kata-containers Changes

In this release we're posting the shortlog between 3.2.0-alpha0 and 3.2.0-alpha3,
as the -alpha1 and -alpha2 releases couldn't be finished due to issues in our
release pipeline.

The most notorious changes that are worth mentioning are:

• The addition of device manager for runtime-rs
• Several improvements related to GPU usage with Kata Containers
• Several improvements to the kata-ctl tool
• Addition of artefacts and specific runtime classes for x86_64 TEEs
  • SEV, SNP, and TDX are the ones being tested, built, and shipped for now
• Multi-architecture release, including:
  • kata-static-3.2.0-alpha3-{aarch64,s390x,x86_64}.tar.xz
    • Note, aarch64 and x86_64 will be changed to arm64 and amd64 for the next
      release
  • kata-deploy payloads supporting amd64, arm64, and s390x
    • see: https://quay.io/repository/kata-containers/kata-deploy?tab=tags
• Several other bug fixes happened all over the code

Shortlog

f636c1f8a gha: release: Simplify the process for tagging the payload
d10c9be60 gha: release: login-action: Don't specify docker.io registry
0b1c5ea5b versions: Update nydus version to 2.2.1
eff6ed2d5 runtime: make debug console work with sandbox_cgroup_only
c54363114 release: Kata Containers 3.2.0-alpha3
f3702268d release: Fix docker/login-action version
fc09d0f5d release: Kata Containers 3.2.0-alpha2
4719802c8 runtime-rs: add virtio-blk-mmio
f9bded448 runtime-rs: add devicetype enum
6800d30fd runtime-rs: remove device
f16012a1e runtime-rs: support linux device
fe9ec6764 runtime-rs: block volume
a8bfac90b runtime-rs: support block rootfs
b076d46db agent: handle hotplug virtio-mmio device
6e273d6cc runtime-rs: implement trait for vhost-user device
cc9c91538 runtime-rs: implement trait for vfio device
e4c5c74a7 runtime-rs: device manager
22154e0a3 cache: Fix OVMF tarball name for different flavours
b7341cd96 cache: Use "initrd" as initrd_type to build rootfs-initrd
35c3d7b4b runtime: clh: Re-generate the client code
cfee99c57 versions: Upgrade to Cloud Hypervisor v32.0
b8ffcd1b9 osbuilder: Bump fedora image version
636539bf0 kata-deploy: Use apt-key.gpg from k8s.io
ae24dc73c local-build: Standardise what's set for the local build scripts
ad324adf1 gha: aks: Wait a little bit more before run the tests
11a34a72e docs: Update container network model url
191b6dd9d gha: release: Fix s390x worklow
75330ab3f cache: Fix OVMF caching
cfd8f4ff7 gha: payload-after-push: Pass secrets down
a89b44aab tools: Fix arch bug
f527f614c release: Kata Containers 3.2.0-alpha1
ca1531fe9 runtime: Use static_sandbox_resource_mgmt=true for TEEs
f6e1b1152 agent: update tokio dependency
4cb83dc21 kata-ctl: update tokio dependency
df615ff25 runk: update tokio dependency
ca6892ddb runtime-rs: update tokio dependency
3e85bf5b1 resource-control: fix setting CPU affinities on Linux
bdb75fb21 runtime: use enable_vcpus_pinning from toml
fa832f470 gha: k8s: Make the tests more reliable
cbb9fe8b8 config: Use standard OVMF with SEV
724437efb kata-deploy: add kata-qemu-sev runtimeclass
521dad2a4 Tests: skip CPU constraints test on SEV and SNP
72308ddb0 gha: ci-on-push: Don't skip tests for SEV
da0f92cef gha: ci-on-push: Don't skip tests for SEV-SNP
12f43bea0 gha: tdx: Use the k3s overlay for kata-cleanup
dd7562522 runtime: pkg/sev: Add kbs utility package for SEV pre-attestation
05de7b260 runtime: Add sev package
3a9d3c72a gpu: Rename the last bits from gpu to nvidia-gpu
4cde844f7 local-build: Fix kernel-nvidia-gpu target name
1a3f8fc1a deploy: fix shell script error
c5a59caca ppc64le: switch virtiofsd from C to rust version
bfdf0144a versions: Bump virtiofsd to 1.6.1
87cb98c01 osbuilder: Fix indentation in rootfs.sh
20cb87508 virtcontainers/qemu_test.go: Improve test coverage
022a33de9 agent: Add context to errors when AgentConfig file is missing
50cc9c582 tests: Improve coverage for virtcontainers/pkg/compatoci/ for Kata 2.0
73913c8eb kata-manager: Fix '-o' syntax and logic error
593840e07 kata-ctl: Allow INSTALL_PATH= to be specified
5f3f844a1 runtime-rs: fix building instructions with respect to required Rust version
197c33651 Dragonball: use LinuxBootConfigurator::write_bootparams to writes the boot parameters into guest memory.
b9a1db260 kata-deploy: Add http_proxy as part of the docker build
777c3dc8d kata-deploy: Do not ship the kata tarball
136e2415d static-build: Download firecracker instead of building it
3bf767cfc static-build: Adjust ARCH for nydus
ac88d34e0 static-build: Use relased binary for CLH (aarch64)
2856d3f23 deploy: Fix arch in image tag
e8f81ee93 Revert "kata-deploy: Use readinessProbe to ensure everything is ready"
a4c0303d8 virtcontainers: Fixed static checks for improved test coverage for fc.go
03a8cd69c virtcontainers: Improved test coverage for fc.go from 4.6% to 18.5%
cfe63527c release: Fix multi-arch publishing is not supported
4d17ea4a0 cache: Fix nvidia-snp caching version
a133fadbf cache: Fix nvidia-gpu-tdx-experimental cache URL
defb64334 runtime: remove overriding ARCH value by default for ppc64le
5226f15c8 gha: Fix Body Line Length action flagging empty body commit messages
0d49ceee0 gha: Fix snap creation workflow warnings
b9990c201 cache: Fix nvidia-gpu version
c9bf7808b cache: Update the KERNEL_FLAVOUR list to include nvidia-gpu
3665b4204 gpu: Rename gpu targets to nvidia-gpu
2c90cac75 local-build: fixup alphabetization
4da6eb588 kata-deploy: Add qemu-snp shim
14dd05375 kata-deploy: add kata-qemu-snp runtimeclass
0bb37bff7 config: Add SNP configuration
af7f2519b versions: update SEV kernel description
dbcc3b5cc local-build: fix default values for OVMF build
b8bbe6325 gha: build OVMF for tests and release
cf0ca265f local-build: Add x86_64 OVMF target
db095ddeb cache: add SNP flavor to comments
f4ee00576 gha: Build and ship QEMU for SNP
7a58a91fa docs: update SNP guide
879333bfc versions: update SNP QEMU version
38ce4a32a local-build: add support to build QEMU for SEV-SNP
e1f3b871c docs: Mark snap installation method as unmaintained
772d4db26 gha: Build and ship SEV initrd
45fa36692 gha: Build and ship SEV OVMF
4770d3064 gha: Build and ship SEV kernel.
fb9c1fc36 runtime: Add qemu-sev config
813e4c576 runtimeClasses: add sev runtime class
af18806a8 static-build: Add caching support to sev ovmf
76ae7a3ab packaging: adding caching capability for kernel
12c5ef902 packaging: add support to build OVMF for SEV
b87820ee8 packaging: add support to build initrd for sev
b0e6a094b packaging: Add sev kernel build capability
5f8008b69 kata-ctl: add unit test for kvm check
a085a6d7b kata-ctl: add generic kvm check
6594a9329 tools: made log-parser-rs
17daeb9dd warning_fix: fix warnings when build with cargo-1.68.0
8495f830b cross-compile: Include documentation and configuration for cross-compile
205909fbe runtime: Fix virtiofs fd leak
13d7f39c7 gpu: Check for VFIO port assignments
138ada049 gpu: Cold Plug VFIO toml setting
f7ad75cb1 gpu: Cold-plug extend the api.md
0fec2e698 gpu: Add cold-plug test
dded731db gpu: Add OVMF setting for MMIO aperture
2a830177c gpu: Add fwcfg helper function
131f056a1 gpu: Extract VFIO Functions to drivers
c8cf7ed3b gpu: Add ColdPlug of VFIO devices with devManager
e2b5e7f73 gpu: Add Rawdevices to hypervisor
6107c32d7 gpu: Assign default value to cold-plug
377ebc2ad gpu: Add configuration option for cold-plug VFIO
c18ceae10 gpu: Add new struct PCIePort
1c1ee8057 pkg/signals: Improved test coverage 60% to 100%
9c38204f1 virtcontainers/persist: Improved test coverage 65% to 87.5%
0f45b0faa virtcontainers/clh_test.go: improve unit test coverage
6bf1fc605 virtcontainers/factory: Improved test coverage
