Home Original page

Releases · Mic92/cntr

Breaking Changes

FUSE Removed - Complete Architecture Overhaul

cntr 2.0.0 represents a major architectural redesign. The FUSE-based filesystem approach has been completely removed in favor of a simpler, more reliable implementation using Linux's new mount API and bind mounts.

What this means for users:

  • No more FUSE dependency - cntr now works in environments where FUSE is unavailable or restricted
  • Simplified codebase with fewer moving parts
  • The exec command has now have to be run from outside of cntr and no longer from cntr attach; the architecture is now much simpler

New Features

Shell Completions

cntr now ships with shell completions for bash, zsh, fish, and nushell. These are automatically installed with the Nix package.

Run Without Root Using File Capabilities

cntr can now run without full root privileges using Linux file capabilities. Set up with:

sudo setcap 'cap_sys_admin,cap_sys_chroot,cap_sys_ptrace+ep' /path/to/cntr

Then set CNTR_ALLOW_SETCAP=1 environment variable when running. The base directory now uses $XDG_RUNTIME_DIR/cntr or ~/.local/share/cntr for non-root users.

Effective User Option Restored

The --effective-user option is back, allowing you to specify which user to run as inside the container.

cgroup v2 Support

Full support for cgroup v2, which is now the default on most modern Linux distributions.

Bug Fixes

  • 64-bit timestamps on Debian: Fixed utime compatibility with 64-bit timestamps, resolving issues on Debian systems (#623)
  • ProtectProc=invisible compatibility: Fixed "No such file or directory" errors when attaching to systemd units with ProtectProc=invisible by reading cap_last_cap before entering the target namespace (#606)
  • PTY handling improvements: Fixed various PTY and namespace handling issues in exec mode
  • AppArmor support improvements: Better handling of AppArmor transitions and LSM contexts

Testing & CI

  • Added comprehensive NixOS VM tests covering:
    • systemd-nspawn containers
    • k3s (Kubernetes)
    • Nix builders
    • AppArmor-confined containers
  • Enabled more build targets in CI (additional architectures)

Documentation

  • Updated README to clarify Linux-only support
  • Documented new file capabilities mode
  • Updated examples after FUSE removal

Contributors

Full Changelog: 1.6.1...2.0.0