Releases: youki-dev/youki
Releases · youki-dev/youki
v0.5.5
What's Changed
💀 Security Announce
If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
GHSA-j26p-6wx7-f3pw
💪 Improvements
📖 Documentation improvements
🧪 Test improvements and Misc Fixes
- Revert "[DNM] ci: temp disable workflows" by @YJDoc2 in #3194
- Fixed Minor Spelling Errors by @CheatCodeSam in #3205
- chore(justfile):add install recipe by @saku3 in #3213
Other Changes
- (auto merged) chore(deps): bump the patch group with 2 updates by @dependabot[bot] in #3203
- (auto merged) chore(deps): bump serde_json from 1.0.141 to 1.0.142 in the patch group by @dependabot[bot] in #3212
- (auto merged) chore(deps): bump the patch group with 3 updates by @dependabot[bot] in #3217
- (auto merged) chore(deps): bump oci-spec from 0.8.1 to 0.8.2 in the patch group by @dependabot[bot] in #3219
- chore(deps): bump libbpf-sys from 1.5.2+v1.5.1 to 1.6.1+v1.6.1 by @dependabot[bot] in #3218
- Release for v0.5.5 by @github-actions[bot] in #3195
New Contributors
Full Changelog: v0.5.4...v0.5.5
Contributors
tommady, dependabot, and 4 other contributors
Assets 6
v0.5.4
What's Changed
💪 Improvements
- add support exec-cpu-affinity by @saku3 in #3164
- fix: allow duplicate additionalGids by @saku3 in #3189
🐛 Bug Fixes
- use additional gids,user,group in exec, inject path iif not given by @YJDoc2 in #3131
- fix: mount retry and logging by @z63d in #3157
- fix: Gracefully terminate processes after successful execution of Wasm executors by @z63d in #3099
- fix: Running create_runtime hook after container is set to created. by @CheatCodeSam in #3181
- fix: Ignoring CPU realtime on cgroupsv2 if set to zero by @CheatCodeSam in #3180
📖 Documentation improvements
- Add the CNCF footer in README.md by @utam0k in #3140
- chore(docs): Fix codecov link in README by @khanhtc1202 in #3129
- Fixed grammatical error in README by @CheatCodeSam in #3160
- fix: protobuf bug on docs rs by @mdaffad in #3159
- docs: clarify reviewer qualification and self-nomination process by @utam0k in #3175
🧪 Test improvements and Misc Fixes
- bump nix to 0.29.0 by @kemingy in #3123
- update rust version to 1.85.0 by @YJDoc2 in #3085
- add-test-linux_rootfs_propagation by @saku3 in #3024
- Add a relative_network_cgroups test as one of the integration tests by @moz-sec in #2986
- Refactor init process by @utam0k in #3158
- add kill test by @YamasouA in #2996
- allow running selected tests in contest.sh and justfile by @saku3 in #3165
- fix: capet Ambient log level by @z63d in #3150
- add test process_capabilities_fail by @kazmsk in #3010
- fix typos and outdated typos ci action by @howjmay in #3168
- add a system call mock for uid/gid. by @nayuta-ai in #3173
- fix: remove println statements from contest tests by @YJDoc2 in #3167
- Installing kubectl in dev container. by @CheatCodeSam in #3177
- Add uid_mappings test by @moz-sec in #3161
- fix: update devcontainer.json by @AobaIwaki123 in #3172
- Remove oci tests that are duplicates of contest by @utam0k in #3042
- Remove oci tests that are duplicates of contest by @saku3 in #3184
- Fix debug logging for CPU affinity bitmask by @saku3 in #3191
- [DNM] ci: temp disable workflows by @YJDoc2 in #3192
Other Changes
- chore(deps): bump uuid from 1.15.1 to 1.16.0 by @dependabot[bot] in #3113
- (auto merged) chore(deps): bump once_cell from 1.21.1 to 1.21.2 in the patch group by @dependabot[bot] in #3126