5c9246db1 gha: Also run k8s tests on qemu-snp
c57a44436 gha: Add the ability to test qemu-snp
9e2b7ff17 gha: sev: fix for kata-deploy error
c849bdb0a gha: Also run k8s tests on qemu-sev
521519d74 gha: Add the ability to test qemu-sev
406419289 env: Utilize arch specific functionality to get cpu details
fb40c71a2 env: Check for root privileges
1016bc17b config: Add api to fetch config from default config path
b908a780a kata-env: Pass cmd option for file path
b1920198b config: Workaround the way agent and hypervisor configs are fetched
f2b2621de kata-env: Implement the kata-env command.
f2ebdd81c utils: Get rid of spurious print statement left behind.
9a94f1f14 make: Export VERSION and COMMIT
2f81f48da config: Add file under /opt as another location to look for the config
07f7d17db config: Make the pipe_size field optional
68f635773 config: Make function to get the default conf file public
7565b3356 kata-ctl: Implement Display trait for GuestProtection enum
94a00f934 utils: Make certain constants in utils.rs public
572b338b3 gitignore: Ignore .swp and .swo editor backup files
376884b8a cargo: Update version of clap to 4.1.13
cc8ea3232 runtime-rs: support keep_abnormal in toml config
b1730e4a6 gpu: Add new kernel build option to usage()
825e76948 gpu: Add GPU support to default kernel without any TEE
e4ee07f7d gpu: Add GPU TDX experimental kernel
87ea43cd4 gpu: Add configuration fragment
aca6ff728 gpu: Build and Ship an GPU enabled Kernel
e4b3b0887 gpu: Add proper CONFIG_LOCALVERSION depending on TEE
432d40744 kata-ctl: checks for kvm, kvm_intel modules loaded
3e7b90226 osbuilder: Fix D-Bus enabling in the dracut case
6d315719f snap: fix docker start fail issue
96e8470db kata-manager: Fix containerd download
53c749a9d agent: Fix ut issue caused by fd double closed
2e3f19af9 agent: fix clippy warnings caused by protobuf3
4849c56fa agent: Fix unit test issue cuased by protobuf upgrade
0a582f781 trace-forwarder: remove unused crate protobuf
73253850e kata-ctl: remove unused crate ttrpc
76d2e3054 agent-ctl: Bump ttrpc from 0.6.0 to 0.7.1
eb3d20dcc protocols: Add ut for Serde
59568c79d protocols: add support for Serde
a6b4d92c8 runtime-rs: Bump ttrpc from 0.6.0 to 0.7.1
8af6fc77c agent: Bump ttrpc from 0.6.0 to 0.7.1
009b42dbf protocols: Fix unit test
392732e21 protocols: Bump ttrpc from 0.6.0 to 0.7.1
ac7c63bc6 gpu: Add containerd shim for qemu-gpu
a0cc8a75f gpu: Add a kube runtime class
a81fff706 gpu: Adding a GPU enabled configuration
f4f958d53 gpu: Do not pass-through PCI (Host) Bridges
a1272bcf1 gha: tdx: Fix typo overlay -> overlays
3fa0890e5 cache-components: Fix TDVF caching
80e3a2d40 cache-components: Fix TDX QEMU caching
dc662333d runtime: Increase the dial_timeout
f478b9115 clh: tdx: Update timeouts for confidential guest
3b76abb36 kata-deploy: Ensure node is ready after CRI Engine restart
5ec9ae0f0 kata-deploy: Use readinessProbe to ensure everything is ready
ea386700f kata-deploy: Update podOverhead for TDX
e31efc861 gha: tdx: Use the k3s overlay
542bb0f3f gha: tdx: Set KUBECONFIG env at the job level
d7fdf19e9 gha: tdx: Delete kata-deploy after the tests finish
da35241a9 tests: k8s: Skip k8s-cpu-ns when testing TDX
375187e04 versions: Upgrade to Cloud Hypervisor v31.0
eb1762e81 osbuilder: Enable dbus in the dracut case
db2cac34d runtime: Don't create socket file in /run/kata
f3595e48b nydus_rootfs/prefetch_files: add prefetch_files for RAFS
dc6569dbb runtime-rs/virtio-fs: add support extra handler for cache mode.
69ba2098f runtime-rs: remove network entities and netns
b31f103d1 runtime-rs: enable nerdctl cni plugin
3bfaafbf4 fix: oci hook
69d7a959c gha: ci-on-push: Run tests on TDX
5a0727ecb kata-deploy: Ship kata-qemu-tdx runtimeClass
98682805b config: Add configuration for QEMU TDX
3e1580019 govmm: Directly pass the firmware using -bios with TDX
3c5ffb0c8 govmm: Set "sept-ve-disable=on"
ed145365e runtime/qemu: Drop "kvm-type=tdx"
25b3cdd38 virtcontainers: Drop check for the tdx CPU flag
01bdacb4e virtcontainers: Also check /sys/firmwares/tdx for TDX
9feec533c cache: Add ability to cache OVMF
ce8d98251 gha: Build and ship the OVMF for TDX
39c3fab7b local-build: Add support to build OVMF for TDX
054174d3e versions: Bump OVMF for TDX
800fb49da packaging: Add get_ovmf_image_name() helper
fbf03d7ac cache: Document kernel-tdx-experimental
5d79e9696 cache: Add a space to ease the reading of the kernel flavours
6e4726e45 cache: Fix typos
fc22ed0a8 gha: Build and ship the Kernel for TDX
502844ced local-build: Add support to build Kernel for TDX
b2585eecf local-build: Avoid code duplication building the kernel
f33345c31 versions: Update Kernel TDX version
20ab2c242 versions: Move Kernel TDX to its own experimental entry
3d9ce3982 cache: Allow specifying the QEMU_FLAVOUR
33dc6c65a gha: Build and ship QEMU for TDX
eceaae30a local-build: Add support to build QEMU for TDX
f7b7c187e static-build: Improve qemu-experimental build script
3018c9ad5 versions: Update QEMU TDX version
800ee5cd8 versions: Move QEMU TDX to its own experimental entry
1315bb45f local-build: Add dragonball kernel to the all target
73e108136 local-build: Rename non vanilla kernel build functions
1d851b4be local-build: Cosmetic changes in build targets
cbe6ad903 runtime: support non-root for clh
49ce685eb gha: k8s-on-aks: Always delete the AKS cluster
e2a770df5 gha: ci-on-push: Run k8s tests with dragonball
c1fbaae8d rustjail: Use CPUWeight with systemd and CgroupsV2
79f3047f0 gha: k8s-on-aks: {create,delete} AKS must be a coded-in step
d1f550bd1 docs: update the rust version from versions.yaml
2f35b4d4e gha: ci-on-push: Only run on main branch
e7bd2545e Revert "gha: ci-on-push: Depend on Commit Message Check"
0d96d4963 Revert "gha: ci-on-push: Adjust to using workflow_run"
c7ee45f7e Revert "gha: ci-on-push: Adapt chained jobs to workflow_run"
5d4d72064 Revert "gha: k8s-on-aks: Fix cluster name"
13d857a56 gha: k8s-on-aks: Set {create,delete}_aks as steps
85cc5bb53 gha: k8s-on-aks: Fix cluster name
108d80a86 gha: Add the ability to also test Dragonball
8086c75f6 gha: Also run k8s tests on AKS with dragonball
2550d4462 gha: build-kata-static-tarball: Only push to registry after merge
e81b8b8ee local-build: build-and-upload-payload is not quay.io specific
13929fc61 gha: publish-kata-deploy-payload: Improve registry login
41026f003 gha: payload-after-push: Pass registry / repo as inputs
7855b4306 gha: ci-on-push: Adapt chained jobs to workflow_run
3a760a157 gha: ci-on-push: Adjust to using workflow_run
a159ffdba gha: ci-on-push: Depend on Commit Message Check
1688e4f3f gha: aks: Use D4s_v5 instance
fe86c08a6 tools: Avoid building the kernel twice
b661e0cf3 rustjail: Add anyhow context for D-Bus connections
7796e6ccc rustjail: Fix minor grammatical error in function name
41fdda1d8 rustjail: Do not unwrap potential error with cgroup manager
0f7351556 runtime: add filter metrics with specific names
3215860a4 gha: Set ci-on-push to run on pull_request_target
d17dfe4cd gha: Use ghcr.io for the k8s CI
60c62c3b6 gha: Remove kata-deploy-test.yaml
43894e945 gha: Remove kata-deploy-push.yaml
cab9ca043 gha: Add a CI pipeline for Kata Containers
53b526b6b gha: k8s: Add snippet to run k8s tests on aks clusters
c444c24bc gha: aks: Add snippets to create / delete aks clusters
11e0099fb tests: Move k8s tests to this repo
73be4bd3f gha: Update actions for release.yaml
d38d7fbf1 gha: Remove code duplication from release.yaml
56331bd7b gha: Split payload-after-push-*.yaml
a552a1953 docs: Update CNM url in networking document
a914283ce kata-ctl: add function to get platform protection.
d3bb25418 utils: Add function to check vhost-vsock

