Revisions of katacontainers
Fabian Vogt (favogt)
committed
(revision 33)
buildservice-autocommit
accepted
request 861702
from
Richard Brown (RBrownSUSE)
(revision 32)
Richard Brown (RBrownSUSE)
(revision 32)
baserev update by copy to link target
Richard Brown (RBrownSUSE)
accepted
request 861676
from
Richard Brown (RBrownSUSE)
(revision 31)
- Update to 1.11.5:
runtime: Security fixes included:
- Readonly bind-mounts are now mounted read-only on the host.
With this fix, mounts are protected at VM boundary not just
the guest kernel. If a container escape were to occur, one
would be able to write to a directory or file that was
mounted read-only.
- Certain annotations in kata can be used to execute
pre-exiting binaries. This could be used to execute arbitrary
binaries with the onus of validating these paths left to the
stack about Kata. In this release, we added appropriate
validations so that an admin can configure a list of file
system paths that can be used to filter annotations that
represent valid file names.
buildservice-autocommit
accepted
request 816319
from
Richard Brown (RBrownSUSE)
(revision 30)
Richard Brown (RBrownSUSE)
(revision 30)
baserev update by copy to link target
Richard Brown (RBrownSUSE)
accepted
request 816009
from
Ralf Haferkamp (rhafer)
(revision 29)
- Update to 1.11.1:
runtime:
- shm: handle shm mount backed by empty-dir memory volumes
- virtcontainers: Fix structured logging in device/config package
- vc: make host shared path readonly
buildservice-autocommit
accepted
request 810261
from
Sascha Grunert (sgrunert)
(revision 28)
Sascha Grunert (sgrunert)
(revision 28)
baserev update by copy to link target
Sascha Grunert (sgrunert)
accepted
request 810221
from
Ralf Haferkamp (rhafer)
(revision 27)
- Update to 1.11.0 (bsc#1172092, CVE-2020-2024)
runtime:
- qemu: Support PCIe device hotplug for q35
- qemu: Add virtio-mem support (experimental)
- Support pmem/nvdimm hotplug
- ipv6: Add support for ipv6
- persist: move "newstore" out of experimental:The "newstore"
feature has had been a "experimental" feature for long time.
- rootless: Fix rootless for case net=none
- Support device cgroup in the host when sandbox_cgroup_only
is true, the hypervisor has access only to the devices that
the sandbox and its containers need
shim:
- vendor: Update kata agent to 5bf8d4cc461
- vendor: Update logrus to v1.4.2
- make: Add support to strip the binary
- Makefile: overwrite PREFIX from environment
buildservice-autocommit
accepted
request 765983
from
Sascha Grunert (sgrunert)
(revision 26)
Sascha Grunert (sgrunert)
(revision 26)
baserev update by copy to link target
Sascha Grunert (sgrunert)
accepted
request 765892
from
Ralf Haferkamp (rhafer)
(revision 25)
- Update to 1.10.0:
runtime:
- Initial support for Cloud Hypervisor
- HybridVsock support for cloud hypervisor and firecracker
- Updated Firecracker version to v0.19.1
- Better rootless support for firecracker
- This release deprecates bridged networking model
buildservice-autocommit
accepted
request 758536
from
Factory Maintainer (factory-maintainer)
(revision 24)
Factory Maintainer (factory-maintainer)
(revision 24)
baserev update by copy to link target
Ralf Haferkamp (rhafer)
committed
(revision 23)
- Update to 1.9.3:
runtime:
- versions: bump fc version to v0.18.1
- backport 1.9: fix wrong number cpus after killing a container
- virtcontainers/store: make VCStoreUUIDPath rootless
- vc: Don't adjust block index on error
- vc: Persist file handle may leak in FS#ToDisk
buildservice-autocommit
accepted
request 754685
from
Ralf Haferkamp (rhafer)
(revision 22)
Ralf Haferkamp (rhafer)
(revision 22)
baserev update by copy to link target
Ralf Haferkamp (rhafer)
committed
(revision 21)
- Update to 1.9.2:
runtime:
- rootless: Fix rangeUID parsing (Backport to 1.9)
- rootless: Fix cgroup creation logic for rootless(Backport to 1.9)
buildservice-autocommit
accepted
request 748726
from
Ralf Haferkamp (rhafer)
(revision 20)
Ralf Haferkamp (rhafer)
(revision 20)
baserev update by copy to link target
Ralf Haferkamp (rhafer)
committed
(revision 18)
- Update to 1.9.1 tarballs, this is just a version bump without any code changes.
buildservice-autocommit
accepted
request 742637
from
Sascha Grunert (sgrunert)
(revision 17)
Sascha Grunert (sgrunert)
(revision 17)
baserev update by copy to link target
Sascha Grunert (sgrunert)
accepted
request 742633
from
Ralf Haferkamp (rhafer)
(revision 16)
- Update to 1.9.0 tarballs, this is just a version bump without any code changes.
buildservice-autocommit
accepted
request 741703
from
Thorsten Kukuk (kukuk)
(revision 15)
Thorsten Kukuk (kukuk)
(revision 15)
baserev update by copy to link target
Thorsten Kukuk (kukuk)
accepted
request 741699
from
Ralf Haferkamp (rhafer)
(revision 14)
- Update to 1.9.0~rc0:
runtime:
- Fix cache factory UT
- Virtio-fs v0.3 support
- virtcontainers: set agent's logs vsock port
- config: Fix `virtio-fs` typo in Makefile
- Hypervisor: UUID fix for acrn hypevisor
- virtcontainers: change firecracker socket permissions
- Add annotations to provide custom configs
- Fix CRIO + Firecracker
- rootless: add rootless to kata
- QEMU: do not require nvdimm machine option with initrd
- s390x: Fix runtime build for s390x
- versions: Update kernel to 4.19.75
- config: honor DEFSHAREDFS_QEMU_VIRTIOFS and CONFIG_QEMU_VIRTIOFS_IN
- Support Firecracker 0.18
- virtcontainers: fix the issue of missing qemu error logs
- config: Fix the qemu-virtiofs.toml
- s390x: Share image between qemu instances
- The unit of newMemory is MB
- config: use 9p as default shared filesystem for nemu
- Remove annotation config json key
shim:
- shim/firecracker: Read agent's logs
- vendor: update kata agent
- Fix config for set-version source-service to set version based
on the runtime filename. The previously used "katacontainers"
caused the service to fail.
Displaying revisions 1 - 20 of 33
