Releases: kata-containers/kata-containers
# Release 3.2.0-alpha3
fidencio
Fabiano Fidêncio
kata-containers Changes
In this release we're posting the shortlog between 3.2.0-alpha0 and 3.2.0-alpha3,
as the -alpha1 and -alpha2 releases couldn't be finished due to issues in our
release pipeline.
The most notorious changes that are worth mentioning are:
- The addition of device manager for runtime-rs
- Several improvements related to GPU usage with Kata Containers
- Several improvements to the
kata-ctltool - Addition of artefacts and specific runtime classes for x86_64 TEEs
- SEV, SNP, and TDX are the ones being tested, built, and shipped for now
- Multi-architecture release, including:
- kata-static-3.2.0-alpha3-{aarch64,s390x,x86_64}.tar.xz
- Note, aarch64 and x86_64 will be changed to arm64 and amd64 for the next
release
- Note, aarch64 and x86_64 will be changed to arm64 and amd64 for the next
- kata-deploy payloads supporting amd64, arm64, and s390x
- kata-static-3.2.0-alpha3-{aarch64,s390x,x86_64}.tar.xz
- Several other bug fixes happened all over the code
Shortlog
f636c1f gha: release: Simplify the process for tagging the payload
d10c9be gha: release: login-action: Don't specify docker.io registry
0b1c5ea versions: Update nydus version to 2.2.1
eff6ed2 runtime: make debug console work with sandbox_cgroup_only
c543631 release: Kata Containers 3.2.0-alpha3
f370226 release: Fix docker/login-action version
fc09d0f release: Kata Containers 3.2.0-alpha2
4719802 runtime-rs: add virtio-blk-mmio
f9bded4 runtime-rs: add devicetype enum
6800d30 runtime-rs: remove device
f16012a runtime-rs: support linux device
fe9ec67 runtime-rs: block volume
a8bfac9 runtime-rs: support block rootfs
b076d46 agent: handle hotplug virtio-mmio device
6e273d6 runtime-rs: implement trait for vhost-user device
cc9c915 runtime-rs: implement trait for vfio device
e4c5c74 runtime-rs: device manager
22154e0 cache: Fix OVMF tarball name for different flavours
b7341cd cache: Use "initrd" as initrd_type to build rootfs-initrd
35c3d7b runtime: clh: Re-generate the client code
cfee99c versions: Upgrade to Cloud Hypervisor v32.0
b8ffcd1 osbuilder: Bump fedora image version
636539b kata-deploy: Use apt-key.gpg from k8s.io
ae24dc7 local-build: Standardise what's set for the local build scripts
ad324ad gha: aks: Wait a little bit more before run the tests
11a34a7 docs: Update container network model url
191b6dd gha: release: Fix s390x worklow
75330ab cache: Fix OVMF caching
cfd8f4f gha: payload-after-push: Pass secrets down
a89b44a tools: Fix arch bug
f527f61 release: Kata Containers 3.2.0-alpha1
ca1531f runtime: Use static_sandbox_resource_mgmt=true for TEEs
f6e1b11 agent: update tokio dependency
4cb83dc kata-ctl: update tokio dependency
df615ff runk: update tokio dependency
ca6892d runtime-rs: update tokio dependency
3e85bf5 resource-control: fix setting CPU affinities on Linux
bdb75fb runtime: use enable_vcpus_pinning from toml
fa832f4 gha: k8s: Make the tests more reliable
cbb9fe8 config: Use standard OVMF with SEV
724437e kata-deploy: add kata-qemu-sev runtimeclass
521dad2 Tests: skip CPU constraints test on SEV and SNP
72308dd gha: ci-on-push: Don't skip tests for SEV
da0f92c gha: ci-on-push: Don't skip tests for SEV-SNP
12f43be gha: tdx: Use the k3s overlay for kata-cleanup
dd75625 runtime: pkg/sev: Add kbs utility package for SEV pre-attestation
05de7b2 runtime: Add sev package
3a9d3c7 gpu: Rename the last bits from gpu to nvidia-gpu
4cde844 local-build: Fix kernel-nvidia-gpu target name
1a3f8fc deploy: fix shell script error
c5a59ca ppc64le: switch virtiofsd from C to rust version
bfdf014 versions: Bump virtiofsd to 1.6.1
87cb98c osbuilder: Fix indentation in rootfs.sh
20cb875 virtcontainers/qemu_test.go: Improve test coverage
022a33d agent: Add context to errors when AgentConfig file is missing
50cc9c5 tests: Improve coverage for virtcontainers/pkg/compatoci/ for Kata 2.0
73913c8 kata-manager: Fix '-o' syntax and logic error
593840e kata-ctl: Allow INSTALL_PATH= to be specified
5f3f844 runtime-rs: fix building instructions with respect to required Rust version
197c336 Dragonball: use LinuxBootConfigurator::write_bootparams to writes the boot parameters into guest memory.
b9a1db2 kata-deploy: Add http_proxy as part of the docker build
777c3dc kata-deploy: Do not ship the kata tarball
136e241 static-build: Download firecracker instead of building it
3bf767c static-build: Adjust ARCH for nydus
ac88d34 static-build: Use relased binary for CLH (aarch64)
2856d3f deploy: Fix arch in image tag
e8f81ee Revert "kata-deploy: Use readinessProbe to ensure everything is ready"
a4c0303 virtcontainers: Fixed static checks for improved test coverage for fc.go
03a8cd6 virtcontainers: Improved test coverage for fc.go from 4.6% to 18.5%
cfe6352 release: Fix multi-arch publishing is not supported
4d17ea4 cache: Fix nvidia-snp caching version
a133fad cache: Fix nvidia-gpu-tdx-experimental cache URL
defb643 runtime: remove overriding ARCH value by default for ppc64le
5226f15 gha: Fix Body Line Length action flagging empty body commit messages
0d49cee gha: Fix snap creation workflow warnings
b9990c2 cache: Fix nvidia-gpu version
c9bf780 cache: Update the KERNEL_FLAVOUR list to include nvidia-gpu
3665b42 gpu: Rename gpu targets to nvidia-gpu
2c90cac local-build: fixup alphabetization
4da6eb5 kata-deploy: Add qemu-snp shim
14dd053 kata-deploy: add kata-qemu-snp runtimeclass
0bb37bf config: Add SNP configuration
af7f251 versions: update SEV kernel description
dbcc3b5 local-build: fix default values for OVMF build
b8bbe63 gha: build OVMF for tests and release
cf0ca26 local-build: Add x86_64 OVMF target
db095dd cache: add SNP flavor to comments
f4ee005 gha: Build and ship QEMU for SNP
7a58a91 docs: update SNP guide
879333b versions: update SNP QEMU version
38ce4a3 local-build: add support to build QEMU for SEV-SNP
e1f3b87 docs: Mark snap installation method as unmaintained
772d4db gha: Build and ship SEV initrd
45fa366 gha: Build and ship SEV OVMF
4770d30 gha: Build and ship SEV kernel.