Compatibility with CRI-O

Kata Containers 3.2.0-alpha3 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.2.0-alpha3 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.2.0-alpha3 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.2.0-alpha3 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.2.0-alpha3

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "ubuntu"
version: "latest"
meta:
image-type: "ubuntu"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"
sev:
name: "ubuntu"
version: "20.04"

Kata Linux Containers Kernel

Kata Containers 3.2.0-alpha3 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Do NOT use !

The guest image and kata-deploy are broken (see #7123 for details). Go to 3.1.3 instead.

What's Changed

• stable-3.1 | update tokio dependency by @fidencio in https://github.com/kata-containers/kata-containers/pull/6888

Full Changelog: https://github.com/kata-containers/kata-containers/compare/3.1.1...3.1.2

Do NOT use !

The guest image and kata-deploy are broken (see #7123 for details). Go to 3.1.3 instead.

kata-containers Changes

Shortlog

36b883180 release: Kata Containers 3.1.1
2ff6964be release: Adapt kata-deploy for 3.1.1
0e0d29d22 agent: Fix ut issue caused by fd double closed
8db3dfb30 osbuilder: Fix D-Bus enabling in the dracut case
1de0909a3 osbuilder: Enable dbus in the dracut case
a86feb8bf runtime: Don't create socket file in /run/kata
8b597195a rustjail: Use CPUWeight with systemd and CgroupsV2
f83adbe83 rustjail: Add anyhow context for D-Bus connections
e0e6f9481 rustjail: Fix minor grammatical error in function name
ecadb514e rustjail: Do not unwrap potential error with cgroup manager

Compatibility with CRI-O

Kata Containers 3.1.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.1 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.1.1 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

TBD

Shortlog

4a246309ee4d release: Kata Containers 3.2.0-alpha0
43dd4440f483 snap: Build the artefacts using kata-deploy
3443f558a61a nydus: upgrad nydus to v2.2.0
395645e1ce37 runtime: hybrid-mode cause error in the latest nydusd
74ec38cf0216 osbuilder: Add support for CBL-Mariner
8b008fc74307 kata-deploy: fix bash semantics error
dd23f452ab7f utils: renamed only_kata to skip_containerd
59c81ed2bba1 utils: informed pre-check about only_kata
ac585886821e runtime-rs: ch: Generate Cloud Hypervisor config for confidential guests
96555186b3eb runtime-rs: ch: Honour debug setting
e3c2d727ba9e runtime-rs: ch: clippy fix
ece5edc64133 qemu/arm64: disable image nvdimm if no firmware offered
462d4a1af257 workflows: static-checks: Free disk space before running checks
e68186d9af0d workflows: static-checks: Set GOPATH only once
439ff9d4c49e tools/osbuilder/tests: Remove TRAVIS variable
f31c79d21075 workflows: static-checks: Remove TRAVIS_XXX variables
4f0887ce42a5 kata-deploy: fix install failing to chmod runtime-rs/bin/*
09c4828ac3a9 workflows: add missing artifacts on payload-after-push
96baa8389525 agent: Bring in VFIO-AP device handling again
f666f8e2df6b agent: Add VFIO-AP device handling
b546eca26f0e runtime: Generalize VFIO devices
4c527d00c7b7 agent: Rename VFIO handling to VFIO PCI handling
db89c88f4fcb agent: Use cfg-if for s390x CCW
68a586e52c88 agent: Use a constant for CCW root bus path
f4938c0d90a1 bugfix: set hostname
fbf891fdfff5 packaging: Adapt get_last_modification()
82a04dbce179 local-build: Use cached VirtioFS when possible
3b9900489774 local-build: Use cached shim v2 when possible
1b8c5474dab1 local-build: Use cached RootFS when possible
09ce4ab893b2 local-build: Use cached QEMU when possible
1e1c843b8b65 local-build: Use cached Nydus when possible
64832ab65b35 local-build: Use cached Kernel when possible
04fb52f6c9ab local-build: Use cached Firecracker when possible
8a40f6f23498 local-build: Use cached Cloud Hypervisor when possible
194d5dc8a6e9 tools: Add support for caching VirtioFS artefacts
a34272cf2042 tools: Add support for caching shim v2 artefacts
7898db5f7902 tools: Add support for caching RootFS artefacts
e90891059b03 tools: Add support for caching QEMU artefacts
7aed8f8c80c3 tools: Add support for caching Nydus artefacts
cb4cbe29580f tools: Add support for caching Kernel artefacts
762f9f4c3edf tools: Add support for caching Firecracker artefacts
6b1b424fc733 tools: Add support for caching Cloud Hypervisor artefacts
08fe49f708e5 versions: Adjust kernel names to match kata-deploy build targets
99505c0f4f3a versions: Update firecracker version
a8b55bf8746d dependency: update cgroups-rs
9a01d4e4469a dragonball: add more unit test for virtio-blk device.
974a5c22f006 runtime: add support for Hyper-V
97cdba97ea98 runtime-rs: update load_config comment
a6c67a161e91 runtime: add support for ephemeral mounts to occupy entire sandbox memory
16e2c3cc55b1 agent: implement update_ephemeral_mounts api
3896c7a22bf3 protocol: add updateEphemeralMounts proto
40f4eef5355f build: Use the correct kernel name
30e235f0a1ec runtime-rs: impl volume-resize trait for sandbox
42b8867148d2 runtime-rs: impl volume-stats trait for sandbox
e7bca62c32fb bugfix: modify tty_win info in runtime when handling ResizePtyRequest
e029988bc2b7 bugfix: add get_ns_path API for Hypervisor
844bf053b2aa runtime-rs: add the missing default trait
43ce3f7588c6 packaging: Simplify get_last_modification()
33c5c49719ce packaging: Move repo_root_dir to lib.sh
f8e44172f6d1 utils: Make kata-manager.sh runs checks
760f78137db0 dragonball: support pmu on aarch64
2d43e131022c docs: fix typo in AWS installation guide
23488312f545 agent: always use cgroupfs when running as init
854638734887 agent: determine value of use_systemd_cgroup before LinuxContainer::new()
736aae47a4d2 rustjail: print type of cgroup manager
dbae281924b3 workflows: Properly set the kata-tarball architecture
76b4591e2b09 tools: Adjust the build-and-upload-payload.sh script
cd2aaeda2a07 kata-deploy: Switch to using an ubuntu image
9bc7bef3d622 kata-deploy: Fix path to the Dockerfile
78ba363f8e81 kata-deploy: Use different images for s390x and aarch64
6267909501a1 kata-deploy: Allow passing BASE_IMAGE_{NAME,TAG}
192df845885f agent: always use cgroupfs when running as init
b0691806f143 agent: determine value of use_systemd_cgroup before LinuxContainer::new()
ad8968c8d99a rustjail: print type of cgroup manager
a9e2fc86786e runtime/Makefile: Fix install-containerd-shim-v2 dependency
b6880c60d38e logging: Correct the code notes
8030e469b220 fix(runtime-rs): add exited state to ensure cleanup
12cfad485853 runtime-rs: modify the transfer to oci::Hooks
2c4428ee0247 runtime-rs: move pre-start hooks to sandbox_start
e80c9f7b742d runtime-rs: add StartContainer hook
977f281c5c08 runtime-rs: add CreateContainer hook support
875f2db5284b runtime-rs: add oci hook support
ecac3a9e104a docs: add design doc for Hooks
4b8a5a1a3df6 utils: Remove kata-manager.sh cgroups v2 check
7d292d7fc3e8 workflows: Fix the path of imported workflows
e07162e79d15 workflows: Fix action name
dd2713521e3a Dragonball: update dependencies
828d467222d4 workflows: Do not install docker
bd1ed26c8d0e workflows: Publish kata-deploy payload after a merge
fea7e8816fa5 runtime-rs: Fixed typo mod.rs
a96ba9923918 actions: Use git-diff to get changes in kernel dir
c4ef5fd32551 agent: don't set permission of existing directory
dc86d6dac35f runtime: use filepath.Clean() to clean the mount path
3ac6f29e9544 runtime: clh: Re-generate the client code
262daaa2eff4 versions: Upgrade to Cloud Hypervisor v30.0
919d19f41542 feat(runtime): make static resource management consistent with 2.0
76e926453a02 osbuilder: Include minimal set of device nodes in ubuntu initrd
b582c0db86b3 kata-ctl/exec: add new command exec to enter guest VM.
1bff1ca30adb kernel: Add CONFIG_SEV_GUEST to SEV kernel config Adding kernel config to sev case since it is needed for SNP and SNP will use the SEV kernel. Incrementing kernel config version to reflect changes
3483272bbda5 runtime-rs: ch: Enable initrd usage
fbee6c820e73 runtime-rs: Improve Cloud Hypervisor config handling
e84af6a6205e virtiofsd: update to a valid path on ppc64le
2dd2421ad0c7 runtime-rs: cleanup kata host share path
0a21ad78b12d osbuilder: fix default build target in makefile
4c39c4ef9f42 devguide: Add link to the contribution guidelines
b4a1527aa664 kata-deploy: Fix static shim-v2 build on arm64
2c4f8077fd2e Revert "shim-v2: Bump Ubuntu container image to 22.04"
ced3c9989559 dragonball: config_manager: preserve device when update
afaccf924d93 Revert "workflows: Push the builder image to quay.io"
da8a6417aa21 runtime-rs: remove all remaining unsafe impl
0301194851c0 dragonball: use crossbeam_channel in VmmService instead of mpsc::channel
697ec8e578f3 kata-deploy: Fix kata static firecracker arm64 package build error
9d78bf90861b shim-v2: Bump Ubuntu container image to 22.04
b835c40bbdc1 workflows: Push the builder image to quay.io
781ed2986a25 packaging: Allow passing a container builder to the scripts
45668fae15ac packaging: Use existing image to build td-shim
e8c6bfbdeb8f packaging: Use existing image to build td-shim
3fa24f7acce5 packaging: Add infra to push the OVMF builder image
f076fa4c770f packaging: Use existing image to build OVMF
c7f515172dc2 packaging: Add infra to push the QEMU builder image
fb7b86b8e0e3 packaging: Use existing image to build QEMU
d0181bb26261 packaging: Add infra to push the virtiofsd builder image
7c93428a1889 packaging: Use existing image to build virtiofsd
8c227e247185 virtiofsd: Pass the expected toolchain to the build container
7ee00d8e5764 packaging: Add infra to push the shim-v2 builder image
24767d82aa5b packaging: Use existing image to build the shim-v2
6c3c771a52a6 packaging: Add infra to push the kernel builder image
b9b23112bf6f packaging: Use existing image to build the kernel
869827d77f62 packaging: Add push_to_registry()
e69a6f57493d packaging: Add get_last_modification()
6c05e5c67a0b packaging: Add and export BUILDER_REGISTRY
3cfce5a7090f utils: improved unsupported distro message.
1047840cf81a utils: always check some dependencies.
a161d119208e versions: Use ubuntu as the default distro for the rootfs-image
44aaec9020f9 github-action: Replace deprecated command with environment file
619ef544525d docs: Change the order of release step
95e3364493bd runtime-rs: remove unnecessary Send/Sync trait implement
be40683bc592 runtime-rs: Add a generic powerpc64le-options.mk
47c058599a39 packaging/shim-v2: Install the target depending on the arch/libc
07802a19dc54 runtime-rs: handle sys_dir bind volume
04e930073c70 sandbox: set the dns for the sandbox
32ebe1895bc2 agent: fix the issue of creating the dns file
a68c5004f859 packaging/shim-v2: Only change the config if the file exists
bbc733d6c8e6 docs: runtime-rs: Add CH status details
37b594c0d217 runtime-rs: Add basic CH implementation
545151829d51 kata-types: Add Cloud Hypervisor (CH) definitions
ee76b398b32b release: Revert kata-deploy changes after 3.1.0-rc0 release

Compatibility with CRI-O

Kata Containers 3.2.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.2.0-alpha0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.2.0-alpha0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.2.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.2.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "ubuntu"
version: "latest"
meta:
image-type: "ubuntu"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.2.0-alpha0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Do NOT use !

