-new-privs` flag on `ctr run` to allow testing an OCI spec
that does not set `NoNewPrivileges` on by default.
## Overlayfs Snapshotter
Supports > 128 layers properly.
Please see the changelog for full details.
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Lantao Liu
* Phil Estes
* Kir Kolyshkin
* Derek McGowan
* Michael Crosby
* Akihiro Suda
* Darren Stahl
* Brian Goff
* Stephen J Day
* Yanqiang Miao
* Claudia Beresford
* Michael Wan
* Wei Fu
### Changes
* 9f2e07b1 Merge pull request #2675 from estesp/release-1.1.4-prep
* b9819f4b Merge pull request #2677 from dmcgowan/update-continuity-1.1
* b97db284 Update continuity vendor
* a9c2bd6d Merge pull request #2668 from estesp/cherry-pick-no-new-privs-flag
* 17d70e2c Prepare for v1.1.4 fix release
* 35612694 Add flag to ctr for running with NoNewPrivileges: false
* 013c509a Merge pull request #2654 from estesp/cherrypick-commit-fix
* 6f4c738c Merge pull request #2657 from Random-Liu/update-cri-release-1.1
* 8dcb03e6 [release/1.1] Update cri to f117382467baf182382c44332bfbf488effc34bb.
* 56f9c44d Add testcase for commit already exist
* 00a121f9 Always check exists on commit error
* 57508dcb Merge pull request #2645 from Random-Liu/cherrypick-#2641-release-1.1
* 9823a561 Backport #2641 to release/1.1.
* b28cd80d Merge pull request #2637 from estesp/cherrypick-supplemental-grps
* 19735b55 Add With-helper for supplemental gid support
* db009b3e Merge pull request #2600 from estesp/cherrypick-overlayfs-mounts
* 8a2991ce Support >= 128 layers in overlayfs snapshots
* d725c759 Don't fail on setting -ve oom score when rootless
### Changes from containerd/aufs
* ffa3997 update containerd
### Changes from containerd/continuity
* 7f53d41 Merge pull request #134 from dmcgowan/remove-unnecessary-fs-root-check
* 18a1c09 Remove unreachable block in fs path cleanup
* 508d86a Merge pull request #123 from kolyshkin/path-error
* aae7d98 Merge pull request #127 from AkihiroSuda/sync-testutil
* f04dbc0 Merge pull request #133 from kolyshkin/context
* 508ef95 travis CI: rm go 1.8
* 3448067 Switch from x/net/context to context
* c2ac4ec Merge pull request #129 from estesp/fileheaders
* cc3f87e Merge pull request #131 from estesp/fixup-vendor
* d1610d5 Fixup vendor/ with latest run of vndr
* f9cc5ee Add fileheaders with ltag tool
* f768f56 testutil: sync with containerd
* f44b615 Merge pull request #124 from HusterWan/zr/expose-func
* 4469d34 feature: expose atomicWriterFile function as AtomicWriteFile
* f5b895a driver/{Mknod,Mkfifo,Lchmod}: return PathError
* c7c5070 Merge pull request #121 from kolyshkin/xattr
* a408b7b sysx/xattr: unify implementation
* 363bb7e vendor: bump golang.org/x/sys to 77b0e4315053
* 0e47603 sysx: add README
* 0377f7d Merge pull request #120 from kolyshkin/lchmod-linux-go111
* 6d0b394 context.Apply: no need to skip chmod on symlinks
* 94af800 Lchmod(): fix for Linux/Go 1.11
* 9ab0ec6 Lchmod(): simplify and optimize
* 2b69c16 sysx.Fchmodat(): remove
* d2ce1bc sysx/xattr_darwin.go: rm duplicate Fchmodat def
* 246e490 Merge pull request #111 from cpuguy83/disk_usage_cancellation
* ab18c4f Merge pull request #115 from cpuguy83/update_travis
* d3c2351 Merge pull request #113 from darstahl/ResolveRoot
* 7f1a8b2 Make sure travis tests on latest go version.
* 5633c24 Stop resolving symlink in containWithRoot
* 7a71e24 Fix vet failure
* 8100e75 Resolve context root to follow symlinks as root directories
* 6cde904 Support cancellation via context in DiskUsage.
### Changes from containerd/cri
* f1173824 Merge pull request #917 from Random-Liu/cherrypick-#914-release-1.0
* c6ff3436 Add integration test
* 422d9a50 Fix addition group ids.
* 591302eb Update containerd to 57508dcb0b5776efaacd0828ed42f819fab5ba07.
* a1cd0f7d Merge pull request #905 from Random-Liu/cherrypick-#901
* e26747d2 Revert "Add HOSTNAME to env by default for pod containers"
* 32cc9ad6 Fix hostname env.
* bb98fad0 Merge pull request #902 from Random-Liu/cherrypick-#892-release-1.0
* 7166d5c8 Sort volume mount.
* c65ca355 Merge pull request #896 from estesp/cherrypick-rel1.0-hostname-env
* 546a3153 Add HOSTNAME to env by default for pod containers
* be086e15 Merge pull request #887 from Random-Liu/cherrypick-#885-release-1.0
* 0367114b Fix an issue that container/sandbox can't be stopped.
* 264b6b63 Merge pull request #876 from miaoyq/cherry-pick-#873-to-1.0
* 753c8af5 update selinux to b6fa367
* 6a62ebeb verify selinux level format
### Dependency Changes
Previous release can be found at [v1.1.3](https://github.com/containerd/containerd/releases/tag/v1.1.3)
* **github.com/containerd/aufs** a7fbd554da7a9eafbe5a460a421313a9fd18d988 -> ffa39970e26ad01d81f540b21e65f9c1841a5f92
* **github.com/containerd/continuity** a60600ad77f38aaa70165825f61e2ea72e51c9b1 -> 7f53d412b9eb1cbf744c2063185d703a0ee34700
* **github.com/containerd/cri** v1.0.5 -> f117382467baf182382c44332bfbf488effc34bb
* **github.com/opencontainers/selinux** 4a2974bf1ee960774ffd517717f1f45325af0206 -> b6fa367ed7f534f9ba25391cc2d467085dbb445a
* **golang.org/x/sys** 314a259e304ff91bd6985da2a7149bbf91237993 -> 1b2967e3c290b7c545b3db0deeda16e9be4f98a2