fb9c1fc runtime: Add qemu-sev config
813e4c5 runtimeClasses: add sev runtime class
af18806 static-build: Add caching support to sev ovmf
76ae7a3 packaging: adding caching capability for kernel
12c5ef9 packaging: add support to build OVMF for SEV
b87820e packaging: add support to build initrd for sev
b0e6a09 packaging: Add sev kernel build capability
5f8008b kata-ctl: add unit test for kvm check
a085a6d kata-ctl: add generic kvm check
6594a93 tools: made log-parser-rs
17daeb9 warning_fix: fix warnings when build with cargo-1.68.0
8495f83 cross-compile: Include documentation and configuration for cross-compile
205909f runtime: Fix virtiofs fd leak
13d7f39 gpu: Check for VFIO port assignments
138ada0 gpu: Cold Plug VFIO toml setting
f7ad75c gpu: Cold-plug extend the api.md
0fec2e6 gpu: Add cold-plug test
dded731 gpu: Add OVMF setting for MMIO aperture
2a83017 gpu: Add fwcfg helper function
131f056 gpu: Extract VFIO Functions to drivers
c8cf7ed gpu: Add ColdPlug of VFIO devices with devManager
e2b5e7f gpu: Add Rawdevices to hypervisor
6107c32 gpu: Assign default value to cold-plug
377ebc2 gpu: Add configuration option for cold-plug VFIO
c18ceae gpu: Add new struct PCIePort
1c1ee80 pkg/signals: Improved test coverage 60% to 100%
9c38204 virtcontainers/persist: Improved test coverage 65% to 87.5%
0f45b0f virtcontainers/clh_test.go: improve unit test coverage
6bf1fc6 virtcontainers/factory: Improved test coverage
5c9246d gha: Also run k8s tests on qemu-snp
c57a444 gha: Add the ability to test qemu-snp
9e2b7ff gha: sev: fix for kata-deploy error
c849bdb gha: Also run k8s tests on qemu-sev
521519d gha: Add the ability to test qemu-sev
4064192 env: Utilize arch specific functionality to get cpu details
fb40c71 env: Check for root privileges
1016bc1 config: Add api to fetch config from default config path
b908a78 kata-env: Pass cmd option for file path
b192019 config: Workaround the way agent and hypervisor configs are fetched
f2b2621 kata-env: Implement the kata-env command.
f2ebdd8 utils: Get rid of spurious print statement left behind.
9a94f1f make: Export VERSION and COMMIT
2f81f48 config: Add file under /opt as another location to look for the config
07f7d17 config: Make the pipe_size field optional
68f6357 config: Make function to get the default conf file public
7565b33 kata-ctl: Implement Display trait for GuestProtection enum
94a00f9 utils: Make certain constants in utils.rs public
572b338 gitignore: Ignore .swp and .swo editor backup files
376884b cargo: Update version of clap to 4.1.13
cc8ea32 runtime-rs: support keep_abnormal in toml config
b1730e4 gpu: Add new kernel build option to usage()
825e769 gpu: Add GPU support to default kernel without any TEE
e4ee07f gpu: Add GPU TDX experimental kernel
87ea43c gpu: Add configuration fragment
aca6ff7 gpu: Build and Ship an GPU enabled Kernel
e4b3b08 gpu: Add proper CONFIG_LOCALVERSION depending on TEE
432d407 kata-ctl: checks for kvm, kvm_intel modules loaded
3e7b902 osbuilder: Fix D-Bus enabling in the dracut case
6d31571 snap: fix docker start fail issue
96e8470 kata-manager: Fix containerd download
53c749a agent: Fix ut issue caused by fd double closed
2e3f19a agent: fix clippy warnings caused by protobuf3
4849c56 agent: Fix unit test issue cuased by protobuf upgrade
0a582f7 trace-forwarder: remove unused crate protobuf
7325385 kata-ctl: remove unused crate ttrpc
76d2e30 agent-ctl: Bump ttrpc from 0.6.0 to 0.7.1
eb3d20d protocols: Add ut for Serde
59568c7 protocols: add support for Serde
a6b4d92 runtime-rs: Bump ttrpc from 0.6.0 to 0.7.1
8a...
Kata Containers 3.2.0-alpha2
fidencio
Fabiano Fidêncio
Kata Containers release 3.2.0-alpha2
Kata Containers 3.2.0-alpha1
fidencio
Fabiano Fidêncio
Kata Containers release 3.2.0-alpha1
Kata Containers 3.1.2
# Release 3.1.1
kata-containers Changes
Shortlog
36b8831 release: Kata Containers 3.1.1
2ff6964 release: Adapt kata-deploy for 3.1.1
0e0d29d agent: Fix ut issue caused by fd double closed
8db3dfb osbuilder: Fix D-Bus enabling in the dracut case
1de0909 osbuilder: Enable dbus in the dracut case
a86feb8 runtime: Don't create socket file in /run/kata
8b59719 rustjail: Use CPUWeight with systemd and CgroupsV2
f83adbe rustjail: Add anyhow context for D-Bus connections
e0e6f94 rustjail: Fix minor grammatical error in function name
ecadb51 rustjail: Do not unwrap potential error with cgroup manager
Compatibility with CRI-O
Kata Containers 3.1.1 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.1.1 is compatible with contaienrd v1.6.8
OCI Runtime Specification
Kata Containers 3.1.1 support the OCI Runtime Specification v1.0.2
Compatibility with Kubernetes
Kata Containers 3.1.1 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.1.1
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
Do not use Alpine on ppc64le & s390x, the agent cannot use musl because
there is no such Rust target
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.1.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
# Release 3.2.0-alpha0
gkurz
Greg Kurz
kata-containers Changes
TBD
Shortlog
4a24630 release: Kata Containers 3.2.0-alpha0
43dd444 snap: Build the artefacts using kata-deploy
3443f55 nydus: upgrad nydus to v2.2.0
395645e runtime: hybrid-mode cause error in the latest nydusd
74ec38c osbuilder: Add support for CBL-Mariner
8b008fc kata-deploy: fix bash semantics error
dd23f45 utils: renamed only_kata to skip_containerd
59c81ed utils: informed pre-check about only_kata
ac58588 runtime-rs: ch: Generate Cloud Hypervisor config for confidential guests
9655518 runtime-rs: ch: Honour debug setting
e3c2d72 runtime-rs: ch: clippy fix
ece5edc qemu/arm64: disable image nvdimm if no firmware offered
462d4a1 workflows: static-checks: Free disk space before running checks
e68186d workflows: static-checks: Set GOPATH only once
439ff9d tools/osbuilder/tests: Remove TRAVIS variable
f31c79d workflows: static-checks: Remove TRAVIS_XXX variables
4f0887c kata-deploy: fix install failing to chmod runtime-rs/bin/*
09c4828 workflows: add missing artifacts on payload-after-push
96baa83 agent: Bring in VFIO-AP device handling again
f666f8e agent: Add VFIO-AP device handling
b546eca runtime: Generalize VFIO devices
4c527d0 agent: Rename VFIO handling to VFIO PCI handling
db89c88 agent: Use cfg-if for s390x CCW
68a586e agent: Use a constant for CCW root bus path
f4938c0 bugfix: set hostname
fbf891f packaging: Adapt get_last_modification()
82a04db local-build: Use cached VirtioFS when possible
3b99004 local-build: Use cached shim v2 when possible
1b8c547 local-build: Use cached RootFS when possible
09ce4ab local-build: Use cached QEMU when possible
1e1c843 local-build: Use cached Nydus when possible
64832ab local-build: Use cached Kernel when possible
04fb52f local-build: Use cached Firecracker when possible
8a40f6f local-build: Use cached Cloud Hypervisor when possible
194d5dc tools: Add support for caching VirtioFS artefacts
a34272c tools: Add support for caching shim v2 artefacts
7898db5 tools: Add support for caching RootFS artefacts
e908910 tools: Add support for caching QEMU artefacts
7aed8f8 tools: Add support for caching Nydus artefacts
cb4cbe2 tools: Add support for caching Kernel artefacts
762f9f4 tools: Add support for caching Firecracker artefacts
6b1b424 tools: Add support for caching Cloud Hypervisor artefacts
08fe49f versions: Adjust kernel names to match kata-deploy build targets
99505c0 versions: Update firecracker version
a8b55bf dependency: update cgroups-rs
9a01d4e dragonball: add more unit test for virtio-blk device.