The guest image and kata-deploy are broken (see #7123 for details). Go to 3.1.3 instead.

kata-containers Changes

This release includes several improvements inlcuding:

• Support for AMD SEV-SNP VMs
• Upgrade to QEMU v7.2.0
• Upgrade to Cloud Hypervisor v29.0
• Closed gaps around networking support for docker/moby.
• Several runtime-rs improvements including adding support for hugepages
• QEMU logging

... and many bug fixes !

Shortlog

ac6c1d1f451f release: Kata Containers 3.1.0
e6d27759cb79 release: Adapt kata-deploy for 3.1.0
3eb7387bb741 agent: always use cgroupfs when running as init
be512e7f346a agent: determine value of use_systemd_cgroup before LinuxContainer::new()
12ec33d70de7 rustjail: print type of cgroup manager
491b95451c6f workflows: Do not install docker
624dc2d22222 runtime: use filepath.Clean() to clean the mount path
fcab7c3a01b4 osbuilder: Include minimal set of device nodes in ubuntu initrd
697707493084 kata-deploy: Fix static shim-v2 build on arm64
592ecdb67147 packaging/shim-v2: Install the target depending on the arch/libc
d1305ee9eb5d runtime-rs: Add a generic powerpc64le-options.mk
59a05c7401ee kata-deploy: Fix kata static firecracker arm64 package build error
79a40d48953b dependency: update cgroups-rs
5988199adaf8 release: Kata Containers 3.1.0-rc0
d144ded12c68 release: Adapt kata-deploy for 3.1.0-rc0
930488933026 docs: Update how-to-use-kata-containers-with-firecracker.md
8e3863cecbbe kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c4539199118f runtime: tracing: Fix missing ctx return
ca02c9f5124e runtime: add reconnect timeout for vhost user block
67b8f0773fb8 SEV: Update ReducedPhysBits
4139d68d516c runtime-rs: Include target install in conditional branch
c07135535976 runtime-rs: Improve s390x error message
4e2db96ef76d runtime-rs: Don't try to build on Power
2f5bc0f408e6 kata-ctl: Expand unit tests for CPU check
01765e17342d runtime: support cgroup v2 metrics marshal guest metrics
e071d9251ff8 Typo: change tabs in comment to spaces
bdf20b5d263c rootfs: support EROFS filesystem
ed02c8a05137 docs: add guide for building rootfs with EROFS
49326fe4e1a2 fix(clippy): fix hypervisor clippy checks
fff0e50a738e versions: Update runc version
3c48f2202cd3 runtime: Improve documentation of appendFDs
94b1d9814c67 cargo: Update Cargo.lock files
f1855594a20c make: Get rid of verbose output while creating tar
c3836010a833 make: clean up obsolete targets
f83115a83800 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
3c24e23409da README: Update Readme under packaging/kernel
d73f3a8a26b9 github-action: Add step to verify kernel config version id updated
ac64b021a681 clh: Enforce API timeout only for vm.boot request
56071c6e7b61 virtiofsd: change cache mod to const
5d37d31ac7d9 cgroups: upgrade cgroupfs to 0.3.1
ab59a65c9265 runtime-rs: neglect a certain error when delete cgroup
56f0a27fef9d kernel: Add console kernel config for s390
390916b33c48 runtime: remove not used shim configurations
9794c52c6517 improvement: Fix naming conventions for span name and log subsystem
57c5e5629bce Dragonball: add cpu resize ability
59f104c02290 runtime: skip unit test that fail regularly on aarch64
b7dd97cac653 kata-ctl: fix permission deny issue in test_add_remove
f49b89b632e6 CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
856ab66871e4 virtiofsd: fix the build on ppc64le
1e531b44dc46 runtime:fix stat uds path
3a63e3c1f7c9 cni: Update cni plugins version to 1.2.0
510798155de2 dragonball: Improve test cases
dc90c6e30b7f dragonball: add more unit test for vm
334c4b8bdcb8 runtime: Drop QEMU log file support
00dcd900f9b9 docs: Add documentation for building agent with seccomp support.
8e8c720d5185 kata-deploy-push: Ensure we build Dragonball specific kernel
b7f4e96ff399 kata-deploy-test: Ensure we build dragonball specific kernel
063dec37c298 release: Add the dragonball-experimental kernel
0b3c91d2a23f kata-deploy: Add kernel-dragonball-experimental target
6199b69178e8 runtime-rs: change cache mode
a33a22ccd1dd runtime-rs: add missing config section for share-fs
9092c23a2efa runtime: Add hmp for qemu
9f490d16fef9 upcall: add document for upcall
39fe4a4b6f13 runtime: Collect QEMU's stderr
a5319c6be6ca runtime: Start QEMU undaemonized
bf4e3a618f3b runtime: Launch QEMU with cmd.Start()
8a1723a5cb97 runtime: Pre-establish the QMP connection
8a4f08cb0f7c govmm: Optionally pass QMP listener to QEMU
219bb8e7d02f govmm: Optionally start QMP with a pre-configured connection
2b779cba0050 docs: Update url link in QAT documentation
a85d0e465ca2 versions: update cni plugins version
861c38b6aaec versions: Upgrade to Cloud Hypervisor v29.0
ba87e0afea23 runtime: Use consts in kata-runtime check
676d028504e1 versions: Bump QEMU to v7.2.0
bf8848f92651 agent: Eliminate unnecessary metrics
69fc8de71231 runtime:all APIs are hang in the service.mu
8d4c2cf1b930 kata-ctl: Allow certain constants to go unused
64c11a66fd8d kata-ctl: Have function to get cpu details to run on specific arch
594b57d08282 utils: Add utility functions to get cpu and distro details.
d33e3436139d check: Move PROC_CPUINFO from architecture specific files
596037e20ca8 versions: Update conmon version
cf1bae352153 runtime: paas enablevhostuserstore annotation to hypervisor config
095e8fdef4e8 runk: Use the original Kill command instead of the customed it.
0f9e23a3d90b runk: Upgrade liboci-cli to v0.0.4
8551853cfe34 runtime: use system pagesize for hugepage test
1592a385eb86 dependency: update cgroups-rs
76437a97218b runtime: Use git rev-parse for the kata-monitor tag
923cd3fda14b virtcontainers: split out Linux parts from mount
60ff230d802f virtcontainers: Split the factory package into Linux and Darwin bits
a9626682af83 virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3afc11 virtcontainers: Add a Network API skeleton for Darwin
73216a810435 vendor: revendor netlink to get latest
6ee550e9a5e1 runtime: vCPUs pinning is sandbox specific, not hypervisor
e3d3b72fa2a2 virtcontainers: use resource control for setting CPU affinity
f137048be37e resource-control: add helper function for setting CPU affinity
fc17d7cc41a8 virtcontainers: Fix misspelling in error message
7eb43cec1505 runtime: add test generated file to .gitignore
12fd6ffc1fc9 runtime: fix up disable_netns handling
f8a48ab41ddc docs: add hint of probing loop module
64c9114a394c tools: add --locked option for cargo install
464d4c94de98 runtime-rs: process single_container
5f9c892e48f4 kata-types: add single_container support
fafc7a8b1a7d virtcontainers: tests: Ensure Linux specific tests are just run on Linux
86a82cace9c9 runtime: change cache mode from none to never
82c59efd65c7 runtime-rs: change cache mode from none to never
7b309b578dee kata-types: change cache mode from none to never
fee4e7c7c494 docs: change cache mode from none to never
f8a93a1dedc2 tools: Fix indentation for setup aks script
d48b22bb13b9 virtcontainers: fs_share: add Darwin skeleton
fa9ae9362ce4 virtcontainers: Add a Virtualization.framework skeleton
03de5f41b279 kata-ctl: remove get_kata_version_by_url function
c21a8d5ff898 kata-ctl: fix build error on s390x
9ec8a1398506 virtcontainers: introduce hypervisor_darwin
3b4420eb8e9f runtime: Define Darwin handled signals list
3886aad1994e nydus: net-ns handling needs to be only executed on Linux hosts
efa4fc0b25e4 clh: Add hotplug support for network devices
1074d2c1d3dd clh: Make vmAddNetPutRequest capable of doing hotplugs
85f9094f17c4 agent: refactor guest hooks
8bb68a9f2805 vc/network: skip existing endpoints when scanning for new ones
d085389127d0 vc: fix up UT for CreateSandbox API change
578a9c25f05c vc: rescan network endpoints after running prestart hooks
cb84b0fb02ce katautils: run prestart hooks after starting VM
24b05a99b60b schedcore: Make buildable on !linux
31591d791568 dragonball: fix unit test failure case about Kvm.
2b02e0a9bf3e dragonball: add more unit test for vcpu manager
e256903af25f runtime-rs: cleanup the run dir of hypervisor when shut down
937a41346e02 kata-ctl: add unit tests for volume ops
8451db7c0c78 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf72caa runtime-rs: add POST method to shim-client
cae78a685122 kata-ctl: add constants for direct-volume commands
86ee24b33c52 Runtime: Clarify mutability of global var
dae6670628b4 kata-runtime: add rust runtime path for kata-runtime exec
652021ad95db versions: Upgrade to Cloud Hypervisor v28.1
a2e3715e01bf upcall: remove upcall client when stopping vm
360506225808 runtime-rs: add dbs-upcall feature
56e7b5d0fdbc runtime/Makefile: Get some bits happy on darwin
b4b5d8150e2f docs: remove old and misleading instructions for minikube
