备注

AI Translation Notice

This document was automatically translated by hunyuan-turbos-latest model, for reference only.

  • Source document: community/ChangeLog/V0.3.x/V0.3.0.md

  • Translation time: 2025-11-19 17:00:11

  • Translation model: hunyuan-turbos-latest

Please report issues via Community Channel

V.3.0

Release Date: 2025-11-20

Key Highlights

Breakthrough in Linux Compatibility

  • Passed 275 Linux compatibility test cases, with continuous tracking of test results available at ci-dashboard.dragonos.org

  • Introduced automated testing suite for gVisor Linux system calls, enabling real-time tracking of kernel behavior and Linux compatibility with every commit/merge

  • Achieved compatibility with multiple gVisor system call tests, bringing kernel behavior closer to Linux

Significant Enhancement in Container-Native Capabilities

  • Namespace Support: Improved UTS, IPC, and mnt namespaces, supporting unshare operations, aligning container isolation boundaries and permission models with the Linux mainline

  • Permissions and Capabilities: Fixed capset/capget system calls and sethostname/domainname, enhancing container identity management

  • Filesystem Enhancements: Added six xattr system calls, SYS_PWRITEV, truncate, and path traversal/directory switching permission checks, ensuring controllable container image builds and file mounts

  • Network Subsystem Restructuring: Completely new network subsystem implementation offering better Linux compatibility and extensibility; bridge network support for multi-tenant and edge node scenarios

  • Operations Tools: Dropbear SSH server support for out-of-the-box usability in lightweight cloud-native scenarios

Improved Multi-threading Stability

  • A series of changes including thread group exit mechanisms, PI futex, and prctl(PR_SET_PDEATHSIG/PR_SET_NAME), bringing lifecycle control of complex processes closer to the Linux mainline

  • Go language example programs demonstrating DragonOS best practices in multi-threaded scenarios

  • Thorough fixes for historical issues such as vfork, CLONE_PARENT_SETTID, signal frames, FP states, etc.

Comprehensive Expansion of System Calls

Added support for 10+ new system call interfaces, including:

  • waitid, rt_sigtimedwait, setitimer/getitimer, clock_nanosleep, tgkill/tkill

  • SYS_GETCPU, SYS_PWRITEV, truncate

  • Six xattr-related system calls, capset/capget

  • clone3, get_mempolicy, mincore

Version Overview

  • Kernel Features: Enhanced scheduling/signal chains including thread group exit, PI futex, PR_SET_PDEATHSIG/PR_SET_NAME, SYS_GETCPU, waitid, rt_sigtimedwait, setitimer/getitimer, clock_nanosleep

  • Memory and Synchronization: VM_DONTCOPY flag, mincore, RLIMIT_FSIZE, resource limit framework, user-space access protection for exception tables, 10+ futex subsystem fixes/restructurings

  • Filesystem and Namespaces: Introduced pwritev, truncate, six xattr system calls, path permission checks, UTS/mnt/IPC namespaces, capset/capget, /proc improvements

  • Platform and Network: x86 kexec+initram, VF2 RISC-V adaptation, bridge networking, large-scale network stack restructuring, Dropbear SSH server, Go user-space demonstrations and toolchain improvements

  • Engineering Efficiency: CI container upgrades, test upload and monitoring, gVisor/FreeBSD bootstrap support, Nix-shell toolchain version locking

Detailed Changes

1. Threads and Signals: Aligning with Linux Behavior

  • New PRCTL options, alternate signal stack copying, cloning/waiting semantics completion, waitid/job control, resource limit (rlimit) framework and RLIMIT_FSIZE checks (#_translated_label__1386_en, #_translated_label__1363_en, #_translated_label__1362_en, #_translated_label__1333_en, #_translated_label__1300_en, #_translated_label__1312_en)

  • setitimer/getitimer, clock_nanosleep, tgkill/tkill and other timer/signal routing completions; fs/gs user-space validation, clone3 + /proc/cpuinfo, PR_SET_PDEATHSIG support, improving ABI compatibility (#_translated_label__1377_en, #_translated_label__1307_en, #_translated_label__1336_en, #_translated_label__1299_en)

  • Numerous signal/thread-related fixes: vfork, CLONE_PARENT_SETTID, signal frames, FP states, sys_sigaction/sigprocmask, /proc/self/exe links, addressing compatibility and stability issues (#_translated_label__1358_en, #_translated_label__1342_en, #_translated_label__1357_en, #_translated_label__1356_en, #_translated_label__1347_en, #_translated_label__1359_en)

2. Futex & Memory: Revamped Synchronization Stack

  • PI futex, shared key generation restructuring, robust futex race fixes, wake op compatibility, parameter validation, futex test enablement, forming a more complete futex behavior matrix (#_translated_label__1373_en, #_translated_label__1376_en, #_translated_label__1374_en, #_translated_label__1372_en, #_translated_label__1371_en, #_translated_label__1326_en, #_translated_label__1321_en, #_translated_label__1320_en, #_translated_label__1311_en, #_translated_label__1276_en, #_translated_label__d5158a0_en, #_translated_label__e85d1cd_en)