974a5c2 runtime: add support for Hyper-V
97cdba9 runtime-rs: update load_config comment
a6c67a1 runtime: add support for ephemeral mounts to occupy entire sandbox memory
16e2c3c agent: implement update_ephemeral_mounts api
3896c7a protocol: add updateEphemeralMounts proto
40f4eef build: Use the correct kernel name
30e235f runtime-rs: impl volume-resize trait for sandbox
42b8867 runtime-rs: impl volume-stats trait for sandbox
e7bca62 bugfix: modify tty_win info in runtime when handling ResizePtyRequest
e029988 bugfix: add get_ns_path API for Hypervisor
844bf05 runtime-rs: add the missing default trait
43ce3f7 packaging: Simplify get_last_modification()
33c5c49 packaging: Move repo_root_dir to lib.sh
f8e4417 utils: Make kata-manager.sh runs checks
760f781 dragonball: support pmu on aarch64
2d43e13 docs: fix typo in AWS installation guide
2348831 agent: always use cgroupfs when running as init
8546387 agent: determine value of use_systemd_cgroup before LinuxContainer::new()
736aae4 rustjail: print type of cgroup manager
dbae281 workflows: Properly set the kata-tarball architecture
76b4591 tools: Adjust the build-and-upload-payload.sh script
cd2aaed kata-deploy: Switch to using an ubuntu image
9bc7bef kata-deploy: Fix path to the Dockerfile
78ba363 kata-deploy: Use different images for s390x and aarch64
6267909 kata-deploy: Allow passing BASE_IMAGE_{NAME,TAG}
192df84 agent: always use cgroupfs when running as init
b069180 agent: determine value of use_systemd_cgroup before LinuxContainer::new()
ad8968c rustjail: print type of cgroup manager
a9e2fc8 runtime/Makefile: Fix install-containerd-shim-v2 dependency
b6880c6 logging: Correct the code notes
8030e46 fix(runtime-rs): add exited state to ensure cleanup
12cfad4 runtime-rs: modify the transfer to oci::Hooks
2c4428e runtime-rs: move pre-start hooks to sandbox_start
e80c9f7 runtime-rs: add StartContainer hook
977f281 runtime-rs: add CreateContainer hook support
875f2db runtime-rs: add oci hook support
ecac3a9 docs: add design doc for Hooks
4b8a5a1 utils: Remove kata-manager.sh cgroups v2 check
7d292d7 workflows: Fix the path of imported workflows
e07162e workflows: Fix action name
dd27135 Dragonball: update dependencies
828d467 workflows: Do not install docker
bd1ed26 workflows: Publish kata-deploy payload after a merge
fea7e88 runtime-rs: Fixed typo mod.rs
a96ba99 actions: Use git-diff to get changes in kernel dir
c4ef5fd agent: don't set permission of existing directory
dc86d6d runtime: use filepath.Clean() to clean the mount path
3ac6f29 runtime: clh: Re-generate the client code
262daaa versions: Upgrade to Cloud Hypervisor v30.0
919d19f feat(runtime): make static resource management consistent with 2.0
76e9264 osbuilder: Include minimal set of device nodes in ubuntu initrd
b582c0d kata-ctl/exec: add new command exec to enter guest VM.
1bff1ca kernel: Add CONFIG_SEV_GUEST to SEV kernel config Adding kernel config to sev case since it is needed for SNP and SNP will use the SEV kernel. Incrementing kernel config version to reflect changes
3483272 runtime-rs: ch: Enable initrd usage
fbee6c8 runtime-rs: Improve Cloud Hypervisor config handling
e84af6a virtiofsd: update to a valid path on ppc64le
2dd2421 runtime-rs: cleanup kata host share path
0a21ad7 osbuilder: fix default build target in makefile
4c39c4e devguide: Add link to the contribution guidelines
b4a1527 kata-deploy: Fix static shim-v2 build on arm64
2c4f807 Revert "shim-v2: Bump Ubuntu container image to 22.04"
ced3c99 dragonball: config_manager: preserve device when update
afaccf9 Revert "workflows: Push the builder image to quay.io"
da8a641 runtime-rs: remove all remaining unsafe impl
0301194 dragonball: use crossbeam_channel in VmmService instead of mpsc::channel
697ec8e kata-deploy: Fix kata static firecracker arm64 package build error
9d78bf9 shim-v2: Bump Ubuntu container image to 22.04
b835c40 workflows: Push the builder image to quay.io
781ed29 packaging: Allow passing a container builder to the scripts
45668fa packaging: Use existing image to build td-shim
e8c6bfb packaging: Use existing image to build td-shim
3fa24f7 packaging: Add infra to push the OVMF builder image
f076fa4 packaging: Use existing image to build OVMF
c7f5151 packaging: Add infra to push the QEMU builder image
fb7b86b packaging: Use existing image to build QEMU
d0181bb packaging: Add infra to push the virtiofsd builder image
7c93428 packaging: Use existing image to build virtiofsd
8c227e2 virtiofsd: Pass the expected toolchain to the build container
7ee00d8 packaging: Add infra to push the shim-v2 builder image
24767d8 packaging: Use existing image to build the shim-v2
6c3c771 packaging: Add infra to push the kernel builder image
b9b2311 packaging: Use existing image to build the kernel
869827d packaging: Add push_to_registry()
e69a6f5 packaging: Add get_last_modification()
6c05e5c packaging: Add and export BUILDER_REGISTRY
3cfce5a utils: improved unsupported distro message.