0fe24e08bb2a packaging: fix indents in build-kernel.sh
ecb28e2b13f9 kernel: adding kmod to do docker env
079462d2eb50 runk: Fix needless_borrow warning
2c24fcf34c69 runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e78341e1d runtime-rs: Fix needless_borrow warnings
4fb163d570fa runtime-rs: Allow clippy:box_default warnings
20121fcda7ec runtime-rs: Fix unnecessary_cast warnings
b95364a1401a dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060bf3ab dragonball: Fix unnecessary_cast warnings
a545a65934bf agent: Allow clippy::question_mark warning in Namespace{}
9ced34dd225f agent: Fix explicit_auto_deref warnings
f77220490e70 agent: Fix needless_borrow warnings
7bcdc9049a24 rustjail: Fix unnecessary_cast warnings
41d7dbaaea79 rustjail: Fix needless_borrow warnings
2a73e057db01 kata-types: Fix unnecessary_cast warnings
cf9ef1833cf9 kata-types: Fix needless_borrow warnings
126187e8145a safe-path: Fix needless_borrow warnings
bb78d35db8f2 kata-sys-util: Fix "match-like-matches-macro" warning
668e6524010e kata-sys-util: Fix unnecessary_cast warnings
c1a8d89a72aa kata-sys-util: Fix needless_borrow warnings
c9c38e6d0117 logging: Allow clippy::type-complexity warning
ffd6fbb6b653 logging: Fix needless_borrow warnings
60df30015bf4 protocols: Fix unnecessary_cast warnings
0bbeb34b4cd0 protocols: Fix needless_borrow warnings
dfea6c7d217f versions: Update the rust toolchain to 1.66.0
03a0c9d78ee3 kata-ctl: skip test if access GitHub.com fail
1dcbda3f0f9a kata-ctl: update Cargo.lock
087515a46e7d agent: unset CC for cross-build
afaf17f42371 runtime-rs: enable container hugepage
fc4a67eec31f runtime-rs: enable vm hugepage
fd77eebd4d78 runtime-rs: fix the issues mentioned in the code review
0e692079094d runtime-rs: Clean up mount points shared to guest
3480780bd8d9 kata-ctl: add check framework support for non-x86
1bd533f10b00 kata-ctl: let check framework arch-agnostic
b0896126cf49 release: Kata Containers 3.1.0-alpha1
74fa10a23558 docs: remove duplicate sentences
ebe5c5adf9d9 docs: Update virtiofsd build script in the developer guide Script to execute to build virtiofsd has been changed in #5426 but not in the doc. This commit update the developer guide.
d14c3af35ca6 dragonball: refactor legacy device initialization
21ec766d29c2 docs: add documents for using bundle to start container
ca39a07a14a3 runtime-rs: enable start container from bundle
9f465a58af12 kernel: Add "unload" module to SEV config
ae0dcacd4a83 tools: Add some new gitignore items
99485d871c69 shim: return hypervisor's pid not shim's pid
a81ced0e3f00 upcall: add upcall into kernel build script
f5c34ed0880c Dragonball: introduce upcall
fbf294da3fe4 refactor(shim-mgmt): move client side to libs
b5cfd09583b1 kata-ctl: Fixed format for check release options
8dbfc3dc82bf kata-ctl: Fixed format for check release options
f3091a9da4ca kata-ctl: Add kata-ctl check release options
1f28ff683872 runtime-rs: add binary to exercise shim proper w/o containerd dependencies
eb8c9d38ff5c runtime-rs: add launch of a simple qemu process to start_vm()
2f6d0d408b90 runtime-rs: support qemu in VirtContainer
1413dfe91c7f runtime-rs: add basic empty boilerplate for qemu driver
a577df8b7173 tools: Fix indentation on build kernel script
4661ea8d3b83 runtime-rs: fix standalone share fs
79cf38e6ea83 runtime-rs: clear OCI spec namespace path
62f4603e8149 runtime-rs: reset rdma cgroup
5b6596f54e38 runtime-rs: CreateContainerRequest has Default
e9e82ce28b0e runtime-rs: fix is_pid_namespace_enabled check
78532154d9d2 docs: Add description for guest SELinux support
c617bbe70dcd runtime: Pass SELinux policy for containers to the agent
93547692863a agent: Add SELinux support for containers
a75f99d20d63 osbuilder: Create guest image for SELinux
a9c746f28422 kernel: Add kernel configs for SELinux
8079a9732d10 kata-sys-util: fix issues where umount2 couldn't get the correct path
7fdbbcda8241 agent: Drop the Option for LinuxContainer.cgroup_manager
c5abc5ed4d34 config: speed up rng init when kernel boot for arm64
b087667ac5de kata-deploy: Fix the pod of kata deploy starts to occur an error
3e6114b2efb5 tools: Fix indentation for ovmf script
d04d45ea0509 runtime: use pidfd to wait for processes on Linux
e9ba0c11d0e2 runtime: use exponential backoff for process wait
71491a69c3da runtime: move process wait logic to another function
92ebe61fea0d runtime: reap force killed processes
0019d653d618 runtime-rs: fix high cpu
748f22e7d0c2 agent: remove sysinfo dependency
fdf0a7bb1430 runtime-rs: fix the issues mentioned in the code review
1d823c4f6584 runtime-rs: umount and permission controls in sandbox level
527b871414dc runtime-rs: bind mount volumes in sandbox level
46b38458af17 docs: Update the rust version in the installation documentation
9ccf2ebe8a5e agent: add signal value to log
fb2c142f183f runtime-rs: fix some variable names and typos
a5e4cad4b654 kata-ctl: add host check for aarch64
737420469a7c kata-ctl: fix dependency version conflict
f7fc436bed5f workflow: fix cargo-deny-runner.yaml syntax error
d4321ab48970 runtime: Add identification in version for runtime-rs
89574f03f8c9 workflow: call cargo in user's $PATH
67fe703ff5df runtime-rs: remove the version number from the commit display message
e12db92e4df2 runk: Re-implement start operation using the agent codes
f443b7853746 build: update golang version to 1.19.3
86cb05883306 snap: Fix snapcraft setup (unbreak snap releases)
1d93a934682b fix(agent): fix iptables binary path in guest
2edbe389d872 runtime-rs: moving only vCPU threads into sandbox controller
cd85a44a0404 tools: Remove extra tab spaces from kata deploy binaries script
e723bad0afb3 ci: let static checks don't depend on build
69aae0227615 actions: use matrix to refactor static checks
d7bb4b5512b5 agent: support systemd cgroup for kata agent
340e24f17598 actions: skip some job using "paths-ignore" filter
1dfd845f51e0 runtime: go fix code for 1.19
2426ea9bdc58 doc: update runtime-rs "Build and Install"
4b45e1386905 runtime: don't fail mkdir if the folder is already created
cb199e0ecf1c kernel: add CONFIG_X86_SGX into whitelist
b987bbc57677 runtime-rs: block on the current thread when setup the network
6b2ef66f0fbf runtime-rs: add conditional compile for virt-sandbox persist
30a7ebf43067 runtime: Log invalid devices in QEMU config
2539f31862f3 runtime: Use containerd v1.6.8
a4099dab8f70 tools: Fix indentation of build static firecracker script
abb9ebeecef2 package: add nydus to release artifacts
b53171b605c6 agent: check command before do test_ip_tables
3bb145c63ad1 runtime: Support virtiofs queue size for qemu and make it configurable
993d05a42e95 docs: change mount-info.json to mountInfo.json
6c1e153a6ffc docs: update doc "NVIDIA GPU passthrough"
d808adef951e runtime-rs: support vhost-vsock
e80a9f09fac3 utils: Add utility function to fetch the kernel version.
a636d426d9b0 versions: update nydusd version
c46814b26a47 runtime-rs:support nydus v5 and v6
36545aa81ae9 runtime: clh: Re-generate the client code
f4b02c224420 versions: Upgrade to Cloud Hypervisor v28.0
e4a6fbadf80e docs: update doc "Setup swap device in guest kernel"
2f5f575a43b5 log-parser: Simplify check
d94718fb301f runtime: Fix gofmt issues
16b8375095f2 golang: Stop using io/ioutils
66aa330d0df2 versions: Update golangci-lint
b3a4a162949a versions: bump containerd version
eab8d6be1365 build: update golang version to 1.19.2
e80dbc15d8a6 runtime-rs: workaround Dragonball compilation problem
c3f1922df695 fix(fmt): fix cargo fmt to pass static check
a04afab74d62 qemu: early exit from Check if the process was stopped
7e481f217987 qemu: set stopped only if StopVM is successful
0e3ac66e761f clh: return faster with dead clh process from isClhRunning
9ef68e0c7adc clh: fast exit from isClhRunning if the process was stopped
2631b08ff109 clh: don't try to stop clh multiple times
8be08173050b tools: Fix indentation of build static virtiofsd script
3e9c3f12cef8 docs: Fix configuration path
936fe35acb89 runtime-rs : fix shim source is ambiguous
f45fe4f90d9a versions: update vmm-sys-util and related crates to v0.11.0
29c75cf12bfa runtime-rs: delete all cargo patches
f8f97c1e222c feat(shim-mgmt): iptables handler
9f70a6949b3e tools: Remove empty spaces from build kernel script
57336835da65 dragonball: add more unit test for device manager
2333700237c1 dragonball: add test utils.
2adb1c18235e Dragonball: enable mem_file_path config into hugetlbfs process
fef8e92af1ed runtime-rs:add hypervisor interface capabilities
daeee26a1e40 cloud-hypervisor: Fix GetThreadIDs function
40d514aa2c73 github: Parallelise static checks
27b19135847d runtime-rs: blanks filled & fixes made to virtiofsd launch