- (auto merged) chore(deps): bump once_cell from 1.21.2 to 1.21.3 in the patch group by @dependabot[bot] in #3128
- (auto merged) chore(deps): bump the patch group with 2 updates by @dependabot[bot] in #3133
- (auto merged) chore(deps): bump errno from 0.3.10 to 0.3.11 in the patch group by @dependabot[bot] in #3135
- (auto merged) chore(deps): bump openssl from 0.10.70 to 0.10.72 by @dependabot[bot] in #3134
- chore(deps): bump wasmtime from 29.0.1 to 31.0.0 by @dependabot[bot] in #3121
- (auto merged) chore(deps): bump vergen-gitcl from 1.0.5 to 1.0.7 in the patch group by @dependabot[bot] in #3142
- (auto merged) chore(deps): bump crossbeam-channel from 0.5.12 to 0.5.15 by @dependabot[bot] in #3143
- (auto merged) chore(deps): bump vergen-gitcl from 1.0.7 to 1.0.8 in the patch group by @dependabot[bot] in #3145
- (auto merged) chore(deps): bump anyhow from 1.0.97 to 1.0.98 in the patch group by @dependabot[bot] in #3147
- (auto merged) chore(deps): bump libc from 0.2.171 to 0.2.172 in the patch group by @dependabot[bot] in #3148
- (auto merged) chore(deps): bump rand from 0.9.0 to 0.9.1 in the patch group by @dependabot[bot] in #3149
- chore(deps): bump tokio from 1.37.0 to 1.44.2 by @dependabot[bot] in #3137
- Bump oci-spec.rs to v0.8.1 by @saku3 in #3154
- (auto merged) chore(deps): bump chrono from 0.4.40 to 0.4.41 in the patch group by @dependabot[bot] in #3156
- (auto merged) chore(deps): bump errno from 0.3.11 to 0.3.12 in the patch group by @dependabot[bot] in #3169
- selinux: lima vm by @utam0k in #3162
- chore(deps): bump tokio from 1.37.0 to 1.38.2 in /experiment/seccomp by @dependabot[bot] in #3138
- (auto merged) chore(deps): bump libbpf-sys from 1.5.0+v1.5.0 to 1.5.1+v1.5.1 in the patch group by @dependabot[bot] in #3171
- chore(deps): bump num_cpus from 1.16.0 to 1.17.0 by @dependabot[bot] in #3176
- chore(deps): bump tempfile from 3.19.1 to 3.20.0 by @dependabot[bot] in #3166
- (auto merged) chore(deps): bump flate2 from 1.1.1 to 1.1.2 in the patch group by @dependabot[bot] in #3183
- chore(deps): bump libc from 0.2.172 to 0.2.173 in the patch group by @dependabot[bot] in #3185
- (auto merged) chore(deps): bump libc from 0.2.173 to 0.2.174 in the patch group by @dependabot[bot] in #3187
- (auto merged) chore(deps): bump errno from 0.3.12 to 0.3.13 in the patch group by @dependabot[bot] in #3188
- (auto merged) chore(deps): bump libbpf-sys from 1.5.1+v1.5.1 to 1.5.2+v1.5.1 in the patch group by @dependabot[bot] in #3190
- Release for v0.5.4 by @github-actions[bot] in #3124
New Contributors
- @kemingy made their first contribution in #3123
- @khanhtc1202 made their first contribution in #3129
- @moz-sec made their first contribution in #2986
- @CheatCodeSam made their first contribution in #3160
- @YamasouA made their first contribution in #2996
- @z63d made their first contribution in #3150
- @kazmsk made their first contribution in #3010
- @howjmay made their first contribution in #3168
- @AobaIwaki123 made their first contribution in #3172
- @mdaffad made their first contribution in #3159
Full Changelog: v0.5.3...v0.5.4
Contributors
kemingy, utam0k, and 13 other contributors
Assets 6
v0.5.3
💀 Security Announce
A security issue related to the Capability of TenantBuilder has been discovered.
This issue mainly affects those who execute the exec command. Although the risk of attack from outside is limited, we recommend that you update.