1047840 utils: always check some dependencies.
a161d11 versions: Use ubuntu as the default distro for the rootfs-image
44aaec9 github-action: Replace deprecated command with environment file
619ef54 docs: Change the order of release step
95e3364 runtime-rs: remove unnecessary Send/Sync trait implement
be40683 runtime-rs: Add a generic powerpc64le-options.mk
47c0585 packaging/shim-v2: Install the target depending on the arch/libc
07802a1 runtime-rs: handle sys_dir bind volume
04e9300 sandbox: set the dns for the sandbox
32ebe18 agent: fix the issue of creating the dns file
a68c500 packaging/shim-v2: Only change the config if the file exists
bbc733d docs: runtime-rs: Add CH status details
37b594c runtime-rs: Add basic CH implementation
5451518 kata-types: Add Cloud Hypervisor (CH) definitions
ee76b39 release: Revert kata-deploy changes after 3.1.0-rc0 release
Compatibility with CRI-O
Kata Containers 3.2.0-alpha0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.2.0-alpha0 is compatible with contaienrd v1.6.8
OCI Runtime Specification
Kata Containers 3.2.0-alpha0 support the OCI Runtime Specification [v1.0.2][ocispec]
Compatibility with Kubernetes
Kata Containers 3.2.0-alpha0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following [GNU LGPL-2.1][lgpl-2.1] licensed libseccomp library.
- [
libseccomp][libseccomp]
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the...
# Release 3.1.0
kata-containers Changes
This release includes several improvements inlcuding:
- Support for AMD SEV-SNP VMs
- Upgrade to QEMU v7.2.0
- Upgrade to Cloud Hypervisor v29.0
- Closed gaps around networking support for docker/moby.
- Several runtime-rs improvements including adding support for hugepages
- QEMU logging
... and many bug fixes !
Shortlog
ac6c1d1 release: Kata Containers 3.1.0
e6d2775 release: Adapt kata-deploy for 3.1.0
3eb7387 agent: always use cgroupfs when running as init
be512e7 agent: determine value of use_systemd_cgroup before LinuxContainer::new()
12ec33d rustjail: print type of cgroup manager
491b954 workflows: Do not install docker
624dc2d runtime: use filepath.Clean() to clean the mount path
fcab7c3 osbuilder: Include minimal set of device nodes in ubuntu initrd
6977074 kata-deploy: Fix static shim-v2 build on arm64
592ecdb packaging/shim-v2: Install the target depending on the arch/libc
d1305ee runtime-rs: Add a generic powerpc64le-options.mk
59a05c7 kata-deploy: Fix kata static firecracker arm64 package build error
79a40d4 dependency: update cgroups-rs
5988199 release: Kata Containers 3.1.0-rc0
d144ded release: Adapt kata-deploy for 3.1.0-rc0
9304889 docs: Update how-to-use-kata-containers-with-firecracker.md
8e3863c kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c453919 runtime: tracing: Fix missing ctx return
ca02c9f runtime: add reconnect timeout for vhost user block
67b8f07 SEV: Update ReducedPhysBits
4139d68 runtime-rs: Include target install in conditional branch
c071355 runtime-rs: Improve s390x error message
4e2db96 runtime-rs: Don't try to build on Power
2f5bc0f kata-ctl: Expand unit tests for CPU check
01765e1 runtime: support cgroup v2 metrics marshal guest metrics
e071d92 Typo: change tabs in comment to spaces
bdf20b5 rootfs: support EROFS filesystem
ed02c8a docs: add guide for building rootfs with EROFS
49326fe fix(clippy): fix hypervisor clippy checks
fff0e50 versions: Update runc version
3c48f22 runtime: Improve documentation of appendFDs
94b1d98 cargo: Update Cargo.lock files
f185559 make: Get rid of verbose output while creating tar
c383601 make: clean up obsolete targets
f83115a docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
3c24e23 README: Update Readme under packaging/kernel
d73f3a8 github-action: Add step to verify kernel config version id updated
ac64b02 clh: Enforce API timeout only for vm.boot request
56071c6 virtiofsd: change cache mod to const
5d37d31 cgroups: upgrade cgroupfs to 0.3.1
ab59a65 runtime-rs: neglect a certain error when delete cgroup
56f0a27 kernel: Add console kernel config for s390
390916b runtime: remove not used shim configurations
9794c52 improvement: Fix naming conventions for span name and log subsystem
57c5e56 Dragonball: add cpu resize ability
59f104c runtime: skip unit test that fail regularly on aarch64
b7dd97c kata-ctl: fix permission deny issue in test_add_remove
f49b89b CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
856ab66 virtiofsd: fix the build on ppc64le
1e531b4 runtime:fix stat uds path
3a63e3c cni: Update cni plugins version to 1.2.0
5107981 dragonball: Improve test cases
dc90c6e dragonball: add more unit test for vm
334c4b8 runtime: Drop QEMU log file support
00dcd90 docs: Add documentation for building agent with seccomp support.
8e8c720 kata-deploy-push: Ensure we build Dragonball specific kernel
b7f4e96 kata-deploy-test: Ensure we build dragonball specific kernel
063dec3 release: Add the dragonball-experimental kernel
0b3c91d kata-deploy: Add kernel-dragonball-experimental target
6199b69 runtime-rs: change cache mode
a33a22c runtime-rs: add missing config section for share-fs
9092c23 runtime: Add hmp for qemu
9f490d1 upcall: add document for upcall
39fe4a4 runtime: Collect QEMU's stderr
a5319c6 runtime: Start QEMU undaemonized
bf4e3a6 runtime: Launch QEMU with cmd.Start()
8a1723a runtime: Pre-establish the QMP connection
8a4f08c govmm: Optionally pass QMP listener to QEMU
219bb8e govmm: Optionally start QMP with a pre-configured connection
2b779cb docs: Update url link in QAT documentation
a85d0e4 versions: update cni plugins version
861c38b versions: Upgrade to Cloud Hypervisor v29.0
ba87e0a runtime: Use consts in kata-runtime check
676d028 versions: Bump QEMU to v7.2.0
bf8848f agent: Eliminate unnecessary metrics
69fc8de runtime:all APIs are hang in the service.mu
8d4c2cf kata-ctl: Allow certain constants to go unused
64c11a6 kata-ctl: Have function to get cpu details to run on specific arch
594b57d utils: Add utility functions to get cpu and distro details.
d33e343 check: Move PROC_CPUINFO from architecture specific files
596037e versions: Update conmon version
cf1bae3 runtime: paas enablevhostuserstore annotation to hypervisor config
095e8fd runk: Use the original Kill command instead of the customed it.