2508d39b7cb4 runtime: added vcpus pinning logics Core VCPU threads pinning logics for issue 4476. Also provided docs.
b74c18024a25 runtime-rs: fix shared volume permission issue
16dca4ecd405 runk: Ignore an error when calling kill cmd with --all option
df092185ee4f runk: Upgrade libseccomp crate to v0.3.0 in Cargo.lock
990e6359b714 snap: Unbreak docker install
ca69a9ad6d3f snap: Use metadata for dependencies
39363ffbfb0d runtime: remove same function
0ed7da30d7b6 tools: Fix indentation of build static clh script
43fcb8fd0906 virtiofsd: Not use "link-self-contained=yes" on s390x The compile option link-self-contained=yes asks rustc to use C library startup object files that come with the compiler, which are not available on the target s390x-unknown-linux-gnu. A build does not contain any startup files leading to a broken executable entry point (causing segmentation fault).
c0f5bc81b748 cargo: Add Cargo.lock to version control
474927ec9055 gitignore: Add gitignore file
699f821e12c8 utils: Add function to drop priveleges
a6fb4e2a68ce versions: bump golangci-lint version
b015f34aff17 runtime-rs: generate config files with the default target
219919e9f7d6 docs: Fix volumeMounts in SGX usage example
9d286af7b454 versions: Update Cloud Hypervisor to b4e39427080
144efd1a7a78 docs: update rust runtime installation guide
cbd84c3f5a88 rustjail: Upgrade libseccomp crate to v0.3.0
748be0fe3d16 makefile: remove sudo when create symbolic link
44d8de892321 agent: remove redundant checks
89e62d4edf8b shim: Ensure pagesize is set when reporting hugetbl stats
e95089b716b2 kata-ctl: add basic cpu check for s390x
871d2cf2c026 kata-ctl: Limit running tests to x86 and use native-tls on s390x
9f2c7e47c9da Revert "kata-ctl: Disable network check on s390x"
081ee487134c agent: use NLM_F_REPLACE replace NLM_F_EXCL in rtnetlink
abf4f9b2999d docs: kata 3.0 Architecture fix readme content error
72738dc11f45 agent: validate hugepage size is supported
f74e328fffc4 Makefile: fix an typo in runtime-rs makefile
227e717d278d qemu: Re-work static-build Dockerfile
9c1ac3d457f0 runtime-rs: return port on agent-url req
f205472b01bf Makefile: regulate the comment style for the runtime-rs comments
ac403cfa5a84 doc: Update how-to-run-kata-containers-with-SNP-VMs.md
00981b3c0a70 kata-ctl: Disable network check on s390x
c322d1d12a9a kata-ctl: arch: Improve check call
0bc5baafb948 snap: Build virtiofsd using the kata-deploy scripts
cb4ef4734fba snap: Create a task for installing docker
7e5941c578b1 virtiofsd: Build inside a container
9717dc3f7536 Dragonball: remove redundant comments in event manager
35d52d30fd21 versions: Update TDX QEMU
4d9dd8790d8d runtime-rs: fix typo get_contaier_type to get_container_type
70676d4a9912 kata-ctl: improve command descriptions for consistency
86ad832e37c8 runtime-rs: force shutdown shim process in it can't exit
9eb73d543ac3 versions: Update TDX kernel
1f1901e05944 dragonball: fix clippy warning for aarch64
a343c570e43a dragonball: enhance dragonball ci
6a64fb0eb3dd ci: skip s390x for dragonball.
a743e37daf7e Dragonball: delete redundant comments in blk_dev_mgr
00a42f69c09a kata-ctl: cargo: 2021 -> 2018
fb63274747da kata-ctl: rustfmt + clippy fixes
2b345ba29d9e build: Add kata-ctl to tools list
f7010b80614d kata-ctl: docs: Write basic documentation
781e604c39d8 docs: Reference kata-ctl README
15c343cbf2f4 kata-ctl: Don't rely on system ssl libs
c23584994a8d kata-ctl: clippy: Resolve warnings and reformat
133690434cdc kata-ctl: implement CLI argument --check-version-only
eb5423cb7fd2 kata-ctl: switch to use clap derive for CLI handling
018aa899cb81 kata-ctl: Add cpu check
7c9f9a5a1dae kata-ctl: Make arch test run at compile time
b63ba66dc347 kata-ctl: Formatting tweaks
cca7e32b54ec kata-ctl: Lint fixes to allow the branch to be built
8e7bb8521c35 kata-ctl: add code for framework for arch
303fc8b11835 kata-ctl: Add unit tests cases
d0b33e9a32cd versions: Add kata-ctl version entry
002b18054d82 kata-ctl: Add initial rust code for kata-ctl
8d4ced3c860f runtime-rs: support ephemeral storage for emptydir
862eaef86328 docs: fix a typo in rust-runtime-installation-guide
26c043dee72e ci: Add dragonball test
b62b18bf1cad dragonball: fix clippy warning
2ddc948d30ab Makefile: add dragonball components.
3fe81fe4ab26 dragonball-ut: use skip_if_not_root to skip root case
72259f101a67 dragonball: add more unit test for vmm actions
046ddc6463dc readme: remove libraries mentioning
ee74231b1cb2 release: Kata Containers 3.1.0-alpha0
102a9dda7174 workflow: Revert "workflow: trigger test-kata-deploy with pull_request"
68e8a86aec69 runtime: fix incorrect comment for SetFsSharingSupport function
04bbce8dc328 virtcontainers: add warn log record for qmp hotplug cpu error
53f209af447f libs/kata-types: adjust default_vcpus correctly
3aeaa6459d6c runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
435c8f181a71 acrn: Enable ACRN hypervisor support for Kata 2.x release
c31cf7269ee8 agent: reduce reference count for failed mount
ef5a2dc3bff0 agent: don't exit early if signal fails due to ESRCH
43ae972335f6 kata-sys-util: delete duplicated get_bundle_path
4da743f90b22 packaging: Mount $HOME/.docker in the 1st layer container
067e2b1e33b3 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
5d63fcf34480 runtime: clh: Re-generate the client code
fe610704268c versions: Upgrade to Cloud Hypervisor v27.0
17de94e1187d microvm: Remove kernel_irqchip=on option
ac0483122307 kata-sys-util: fix typo unknow
f89ada2de10a dragonball: update ut for kernel config
a24127659243 versions: Update gperf url to avoid libseccomp random failures
a617a63481bd versions: Update oci version
6d585d591924 dragonball: fix no "as_str" error on Arm
421729f99136 tools: release: fix bogus version check
457b0beaf089 runtime-rs: update Cargo.lock
50299a329224 refactor(runtime-rs): Use RwLock in runtime agent
0e899669eead runtime-rs: fix shim close_io call to support kubectl cp
96cf21fad06a runtime-rs: add comments for runtime-rs shared directory
7676cde0c5c4 workflow: trigger test-kata-deploy with pull_request
f10827357ef6 workflow: require PR num input on test-kata-deploy workflow_dispatch
90ecc015e0a7 Dragonball: update linux_loader to 0.6.0
abc26b00bb27 dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments
9bd941098e37 docs: Update urls in runk documentation
4a763925e54a runtime-rs: support watchable mount
e23bfd615e0c runtime-rs: make function name more understandable
426a43678093 runtime-rs: add unit test and eliminate raw string
87959cb72d2a runtime-rs: debug console support in runtime
d663f110d737 kata-deploy: get the config path from cri options
c6b3dcb67d5f kata-deploy: support kata-deploy for runtime-rs
a394761a5cc7 kata-deploy: add installation for runtime-rs
2caee1f38dce runtime-rs: define VFIO unbind path as a const
20bcaf0e363c runtime-rs: set agent timeout to 0 for stream RPCs
d9e6eb11ae50 docs: Guide to use SNP-VMs with Kata-Containers
ded60173d4b3 runtime: Enable choice between AMD SEV and SNP
22bda0838c77 runtime: Support for AMD SEV-SNP VMs
a2bbd294227d kernel: Introduce SNP kernel
0e69405e16a9 docs: Developer-Guide updated
105eda5b9ac7 runtime: Initrd path option added to config
adb33a412188 packaging: fix typo in configure-hypervisor.sh
9628c7df0c03 runtime: update runc dependency
7fbc883879b5 runtime-rs: drop dependency on rustc-serialize
bf2be0cf7a3b release: Revert kata-deploy changes after 3.0.0-rc0 release
208233288a94 runtime-rs: add test for StaticResource
46965739a4a7 runtime-rs: remove hardcoded string
274de024c532 docs: add README for runtime-rs hypervisor crate
9670a3caacf4 runtime-rs: use Path.is_file to check regular files
a4a23457caa8 osbuilder: Export directory variables for libseccomp
a828292b47aa runtime-rs: add unit tests for network resource
a8a8a28a3426 runtime-rs/resource: use macro to reduce duplicated code
3f65ff2d0740 runtime-rs: fix incorrect comments
86a02c5f6acd kernel: Add crypto kernel config for s390
f914319874f6 runtime: store the user name in hypervisor config
5cafe217703b runtime: make StopVM thread-safe
c3015927a3d3 runtime: add more debug logs for non-root user operation
0399da677da0 runtime-rs: update dependencies
f6f19917a8d1 dragonball: update dragonball-sandbox dependencies
d55cf9ab71dc docs: Update url in virtualization document
7622452f4b19 Dragonball: Fix the problem about stdio console
aaf6d69089b0 runtime-rs: call TomlConfig's validate function after load
5add50aea2d5 runtime-rs: timeout for shim management client
9f13496e135b runtime-rs: shim management client
e891295e10da runtime-rs: shim management - agent-url
59aeb776b0d4 runtime-rs: shim management

