You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added the ability to pull from insecure registries via insecureRegistries parameter in sarus.json
Added the -e/--env option to sarus run for setting environment variables inside the container. More details here
Added the --device option to sarus run for mounting and whitelisting devices inside containers. More details here
Added support for the optional siteDevices parameter in the sarus.json configuration file.
This parameter can be used by administrators for defining devices to be automatically mounted and whitelisted inside containers.
Added the --pid option to sarus run for setting the container PID namespace. More details here
Added support for applying seccomp profiles to containers
Added support for applying AppArmor profiles to containers
Added support for applying SELinux labels to container processes and to mounts performed by the OCI runtime
The MPI hook whitelists access to devices bind mounted inside containers
cgroup filesystems are mounted inside containers
Added script to check for host requirements in CI, linked in documentation.
Added CI unit and integration tests from source on Fedora 34 and OpenSUSE Leap 15.3
Changed
Containers now use the host's PID namespace by default. A private PID namespace can be requested through the CLI
The --ssh option of sarus run now implies --pid=private
Changed format of the environment parameter in the sarus.json configuration file
Updated documentation about how the initial environment variables are set in containers
Updated recommended Boost version to 1.77.0
Updated recommended Cpprestsdk version to 2.10.18
Updated recommended libarchive version to 3.5.2
Updated recommended RapidJSON version to commit 00dbcf2
Updated recommended runc version to 1.0.2
Updated recommended libnvidia-container version to 1.5.1
Updated recommended NVIDIA Container Toolkit version to 1.5.1
Updated Dropbear software used by the SSH hook to version 2020.81
Miscellaneous updates to Dockerfiles used for CI stages; in particular, the Sarus static standalone package is now built on Alpine Linux 3.14 with a GCC 10.3.1 toolchain
Fixed
Corrected the error message when attempting to pull an image by digest
Removed
The use of the bind-propagation property for bind mounts (deprecated in Sarus 1.1.0) has now been removed. All bind mounts are done with recursive private (rprivate) propagation.
Security
Access to custom devices within containers is not allowed by default