0f9e23a runk: Upgrade liboci-cli to v0.0.4
8551853 runtime: use system pagesize for hugepage test
1592a38 dependency: update cgroups-rs
76437a9 runtime: Use git rev-parse for the kata-monitor tag
923cd3f virtcontainers: split out Linux parts from mount
60ff230 virtcontainers: Split the factory package into Linux and Darwin bits
a962668 virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3 virtcontainers: Add a Network API skeleton for Darwin
73216a8 vendor: revendor netlink to get latest
6ee550e runtime: vCPUs pinning is sandbox specific, not hypervisor
e3d3b72 virtcontainers: use resource control for setting CPU affinity
f137048 resource-control: add helper function for setting CPU affinity
fc17d7c virtcontainers: Fix misspelling in error message
7eb43ce runtime: add test generated file to .gitignore
12fd6ff runtime: fix up disable_netns handling
f8a48ab docs: add hint of probing loop module
64c9114 tools: add --locked option for cargo install
464d4c9 runtime-rs: process single_container
5f9c892 kata-types: add single_container support
fafc7a8 virtcontainers: tests: Ensure Linux specific tests are just run on Linux
86a82ca runtime: change cache mode from none to never
82c59ef runtime-rs: change cache mode from none to never
7b309b5 kata-types: change cache mode from none to never
fee4e7c docs: change cache mode from none to never
f8a93a1 tools: Fix indentation for setup aks script
d48b22b virtcontainers: fs_share: add Darwin skeleton
fa9ae93 virtcontainers: Add a Virtualization.framework skeleton
03de5f4 kata-ctl: remove get_kata_version_by_url function
c21a8d5 kata-ctl: fix build error on s390x
9ec8a13 virtcontainers: introduce hypervisor_darwin
3b4420e runtime: Define Darwin handled signals list
3886aad nydus: net-ns handling needs to be only executed on Linux hosts
efa4fc0 clh: Add hotplug support for network devices
1074d2c clh: Make vmAddNetPutRequest capable of doing hotplugs
85f9094 agent: refactor guest hooks
8bb68a9 vc/network: skip existing endpoints when scanning for new ones
d085389 vc: fix up UT for CreateSandbox API change
578a9c2 vc: rescan network endpoints after running prestart hooks
cb84b0f katautils: run prestart hooks after starting VM
24b05a9 schedcore: Make buildable on !linux
31591d7 dragonball: fix unit test failure case about Kvm.
2b02e0a dragonball: add more unit test for vcpu manager
e256903 runtime-rs: cleanup the run dir of hypervisor when shut down
937a413 kata-ctl: add unit tests for volume ops
8451db7 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf runtime-rs: add POST method to shim-client
cae78a6 kata-ctl: add constants for direct-volume commands
86ee24b Runtime: Clarify mutability of global var
dae6670 kata-runtime: add rust runtime path for kata-runtime exec
652021a versions: Upgrade to Cloud Hypervisor v28.1
a2e3715 upcall: remove upcall client when stopping vm
3605062 runtime-rs: add dbs-upcall feature
56e7b5d runtime/Makefile: Get some bits happy on darwin
b4b5d81 docs: remove old and misleading instructions for minikube
0fe24e0 packaging: fix indents in build-kernel.sh
ecb28e2 kernel: adding kmod to do docker env
079462d runk: Fix needless_borrow warning
2c24fcf runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e783 runtime-rs: Fix needless_borrow warnings
4fb163d runtime-rs: Allow clippy:box_default warnings
20121fc runtime-rs: Fix unnecessary_cast warnings
b95364a dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060 dragonball: Fix unnecessary_cast warnings
a545a65 agent: Allow clippy::question_mark warning in Namespace{}
9ced34d agent: Fix explicit_auto_deref warnings
f772204 agent: Fix needless_borrow warnings
7bcdc90 rustjail: Fix unnecessary_cast warnings
41d7dba rustjail: Fix needless_borrow warnings
2a73e05 kata-types: Fix unnecessary_cast warnings
cf9ef18 kata-types: Fix needless_borrow warnings
126187e safe-path: Fix needless_borrow warnings
bb78d35 kata-sys-util: Fix "match-like-matches-macro" warning
668e652 kata-sys-util: Fix unnecessary_cast warnings
c1a8d89 kata-sys-util: Fix needless_borrow warnings
c9c38e6 logging: Allow clippy::type-complexity warning
ffd6fbb logging: Fix needless_borrow warnings
60df300 protocols: Fix unnecessary_cast warnings
0bbeb34 protocols: Fix needless_borrow warnings
dfea6c7 versions: Update the rust toolchai...
# Release 3.0.2
kata-containers Changes
Shortlog
2f638b3 release: Kata Containers 3.0.2
98bacb0 release: Adapt kata-deploy for 3.0.2
178ee3d agent: check command before do test_ip_tables
7461bcd runtime-rs: change cache mode
123c867 SEV: Update ReducedPhysBits
98f60c1 clh: Enforce API timeout only for vm.boot request
960f089 virtiofsd: fix the build on ppc64le
92f3b11 runtime:all APIs are hang in the service.mu
4a5877f docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
d3b5732 versions: Upgrade to Cloud Hypervisor v28.2
92619c8 runtime: Drop QEMU log file support
4f3db76 runtime: Collect QEMU's stderr
918c11e runtime: Start QEMU undaemonized
8c4507b runtime: Launch QEMU with cmd.Start()
a61fba6 runtime: Pre-establish the QMP connection
ad9cb0b govmm: Optionally pass QMP listener to QEMU
d6dd99e govmm: Optionally start QMP with a pre-configured connection
0623f1f virtiofsd: Not use "link-self-contained=yes" on s390x
5883dc1 CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
0d7bd06 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
ac1ce2d docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
f4d71af docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
fcc120d versions: Upgrade to Cloud Hypervisor v28.1
Compatibility with CRI-O
Kata Containers 3.0.2 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.0.2 is compatible with contaienrd v1.6.8
OCI Runtime Specification
Kata Containers 3.0.2 support the OCI Runtime Specification v1.0.0-rc5
Compatibility with Kubernetes
Kata Containers 3.0.2 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.
Kata Linux Containers image
Agent version: 3.0.2
Default Image Guest OS:
description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"
Default Initrd Guest OS:
description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
Kata Linux Containers Kernel
Kata Containers 3.0.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config
Installation
Follow the Kata installation instructions.
Issues & limitations
More information Limitations
# Release 3.1.0-rc0
kata-containers Changes
This release includes several improvements inlcuding:
- Support added for QEMU version v7.2.0
- Upgrade to Cloud Hypervisor v29.0
- Closed gaps around networking support for docker/moby.
