Skip to content

Kata Containers 3.0.0
Compare
Choose a tag to compare
@bergwolf bergwolf released this 09 Oct 08:59
· 4084 commits to main since this release
3.0.0
e2a8815
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release 3.0.0

kata-containers Changes

  • A new runtime implementation based on Rust
  • An optional builtin sandboxing functionality with rust-vmm based hypervisor dragonball
  • GPU VFIO passthrough support
  • Support host cgroup v2
  • Support drop-in config files
  • Support shimv2 logging plugin
  • Agent support FSGroup
  • A new safe-path library to handle path calculation safely for rust components
  • A few new subcommands of runk
  • Switch from C version virtiofsd to virtiofsd-rs
  • Support enabling QEMU sandbox feature
  • io_uring as IO mechanism for QEMU
  • Support for virtio-blk device multiqueue simulation for QEMU and Cloud-hypervisor
  • intel TDX support for QEMU and Cloud-hypervisor
  • QEMU updated to v6.2.0
  • Cloud-hypervisor upgraded to v26.0
  • Firecracker updated to v1.1.0
  • Guest kernel upgraded to v5.19.2

Shortlog

63495cf release: Kata Containers 3.0.0
fb44305 release: Adapt kata-deploy for 3.0.0
20c0252 agent: reduce reference count for failed mount
3eb6f58 agent: don't exit early if signal fails due to ESRCH
8dc8565 versions: Update gperf url to avoid libseccomp random failures
740e7e2 kata-sys-util: fix typo unknow
727f233 release: Kata Containers 3.0.0-rc1
babab16 tools: release: fix bogus version check
af22e71 osbuilder: Export directory variables for libseccomp
d663f11 kata-deploy: get the config path from cri options
c6b3dcb kata-deploy: support kata-deploy for runtime-rs
a394761 kata-deploy: add installation for runtime-rs
b0c5f04 runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e runtime-rs: fix incorrect comments
43b0e95 runtime: store the user name in hypervisor config
8180188 runtime: make StopVM thread-safe
fba39ef runtime: add more debug logs for non-root user operation
6330951 runtime-rs: drop dependency on rustc-serialize
e229a03 runtime: update runc dependency
5835910 release: Kata Containers 3.0.0-rc0
be242a3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c3 runtime-rs: delete some allow(dead_code) attributes
fc9c6f8 kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be7 libs/kata-types: change return type of getting CPU period/quota
2b1d058 runtime-rs: fix host device check pattern
62cf6e6 runtime-rs: remove meaningless comment
84268f8 runtime-rs: update rust runtime roadmap
bcf6bf8 runk: Enable seccomp support by default
36d805f config: add "inline-virtio-fs" as a "shared_fs" type
85b49ce runtime-rs: add README.md
968c2f6 runk: Refactor container builder
b948a8f kernel: fix kernel tarball name for SEV
50f9126 libs/kata-types: replace tabs by spaces in comments
566656b gperf: point URL to mirror site
d23779e Revert "agent: fix unittests for arp neighbors"
d340564 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37b kata-deploy: Add debug statement
e879270 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f2 docs: fix unix socket address in agent-ctl doc
41ec711 runtime-rs: split amend_spec function
ff7c78e runtime-rs: static resource mgmt default to false
00f3a6d runtime-rs: make static resource mgmt idiomatic
4a54876 runtime-rs: support static resource management functionality
52bbc3a cargo.lock: update crates to comply with checks
aa581f4 cargo.toml: Add oci to src/libs workplace
7914da7 cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab github-actions: Add cargo-deny
373dac2 qemu: Keep passing BUILD_SUFFIX
59e3850 qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d01 qemu: fix tdx qemu tarball directories
9997ab0 sandbox_test: Add test to verify memory hotplug behavior
f390c12 sandbox: don't hotplug too much memory at once
e0142db hypervisor: Add GetTotalMemoryMB to interface
e83b821 docs: Update url in the Developer Guide
0ab49b2 release: Kata Containers 3.0.0-alpha1
b1a8aca versions: Update cni plugins version
749a6a2 docs: Specify language in markdown for syntax highlight
a1fdc08 kernel: Re-work get_tee_kernel()
a658173 kernel: Whitelist cleanup
cce99c5 runtime-rs: delete socket from shim command-line options
c75970b dragonball: add more unit test for config manager
dc32c46 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91d osbuilder: add systemd symlinks for kata-agent
731d39d kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e9 kata-deploy: export CI in the build container
4f90e3c kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d9037 github-actions: Auto-backporting
a355812 runtime-rs: fixed bug on core-sched error handling
591dfa4 runtime-rs: add support for core scheduling
92f7d6b ci: Use versions.yaml for the libseccomp
b535bac runk: Add cli message for init command
c08a863 agent: add some logs for mount operation
c1e3b8f govmm: Refactor qmp functions for adding block device
598884f govmm: Refactor code to get rid of redundant code
00860a7 qmp: Pass aio backend while adding block device
e1b49d7 config: Add block aio as a supported annotation
ed0f1d0 config: Add "block_device_aio" as a config option for qemu
b6cd234 govmm: Add io_uring as AIO type
81cdaf0 govmm: Correct documentation for Linux aio.