Compatibility with CRI-O

Kata Containers 3.1.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.1.0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

2f638b366 release: Kata Containers 3.0.2
98bacb0ef release: Adapt kata-deploy for 3.0.2
178ee3d7e agent: check command before do test_ip_tables
7461bcd76 runtime-rs: change cache mode
123c86717 SEV: Update ReducedPhysBits
98f60c100 clh: Enforce API timeout only for vm.boot request
960f089d3 virtiofsd: fix the build on ppc64le
92f3b11c9 runtime:all APIs are hang in the service.mu
4a5877f45 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
d3b57325e versions: Upgrade to Cloud Hypervisor v28.2
92619c833 runtime: Drop QEMU log file support
4f3db7678 runtime: Collect QEMU's stderr
918c11e46 runtime: Start QEMU undaemonized
8c4507be2 runtime: Launch QEMU with cmd.Start()
a61fba6d4 runtime: Pre-establish the QMP connection
ad9cb0ba5 govmm: Optionally pass QMP listener to QEMU
d6dd99e98 govmm: Optionally start QMP with a pre-configured connection
0623f1fe6 virtiofsd: Not use "link-self-contained=yes" on s390x
5883dc1bd CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
0d7bd066d docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
ac1ce2d30 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
f4d71af45 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
fcc120d49 versions: Upgrade to Cloud Hypervisor v28.1

Compatibility with CRI-O

Kata Containers 3.0.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.2 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.0.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

This release includes several improvements inlcuding:

• Support added for QEMU version v7.2.0
• Upgrade to Cloud Hypervisor v29.0
• Closed gaps around networking support for docker/moby.
• Several runtime-rs improvements including adding support for hugepages
• Improved qemu logging

Shortlog

5988199ad release: Kata Containers 3.1.0-rc0
d144ded12 release: Adapt kata-deploy for 3.1.0-rc0
930488933 docs: Update how-to-use-kata-containers-with-firecracker.md
8e3863cec kata-deploy: Install protobuf-compiler explicitly in shim-v2 Dockerfile
c45391991 runtime: tracing: Fix missing ctx return
ca02c9f51 runtime: add reconnect timeout for vhost user block
67b8f0773 SEV: Update ReducedPhysBits
4139d68d5 runtime-rs: Include target install in conditional branch
c07135535 runtime-rs: Improve s390x error message
4e2db96ef runtime-rs: Don't try to build on Power
2f5bc0f40 kata-ctl: Expand unit tests for CPU check
01765e173 runtime: support cgroup v2 metrics marshal guest metrics
e071d9251 Typo: change tabs in comment to spaces
bdf20b5d2 rootfs: support EROFS filesystem
ed02c8a05 docs: add guide for building rootfs with EROFS
49326fe4e fix(clippy): fix hypervisor clippy checks
fff0e50a7 versions: Update runc version
3c48f2202 runtime: Improve documentation of appendFDs
94b1d9814 cargo: Update Cargo.lock files
f1855594a make: Get rid of verbose output while creating tar
c3836010a make: clean up obsolete targets
f83115a83 docs: Fix missing critical steps in how-to-hotplug-memory-arm64.md
3c24e2340 README: Update Readme under packaging/kernel
d73f3a8a2 github-action: Add step to verify kernel config version id updated
ac64b021a clh: Enforce API timeout only for vm.boot request
56071c6e7 virtiofsd: change cache mod to const
5d37d31ac cgroups: upgrade cgroupfs to 0.3.1
ab59a65c9 runtime-rs: neglect a certain error when delete cgroup
56f0a27fe kernel: Add console kernel config for s390
390916b33 runtime: remove not used shim configurations
9794c52c6 improvement: Fix naming conventions for span name and log subsystem
57c5e5629 Dragonball: add cpu resize ability
59f104c02 runtime: skip unit test that fail regularly on aarch64
b7dd97cac kata-ctl: fix permission deny issue in test_add_remove
f49b89b63 CI: Set docker version to v20.10 in ubuntu:20.04 for s390x|ppc64le
856ab6687 virtiofsd: fix the build on ppc64le
1e531b44d runtime:fix stat uds path
3a63e3c1f cni: Update cni plugins version to 1.2.0
510798155 dragonball: Improve test cases
dc90c6e30 dragonball: add more unit test for vm
334c4b8bd runtime: Drop QEMU log file support
00dcd900f docs: Add documentation for building agent with seccomp support.
8e8c720d5 kata-deploy-push: Ensure we build Dragonball specific kernel
b7f4e96ff kata-deploy-test: Ensure we build dragonball specific kernel
063dec37c release: Add the dragonball-experimental kernel
0b3c91d2a kata-deploy: Add kernel-dragonball-experimental target
6199b6917 runtime-rs: change cache mode
a33a22ccd runtime-rs: add missing config section for share-fs
9092c23a2 runtime: Add hmp for qemu
9f490d16f upcall: add document for upcall
39fe4a4b6 runtime: Collect QEMU's stderr
a5319c6be runtime: Start QEMU undaemonized
bf4e3a618 runtime: Launch QEMU with cmd.Start()
8a1723a5c runtime: Pre-establish the QMP connection
8a4f08cb0 govmm: Optionally pass QMP listener to QEMU
219bb8e7d govmm: Optionally start QMP with a pre-configured connection
2b779cba0 docs: Update url link in QAT documentation
a85d0e465 versions: update cni plugins version
861c38b6a versions: Upgrade to Cloud Hypervisor v29.0
ba87e0afe runtime: Use consts in kata-runtime check
676d02850 versions: Bump QEMU to v7.2.0
bf8848f92 agent: Eliminate unnecessary metrics
69fc8de71 runtime:all APIs are hang in the service.mu
8d4c2cf1b kata-ctl: Allow certain constants to go unused
64c11a66f kata-ctl: Have function to get cpu details to run on specific arch
594b57d08 utils: Add utility functions to get cpu and distro details.
d33e34361 check: Move PROC_CPUINFO from architecture specific files
596037e20 versions: Update conmon version
cf1bae352 runtime: paas enablevhostuserstore annotation to hypervisor config
095e8fdef runk: Use the original Kill command instead of the customed it.
0f9e23a3d runk: Upgrade liboci-cli to v0.0.4
8551853cf runtime: use system pagesize for hugepage test
1592a385e dependency: update cgroups-rs
76437a972 runtime: Use git rev-parse for the kata-monitor tag
923cd3fda virtcontainers: split out Linux parts from mount
60ff230d8 virtcontainers: Split the factory package into Linux and Darwin bits
a9626682a virtcontainers: resourcecontrol: Add skeleton for Darwin
ea06fe3af virtcontainers: Add a Network API skeleton for Darwin
73216a810 vendor: revendor netlink to get latest
6ee550e9a runtime: vCPUs pinning is sandbox specific, not hypervisor
e3d3b72fa virtcontainers: use resource control for setting CPU affinity
f137048be resource-control: add helper function for setting CPU affinity
fc17d7cc4 virtcontainers: Fix misspelling in error message
7eb43cec1 runtime: add test generated file to .gitignore
12fd6ffc1 runtime: fix up disable_netns handling
f8a48ab41 docs: add hint of probing loop module
64c9114a3 tools: add --locked option for cargo install
464d4c94d runtime-rs: process single_container
5f9c892e4 kata-types: add single_container support
fafc7a8b1 virtcontainers: tests: Ensure Linux specific tests are just run on Linux
86a82cace runtime: change cache mode from none to never
82c59efd6 runtime-rs: change cache mode from none to never
7b309b578 kata-types: change cache mode from none to never
fee4e7c7c docs: change cache mode from none to never
f8a93a1de tools: Fix indentation for setup aks script
d48b22bb1 virtcontainers: fs_share: add Darwin skeleton
fa9ae9362 virtcontainers: Add a Virtualization.framework skeleton
03de5f41b kata-ctl: remove get_kata_version_by_url function
c21a8d5ff kata-ctl: fix build error on s390x
9ec8a1398 virtcontainers: introduce hypervisor_darwin
3b4420eb8 runtime: Define Darwin handled signals list
3886aad19 nydus: net-ns handling needs to be only executed on Linux hosts
efa4fc0b2 clh: Add hotplug support for network devices
1074d2c1d clh: Make vmAddNetPutRequest capable of doing hotplugs
85f9094f1 agent: refactor guest hooks
8bb68a9f2 vc/network: skip existing endpoints when scanning for new ones
d08538912 vc: fix up UT for CreateSandbox API change
578a9c25f vc: rescan network endpoints after running prestart hooks
cb84b0fb0 katautils: run prestart hooks after starting VM
24b05a99b schedcore: Make buildable on !linux
31591d791 dragonball: fix unit test failure case about Kvm.
2b02e0a9b dragonball: add more unit test for vcpu manager
e256903af runtime-rs: cleanup the run dir of hypervisor when shut down
937a41346 kata-ctl: add unit tests for volume ops
8451db7c0 kata-ctl: direct-volume: add Add and Remove handlers
2d4b2cf72 runtime-rs: add POST method to shim-client
cae78a685 kata-ctl: add constants for direct-volume commands
86ee24b33 Runtime: Clarify mutability of global var
dae667062 kata-runtime: add rust runtime path for kata-runtime exec
652021ad9 versions: Upgrade to Cloud Hypervisor v28.1
a2e3715e0 upcall: remove upcall client when stopping vm
360506225 runtime-rs: add dbs-upcall feature
56e7b5d0f runtime/Makefile: Get some bits happy on darwin
b4b5d8150 docs: remove old and misleading instructions for minikube
0fe24e08b packaging: fix indents in build-kernel.sh
ecb28e2b1 kernel: adding kmod to do docker env
079462d2e runk: Fix needless_borrow warning
2c24fcf34 runtime-rs: Fix clippy::bool-to-int-with-if warnings
025e78341 runtime-rs: Fix needless_borrow warnings
4fb163d57 runtime-rs: Allow clippy:box_default warnings
20121fcda runtime-rs: Fix unnecessary_cast warnings
b95364a14 dragonball: Allow question_mark warning in allocate_device_resources()
0b2f060bf dragonball: Fix unnecessary_cast warnings
a545a6593 agent: Allow clippy::question_mark warning in Namespace{}
9ced34dd2 agent: Fix explicit_auto_deref warnings
f77220490 agent: Fix needless_borrow warnings
7bcdc9049 rustjail: Fix unnecessary_cast warnings
41d7dbaae rustjail: Fix needless_borrow warnings
2a73e057d kata-types: Fix unnecessary_cast warnings
cf9ef1833 kata-types: Fix needless_borrow warnings
126187e81 safe-path: Fix needless_borrow warnings
bb78d35db kata-sys-util: Fix "match-like-matches-macro" warning
668e65240 kata-sys-util: Fix unnecessary_cast warnings
c1a8d89a7 kata-sys-util: Fix needless_borrow warnings
c9c38e6d0 logging: Allow clippy::type-complexity warning
ffd6fbb6b logging: Fix needless_borrow warnings
60df30015 protocols: Fix unnecessary_cast warnings
0bbeb34b4 protocols: Fix needless_borrow warnings
dfea6c7d2 versions: Update the rust toolchain to 1.66.0
03a0c9d78 kata-ctl: skip test if access GitHub.com fail
1dcbda3f0 kata-ctl: update Cargo.lock
087515a46 agent: unset CC for cross-build
afaf17f42 runtime-rs: enable container hugepage
fc4a67eec runtime-rs: enable vm hugepage
fd77eebd4 runtime-rs: fix the issues mentioned in the code review
0e6920790 runtime-rs: Clean up mount points shared to guest
3480780bd kata-ctl: add check framework support for non-x86
1bd533f10 kata-ctl: let check framework arch-agnostic

