v3.9.0 release

Author: Moe-hacker

ChangeLog

@@ -7,6 +7,8 @@
   * Fix binfmt_misc for rootless container.
   * Support mount flags as prefix of source.
   * Support tmpfs and overlayfs as mount source.
+  * Unset all environment variables before running container.
+  * Fix: drop CAP_SYS_CHROOT to avoid escape.
 # v3.8:
   * Support more platforms, currently supports: arm64, armv7, armhf, riscv64, i386, loong64, s390x, ppc64le and x86_64.
   * Improve rootless container support.

README.md

@@ -12,17 +12,6 @@ It's fully recommended to drop CAP_SYS_CHROOT or enable unshare, chroot containe
 *Update: Considering the security issues of chroot, ruri will drop CAP_SYS_CHROOT by default now  
 If you got any issues with this, please report.
 
-# The upcoming v3.9:
-The feature is stable now, but we are still working on the documentation and code stabilization.
-
-This version will be released with a complete behavior specification, all future versions will not introduce any breaking changes, the backward compatibility will be guaranteed.
-
-v3.9 will be the last development version of ruri, we are planning to fully freeze the features in v4.x, so there will not be any new features after v4.x, but only bug fixes and security updates.
-
-Although ruri is not a fully tested and trusted tool, we will try to make it as stable as possible, we will always revamp, until reach ideal.
-
-If you have any feature requests, please open an issue, we will consider adding it after v3.9 is released.
-
 # WARNING
 
 For production, I fully recommand you to use tools like [crun](https://github.com/containers/crun), [youki](https://github.com/youki-dev/youki), [containerd](https://containerd.io/), [docker](https://www.docker.com/), [podman](https://podman.io/), [LXC](https://linuxcontainers.org/), [bubblewrap](https://github.com/containers/bubblewrap), they are more secure and stable. This is a non-OCI tool and, you take your own risk using it when you really need. The whole project is experimental!

doc/init.md

@@ -1,15 +1,45 @@
 # Initialization of container:
+The design of ruri is very simple, just init the environment and then call exec() to run the command in the container. For unshare container, ruri will fork() into namwspace, so there will be a process called `ruri` on host, but chroot container will not have this behavior.  
+
 ## Signal:
 ruri will ignore SIGTTIN and SIGTTOU signals, so that the container can run in the background without being killed by these signals. This behavior cannot be overridden (#TODO: Maybe we can use environment variable to control this behavior in the future).
 
 ## The runtime files:
+### Mounts:
 - /sys will be mounted as sysfs.
 - /proc will be mounted as procfs.
 - /dev will be mounted as tmpfs.
 - /dev/pts will be mounted as devpts.
 - /dev/shm will be mounted as tmpfs.
-
+### Devices:
+ruri will automatically create these devices in the container:
+```console
+/ # tree /dev
+/dev
+├── console
+├── fd -> /proc/self/fd
+├── net
+│   └── tun
+├── null
+├── ptmx
+├── pts
+│   └── ptmx
+├── random
+├── shm
+├── stderr -> /proc/self/fd/2
+├── stdin -> /proc/self/fd/0
+├── stdout -> /proc/self/fd/1
+├── tty
+├── tty0 -> /dev/null
+├── urandom
+└── zero
+```
+### Masked paths:
 And, some path will be masked by ruri, unless `--unmask-dirs` is set, for details, see init_container() in src/chroot.c and init_rootless_container() in src/rootless.c.
+### Customizable behavior:
+You can use `-j` option to disable mounting/creating these files.      
+You can use `-I` option to create a custom character device in /dev.   #Note: rootless container will not support this option.     
+You can use `-m` option to mount custom source from host.    
 ## Noteable file changes:
 - /.rurienv is managed by ruri, you should not try to edit or remove it.
 - /qemu-ruri will be created by ruri if `-q` option is set, and the path of qemu binary is on host but not in container.

src/chroot.c

@@ -641,6 +641,7 @@ void ruri_run_chroot_container(struct RURI_CONTAINER *_Nonnull container)
 	// Ignore SIGTTIN, if we are running in the background, SIGTTIN may kill this process.
 	// This code is wrote when ruri had a daemon process,
 	// now even the daemon mode is removed, I still keep this code here.
+	// TODO: Add a way to disable this behavior.
 	sigset_t sigs;
 	sigemptyset(&sigs);
 	sigaddset(&sigs, SIGTTIN);
@@ -786,6 +787,7 @@ void ruri_run_rootless_chroot_container(struct RURI_CONTAINER *_Nonnull containe
 	 * This function is modified from ruri_run_chroot_container().
 	 */
 	// Ignore SIGTTIN, if we are running in the background, SIGTTIN may kill this process.
+	// TODO: Add a way to disable this behavior.
 	sigset_t sigs;
 	sigemptyset(&sigs);
 	sigaddset(&sigs, SIGTTIN);

src/include/version.h

@@ -29,4 +29,7 @@
  *
  */
 // Version info.
-#define RURI_VERSION "3.9-beta1"
+#define RURI_VERSION "3.9"
+#define RURI_VERSION_MAJOR 3
+#define RURI_VERSION_MINOR 9
+#define RURI_VERSION_PATCH 0

src/info.c

@@ -51,7 +51,7 @@ void ruri_show_version_info(void)
 	cprintf("{base}            Licensed under the MIT License\n");
 	cprintf("{base}              <https://mit-license.org>\n");
 	cprintf("{base}         Copyright (C) 2022-2024 Moe-hacker\n\n");
-	cprintf("{base}%s%s%s", "ruri version .....:  ", RURI_VERSION, "\n");
+	cprintf("{base}%s%d.%d.%d%s", "ruri version .....:  ", RURI_VERSION_MAJOR, RURI_VERSION_MINOR, RURI_VERSION_PATCH, "\n");
 #if defined(RURI_COMMIT_ID)
 	cprintf("{base}%s%s%s", "ruri commit id ...:  ", RURI_COMMIT_ID, "\n");
 #endif
@@ -81,7 +81,7 @@ void ruri_show_version_code(void)
 	 * so in fact it's very useless.
 	 * Maybe it can be useful one day...
 	 */
-	cprintf("%s\n", RURI_VERSION);
+	printf("%d.%d.%d\n", RURI_VERSION_MAJOR, RURI_VERSION_MINOR, RURI_VERSION_PATCH);
 }
 // For `ruri -h`.
 void ruri_show_helps(void)