763ceeb logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99 kata-deploy: fix threading conflicts
0a6f017 kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4 agent-ctl: fix clippy error
4b57c04 runtime-rs: support loading kernel modules in guest vm
dc90eae qemu: Drop unnecessary tdx_guest kernel parameter
d4b6761 clh: Use HVC console with TDX
c0cb3cd clh: Avoid crashing when memory hotplug is not allowed
9f0a57c clh: Increase API and SandboxStop timeouts for TDX
c142fa2 clh: Lift the sharedFS restriction used with TDX
bdf8a57 runk: Move delete logic to libcontainer
a06d819 runtime: cri-o annotations have been moved to podman
ffd1c1f agent-ctl/trace-forwarder: udpate thread_local dependency
69080d7 agent/runk: update regex dependency
e0ec090 runtime-rs: update async-std dependency
326f1cc agent: enrich some error code path
4f53e01 agent: skip test_load_kernel_module if non-root
f508c29 runtime: constify splitIrqChipMachineOptions
2b0587d runtime: VMX is migratible in vm factory case
fa09f0e runtime: remove qemuPaths
a6fbaac runk: add pause/resume commands
8e20150 kernel: fix for set_kmem_limit error
00aadfe kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d6 kernel: upgrade guest kernel support to 5.19.2
57bd3f4 runtime-rs: plug drop-in decoding into config-loading code
87b97b6 runtime-rs: add filesystem-related part of drop-in handling
cf785a1 runtime-rs: add core toml::Value tree merging
09672eb agent: do some rollback works if case of do_create_container failed
8ff5c10 network: Fix error message for setting hardware address on TAP interface
3a597c2 runtime: clh: Use the new 'payload' interface
16baecc runtime: clh: Re-generate the client code
50ea071 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c runtime: tracing: End root span at end of trace
78231a3 ci: Update libseccomp version
338c282 dep: update nix dependency
3829ab8 docs: Update CRI-O target link
3474649 libs/test-utils: share test code by create a new crate
eab7c8f runtime-rs: delete vergen dependency
6d6c068 workflow: trigger release for 3.x releases
4d7f3ed runtime-rs: support the functionality of cleanup
5aa8375 runtime-rs: support save to persist file and restore
3e9077f docs: Update url in containerd documentation
52133ef release: Kata Containers 3.0.0-alpha0
c280d69 runtime-rs: delete route model
caada34 runtime-rs: fix design doc's typo
b61dda4 docs: use curl as default downloader for runtime-rs
ca9d16e runtime-rs: update Cargo.lock
99a7b4f workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e6 versions: Update libseccomp version
b828190 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169 Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc4 runtime-rs:update rtnetlink version
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
9312511 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
8b0e185 Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653 libs: fix CI error for protocols
993ae24 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11f runtime-rs: fix stdin hang in azure
50b0b7c Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
1293357 Merge pull request #4727 from openanolis/anolis-fix-network
71384b6 Merge pull request #4713 from openanolis/adjust_default_vcpu
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
57c556a runtime-rs: fix stop failed in azure
3f4dd92 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a0 Merge pull request #4721 from openanolis/install-guide-2
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
534a492 Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd5 docs: add rust environment setup for kata 3.0
896478c runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d5 runtime-rs: support disable_guest_seccomp
5403038 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a6581 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef8 Runtime-rs: add installation guide for rust-runtime
4c3bd6b Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebb runtime-rs: fix ctr exit failed
758cc47 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d0 Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db runtime-rs: add unit test for ipvlan endpoint
99654ce runtime-rs: update dbs-xxx dependencies
f4c3adf runtime-rs: Add compile option file
545ae3f runtime-rs: fix warning
19eca71 runtime-rs: remove the value of hypervisor path in DB config
d8920b0 runtime-rs: support functionalities of ipvlan endpoint
2b01e9b dragonball: fix warning
996a6b8 kata-sys-util: upgrade nix version
9f49f7a Merge pull request #4493 from openanolis/runtime-rs-dev
3c98952 dragonball: update for review
274598a kata-runtime: add dragonball config check support.