  • Memory Management Improvements: VM_DONTCOPY flag, exception table-driven secure user-space access, mincore, madvise/msync boundary fixes, anonymous shared page synchronization, buddy allocator deadlock & boundary checks, etc. (#_translated_label__1383_en, #_translated_label__1349_en, #_translated_label__1334_en, #_translated_label__1301_en, #_translated_label__1258_en, #_translated_label__1345_en, #_translated_label__1334_en, #_translated_label__1361_en, #_translated_label__1280_en)

  • Resource Limits: Rlimit framework integration with RLIMIT_FSIZE, get_mempolicy, clone3, and /proc/cpuinfo, enhancing resource observation and limitation capabilities (#_translated_label__1300_en, #_translated_label__1312_en, #_translated_label__1299_en)

3. Containers and Namespaces: Built for Cloud-Native

  • Network Subsystem Restructuring: Implemented a completely new network subsystem offering better Linux compatibility and extensibility (#_translated_label__977_en)

  • Filesystem Enhancements: SYS_PWRITEV, truncate, path traversal/directory switching permission checks, mknodat/fatfs deadlock fixes, syncfs/openat/unlinkat/lseek behavior corrections, ensuring filesystem semantic consistency (#_translated_label__1322_en, #_translated_label__1308_en, #_translated_label__1348_en, #_translated_label__1346_en, #_translated_label__1369_en, #_translated_label__1355_en, #_translated_label__1344_en)

  • Namespace Support: Extended attributes with six xattr system calls, capset/capget, UTS namespace, setdomainname/sethostname fixes, first version of IPC namespace, mntns unshare, improving namespaces and security isolation (#_translated_label__1248_en, #_translated_label__1293_en, #_translated_label__1268_en, #_translated_label__1298_en, #_translated_label__1288_en, #_translated_label__1262_en)

  • Container Networking and Operations: Bridge networking, network stack restructuring, Dropbear SSH server support, bringing DragonOS closer to truly running containers (#_translated_label__1287_en, #_translated_label__1295_en, #_translated_label__1304_en)

4. Platforms and Devices: Leap in Deployability

  • x86 kexec + initram completed the loop, complemented by reboot syscall improvements, paving the way for fast switching and bootstrapping (#_translated_label__1303_en, #_translated_label__1157_en)

  • VF2 RISC-V platform adaptation, making DragonOS a viable option for domestic RISC-V scenarios (#_translated_label__1285_en)

  • SYS_GETCPU aligned with SMP syscall table, enabling more accurate multi-core scheduling and performance analysis (#_translated_label__1368_en, #_translated_label__1367_en)

  • Go language example programs demonstrating best practices in multi-threaded scenarios (#_translated_label__1387_en)

5. Engineering Efficiency and Community: Time-Saving, Hassle-Free, Reusable

  • CI and Testing: Upgraded CI containers to v1.16, added test result uploads, syscall test monitoring, real-time stdout output, significantly accelerating issue localization (#_translated_label__1380_en, #_translated_label__1364_en, #_translated_label__1341_en, #_translated_label__15964250_en)

  • Automated Testing: Introduced automated testing suite for gVisor Linux system calls, enabling real-time tracking of kernel behavior and Linux compatibility with every commit/merge (#_translated_label__1306_en, #_translated_label__1271_en, #_translated_label__1371_en, #_translated_label__1296_en)

  • Development Toolchain: Nix-shell fixed Rust versions, FreeBSD bootstrap support, enabling external contributors to quickly reproduce the same environment (#_translated_label__40603716_en, #_translated_label__093388bd_en)

  • Community and Documentation: Multiple rounds of documentation translation updates, EdgeOne CDN sponsor information, README/supporter list refreshes (#_translated_label__1385_en, #_translated_label__1317_en, #_translated_label__1315_en, #_translated_label__1294_en, #_translated_label__1292_en, #_translated_label__1290_en, #_translated_label__1289_en, #_translated_label__1281_en)

Known Considerations

  • Recent extensive changes to the futex subsystem; it is recommended to focus on multi-threaded stress and robust list regression testing.

  • New kexec/initram and network restructuring involve the boot chain; custom hardware may require revalidation of boot scripts.

  • Namespace/rlimit-related syscalls require updates to user-space toolchains and tests to cover more boundaries.

Contributor Acknowledgments

LoGin, kaleidoscope416, linfeng, Shenjie Yang, JingXuan_Wei, aLinChe, Huang Mingtao, Bruce.carrot93, Samuel Dai, Vitus, Yuming Jiang, Huo Hua, and 15 other partners jointly completed version 0.3.0.

References