2.0.0

Breaking Changes

FUSE Removed - Complete Architecture Overhaul

cntr 2.0.0 represents a major architectural redesign. The FUSE-based filesystem approach has been completely removed in favor of a simpler, more reliable implementation using Linux's new mount API and bind mounts.

What this means for users:

• No more FUSE dependency - cntr now works in environments where FUSE is unavailable or restricted
• Simplified codebase with fewer moving parts
• The exec command has now have to be run from outside of cntr and no longer from cntr attach; the architecture is now much simpler

New Features

Shell Completions

cntr now ships with shell completions for bash, zsh, fish, and nushell. These are automatically installed with the Nix package.

Run Without Root Using File Capabilities

cntr can now run without full root privileges using Linux file capabilities. Set up with:

sudo setcap 'cap_sys_admin,cap_sys_chroot,cap_sys_ptrace+ep' /path/to/cntr

Then set CNTR_ALLOW_SETCAP=1 environment variable when running. The base directory now uses $XDG_RUNTIME_DIR/cntr or ~/.local/share/cntr for non-root users.

Effective User Option Restored

The --effective-user option is back, allowing you to specify which user to run as inside the container.

cgroup v2 Support

Full support for cgroup v2, which is now the default on most modern Linux distributions.

Bug Fixes

• 64-bit timestamps on Debian: Fixed utime compatibility with 64-bit timestamps, resolving issues on Debian systems (#623)
• ProtectProc=invisible compatibility: Fixed "No such file or directory" errors when attaching to systemd units with ProtectProc=invisible by reading cap_last_cap before entering the target namespace (#606)
• PTY handling improvements: Fixed various PTY and namespace handling issues in exec mode
• AppArmor support improvements: Better handling of AppArmor transitions and LSM contexts

Testing & CI

• Added comprehensive NixOS VM tests covering:
  • systemd-nspawn containers
  • k3s (Kubernetes)
  • Nix builders
  • AppArmor-confined containers
• Enabled more build targets in CI (additional architectures)

Documentation

• Updated README to clarify Linux-only support
• Documented new file capabilities mode
• Updated examples after FUSE removal

Contributors

• @ranomier - README clarification

Full Changelog: 1.6.1...2.0.0

1.6.1

What's Changed

• fix 32-bit compilation by @Mic92 in #433
• build(deps): bump log from 0.4.22 to 0.4.25 by @dependabot in #429
• chore(deps): update rust crate clap to v4.5.27 by @mic92-renovate in #431

Full Changelog: 1.6.0...1.6.1

1.6.0

What's Changed

• Create /.cntr/pid file with 0644 permissions by @pranaysashank in #422
• many crate updates: #414 #413 #408 #420 #415 #423 #424 #425 #426 #427

New Contributors

• @pranaysashank made their first contribution in #422

Full Changelog: 1.5.4...1.6.0

1.5.4

What's Changed

No real change but just countless of rust crate updates... Just business as usual for rust projects I guess.

Full Changelog: 1.5.3...1.5.4

1.5.3

bump version to 1.5.3

1.5.2

What's Changed

• add clap dependency by @Mic92 in #44
• update doc with clap argparsing by @pogobanane in #45
• Move to simple error by @Mic92 in #53
• remove refactored file by @Mic92 in #54
• remove empty try_with messages by @Mic92 in #55
• cntrfs: fix waiting for events by @Mic92 in #69
• Inital kubernetes support by @Mic92 in #57
• Fix build on 32-bit platforms by @lopsided98 in #124

New Contributors

• @pogobanane made their first contribution in #45
• @lopsided98 made their first contribution in #124
• @sarcasticadmin made their first contribution in #193
• @a-kenji made their first contribution in #253

Full Changelog: 1.5.1...1.5.2

1.5.1: Fix entering nix sandboxes

Executing setcap wrapper was broken.

1.5.0: podman support

also upgrade some dependencies

Fix aarch64 build

1.4.1

bump version in cargo.lock

Containerd support

We now support resolving containerd names using the ctr binary.