1befbe6 runtime-rs: Cargo lock for fix version problem
3d6156f runtime-rs: support dragonball and runtime-binary
3f6123b libs: update configuration and annotations
f3335c9 Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d258499 dragonball: fix dependency unused warning
458f6f4 dragonball: use const string for legacy device type
58b0fc4 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a21 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e docs: add Dragonball to hypervisors
f6f96b8 dragonball: add legacy device support for aarch64
7a41839 dragonball: add device info support for aarch64
30da3fb Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee521 fmt: do cargo fmt and add a dependency for blk_dev
47a4142 fs: change vhostuser and virtio into const
e14e98b cpu_topo: add handle_cpu_topology function
5d3b53e downtime: add downtime support
6a1fe85 vfio: add vfio as TODO
5ea35dd refractor: remove redundant by_id
b646d7c config: remove ht_enabled
cb54ac6 memory: remove reserve_memory_bytes
bde6609 hotplug: add room for other hotplug solution
d88b1bf dragonball: update vsock dependency
dd003eb Dragonball: change error name and fix compile error
38957fe UT: fix compile error in unit tests
11b3f95 dragonball: add virtio-fs device support
948381b dragonball: add virtio-net device support
3d20387 dragonball: add virtio-blk device support
87d38ae Doc: add document for Dragonball API
2bb1eea docs: further questions related to upcall
026aaee docs: add FAQ to the report
fffcb81 docs: update the content of the report
42ea854 docs: kata 3.0 Architecture
090de2d dragonball: fix the clippy errors.
a159332 dragonball: add vsock api to api server
89b9ba8 dragonball: add set_vm_configuration api
95fa0c7 dragonball: add start microvm support
5c1ccc3 dragonball: add Vmm struct
4d234f5 dragonball: refactor code layout
cfd5dae dragonball: add vm struct
527b73a dragonball: remove unused feature in AddressSpaceMgr
514b4e7 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe dragonball: add vcpu test function for aarch64
648d285 dragonball: add vcpu support for aarch64
7dad7c8 dragonball: update dbs-xxx dependency
59cab9e Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
1809325 Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2 runtime-rs:refactor network model with netlink
c8a9052 build: format files
242992e build: put install methods in utils.mk
8a69726 build: makefile for dragonball config
9c52629 runtime-rs:refactor network model with netlink
12c1b9e Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd hotplug: add room for future acpi hotplug mechanism
8bb00a3 dragonball: fix a bug when generating kernel boot args
2aedd4d doc: add document for vCPU, api and device
bec22ad dragonball: add api module
07f44c3 dragonball: add vcpu manager
78c9718 dragonball: add upcall support
7d1953b dragonball: add vcpu
468c73b dragonball: add kvm context
98f041e Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f4 Merge branch 'main' into runtime-rs
e89e650 dragonball: add signal handler
b6cb2c4 dragonball: add metrics system
e80e0c4 dragonball: add io manager wrapper
f23d709 Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc safe-path: fix clippy warning
93c10df runtime-rs: add crosvm license in Dragonball
dfe6de7 dragonball: add dragonball into kata README
39ff85d dragonball: green ci
71f24d8 dragonball: add Makefile.
a1df6d0 Doc: Update Dragonball Readme and add document for device
8619f2b dragonball: add virtio vsock device manager.
52d42af dragonball: add device manager.
c1c1e51 dragonball: add kernel config.
6850ef9 dragonball: add configuration manager.
0bcb422 dragonball: add legacy devices manager
3c45c07 dragonball: add console manager.
3d38bb3 dragonball: add address space manager.
aff6040 dragonball: add resource manager support.
