GRR v1.15.1

• Adds additional masked directory paths for defense-in-depth
• Fixes some possible leaks in error cases for processes with a custom image

GRR v1.15.0: Containerd Your Enthusiasm

• Experimental Containerd support!

  • Opt-in using experimental_containerd_mode property
  • Still uses runc directly to run processes in and get status of created containers for now

• The gdn binary now knows how to report its version using the -v flag

• We've created a document tracking the current relative state of security-by-default in various container tools: https://docs.google.com/spreadsheets/d/1MgG8RkCpc_QkoMQ7BFd6RhRKAXszAhTICtf56QG4Sc8/edit#gid=0 (feedback welcome on anything we've gotten wrong!)

GRR v1.14.0: Veni, Vidi, Vendi

Minor updates

• Log warnings from network plugin (cloudfoundry/guardian#116)
• Tested with Xenial stemcells
• We no longer emit the StoreUsage metric from Groot, since this had stopped meaning anything sensible and had broken tests in Xenial (cloudfoundry/grootfs@c015687)
• Under the covers we've taken a large hacksaw to our vending strategy and tidied things up massively

GRR v1.13.3

• Reverts Golang version temporarily to 1.9 (due to a bug in TLS in 1.10)
• Adds experimental logging.format.timestamp property
• Fixes an issue where the xfs store did not have ftype=1 set due to an old version of xfsprogs in the stemcell, causing issues with deleted files in docker images. (#77)
  • Note: this fix will only apply after a recreate/new stemcell is deployed, we recommend users of docker image-based containers perform a bosh recreate or deploy with a new stemcell to get this fix

GRR v1.13.2

• Fixes a bug where the deprecated graph_cleanup_threshold_in_mb property (which should still be respected if set to a value other than -1), was not respected if set to 0
• Adds an option to explicitly disable swap limits (NOTE: please only use this if swap is disabled in the kernel) #73

GRR v1.13.1

• Fixes a regression around bind mounts in v1.13

1.13.0 - Please don't use this release.

Please don't use this release. It introduces a bug in bind mounts that is likely to cause problems for most clients. Expect a patch release very soon. Apologies for the inconvenience!

• Fixes for CVE-2018-1277
• Fixes for Grootfs startup issues in slower environments
• Pids.max and Pids.nr are now reported in Metrics

GRR v1.12.1: Someone needs a timeout

Sets a more generous monit timeout (2 minutes) since the startup script could sometimes fail to complete in the default 30 seconds on slow environments

GRR v1.12.0: Don't Quota Me On This

Lots of good stuff in this release, unless you really love trying to guess the right number to set garbage collection thresholds to:

Better Garbage Collection!

Garbage collection of root filesystem layers:

• Now bases the collection threshold on actual downloaded layer sizes plus reserved disk quotas (i.e. it accounts for the maximum amount of actually-used space in the grootfs store).
• Sensibly defaults to the size of the data disk minus a reserved amount for other jobs in the same cell (15GB, by default). If this is lower than the disk size then we run garbage collection on every create, which is the Right Thing To Do in this case (being over threshold does not cause creates to fail, it just causes GC to run).
• Should not require operator interaction to do the Right Thing
• Has lots more documentation here.

Action Required For Existing Consumers: If you are manually setting graph_cleanup_threshold_in_mb you should remove this property to allow garden to calculate the threshold for you. If you would like to specify a different amount of reserved space for other jobs, you can set grootfs.reserved_space_for_other_jobs_in_mb.

Image Management Improvements

• Layers with Opaque Whiteouts are now properly supported. This previously caused a small number of docker images to have empty directories which should not have been empty.
• Grootfs is now used by default in the standalone gdn binary
• Layer sizes are now properly validated in all places
• Fixed support for Azure docker image repositories

Miscellaneous Good Things

• Processes with their own Image and the OverrideContainerLimits field specified can now override cpu and memory limits
• Removed the AllowNetworks property since it never worked (setting it will continue to do nothing, as before- but at least we no longer advertise a property that doesn't do anything)
• Ensured GraceTime works for existing connections (#58)
• Richer errors when a process fails to launch due to the requested binary not being present in the container (useful for e.g. falling back from bash to sh)

GRR v1.11.1: This One Goes To 11.1

This one..

• Bumps runC to fix issue with concurrent creation/deletion of containers (opencontainers/runc#1698)
• Fixes regression on raw:/// rootfs paths support (cloudfoundry/guardian#108)
• Fixes behaviour of SetGraceTime on existing connections (cloudfoundry/garden#58)
• Removes some over-enthusiastic logging of benign errors in groot