- Several runtime-rs improvements including adding support for hugepages
- Improved qemu logging
Shortlog
5988199 release: Kata Containers 3.1.0-rc0
d144ded release: Adapt kata-deploy for 3.1.0-rc0
9304889 docs: Update how-to-use-kata-containers-with-firecracker.md
8e3863c kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c453919 runtime: tracing: Fix missing ctx return
ca02c9f runtime: add reconnect timeout for vhost user block
67b8f07 SEV: Update ReducedPhysBits
4139d68 runtime-rs: Include target install in conditional branch
c071355 runtime-rs: Improve s390x error message
4e2db96 runtime-rs: Don't try to build on Power
2f5bc0f kata-ctl: Expand unit tests for CPU check
01765e1 runtime: support cgroup v2 metrics marshal guest metrics
e071d92 Typo: change tabs in comment to spaces
bdf20b5 rootfs: support EROFS filesystem
ed02c8a docs: add guide for building rootfs with EROFS
49326fe fix(clippy): fix hypervisor clippy checks
fff0e50 versions: Update runc version
3c48f22 runtime: Improve documentation of appendFDs
94b1d98 cargo: Update Cargo.lock files
f185559 make: Get rid of verbose output while creating tar
c383601 make: clean up obsolete targets
f83115a docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
3c24e23 README: Update Readme under packaging/kernel
d73f3a8 github-action: Add step to verify kernel config version id updated
ac64b02 clh: Enforce API timeout only for vm.boot request
56071c6 virtiofsd: change cache mod to const
5d37d31 cgroups: upgrade cgroupfs to 0.3.1
ab59a65 runtime-rs: neglect a certain error when delete cgroup
56f0a27 kernel: Add console kernel config for s390
390916b runtime: remove not used shim configurations
9794c52 improvement: Fix naming conventions for span name and log subsystem
57c5e56 Dragonball: add cpu resize ability
59f104c runtime: skip unit test that fail regularly on aarch64
b7dd97c kata-ctl: fix permission deny issue in test_add_remove
f49b89b CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
856ab66 virtiofsd: fix the build on ppc64le
1e531b4 runtime:fix stat uds path
3a63e3c cni: Update cni plugins version to 1.2.0
5107981 dragonball: Improve test cases
dc90c6e dragonball: add more unit test for vm
334c4b8 runtime: Drop QEMU log file support
00dcd90 docs: Add documentation for building agent with seccomp support.
8e8c720 kata-deploy-push: Ensure we build Dragonball specific kernel
b7f4e96 kata-deploy-test: Ensure we build dragonball specific kernel
063dec3 release: Add the dragonball-experimental kernel
0b3c91d kata-deploy: Add kernel-dragonball-experimental target
6199b69 runtime-rs: change cache mode
a33a22c runtime-rs: add missing config section for share-fs
9092c23 runtime: Add hmp for qemu
9f490d1 upcall: add document for upcall
39fe4a4 runtime: Collect QEMU's stderr
a5319c6 runtime: Start QEMU undaemonized
bf4e3a6 runtime: Launch QEMU with cmd.Start()
8a1723a runtime: Pre-establish the QMP connection
8a4f08c govmm: Optionally pass QMP listener to QEMU
219bb8e govmm: Optionally start QMP with a pre-configured connection
2b779cb docs: Update url link in QAT documentation
a85d0e4 versions: update cni plugins version
861c38b versions: Upgrade to Cloud Hypervisor v29.0
ba87e0a runtime: Use consts in kata-runtime check
676d028 versions: Bump QEMU to v7.2.0
bf8848f agent: Eliminate unnecessary metrics
69fc8de runtime:all APIs are hang in the service.mu
8d4c2cf kata-ctl: Allow certain constants to go unused
64c11a6 kata-ctl: Have function to get cpu details to run on specific arch
594b57d utils: Add utility functions to get cpu and distro details.
d33e343 check: Move PROC_CPUINFO from architecture specific files
596037e versions: Update conmon version
cf1bae3 runtime: paas enablevhostuserstore annotation to hypervisor config
095e8fd runk: Use the original Kill command instead of the customed it.
0f9e23a runk: Upgrade liboci-cli to v0.0.4
8551853 runtime: use system pagesize for hugepage test
1592a38 dependency: update cgroups-rs
76437a9 runtime: Use git rev-parse for the kata-monitor tag
923cd3f virtcontainers: split out Linux parts from mount
60ff230 virtcontainers: Split the factory package into Linux and Darwin bits
a962668 virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3 virtcontainers: Add a Network API skeleton for Darwin
73216a8 vendor: revendor netlink to get latest
6ee550e runtime: vCPUs pinning is sandbox specific, not hypervisor
e3d3b72 virtcontainers: use resource control for setting CPU affinity
f137048 resource-control: add helper function for setting CPU affinity
fc17d7c virtcontainers: Fix misspelling in error message
7eb43ce runtime: add test generated file to .gitignore
12fd6ff runtime: fix up disable_netns handling
f8a48ab docs: add hint of probing loop module
64c9114 tools: add --locked option for cargo install
464d4c9 runtime-rs: process single_container
5f9c892 kata-types: add single_container support
fafc7a8 virtcontainers: tests: Ensure Linux specific tests are just run on Linux
86a82ca runtime: change cache mode from none to never
82c59ef runtime-rs: change cache mode from none to never
7b309b5 kata-types: change cache mode from none to never
fee4e7c docs: change cache mode from none to never
f8a93a1 tools: Fix indentation for setup aks script
d48b22b virtcontainers: fs_share: add Darwin skeleton
fa9ae93 virtcontainers: Add a Virtualization.framework skeleton
03de5f4 kata-ctl: remove get_kata_version_by_url function
c21a8d5 kata-ctl: fix build error on s390x
9ec8a13 virtcontainers: introduce hypervisor_darwin
3b4420e runtime: Define Darwin handled signals list
3886aad nydus: net-ns handling needs to be only executed on Linux hosts
efa4fc0 clh: Add hotplug support for network devices
1074d2c clh: Make vmAddNetPutRequest capable of doing hotplugs
85f9094 agent: refactor guest hooks
8bb68a9 vc/network: skip existing endpoints when scanning for new ones
d085389 vc: fix up UT for CreateSandbox API change
578a9c2 vc: rescan network endpoints after running prestart hooks
cb84b0f katautils: run prestart hooks after starting VM
24b05a9 schedcore: Make buildable on !linux
31591d7 dragonball: fix unit test failure case about Kvm.