8835db6 dragonball: initial commit
9cb15ab agent: add the FSGroup support
ff7874b protobuf: upgrade the protobuf version to 2.27.0
06f398a runtime-rs: use withContext to evaluate lazily
fd4c26f runtime-rs: support network resource
4be7185 runtime-rs: runtime part implement
10343b1 runtime-rs: enhance runtimes
9887272 libs: enhance kata-sys-util and kata-types
3ff0db0 runtime-rs: support rootfs volume for resource
234d7bc runtime-rs: support cgroup resource
75e282b runtime-rs: hypervisor base define
bdfee00 runtime-rs: service and runtime framework
4296e30 runtime-rs: agent implements
d3da156 runtime-rs: uint FsType for s390x
e705ee0 runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e runtime-rs: modify the review suggestion
278f843 runtime-rs: shim implements for runtime-rs
641b736 libs: enhance kata-sys-util
69ba1ae trans: fix the issue of wrong swapness type
d2a9bc6 agent: agent-protocol support async
aee9633 libs/sys-util: provide functions to execute hooks
8509de0 libs/sys-util: add function to detect and update K8s emptyDir volume
6d59e8e libs/sys-util: introduce function to get device id
5300ea2 libs/sys-util: implement reflink_copy()
1d5c898 libs/sys-util: add utilities to parse NUMA information
8788702 libs/sys-util: add utilities to manipulate cgroup
ccd03e2 libs/sys-util: add wrappers for mount and fs
45a00b4 libs/sys-util: add kata-sys-util crate under src/libs
48c201a libs/types: make the variable name easier to understand
b9b6d70 libs/types: modify implementation details
05ad026 libs/types: fix implementation details
d96716b libs/types:fix styles and implementation details
6cffd94 libs/types:return Result to handle parse error
6ae87d9 libs/types: use contains to make code more readable
45e5780 libs/types: fixed spelling and grammer error
2599a06 libs/types:use include_str! in test file
8ffff40 libs/types:Option type to handle empty tomlconfig
6268286 libs/types: add license for test-config.rs
97d8c6c docs: modify move-issues-to-in-progress.yaml
8cdd70f libs/types: change method to update config by annotation
e19d047 libs/types: implement KataConfig to wrap TomlConfig
387ffa9 libs/types: support load Kata agent configuration from file
69f10af libs/types: support load Kata hypervisor configuration from file
21cc02d libs/types: support load Kata runtime configuration from file
5b89c1d libs/types: add kata-types crate under src/libs
4f62a76 libs/logging: fix clippy warnings
6f8acb9 libs: refine Makefile rules
7cdee49 libs/logging: introduce a wrapper writer for logging
426f38d libs/logging: implement rotator for log files
392f1ec libs: convert to a cargo workspace
575df4d static-checks: Allow Merge commit to be >75 chars
2ae807f nydus: wait nydusd API server ready before mounting share fs
8a4e690 versions: Update TD-shim due to build breakage
065305f agent-ctl: Add an empty [workspace]
1444d7c packaging: Create no_patches.txt for the SPR-BKC-PC-v9.6.x
c8d4ea8 docs: Improve SGX documentation
85f4e7c runtime: explicitly mark the source of the log is from qemu.log
d8ad16a runtime: add unlock before return in sendReq
889557e docs: add back host network limitation
230a229 runk: add ps sub-command
e403838 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
587c0c5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452fa docs: Improve SGX documentation
2764bd7 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
5781211 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e408 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
873e75b Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
8bbffc4 runtime-rs:update rtnetlink version
587c0c5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452fa docs: Improve SGX documentation
2764bd7 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
5781211 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e408 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
873e75b Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
389ae97 runtime-rs:skip the test when the arch is s390x
945e022 runtime-rs:skip the build process when the arch is s390x
c5452fa docs: Improve SGX documentation
81fe51a agent: fix unittests for arp neighbors
845c1c0 agent: use rtnetlink's neighbours API to add neighbors
9972487 versions: Bump Kernel TDX version
c935815 kernel: Sort the TDX configs alphabetically
dd397ff versions: Bump QEMU TDX version
8d1cb1d td-shim: Adjust final tarball location
62f05d4 ovmf: Adjust final tarball location
86ac653 libs: fix CI error for protocols
7247575 runtime-rs:fix cargo clippy
9803393 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
7503bda Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc82 versions: Track and add support for building TD-shim
8d9135a Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e versions: update rust version
c9b5bde versions: Track and build TDVF
e6a5a51 packaging: Generate a tarball as OVMF build result
42eaf19 packaging: Simplify OVMF repo clone
4d33b05 packaging: Don't hardcode "edk2" as the cloned repo's dir.
