-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a release 3.5.0 overview blog post #248
Conversation
This patch adds a new blog post to provide highlights of the latest, 3.5.0 release of Kata Containers. Signed-off-by: Ildiko Vancsa <ildiko.vancsa@gmail.com>
✅ Deploy Preview for katacontainers ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
||
2. Security Enhancements | ||
|
||
The kata-agent now includes the latest ‘libseccomp’ v2.5.5 to improve security. Please note that this library is licensed under [GNU LGPL-2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html). The version used by Kata Containers is not modified from the upstream version, and you can find the complete source code for the library attached for full compliance. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The libseccomp bump went into 3.4.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good clarification. I saw the notice in the release notes and I thought that meant it was bumped in this release. I will update the blog post title to allow for more updates than just 3.5.0, and leave this here as a note.
|
||
The kata-agent now includes the latest ‘libseccomp’ v2.5.5 to improve security. Please note that this library is licensed under [GNU LGPL-2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html). The version used by Kata Containers is not modified from the upstream version, and you can find the complete source code for the library attached for full compliance. | ||
|
||
In addition, ‘rootfs’ is now built with≈ with ‘AGENT_POLICY=yes’ by default for increased security and stability. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's worth mentioning related to this that in 3.5.0 we changed the policy implementation from the golang based OPA binary to the regorus crate, which should give improved performances and a smaller rootfs and memory performance of the guest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be in new features section though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added it under the new features section.
Signed-off-by: Ildiko Vancsa <ildiko.vancsa@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stevenhorsman Thank you for the speedy review, I updated the article to address your comments. Please let me know if the content looks good to go.
|
||
2. Security Enhancements | ||
|
||
The kata-agent now includes the latest ‘libseccomp’ v2.5.5 to improve security. Please note that this library is licensed under [GNU LGPL-2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html). The version used by Kata Containers is not modified from the upstream version, and you can find the complete source code for the library attached for full compliance. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good clarification. I saw the notice in the release notes and I thought that meant it was bumped in this release. I will update the blog post title to allow for more updates than just 3.5.0, and leave this here as a note.
|
||
The kata-agent now includes the latest ‘libseccomp’ v2.5.5 to improve security. Please note that this library is licensed under [GNU LGPL-2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html). The version used by Kata Containers is not modified from the upstream version, and you can find the complete source code for the library attached for full compliance. | ||
|
||
In addition, ‘rootfs’ is now built with≈ with ‘AGENT_POLICY=yes’ by default for increased security and stability. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added it under the new features section.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for the updates
Awesome, thank you for the quick review! I'll publish this since 3.6.0 is knocking on the door now. :) |
Fix publish date
This patch adds a new blog post to provide highlights of the latest, 3.5.0 release of Kata Containers.