forked from NERSC/shifter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
123 lines (114 loc) · 5.53 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
18.03.1
========
* Add support for clearing the external environment
* Add support for user specifying environment variables on command line
* Add support for user specifying environment variables via a file
* Fix entrypoint bug to not require an argument if the image specifies an entrypoint
* Fix workdir bug to only use the image workdir when the --workdir option is specified
* Fix user/group acl parsing bug and improve error handling
* Fix bug in environment variable matching
* Add SHIFTER_IMAGEREQUEST and SHIFTER_IMAGE environment variables in the shifter environment to show the requested image tag and resolved id
18.03.0
=========
* Support for Private Repos and user supplied ACLs on private images
* Improved handling of entrypoint, command, and working directory to be more
compliant with docker.
* Shifter module support to allow user-selectable, site-definable content to
modify container setup.
* Basic metrics on image usage (number of lookups)
* Add direct image import capability for privileged users
* API to view the current work queue and status
* Minor fixes for RPM builds
* Improved image unpacking for some edge cases
* Dropped celery dependency to simplify installation
* Updated support for Slurm 17.11
* Reduced help output in most error conditions (it was rather verbose)
* Memory management improvements
* Remove kernel module loading support
* Remove support for all base filesystems except squashfs
* Dropped support for systems with legacy pt_chown pty allocation (i.e., sshd can only run as user now)
* Other bug fixes
16.08.5
==========
* Update slurm integration for slurm 17.11 spank modifications
* Update slurm integration to update for Slurm CVE-2017-15566
* Properly exit in slurm integration when dlopen() for libslurm.so fails
16.08.3
==========
* Perform volume mount realpath() and lstat() verification with user privileges,
to ensure user has access to content at container construction time
* Add shifter_realpath() to calculate user volume mount paths relative to
alternate root (accounts for symlinks that might inadvertently (or
intentionally) try to pull user volume mounts out of the container.
* Fix buffer overrun in volume map flag parsing code
* Clean up clang & coverity-found issues
* Improve error handling in shifter core logic
* Improve shifter imagegw logging
* Address pylint-found errors (a few minor bugs)
16.08.2
===========
* Fix slurm tests (was missing some build options) and clear up some warnings
* Fix errant xfs dependency in tests
* Force user-level sshd to get group identities from external environment
* Add additional checks to ensure bind mounts stay within approved paths and
validate that mount points are directories better
16.08.1
===========
* Fixed bug in user volume mount flag parsing that could segfault
* Fixed bug that could cause group file filtration to assign incorrect gid,
potentially security issue if sshd_config was modified away from shifter
defaults
* Fixed bug that caused PATH to be searched incorrectly
* Fixed issue with user volume mounts able to traverse relative paths
inappropriately
* Fixed bug that confused SHIFTER_VOLUME environment variable with shifter
command line arguments
* Performance and functionality improvements in docker image conversion
* Add support for unicode filenames in images
* Support for Docker and/or unionfs whiteouts to allows files to be deleted
in ancestral layers
* Erase possibility of download collisions in image worker
* Refactored SLURM plugin to better organize and abstract SLURM api
* Fully support SLURM extern step for shifter sshd
* Add imagegw heartbeating capability to increase robustness of image pulls
* Add image expiration capability to allow images age out or be
administratively removed
* Allow sshd to be explicitly enabled in SLURM integration
* Allow ccm-emulation-mode to be explicity enabled in SLURM integration
* Make perNodeCache pre-unlink cache files to create no mess for administrator
to clean up
* Only allow shifter to automatically create mount points on its tmpfs/ramfs
* Enable docker-type images to implicitly assume "latest" if no tag is
specified by user
* Ensure failed image pulls are fully cleaned up
* Check if the current image version is installed on the platform before pulling
* Remove old debugging functionality
* Allow /etc required files to re-try copy (fixes dvs copy issue)
* Require admin capability to autoexpire
* By default run sshd as user, add udiRoot.conf option to run with privilege
* Restrict capabilities that processes run within shifter can obtain (including
via non-root sshd)
* Fix bug in VolumeMap flag parsing
16.04.0
===========
+ Modified repo layout to push udiRoot to top-level
+ Added RPM spec file for RHEL- and SLES-based systems
+ Added writable perNodeCache capability
+ Enabled BB support
15.12.1
===========
+ Fixed bug preventing autoshift/ccm in slurm/udiRoot integration from
chdir'ing to permission restricted paths on root-squashed filesystems
+ Fixed bug on some systems where the udiRoot would get recursively mounted in
the odd situation that the udiMount point overlapped the VFS being mounted
+ Corrected udiRoot testsuite to run in automated test framework
15.12.0
===========
+ Integrate external deps (util-linux/mount, openssh, libressl) into automake
build
+ Create /var/empty earlier in case an image already provides it (need it no
matter what)
+ Renamed ImageGwConnect to shifterimg
+ Updated ImageGwConnect helper application to work with changes to imagegw
output and allow user to specify image type. Add image listing support.
+ Created iniital README