2b02e0a dragonball: add more unit test for vcpu manager
e256903 runtime-rs: cleanup the run dir of hypervisor when shut down
937a413 kata-ctl: add unit tests for volume ops
8451db7 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf runtime-rs: add POST method to shim-client
cae78a6 kata-ctl: add constants for direct-volume commands
86ee24b Runtime: Clarify mutability of global var
dae6670 kata-runtime: add rust runtime path for kata-runtime exec
652021a versions: Upgrade to Cloud Hypervisor v28.1
a2e3715 upcall: remove upcall client when stopping vm
3605062 runtime-rs: add dbs-upcall feature
56e7b5d runtime/Makefile: Get some bits happy on darwin
b4b5d81 docs: remove old and misleading instructions for minikube
0fe24e0 packaging: fix indents in build-kernel.sh
ecb28e2 kernel: adding kmod to do docker env
079462d runk: Fix needless_borrow warning
2c24fcf runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e783 runtime-rs: Fix needless_borrow warnings
4fb163d runtime-rs: Allow clippy:box_default warnings
20121fc runtime-rs: Fix unnecessary_cast warnings
b95364a dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060 dragonball: Fix unnecessary_cast warnings
a545a65 agent: Allow clippy::question_mark warning in Namespace{}
9ced34d agent: Fix explicit_auto_deref warnings
f772204 agent: Fix needless_borrow warnings
7bcdc90 rustjail: Fix unnecessary_cast warnings
41d7dba rustjail: Fix needless_borrow warnings
2a73e05 kata-types: Fix unnecessary_cast warnings
cf9ef18 kata-types: Fix needless_borrow warnings
126187e safe-path: Fix needless_borrow warnings
bb78d35 kata-sys-util: Fix "match-like-matches-macro" warning
668e652 kata-sys-util: Fix unnecessary_cast warnings
c1a8d89 kata-sys-util: Fix needless_borrow warnings
c9c38e6 logging: Allow clippy::type-complexity warning
ffd6fbb logging: Fix needless_borrow warnings
60df300 protocols: Fix unnecessary_cast warnings
0bbeb34 protocols: Fix needless_borrow warnings
dfea6c7 versions: Update the rust toolchain to 1.66.0
03a0c9d kata-ctl: skip test if access GitHub.com fail
1dcbda3 kata-ctl: update Cargo.lock
087515a agent: unset CC for cross-build
afaf17f runtime-rs: enable container hugepage
fc4a67e runtime-rs: enable vm hugepage
fd77eeb runtime-rs: fix the issues mentioned in the code review
0e69207 runtime-rs: Clean up mount points shared to guest
3480780 kata-ctl: add check framework support for non-x86
1bd533f kata-ctl: let check framework arch-agnostic
Compatibility with CRI-O
Kata Containers 3.1.0-rc0 is compatible with CRI-O
Compatibility with containerd
Kata Containers 3.1.0-rc0 is compatible with contaienrd v1.6.8
OCI Runtime Specification
Kata Containers 3.1.0-rc0 support the OCI Runtime Specification [v1.0.2][ocispec]
Compatibility with Kubernetes
Kata Containers 3.1.0-rc0 is compatible with Kubernetes 1.23.1-00
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following [GNU LGPL-2.1][lgpl-2.1] licensed libseccomp library.
- [
libseccomp][libseccomp]
The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code...
# Release 3.1.0-alpha1
fidencio
Fabiano Fidêncio
kata-containers Changes
Shortlog
b089612 release: Kata Containers 3.1.0-alpha1
74fa10a docs: remove duplicate sentences
ebe5c5a docs: Update virtiofsd build script in the developer guide Script to execute to build virtiofsd has been changed in #5426 but not in the doc. This commit update the developer guide.
d14c3af dragonball: refactor legacy device initialization
21ec766 docs: add documents for using bundle to start container
ca39a07 runtime-rs: enable start container from bundle
9f465a5 kernel: Add "unload" module to SEV config
ae0dcac tools: Add some new gitignore items
99485d8 shim: return hypervisor's pid not shim's pid
a81ced0 upcall: add upcall into kernel build script
f5c34ed Dragonball: introduce upcall
fbf294d refactor(shim-mgmt): move client side to libs
b5cfd09 kata-ctl: Fixed format for check release options
8dbfc3d kata-ctl: Fixed format for check release options
f3091a9 kata-ctl: Add kata-ctl check release options
1f28ff6 runtime-rs: add binary to exercise shim proper w/o containerd dependencies
eb8c9d3 runtime-rs: add launch of a simple qemu process to start_vm()
2f6d0d4 runtime-rs: support qemu in VirtContainer
1413dfe runtime-rs: add basic empty boilerplate for qemu driver
a577df8 tools: Fix indentation on build kernel script
4661ea8 runtime-rs: fix standalone share fs
79cf38e runtime-rs: clear OCI spec namespace path
62f4603 runtime-rs: reset rdma cgroup
5b6596f runtime-rs: CreateContainerRequest has Default
e9e82ce runtime-rs: fix is_pid_namespace_enabled check
7853215 docs: Add description for guest SELinux support
c617bbe runtime: Pass SELinux policy for containers to the agent
9354769 agent: Add SELinux support for containers
a75f99d osbuilder: Create guest image for SELinux
a9c746f kernel: Add kernel configs for SELinux
8079a97 kata-sys-util: fix issues where umount2 couldn't get the correct path
7fdbbcd agent: Drop the Option for LinuxContainer.cgroup_manager
c5abc5e config: speed up rng init when kernel boot for arm64
b087667 kata-deploy: Fix the pod of kata deploy starts to occur an error
3e6114b tools: Fix indentation for ovmf script
d04d45e runtime: use pidfd to wait for processes on Linux
e9ba0c1 runtime: use exponential backoff for process wait
71491a6 runtime: move process wait logic to another function
92ebe61 runtime: reap force killed processes
0019d65 runtime-rs: fix high cpu
748f22e agent: remove sysinfo dependency
fdf0a7b runtime-rs: fix the issues mentioned in the code review
1d823c4 runtime-rs: umount and permission controls in sandbox level
527b871 runtime-rs: bind mount volumes in sandbox level
46b3845 docs: Update the rust version in the installation documentation
9ccf2eb agent: add signal value to log
fb2c142 runtime-rs: fix some variable names and typos
a5e4cad kata-ctl: add host check for aarch64
7374204 kata-ctl: fix dependency version conflict
f7fc436 workflow: fix cargo-deny-runner.yaml syntax error
d4321ab runtime: Add identification in version for runtime-rs
89574f0 workflow: call cargo in user's $PATH
67fe703 runtime-rs: remove the version number from the commit display message
e12db92 runk: Re-implement start operation using the agent codes
f443b78 build: update golang version to 1.19.3
86cb058 snap: Fix snapcraft setup (unbreak snap releases)
1d93a93 fix(agent): fix iptables binary path in guest
2edbe38 runtime-rs: moving only vCPU threads into sandbox controller
cd85a44 tools: Remove extra tab spaces from kata deploy binaries script
e723bad ci: let static checks don't depend on build
69aae02 actions: use matrix to refactor static checks
d7bb4b5 agent: support systemd cgroup for kata agent
340e24f actions: skip some job using "paths-ignore" filter
1dfd845 runtime: go fix code for 1.19
2426ea9 doc: update runtime-rs "Build and Install"
4b45e13 runtime: don't fail mkdir if the folder is already created
cb199e0 kernel: add CONFIG_X86_SGX into whitelist
b987bbc runtime-rs: block on the current thread when setup the network
6b2ef66 runtime-rs: add conditional compile for virt-sandbox persist
30a7ebf runtime: Log invalid devices in QEMU config
2539f31 runtime: Use containerd v1.6.8
a4099da tools: Fix indentation of build static firecracker script
abb9ebe package: add nydus to release artifacts
b53171b agent: check command before do test_ip_tables
3bb145c runtime: Support virtiofs queue size for qemu and make it configurable
993d05a docs: change mount-info.json to mountInfo.json
6c1e153 docs: update doc "NVIDIA GPU passthrough"
d808ade runtime-rs: support vhost-vsock
e80a9f0 utils: Add utility function to fetch the kernel version.
