Skip to content


You can find the source of this version on GitHub at cloudfoundry-incubator/guardian-release. It was created based on the commit d4ab478f.

Release Notes

Much good stuff: - AppArmor! Unprivileged containers are now secured with a default apparmor profile. This is based on the default docker apparmor profile for maximum compatibility - The shared_mounts bosh property is gone, we now do the right thing for anything in /var/vcap/data - We now use the new OCI “create/start” split to run network plugins, allowing much more flexibility in how this works and cleaning up the code a lot - Iodaemon is gone, we now use a binary called ‘dadoo’ to do a roughly similar job - Reattaching after restart should now be more bulletproof, for example getting the exit code should work - Code now imported via domain


You can reference this release in your deployment manifest from the releases section:

- name: "garden-runc"
  version: "0.5.0"
  url: ""
  sha1: "3ec8d982052f09960b1733a98bae98b3ac24aba1"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 3ec8d982052f09960b1733a98bae98b3ac24aba1 \