[1.1.0] - 2020-02-03

Added

• Added the --workdir option to sarus run for setting the initial working directory inside the container.
• Added "Communications" and "Publications" sections to project README.
• Added documentation about complementing Sarus with Skopeo for interacting with 3rd party registries.
• Added integration tests for security checks.

Changed

• Updated libarchive dependency to version 3.4.1.
• Updated recommended runc version to 1.0.0-rc10.
• Improved string parsing by using Boost functions.
• Site/user bind mounts have "recursive private" propagation by default. More details here.
• Extensive code refactoring on the Native MPI hook:
  • Easier to extend and better control of performed actions.
  • More robust symlink generation.
  • Enhanced ABI version resolution.
  • Improved unit tests.
  • Factored out non-specific code to common utility functions.
• The Slurm global sync hook is activated only when the user requests activation of the SSH hook.
• Transitioned integration tests to Python 3 and pytest.
• Integration tests for the virtual cluster reuse the same Docker image of unit and integration tests.
• Updated cookbook page about the Intel Cluster Edition software.

Deprecated

• Deprecated the use of the bind-propagation property for site/user bind mounts. It will be removed in a future release.

Fixed

• Fixed propagation of CPU affinity from the host to the container process.
• Fixed some hyperlinks in the documentation

Security

• Changes to security checks:
  • Reorganized and unified code for the checks.
  • Root ownership is checked based on uid, regardless of gid.
  • Root ownership for directories is checked recursively all the way up to the / directory.
  • Always check that sarus.json is untamperable regardless of the value of the configuration parameter.
• Improved usage of libarchive to prevent image contents from spilling outside of the expansion directory when extracting layers.