7503bda Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc82 versions: Track and add support for building TD-shim
8d9135a Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e versions: update rust version
b06bc82 versions: Track and add support for building TD-shim
9b1940e versions: update rust version
adfad44 Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
0aefab4 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
a67402c Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
9dfd949 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f versions: Update runc version
557229c Merge pull request #4724 from yahaa/fix-docs
1b01ea5 Merge pull request #4735 from nubificus/feature-fc-v1.1
27c8201 Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf03 Merge pull request #4664 from lifupan/main
f5aa6ae agent: Fix stream fd's double close problem
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
0e24f47 agent: log RPC calls for debugging
e764a72 Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b294 Merge pull request #4709 from liubin/fix/4708-unwrap-error
0337377 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91e Merge pull request #4644 from bookinabox/optimize-get-paths
68c2655 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8f versions: Update firecracker version
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
6d56cdb Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
f690b0a qemu: Add liburing to qemu build
d93e4b9 container: kill all of the processes in this container
575b5eb Merge pull request #4506 from cyyzero/runk-exec
9ae2a45 cgroups: remove unnecessary get_paths()
0cc20f0 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207 clh: Don't crash if no network device is set by the upper layer
39974fb Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afc kernel: Allow passing the URL to download the tarball
0024b8d Merge pull request #4617 from Yuan-Zhuo/main
80c68b8 kernel: Deduplicate code used for building TEE kernels
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
f59939a runk: Support exec sub-command
0aefab4 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
a67402c Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
9dfd949 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f versions: Update runc version
557229c Merge pull request #4724 from yahaa/fix-docs
1b01ea5 Merge pull request #4735 from nubificus/feature-fc-v1.1
27c8201 Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf03 Merge pull request #4664 from lifupan/main
f5aa6ae agent: Fix stream fd's double close problem
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
0e24f47 agent: log RPC calls for debugging
e764a72 Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b294 Merge pull request #4709 from liubin/fix/4708-unwrap-error
0337377 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91e Merge pull request #4644 from bookinabox/optimize-get-paths
68c2655 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8f versions: Update firecracker version
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
6d56cdb Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
f690b0a qemu: Add liburing to qemu build
d93e4b9 container: kill all of the processes in this container
575b5eb Merge pull request #4506 from cyyzero/runk-exec
9ae2a45 cgroups: remove unnecessary get_paths()
0cc20f0 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207 clh: Don't crash if no network device is set by the upper layer
39974fb Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afc kernel: Allow passing the URL to download the tarball
0024b8d Merge pull request #4617 from Yuan-Zhuo/main
80c68b8 kernel: Deduplicate code used for building TEE kernels
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
f59939a runk: Support exec sub-command
0e24f47 agent: log RPC calls for debugging
fa0b11f runtime-rs: fix stdin hang in azure
57c556a runtime-rs: fix stop failed in azure
638c2c4 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e3 static-build: Add build script for OVMF
5c3155f runtime: Support for host cgroup v2
4ab45e5 docs: Update support for host cgroupv2
326eb2f versions: Update runc version
f690b0a qemu: Add liburing to qemu build
b314741 runtime-rs:add unit test for set share pid ns
1ef3f8e runtime-rs: set share sandbox pid namespace
6e149b4 Docs: fix tables format error
56d49b5 versions: Update Firecracker version to v1.1.0
f5aa6ae agent: Fix stream fd's double close problem
d93e4b9 container: kill all of the processes in this container
c825065 runtime-rs: fix tc filter setup failed
e0194dc runtime-rs: update route destination with prefix
43045be runtime-rs: handle default_vcpus greator than default_maxvcpu
9126415 agent: fix fd-double-close problem in ut test_do_write_stream
896478c runtime-rs: add functionalities support for macvlan and vlan endpoints
fa85fd5 docs: add rust environment setup for kata 3.0
0d7cb7e agent: delete agent-type property in announce
eec9ac8 rustjail: check result to let it return early.
402bfa0 nydus: upgrade nydus/nydus-snapshotter version
54f53d5 runtime-rs: support disable_guest_seccomp
9ae2a45 cgroups: remove unnecessary get_paths()
df79c8f versions: Update firecracker version
72dbd1f kata-monitor: fix can't monitor /run/vc/sbs.
e9988f0 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebb runtime-rs: fix ctr exit failed
4331ef8 Runtime-rs: add installation guide for rust-runtime
62182db runtime-rs: add unit test for ipvlan endpoint
d8920b0 runtime-rs: support functionalities of ipvlan endpoint
19eca71 runtime-rs: remove the value of hypervisor path in DB config
996a6b8 kata-sys-util: upgrade nix version
99654ce runtime-rs: update dbs-xxx dependencies
f4c3adf runtime-rs: Add compile option file
545ae3f runtime-rs: fix warning
2b01e9b dragonball: fix warning
f59939a runk: Support exec sub-command
3c98952 dragonball: update for review
274598a kata-runtime: add dragonball config check support.
