Lithos Changes By Release


  • Bugfix: only send SIGTERM to the process once when upgrading or stopping it (this prevents certain issues with the applications themselves)
  • Bugfix: use don’t reset kill timeout on SIGQUIT of lithos_tree
  • Bugfix: correctly wait for kill timeout for retired children (not in the config any more)


  • Bugfix: it looks like that reading through /proc/ is inherently racy, i.e. some process may be skipped. This commit fixes walk faster and traverse directory twice. More elaborate fix will be implemented in future.


  • Feature: add secret-environ-file which can be used to offload secrets to a separate (perhaps shared) file


  • Feature: add set-non-block option to tcp-ports



  • Bugfix: fixes issue with bridged networking when host system is alpine (#15)


  • Bugfix: log name of the process when lithos_knot failed
  • Bugfix: more robust parsing of process names by lithos_ps
  • Feature: add @{lithos:pid} magic variable


  • Bugfix: systemd protocol support fixed: LISTEN_FDNAMES and LISTEN_PID


  • Feature: check variable substitution with lithos_check even in --check-container (out of system) mode


  • Feature: Add DottedName variable type
  • Feature: Add activation parameter to TcpPort variable


  • Bugfix: fix EADDRINUSE error when all children requiring file descriptor where queued for restart (throttled), bug was due to duped socket lying in scheduled command (where main socket is closed to notify peers there are no listeners)


  • Bugfix: previously lithos_tree process after fork but before execing lithos_knot could be recognized as undefined child and killed. This race-condition sometimes led to closing sockets prematurely and being unable to listen them again


  • Bugfix: passing sockets as FDs in non-bridged network was broken in v0.17.0


  • Breaking: add external flag to tcp-ports, which by default is false (previous behavior was equal to external: true)
  • Bugfix: lithos_cmd now returns exit code 0 if underlying command is exited successfully (was broken in 0.15.5)


  • Breaking: remove v1 encryption for secrets (it was alive for a week)
  • Feature: add secrets-namespaces and extra-secrets-namespaces option to allow namespacing secrets on top of a single key
  • Feature: add v2 key encryption scheme


  • Feature: add secret-environ and secrets-private-key` settings which allow to pass to the application decrypted environment variables
  • Bugfix: when bridged network is enabled we use arping to update ARP cache


  • Bugfix: add support for bridged-network and ip-addresses for lithos_cmd
  • Bugfix: initialize looppack interface in container when bridged-network is configured
  • Feature: allow lithos_cmd without ip_addresses (only loopback is initialized in this case)
  • Bugfix: return error result from lithos_cmd if inner process failed


  • First release that stops support of ubuntu precise and adds repository for ubuntu bionic
  • Bugfix: passing TCP port as fd < 3 didn’t work before, now we allow fd: 0 and fail gracefully on 1, 2.


  • feature: Add default-user and default-group to simplify container config
  • bugfix: fix containers having symlinks at /etc/{resolv.conf, hosts} (broken in v0.15.0)


  • bugfix: containers without bridged network work again


  • nothing changed, fixed tests only


  • feature: Add normal-exit-codes setting
  • feature: Add resolv-conf and hosts-file to sandbox config
  • feature: Add bridged-network option to sandbox config
  • breaking: By default /etc/hosts and /etc/resolv.conf will be mounted if they are proper mount points (can be opt out in container config)


  • Bugfix: when more than one variable is used lithos were restarting process every time (because of unstable serialization of hashmap)


  • Bugfix: if auto-clean is different in several sandboxes looking at the same image directory we skip cleaning the dir and print a warning
  • Add a timestamp to lithos_clean output (in --delete-unused mode)


  • Bugfix: variable substitution was broken in v0.14.0


  • Sets memory.memsw.limit_in_bytes if that exists (usually requires swapaccount=1 in kernel params).
  • Adds a warning-level message on process startup
  • Duplicates startup and death messages into stderr log, so you can corelate them with application messages


  • Upgrades many dependencies, no significant changes or bugfixes



  • /dev/pts/ptmx is created with ptmxmode=0666, which makes it suitable for creating ptys by unprivileged users. We always used newinstance option, so it should be safe enough. And it also matches how ptmx is configured on most systems by default


  • Added image-dir-levels parameter which allows using images in form of xx/yy/zz (for value of 3) instead of bare name


  • Fixed order of sandbox-name.process-name in metrics
  • Dropped setting cantal-appname (never were useful, because cantal actually uses cgroup name, and lithos master process actually has one)


  • Option cantal-appname added to a config
  • If no CANTAL_PATH present in environment we set it to some default, along with CANTAL_APPNAME=lithos unless cantal-appname is overriden.
  • Added default container environment LITHOS_CONFIG. It may be used to log config name, read metadata and other purposes.