GHSA-5w4j-f78p-4wh9
What's Changed
🐛 Bug Fixes
🧪 Test improvements and Misc Fixes
- Fix the release flow by @utam0k in #3098
- chore(ci): add cgroup v1 compatibility for tests on ubuntu-24.04 by @sou1118 in #3102
- fix: CPU controller tests for Kernel 6.10 cgroup v2 changes by @sou1118 in #3106
- chore(ci): Upgrade GitHub Actions workflows for
ubuntu-24.04by @sou1118 in #3097 - fix: release ci tests also need apparmor disable by @YJDoc2 in #3118
- chore(ci): add criu ppa for podman-tests ci by @sou1118 in #3120
Other Changes
- Release for v0.5.3 by @github-actions in #3119
Full Changelog: v0.5.2...v0.5.3
Contributors
utam0k, sou1118, and YJDoc2
Assets 6
v0.5.2
What's Changed
💪 Improvements
🐛 Bug Fixes
- fix(libcgroup): fix disable_oom_killer in cgroup v1 by @xujihui1985 in #3090
🧪 Test improvements and Misc Fixes
- Add a PR template file by @Gekko0114 in #3049
- add process rlimits fail test by @ntkm61027 in #3051
- Use MountOption enum to parse mount options defined in the spec by @musaprg in #2937
- ci: Publish packages after the release flow by @utam0k in #3064
- Make
sepcinto&specin test_{outside,inside}_containe by @utam0k in #3068 - linux_masked_paths integration test by @nayuta-ai in #2950
- fix: compilation errors in contest by @YJDoc2 in #3086
- Remove problematic comments between package name in apt install by @musaprg in #3060
- Add
deletetest by @sou1118 in #3082
Other Changes
- Upgrade direct dep rand to 0.9.0 by @YJDoc2 in #3083
- rollup multiple dep updates by @YJDoc2 in #3084
- lset_file_label should check for symlink instead of raw file by @foreverddong in #3073
- Release for v0.5.2 by @github-actions in #3050
New Contributors
- @ntkm61027 made their first contribution in #3051
- @nayuta-ai made their first contribution in #2950
- @foreverddong made their first contribution in #3073
- @sou1118 made their first contribution in #3082
Full Changelog: v0.5.1...v0.5.2
Contributors
xujihui1985, musaprg, and 7 other contributors
Assets 6
v0.5.1
Contributors
utam0k
Assets 6
v0.5.0
What's Changed
💪 Improvements
- libcontainer: support set stdios for container by @abel-von in #2961
- Add option to spawn processes as siblings by @jprendes in #3012
💥 Breaking Changes
🐛 Bug Fixes
- Fixed ENAMETOOLONG error in setup_console_socket by @morganllewellynjones in #2915
- fix(libcontainer) no_pivot args is not used by @xujihui1985 in #2923
- Fix/return multi errors on create failed by @xujihui1985 in #2998
- fix duplicate gids in container creation by @YJDoc2 in #3019
- Fix --preserve-fds, eliminate stray FD being passed into container by @aidanhs in #2893
📖 Documentation improvements
- Add the affiliations of youki maintainers by @utam0k in #2947
- docs: update github pages links by @tskxz in #2969
- switch from license-file to license by @jprendes in #3023
🧪 Test improvements and Misc Fixes
- ci: update action versions to fix deprecation warnings by @YJDoc2 in #2918
- deps: update wasmedge to 0.14.0 by @YJDoc2 in #2928
- Bump oci-spec to 0.7.0 by @kiokuless in #2934
- remove incorrect dependency in readme by @YJDoc2 in #2940
- Add seccomp into feature flags of youki to be compiled in by @musaprg in #2924
- Add unittest to expertiment seccomp programs by @sat0ken in #2956
- print "unknown" instead of defaults if we cannot get kernel config by @YJDoc2 in #2964
- Add test process rlimits by @sat0ken in #2977
- Add test process user by @sat0ken in #2978
- add test process_oom_score_adj by @saku3 in #2987
- Add process test by @sat0ken in #2968
- refactor(test): refine function create_container by @xujihui1985 in #2973
- Add test root readonly by @sat0ken in #2976
- Adding Discord link to docs by @crmejia in #3005
- Prepare for v0.5.0 by @utam0k in #3016
- Use later stable rust version 1.81.0 to fix the CI by @musaprg in #3033
- Don't specify the versionFile for tagpr by @utam0k in #3036
Other Changes
- selinux: create Vagrantfile for SELinux by @Gekko0114 in #2900
- Cargo.toml: remove unused dependnecies by @Mossaka in #2921
- deps: update wasmtime by @YJDoc2 in #2929
- selinux: fix xattr and remove anyhow by @Gekko0114 in #2936
- .github/workflows/basic: check unused deps on 'check' job by @Mossaka in #2941
- seccomp: Update experiment seccomp program by @sat0ken in #2946
- create mount_rootfs method by @Gekko0114 in #2953
- Update deps: roll multiple dependabot PRs into one by @YJDoc2 in #2993
- Release for v0.5.0 by @github-actions in #2906
New Contributors
- @kiokuless made their first contribution in #2934
- @morganllewellynjones made their first contribution in #2915
- @sat0ken made their first contribution in #2946
- @xujihui1985 made their first contribution in #2923
- @tskxz made their first contribution in #2969
- @saku3 made their first contribution in #2987
- @abel-von made their first contribution in #2961
- @crmejia made their first contribution in #3005
- @aidanhs made their first contribution in #2893
Full Changelog: v0.4.1...v0.5.0
Contributors
aidanhs, xujihui1985, and 13 other contributors
Assets 6
v0.4.1
This point release is primarily for updating our nc dependency version , as the last update was breaking musl static builds, see #2894 . Apart from that there are not changes in this point release. You can skip updating if you do not use musl/ not experienced any breakage related to to builds.
