smolvm v1.3.9
What's Changed
- fix(fork): regenerate per-machine on-disk secrets and fail closed on clone rejuvenation by @BinSquare in #531
- Run streamed exec inside the persistent container overlay on image machines so SDK streamed changes survive by @BinSquare in #534
- Bump libkrun to the virtio-fs/gpu mapping-bounds-hardened build and refresh the bundled linux library by @BinSquare in #526
- Mark the aarch64 seccomp allowlist validated for enforce by @BinSquare in #535
- Fail closed to a strict egress floor on serve nodes by @BinSquare in #536
- Validate content digests before they become filesystem paths by @BinSquare in #537
- Add /dev/kmsg to the container device set so nested Kubernetes works out of the box by @BinSquare in #538
- Bump the engine to 1.3.9 by @BinSquare in #539
Full Changelog: v1.3.8...v1.3.9