1befbe6 runtime-rs: Cargo lock for fix version problem
3d6156f runtime-rs: support dragonball and runtime-binary
3f6123b libs: update configuration and annotations
be31207 clh: Don't crash if no network device is set by the upper layer
0511812 packaging: Add a "-" in the dir name if $BUILD_DIR is available
201ff22 packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
dc3b6f6 versions: Update Cloud Hypervisor to v25.0
0826a21 Merge remote-tracking branch 'origin/main' into runtime-rs-1
46fd7ce Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f1 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8b Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b docs: Update URL links for containerd documentation
e57a1c8 build: Mark git repos as safe for build
ee3f555 Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634d Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924 docs: delete CRI containerd plugin statement
bee7915 Merge pull request #4533 from bookinabox/simplify-nproc
efdb923 build: Fix clh source build as normal user
0e40ecf tools/snap: simplify nproc
be68cf0 Merge pull request #4597 from bergwolf/github/action
4d89476 runtime: Fix DisableSelinux config
ac91fb7 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafe action: extend commit message line limit to 150 bytes
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
071dd4c Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e Merge pull request #4574 from jelipo/fix-serde-serializing
0189738 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6 Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec968 Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a oci: fix serde skip serializing condition
fbb2e9b agent: Replace some libc functions with nix ones
acd3302 agent: Run OCI poststart hooks after a container is launched
635fa54 Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
c29038a Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e7 Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b4 Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd42 ci: Set safe.directory against tests repository
2a4fbd6 agent: enhance get handled signal
433816c ci/cd: update check-commit-message
2a94261 Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d56 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed runtime: delete Console from Cmd type
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
ad05523 Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c0387 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3d packaging: Remove unused kata docker configure script
afdc960 hypervisor: Add default_maxmemory configuration
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
0e2459d docs: Add cgroupDriver for containerd
1a25afc kernel: Allow passing the URL to download the tarball
80c68b8 kernel: Deduplicate code used for building TEE kernels
d258499 dragonball: fix dependency unused warning
458f6f4 dragonball: use const string for legacy device type
f6f96b8 dragonball: add legacy device support for aarch64
7a41839 dragonball: add device info support for aarch64
f7ccf92 kata-deploy: Rely on the configured config path
386a523 kata-deploy: Pass the config path to CRI-O
13df57c build: save lines for repository_owner check
939959e docs: add Dragonball to hypervisors
2bb1eea docs: further questions related to upcall
026aaee docs: add FAQ to the report
fffcb81 docs: update the content of the report
42ea854 docs: kata 3.0 Architecture
46fd7ce Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f1 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8b Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b docs: Update URL links for containerd documentation
e57a1c8 build: Mark git repos as safe for build
ee3f555 Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634d Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924 docs: delete CRI containerd plugin statement
bee7915 Merge pull request #4533 from bookinabox/simplify-nproc
efdb923 build: Fix clh source build as normal user
0e40ecf tools/snap: simplify nproc
be68cf0 Merge pull request #4597 from bergwolf/github/action
4d89476 runtime: Fix DisableSelinux config
ac91fb7 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafe action: extend commit message line limit to 150 bytes
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791 release: Kata Containers 2.5.0-rc0
f4eea83 release: Adapt kata-deploy for 2.5.0-rc0
071dd4c Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e Merge pull request #4574 from jelipo/fix-serde-serializing
0189738 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6 Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec968 Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a oci: fix serde skip serializing condition
fbb2e9b agent: Replace some libc functions with nix ones
acd3302 agent: Run OCI poststart hooks after a container is launched
635fa54 Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a3 runtime: overwrite mount type to bind for bind mounts
4e48509 build: Set safe.directory for runtime repo
c29038a Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e7 Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b4 Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd42 ci: Set safe.directory against tests repository
2a4fbd6 agent: enhance get handled signal
433816c ci/cd: update check-commit-message
2a94261 Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d56 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed runtime: delete Console from Cmd type
96553e8 runtime: Add documentation of drop-in config file fragments
c656457 runtime: Add tests of drop-in config file decoding
99f5ca8 runtime: Plug drop-in decoding into decodeConfig()
0f9856c runtime: Scan drop-in directory, read files and decode them
2c1efcc runtime: Add helpers to copy fields between tomlConfig instances
20f1187 runtime: Add framework to manipulate config structs via reflection
ab5f1c9 shim: set a non-zero return code if the wait process call failed.