What's Changed
🧪 Test improvements and Misc Fixes
- update nc version to 0.9.3 by dependabot in #2895
- prepare for version 0.4.1 by @YJDoc2 in #2897
- Update Cargo.toml for v0.4.1 by @utam0k in #2904
Other Changes
- Release for v0.4.1 by @github-actions in #2896
Full Changelog: v0.4.0...v0.4.1
Contributors
utam0k and YJDoc2
Assets 6
v0.4.0
What's Changed
💪 Improvements
- Export max_usage in cgroups v2 mode by @HeRaNO in #2802
- Add new
setup_envsmethod for theExecutortrait by @musaprg in #2820
💥 Breaking Changes
🐛 Bug Fixes
📖 Documentation improvements
- Add the governance by @utam0k in #2806
- optimization runtime_tools.md doc by @lengrongfu in #2816
- Update README.md by @utam0k in #2822
- Fix typo by @utam0k in #2836
- docs: fix
with_executormethod description by @Andreagit97 in #2834
🧪 Test improvements and Misc Fixes
- Update nix to 0.28.0 by @omprakaash in #2728
- Fix word order in README sentence justifying Rust usage by @andrewimeson in #2805
- move macro define youki_version to use before by @lengrongfu in #2813
- Use HashMap for envs in container_init_process by @musaprg in #2817
- Ignore linter for MOUNT_ATTR__ATIME by @yihuaf in #2819
- Update go version in podman CI and vagrantfile by @YJDoc2 in #2828
- Fix typos and bump version for typos ci by @Jerrypoi in #2839
- Install nightly for running linter inside devcontainer by @musaprg in #2845
- Add issue templates by @YJDoc2 in #2829
- chore(deps): update oci-spec to v0.6.7 by @Mossaka in #2847
- Bump oci-spec by @keisku in #2854
- Update devcontainer.json by @keisku in #2857
- Apply building best practices to
.devcontainer/Dockerfileby @keisku in #2856 - Fix markdown format in experiment/selinux/README.md by @keisku in #2855
- initial progress on supporting OwnedFd by @zahash in #2809
- Rust 1.80.0 by @utam0k in #2869
- Update nc dependency to 0.9.2 by @posutsai in #2884
- Prepare for v0.4.0 by @utam0k in #2880
- Release for v0.4.0 by @github-actions in #2791
Other Changes
- Init a selinux project by @Gekko0114 in #2800
- selinux: write xattr related codes. by @Gekko0114 in #2825
- selinux: implemented remaining selinux functions by @Gekko0114 in #2850
New Contributors
- @HeRaNO made their first contribution in #2802
- @andrewimeson made their first contribution in #2805
- @musaprg made their first contribution in #2817
- @Gekko0114 made their first contribution in #2800
- @Jerrypoi made their first contribution in #2839
- @Andreagit97 made their first contribution in #2834
- @Mossaka made their first contribution in #2847
- @keisku made their first contribution in #2854
- @posutsai made their first contribution in #2884
Full Changelog: v0.3.3...v0.4.0
Contributors
Mossaka, musaprg, and 13 other contributors
Assets 6
v0.3.3
What's Changed
💪 Improvements
- Add support for rsvd hugetlb cgroup by @omprakaash in #2719
💥 Breaking Changes
🐛 Bug Fixes
- Fix cgroups determination in exec implementation by @YJDoc2 in #2720
- Remove unnecessary chdir by @utam0k in #2780
🧪 Test improvements and Misc Fixes
- Rollup dep updates by @YJDoc2 in #2667
- Fill in TODO by @utam0k in #2677
- Fix the links of contest by @utam0k in #2680
- Set '--test-threads' option to 1 in unit tests by @YJDoc2 in #2685