a636d42 versions: update nydusd version
c46814b runtime-rs:support nydus v5 and v6
36545aa runtime: clh: Re-generate the client code
f4b02c2 versions: Upgrade to Cloud Hypervisor v28.0
e4a6fba docs: update doc "Setup swap device in guest kernel"
2f5f575 log-parser: Simplify check
d94718f runtime: Fix gofmt issues
16b8375 golang: Stop using io/ioutils
66aa330 versions: Update golangci-lint
b3a4a16 versions: bump containerd version
eab8d6b build: update golang version to 1.19.2
e80dbc1 runtime-rs: workaround Dragonball compilation problem
c3f1922 fix(fmt): fix cargo fmt to pass static check
a04afab qemu: early exit from Check if the process was stopped
7e481f2 qemu: set stopped only if StopVM is successful
0e3ac66 clh: return faster with dead clh process from isClhRunning
9ef68e0 clh: fast exit from isClhRunning if the process was stopped
2631b08 clh: don't try to stop clh multiple times
8be0817 tools: Fix indentation of build static virtiofsd script
3e9c3f1 docs: Fix configuration path
936fe35 runtime-rs : fix shim source is ambiguous
f45fe4f versions: update vmm-sys-util and related crates to v0.11.0
29c75cf runtime-rs: delete all cargo patches
f8f97c1 feat(shim-mgmt): iptables handler
9f70a69 tools: Remove empty spaces from build kernel script
5733683 dragonball: add more unit test for device manager
2333700 dragonball: add test utils.
2adb1c1 Dragonball: enable mem_file_path config into hugetlbfs process
fef8e92 runtime-rs:add hypervisor interface capabilities
daeee26 cloud-hypervisor: Fix GetThreadIDs function
40d514a github: Parallelise static checks
27b1913 runtime-rs: blanks filled & fixes made to virtiofsd launch
2508d39 runtime: added vcpus pinning logics Core VCPU threads pinning logics for issue 4476. Also provided docs.
b74c180 runtime-rs: fix shared volume permission issue
16dca4e runk: Ignore an error when calling kill cmd with --all option
df09218 runk: Upgrade libseccomp crate to v0.3.0 in Cargo.lock
990e635 snap: Unbreak docker install
ca69a9a snap: Use metadata for dependencies
39363ff runtime: remove same function
0ed7da3 tools: Fix indentation of build static clh script
43fcb8f virtiofsd: Not use "link-self-contained=yes" on s390x The compile option link-self-contained=yes asks rustc to use C library startup object files that come with the compiler, which are not available on the target s390x-unknown-linux-gnu. A build does not contain any startup files leading to a broken executable entry point (causing segmentation fault).
c0f5bc8 cargo: Add Cargo.lock to version control
474927e gitignore: Add gitignore file
699f821 utils: Add function to drop priveleges
a6fb4e2 versions: bump golangci-lint version
b015f34 runtime-rs: generate config files with the default target
219919e docs: Fix volumeMounts in SGX usage example
9d286af versions: Update Cloud Hypervisor to b4e39427080
144efd1 docs: update rust runtime installation guide
cbd84c3 rustjail: Upgrade libseccomp crate to v0.3.0
748be0f makefile: remove sudo when create symbolic link
44d8de8 agent: remove redundant checks
89e62d4 shim: Ensure pagesize is set when reporting hugetbl stats
e95089b kata-ctl: add basic cpu check for s390x
871d2cf kata-ctl: Limit running tests to x86 and use native-tls on s390x
9f2c7e4 Revert "kata-ctl: Disable network check on s390x"
081ee48 agent: use NLM_F_REPLACE replace NLM_F_EXCL in rtnetlink
abf4f9b docs: kata 3.0 Architecture fix readme content error
72738dc agent: validate hugepage size is supported
f74e328 Makefile: fix an typo in runtime-rs makefile
227e717 qemu: Re-work static-build Dockerfile
9c1ac3d runtime-rs: return port on agent-url req
f205472 Makefile: regulate the comment style for the runtime-rs comments
ac403cf doc: Update how-to-run-kata-containers-with-SNP-VMs.md
00981b3 kata-ctl: Disable network check on s390x
c322d1d kata-ctl: arch: Improve check call
0bc5baa snap: Build virtiofsd using the kata-deploy scripts
cb4ef47 snap: Create a task for installing docker
7e5941c virtiofsd: Build inside a container
9717dc3 Dragonball: remove redundant comments in event manager
35d52d3 versions: Update TDX QEMU
4d9dd87 runtime-rs: fix typo get_contaier_type to get_container_type
70676d4 kata-ctl: improve command descriptions for consistency
86ad832 runtime-rs: force shutdown shim process in it can't exit
9eb73d5 versions: Update TDX kernel
1f1901e dragonball: fix clippy warning for aarch64
a343c57 dragonball: enhance dragonball ci
6a64fb0 ci: skip s390x for dragonball.
a743e37 Dragonball: delete redundant comments in blk_dev_mgr
00a42f6 kata-ctl: cargo: 2021 -> 2018
fb63274 kata-ctl: rustfmt + clippy fixes
2b345ba build: Add kata-ctl to tools list
f7010b8 kata-ctl: docs: Write basic documentation
781e604 docs: Reference kata-ctl README
15c343c kata-ctl: Don't rely on system ssl libs
c235849 kata-ctl: clippy: Resolve warnings and reformat
1336904 kata-ctl: implement CLI argument --check-version-only
eb5423c kata-ctl: switch to use clap derive for CLI handling
018aa89 kata-ctl: Add cpu check
7c9f9a5 kata-ctl: Make arch test run at compile time
b63ba66 kata-ctl: Formatting tweaks
cca7e32...