e5be5cb runtime: device: cleanup outdated comments
5f936f2 virtcontainers: config validation is host specific
3232714 virtcontainers: Remove unused function
0939f51 config: Expose default_maxmemory
58ff2bd clh,qemu: Adapt to using default_maxmemory
ad05523 Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c0387 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3d packaging: Remove unused kata docker configure script
afdc960 hypervisor: Add default_maxmemory configuration
bdf5e52 virtcontainers: validate hypervisor config outside of hypervisor itself
469e098 katautils: don't do validation when loading hypervisor config
0e2459d docs: Add cgroupDriver for containerd
e57a1c8 build: Mark git repos as safe for build
efdb923 build: Fix clh source build as normal user
9cee521 fmt: do cargo fmt and add a dependency for blk_dev
47a4142 fs: change vhostuser and virtio into const
e14e98b cpu_topo: add handle_cpu_topology function
5d3b53e downtime: add downtime support
6a1fe85 vfio: add vfio as TODO
5ea35dd refractor: remove redundant by_id
b646d7c config: remove ht_enabled
cb54ac6 memory: remove reserve_memory_bytes
bde6609 hotplug: add room for other hotplug solution
d88b1bf dragonball: update vsock dependency
dd003eb Dragonball: change error name and fix compile error
38957fe UT: fix compile error in unit tests
11b3f95 dragonball: add virtio-fs device support
948381b dragonball: add virtio-net device support
3d20387 dragonball: add virtio-blk device support
87d38ae Doc: add document for Dragonball API
090de2d dragonball: fix the clippy errors.
a159332 dragonball: add vsock api to api server
89b9ba8 dragonball: add set_vm_configuration api
95fa0c7 dragonball: add start microvm support
5c1ccc3 dragonball: add Vmm struct
4d234f5 dragonball: refactor code layout
cfd5dae dragonball: add vm struct
527b73a dragonball: remove unused feature in AddressSpaceMgr
4d89476 runtime: Fix DisableSelinux config
57c2d8b docs: Update URL links for containerd documentation
2551924 docs: delete CRI containerd plugin statement
5010c64 release: Revert kata-deploy changes after 2.5.0-rc0 release
0e40ecf tools/snap: simplify nproc
3bafafe action: extend commit message line limit to 150 bytes
7120afe dragonball: add vcpu test function for aarch64
648d285 dragonball: add vcpu support for aarch64
7dad7c8 dragonball: update dbs-xxx dependency
c8a9052 build: format files
242992e build: put install methods in utils.mk
8a69726 build: makefile for dragonball config
07231b2 runtime-rs:refactor network model with netlink
9c52629 runtime-rs:refactor network model with netlink
f3907aa runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
916ffb7 Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11 shim: support shim v2 logging plugin
27b1bb5 Merge pull request #4467 from egernst/device-pkg
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
2488a0f Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
133528d Merge pull request #4503 from amshinde/multi-queue-block
f186a52 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36f agent: Allow BUILD_TYPE=debug
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de Merge pull request #4358 from zvonkok/memreserve
e227b4c block: Leverage multiqueue for virtio-block
7204935 Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22a Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
e422730 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e packaging: Remove unused publish kata image script
0bbbe70 snap: fix snap build on ppc64le
6fd4008 Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d Merge pull request #4481 from zvonkok/fix-action
ef925d4 runtime: enable sandbox feature on qemu
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
1b7fd19 rootfs: Fix chronyd.service failing on boot
916ffb7 Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11 shim: support shim v2 logging plugin
27b1bb5 Merge pull request #4467 from egernst/device-pkg
e32bf53 device: deduplicate state structures
f97d9b4 runtime: device/persist: drop persist dependency from device pkgs
f9e96c6 runtime: device: move to top level package
3880e0c agent: refactor reading file timing for debugging
2488a0f Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2 agent: Update the dependencies
612fd79 random: Fix "nonminimal-bool" clippy warning
d4417f2 netlink: Fix "or-fun-call" clippy warnings
93874cb packaging: Restrict kernel patches applied to top-level dir
07b1367 versions: Update kernel to latest LTS version 5.15.48
133528d Merge pull request #4503 from amshinde/multi-queue-block
f186a52 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36f agent: Allow BUILD_TYPE=debug
9ff10c0 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de Merge pull request #4358 from zvonkok/memreserve
e227b4c block: Leverage multiqueue for virtio-block
7204935 Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22a Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9 runtime: Add heuristic to get the right value(s) for mem-reserve
e422730 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e packaging: Remove unused publish kata image script
0bbbe70 snap: fix snap build on ppc64le
6fd4008 Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d Merge pull request #4481 from zvonkok/fix-action