- add io priority e2e test by @lengrongfu in #2646
- (fix) podman e2e : Update workflow for new required deps, add vagrantfile by @YJDoc2 in #2687
- Add missed test-threads=1 to coverage CI by @YJDoc2 in #2699
- Fix integration test validation CI, make io_priority test conditional by @YJDoc2 in #2707
- 📝 Remove GitPod and add link to GitHub codespaces by @homersimpsons in #2717
- Limt dependabot updates to only direct dependencies by @utam0k in #2725
- fix observability default log level comment by @zahash in #2737
- Update deps via cargo update by @YJDoc2 in #2747
- Rust 1.77.1 by @utam0k in #2746
- Make our codespaces more useful by @utam0k in #2753
- Fix README.md by @utam0k in #2759
- update wasmtime dep to 19.0.1, replace wasmtime-wasi with wasi-common by @YJDoc2 in #2752
- Reset console sockets to original in setup_console test by @YJDoc2 in #2764
- Update rust version to 1.77.2 by @YJDoc2 in #2779
- Add linux_devices test by @omprakaash in #2708
- deps: Disable unused/unnecessary regex features in libcontainer by @jirutka in #2781
- Add
rustfmt.tomlto standardize formatting by @jprendes in #2787 - Update the release workflow by @utam0k in #2789
- Release v0.3.3 by @utam0k in #2794
Other Changes
- Rollup dep update by @YJDoc2 in #2674
- Init a seccomp project by @utam0k in #2729
- seccomp: Use offset_of! by @utam0k in #2763
- seccomp: Add a case for checking arguments by @utam0k in #2775
- Release for v0.3.3 by @github-actions in #2665
New Contributors
- @homersimpsons made their first contribution in #2717
- @zahash made their first contribution in #2737
- @omprakaash made their first contribution in #2719
- @jirutka made their first contribution in #2781
Full Changelog: v0.3.2...v0.3.3
Contributors
jirutka, jprendes, and 6 other contributors
Assets 6
v0.3.2
Security
This release fixes security issues identified in GHSA-xr7r-f8xq-vfvv. Although this is not known to directly lead to vulnerabilities, it was an area that should have been fixed.
Address GHSA-xr7r-f8xq-vfvv by @utam0k in #2663
What's Changed
💪 Improvements
- (feat) add support for
muslusingcross-rsby @jprendes in #2536 - add schedule entity by @lengrongfu in #2495
- Address GHSA-xr7r-f8xq-vfvv by @utam0k in #2663
📖 Documentation improvements
- fix: just instead make by @bestgopher in #2585
- [doc] Update doc with
cross-rsandmuslbuilds by @jprendes in #2621
🧪 Test improvements and Misc Fixes
- New Releases needs approval from the maintainer by @utam0k in #2583
- Updaet to Containerd 1.7.11 by @utam0k in #2558
- chore(deps) bump tabwriter, windows-core, tempfile, memchr, clang-sys by @YJDoc2 in #2608
- Name the test tools
contestby @utam0k in #2486 - Fix the missed naming changes in integration test validation CI by @YJDoc2 in #2629
- Roll up various minor and major version dep upgrade by @YJDoc2 in #2638
- Add docker-in-docker e2e test by @jprendes in #2645
- Add domainname test by @higuruchi in #1544
- Re enable skipped e2e tests by @YJDoc2 in #2647
Other Changes
New Contributors
- @bestgopher made their first contribution in #2585
Full Changelog: v0.3.1...v0.3.2
Contributors
jprendes, utam0k, and 4 other contributors