ChangeLog

# v3.9.4:
  * Skip setgroups() when user is root and cannot parse /etc/group and /etc/passwd.
  * Auto detect device major and minor number when major is set to 0 in `--char-dev` option.
  * Auto add `cap_` prefix for capability name in `--cap-drop` and `--cap-add` option.
  * Use host cgroup path for cgroup setup.
  * Use cgroup for kill/ps unshare container if available.
  * Experimentally support `--systemd` with `--even-unstable` option, but it may not work as expected.
  * Add `--strict-mode` option to make ruri exit immediately when any error.
  * Add `--pid-file` option to write the PID of the container to a file.
  * Experimentally support `--stat` option to read pidfile.
  * Add `--auto-umount` option to automatically umount the container when it exits.
  * Experimentally support `--umount-on-panic` option to automatically umount the container when it exits.
  * Add `--health-check` option for health check process.
  * Add `--timeout` option to automatically kill the process after the specified time.
  * Experimentally support `--fork-as-init` option to make ruri fork() as init process before exec() in container.
  * Rewrite default seccomp profile, make it more useable, and act for recent 0day vulnerabilities.
  * Kang moby's whitelist seccomp profile for `--enable-seccomp-whitelist`.
  * Migrate libk2v to libk2v3.
  * Refactored build system.
  * Ruri now has Super Neko Powers!
# v3.9.3:
  * Add `-g` option: `--skip-setgroups`.
  * Make setgroups() enabled for root user by default.
# v3.9.2:
  * Add `-z` option: `--enable-tty-signals`.
  * Fix devpts mount.
# v3.9.1:
  * Support prefix for errno action in `--deny-syscall` option.
  * Add `-Q` option: `--mask-path`.
  * Load ruri from memfd to avoid leak of ruri binary.
# v3.9.0:
  * Support part of bsd-style command-line usage.
  * Fix built-in seccomp profile.
  * Add `-X` option: `--deny-syscall`.
  * Add `-J` option: `--join-ns`.
  * Add `-O` option: `--oom-score-adj`.
  * Fix binfmt_misc for rootless container.
  * Support mount flags as prefix of source.
  * Support tmpfs and overlayfs as mount source.
  * Unset all environment variables before running container.
  * Fix: drop CAP_SYS_CHROOT to avoid escape.
# v3.8:
  * Support more platforms, currently supports: arm64, armv7, armhf, riscv64, i386, loong64, s390x, ppc64le and x86_64.
  * Improve rootless container support.
  * Add `-W` option: `--work-dir`.
  * Add `-A` option: `--unmask-dirs`.
  * Add `-E` option: `--user`.
  * Add `-t` option: `--hostname`.
  * Add `-F` option: `--ruri-fetch`.
  * Add `-x` option: `--disable-network`.
  * Add `-C` option: `--correct-config`.
  * Add `-K` option: `--use-kvm`.
  * Add `-I` option: `--char-dev`.
  * Add `-i` option: `--hide-pid`.
  * Add `-T` option: `--timens-offset`.
  * Add `-b` option: `--background`.
  * Add `-L` option: `--log-file`.
  * `-c` option can now recognize other args and command to run.
  * `-U` and `-P` option can now use config file.
  * Rewrite cgroup support, add cpupercent limit support.
  * Change MAX_MOUNTPOINTS AND MAX_ENVS from 128*2 to 512*2.
  * Auto kill all processes in container when umounting container.
  * We will always mount / as the first mountpoint.
  * Set the size limit of /dev/shm when memory limit is set.
  * Fix crash on capget().
  * Fix pivot_root does not work.
  * Fix unshare container when pivot_root failed.
  * Enable unshare if detected ns_pid is ruri.
  * Correct ns_pid for unshare container when exec command in container again.
  * Fix qemu path when we pre-mount the rootfs from other source.
  * Add autotest.
  * Fix memory issues.
  * libk2v: Add lenth check for array to avoid overflow.
  * libk2v: rewrite deserialization part.
  * cprintf: Correct the way to get buffer size, avoid overflow.
  * General bug fixes.
# v3.7:
  * Ruri can now recognize [COMMAND [ARGS]...] without absolute path.
  * Add `-f` option: fork() before exec the command in container.
  * Add `-P` option: show process info.
  * Add `-j` option: just chroot, do not create /dev, /proc and /sys.
  * Fix unshare container joining ns.
  * Use pivot_root(2) instead of chroot(2) in unshare and rootless container.
  * Update masked dirs/files.
  * Update easter egg: `ruri AwA`.
  * Add debian packege info.
  * General bug fixes.
# v3.6:
  * Add `uidmap` suid binary support, to fix setgroup() failed in rootless container.
  * ruri can now recognize CONTAINER_DIR path start without `.` or `/`.
  * `-q` option can now use qemu path on host.
  * Support architecture aliases for `-a` option (e.g. arm64=>aarch64).
  * General bug fixes.
# v3.5:
  * Capability can now be controled by value.
  * Support mount files to container.
  * General bug fixes.
# v3.4:
  * Default command wil be /bin/sh if /bin/su does not exist.
  * Fix mount image file.
  * Fix block device as root.
  * Fix configure script.
  * General bug fixes.
# v3.3:
  * Add github action, you can now download static binary.
  * Fix configure script.
  * Fix CAP_LAST_CAP.
  * Update libk2v.
  * Add comments in configs.
  * General bug fixes.
# v3.2:
  * Fix mountpoint in rootless container.
  * General bug fixes.
# v3.1:
  * Make .rurienv immutable.
  * Drop CapAmb && Clear CapInh.
  * Add cgroup support for cpuset and memory.
  * Add `-l` option: `--limit`.
  * Update seccomp profile.
  * Add a configure script.
  * General bug fixes.
# v3.0:
  * Remove daemon support.
  * Use libk2v for config files and .rurienv file.
  * Remove old `-d` `-D` `-K` `-l` `-t` `-T` option.
  * Add long args support.
  * `-d` option now aliases to `--drop`.
  * `-D` option now aliases to `--dump-config`.
  * Add `-o` option: `--output` for `-D`.
  * Add `-N` option: `--no-rurienv`.
  * Add `-R` option: `--read-only`.
  * Add `-M` option: `--ro-mount`.
  * Automatically unset $LD_PRELOAD before running container(Maybe will not work).
  * Fix `-U` option might also umount other mountpoints on host.
  * General bug fixes.
# Do not read the earlier code, I don't dare read them TwT