ef925d4 runtime: enable sandbox feature on qemu
2899530 tracing: Remove whitespace from root span
9941588 workflow: Removing man-db, workflow kept failing
1b7fd19 rootfs: Fix chronyd.service failing on boot
71db2dd hotplug: add room for future acpi hotplug mechanism
8bb00a3 dragonball: fix a bug when generating kernel boot args
2aedd4d doc: add document for vCPU, api and device
bec22ad dragonball: add api module
07f44c3 dragonball: add vcpu manager
78c9718 dragonball: add upcall support
7d1953b dragonball: add vcpu
468c73b dragonball: add kvm context
e89e650 dragonball: add signal handler
b6cb2c4 dragonball: add metrics system
e80e0c4 dragonball: add io manager wrapper
86123f4 Merge branch 'main' into runtime-rs
f30fe86 Merge pull request #4456 from Bevisy/fixIssue4454
553ec46 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b28 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a28 Merge pull request #4422 from snir911/dependabot_bumps
90a7763 snap: Fix debug cli option
d06dd8f Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305baf docs: Update outdated URLs and keep them available
185360c Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6 Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee7703 docs: Update containerd url link
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
c84a425 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448f Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33 Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc1 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db0 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd7 safe-path: fix clippy warning
1a5ba31 agent: refactor reading file timing for debugging
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87d Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838 virtiofsd: export env vars needed for building it
b0e090f versions: Bump virtiofsd to v1.3.0
db5048d kernel: build efi_secret module for SEV
1b84597 docs: Add storage limits to arch doc
4124413 docs: Add more kata monitor details
eff4e10 shim: change the log level for GetOOMEvent call failures
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13 config: Allow enable_iommu pod annotation by default
f30fe86 Merge pull request #4456 from Bevisy/fixIssue4454
553ec46 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b28 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a28 Merge pull request #4422 from snir911/dependabot_bumps
90a7763 snap: Fix debug cli option
d06dd8f Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305baf docs: Update outdated URLs and keep them available
185360c Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6 Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee7703 docs: Update containerd url link
ac5dbd8 clh: Improve logging related to the net dev addition
0b75522 network: Set queues to 1 to ensure we get the network fds
93b61e0 network: Add FFI_NO_PI to the netlink flags
bf3ddc1 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e clh: Take care of the VmAdNetdPut request ourselves
01fe09a clh: Hotplug the network devices
2e07538 clh: Expose VmAddNetPut
c84a425 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448f Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33 Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc1 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db0 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7d runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd7 safe-path: fix clippy warning
1a5ba31 agent: refactor reading file timing for debugging
721ca72 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87d Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838 virtiofsd: export env vars needed for building it
b0e090f versions: Bump virtiofsd to v1.3.0
db5048d kernel: build efi_secret module for SEV
1b84597 docs: Add storage limits to arch doc
4124413 docs: Add more kata monitor details
eff4e10 shim: change the log level for GetOOMEvent call failures
5d7fb7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fc build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf5067 build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847b build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada16 build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9ce build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13 config: Allow enable_iommu pod annotation by default
d5ee3fc safe-path: fix clippy warning
93c10df runtime-rs: add crosvm license in Dragonball
dfe6de7 dragonball: add dragonball into kata README
39ff85d dragonball: green ci
71f24d8 dragonball: add Makefile.
a1df6d0 Doc: Update Dragonball Readme and add document for device
8619f2b dragonball: add virtio vsock device manager.
52d42af dragonball: add device manager.
c1c1e51 dragonball: add kernel config.
6850ef9 dragonball: add configuration manager.
0bcb422 dragonball: add legacy devices manager
3c45c07 dragonball: add console manager.
3d38bb3 dragonball: add address space manager.
aff6040 dragonball: add resource manager support.
8835db6 dragonball: initial commit

Compatibility with CRI-O

Kata Containers 3.0.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Assets 6