Rocket v1.12.0 发布了，Rocket （也叫 rkt）是 CoreOS 推出的一款容器引擎，和 Docker 类似，帮助开发者打包应用和依赖包到可移植容器中，简化搭环境等部署工作。

该版本主要新增seccomp隔离器，支持seccomp过滤。同时，对API服务做了一些提升，修复一些已知问题。

改进记录如下：

新特性 & UX 改进

• cli: rename --cap-retain and --cap-remove to --caps-* (#2994).

• stage1: apply seccomp isolators (#2753). This introduces support for appc seccomp isolators.

• scripts: add /etc/rkt owned by group rkt-admin in setup-data-dir.sh (#2944).

• rkt: add --caps-retain and --caps-remove to prepare (#3007).

• store: allow users in the rkt group to delete images (#2961).

• api_service: cache pod manifest (#2891). Manifest caching considerably improves api-service performances.

• store: tell the user to run as root on db update (#2966).

• stage1: disabling cgroup namespace in systemd-nspawn (#2989). For more information see systemd#3589.

• fly: copy rkt-resolv.conf in the app (#2982).

• store: decouple aci store and treestore implementations (#2919).

• store: record ACI fetching information (#2960).

Bug 修复

• stage1/init: fix writing of /etc/machine-id (#2977).

• rkt-monitor: multiple fixes (#2927, #2988).

• rkt: don't errwrap cli_apps errors (#2958).

• pkg/tar/chroot: avoid errwrap in function called by multicall (#2997).

• networking: apply CNI args to the default networks as well (#2985).

• trust: provide InsecureSkipTLSCheck to pubkey manager (#3016).

• api_service: update grpc version (#3015).

• fetcher: httpcaching fixes (#2965).

其他改进

• build,stage1/init: set interpBin at build time for src flavor (#2978).

• common: introduce RemoveEmptyLines() (#3004).

• glide: update docker2aci to v0.12.3 (#3026). This fixes multiple bugs in layers ordering for Docker images.

• glide: update go-systemd to v11 (#2970). This fixes a buggy corner-case in journal seeking (implicit seek to head).

• docs: document capabilities overriding (#2917, #2991).

• issue template: add '\n' to the end of environment output (#3008).

• functional tests: multiple fixes (#2999, #2979, #3014).