Compatibility with CRI-O

Kata Containers 3.1.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-rc0 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.1.0-rc0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

ea74df127 release: Kata Containers 3.0.1
c712057ae release: Adapt kata-deploy for 3.0.1
bc5bbfa60 versions: update nydusd version
0afcc57a9 package: add nydus to release artifacts
bd797edde kata-deploy: Fix the pod of kata deploy starts to occur an error
9cf1af873 runtime: clh: Re-generate the client code
4d6ca7623 versions: Upgrade to Cloud Hypervisor v28.0
719017d68 clh: return faster with dead clh process from isClhRunning
569ecdbe7 clh: fast exit from isClhRunning if the process was stopped
fa8a0ad49 clh: don't try to stop clh multiple times
8fbf862fa cloud-hypervisor: Fix GetThreadIDs function
9141acd94 versions: Update Cloud Hypervisor to b4e39427080
9a0ab92f6 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
f3eac35b5 runtime: clh: Re-generate the client code
8a7e0efd1 versions: Upgrade to Cloud Hypervisor v27.0
9cf1af873 runtime: clh: Re-generate the client code
4d6ca7623 versions: Upgrade to Cloud Hypervisor v28.0
719017d68 clh: return faster with dead clh process from isClhRunning
569ecdbe7 clh: fast exit from isClhRunning if the process was stopped
fa8a0ad49 clh: don't try to stop clh multiple times
8fbf862fa cloud-hypervisor: Fix GetThreadIDs function
9141acd94 versions: Update Cloud Hypervisor to b4e39427080
9a0ab92f6 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
f3eac35b5 runtime: clh: Re-generate the client code
8a7e0efd1 versions: Upgrade to Cloud Hypervisor v27.0
a152f6034 runk: Ignore an error when calling kill cmd with --all option
50bf4434d log-parser: Simplify check
74791ed38 runtime: Fix gofmt issues
778ebb6e6 golang: Stop using io/ioutils
b5661e988 versions: Update golangci-lint
88c13b682 versions: bump containerd version
b8ce291dd build: update golang version to 1.19.2
f5e5ca427 github: Parallelise static checks
eaa7ab746 snap: Unbreak docker install
8d2fd2449 snap: Use metadata for dependencies
ab83ab6be snap: Build virtiofsd using the kata-deploy scripts
1772df5ac snap: Create a task for installing docker
2e4958644 virtiofsd: Build inside a container

Compatibility with CRI-O

Kata Containers 3.0.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.1 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.0.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

b0896126c release: Kata Containers 3.1.0-alpha1
74fa10a23 docs: remove duplicate sentences
ebe5c5adf docs: Update virtiofsd build script in the developer guide Script to execute to build virtiofsd has been changed in #5426 but not in the doc. This commit update the developer guide.
d14c3af35 dragonball: refactor legacy device initialization
21ec766d2 docs: add documents for using bundle to start container
ca39a07a1 runtime-rs: enable start container from bundle
9f465a58a kernel: Add "unload" module to SEV config
ae0dcacd4 tools: Add some new gitignore items
99485d871 shim: return hypervisor's pid not shim's pid
a81ced0e3 upcall: add upcall into kernel build script
f5c34ed08 Dragonball: introduce upcall
fbf294da3 refactor(shim-mgmt): move client side to libs
b5cfd0958 kata-ctl: Fixed format for check release options
8dbfc3dc8 kata-ctl: Fixed format for check release options
f3091a9da kata-ctl: Add kata-ctl check release options
1f28ff683 runtime-rs: add binary to exercise shim proper w/o containerd dependencies
eb8c9d38f runtime-rs: add launch of a simple qemu process to start_vm()
2f6d0d408 runtime-rs: support qemu in VirtContainer
1413dfe91 runtime-rs: add basic empty boilerplate for qemu driver
a577df8b7 tools: Fix indentation on build kernel script
4661ea8d3 runtime-rs: fix standalone share fs
79cf38e6e runtime-rs: clear OCI spec namespace path
62f4603e8 runtime-rs: reset rdma cgroup
5b6596f54 runtime-rs: CreateContainerRequest has Default
e9e82ce28 runtime-rs: fix is_pid_namespace_enabled check
78532154d docs: Add description for guest SELinux support
c617bbe70 runtime: Pass SELinux policy for containers to the agent
935476928 agent: Add SELinux support for containers
a75f99d20 osbuilder: Create guest image for SELinux
a9c746f28 kernel: Add kernel configs for SELinux
8079a9732 kata-sys-util: fix issues where umount2 couldn't get the correct path
7fdbbcda8 agent: Drop the Option for LinuxContainer.cgroup_manager
c5abc5ed4 config: speed up rng init when kernel boot for arm64
b087667ac kata-deploy: Fix the pod of kata deploy starts to occur an error
3e6114b2e tools: Fix indentation for ovmf script
d04d45ea0 runtime: use pidfd to wait for processes on Linux
e9ba0c11d runtime: use exponential backoff for process wait
71491a69c runtime: move process wait logic to another function
92ebe61fe runtime: reap force killed processes
0019d653d runtime-rs: fix high cpu
748f22e7d agent: remove sysinfo dependency
fdf0a7bb1 runtime-rs: fix the issues mentioned in the code review
1d823c4f6 runtime-rs: umount and permission controls in sandbox level
527b87141 runtime-rs: bind mount volumes in sandbox level
46b38458a docs: Update the rust version in the installation documentation
9ccf2ebe8 agent: add signal value to log
fb2c142f1 runtime-rs: fix some variable names and typos
a5e4cad4b kata-ctl: add host check for aarch64
737420469 kata-ctl: fix dependency version conflict
f7fc436be workflow: fix cargo-deny-runner.yaml syntax error
d4321ab48 runtime: Add identification in version for runtime-rs
89574f03f workflow: call cargo in user's $PATH
67fe703ff runtime-rs: remove the version number from the commit display message
e12db92e4 runk: Re-implement start operation using the agent codes
f443b7853 build: update golang version to 1.19.3
86cb05883 snap: Fix snapcraft setup (unbreak snap releases)
1d93a9346 fix(agent): fix iptables binary path in guest
2edbe389d runtime-rs: moving only vCPU threads into sandbox controller
cd85a44a0 tools: Remove extra tab spaces from kata deploy binaries script
e723bad0a ci: let static checks don't depend on build
69aae0227 actions: use matrix to refactor static checks
d7bb4b551 agent: support systemd cgroup for kata agent
340e24f17 actions: skip some job using "paths-ignore" filter
1dfd845f5 runtime: go fix code for 1.19
2426ea9bd doc: update runtime-rs "Build and Install"
4b45e1386 runtime: don't fail mkdir if the folder is already created
cb199e0ec kernel: add CONFIG_X86_SGX into whitelist
b987bbc57 runtime-rs: block on the current thread when setup the network
6b2ef66f0 runtime-rs: add conditional compile for virt-sandbox persist
30a7ebf43 runtime: Log invalid devices in QEMU config
2539f3186 runtime: Use containerd v1.6.8
a4099dab8 tools: Fix indentation of build static firecracker script
abb9ebeec package: add nydus to release artifacts
b53171b60 agent: check command before do test_ip_tables
3bb145c63 runtime: Support virtiofs queue size for qemu and make it configurable
993d05a42 docs: change mount-info.json to mountInfo.json
6c1e153a6 docs: update doc "NVIDIA GPU passthrough"
d808adef9 runtime-rs: support vhost-vsock
e80a9f09f utils: Add utility function to fetch the kernel version.
a636d426d versions: update nydusd version
c46814b26 runtime-rs:support nydus v5 and v6
36545aa81 runtime: clh: Re-generate the client code
f4b02c224 versions: Upgrade to Cloud Hypervisor v28.0
e4a6fbadf docs: update doc "Setup swap device in guest kernel"
2f5f575a4 log-parser: Simplify check
d94718fb3 runtime: Fix gofmt issues
16b837509 golang: Stop using io/ioutils
66aa330d0 versions: Update golangci-lint
b3a4a1629 versions: bump containerd version
eab8d6be1 build: update golang version to 1.19.2
e80dbc15d runtime-rs: workaround Dragonball compilation problem
c3f1922df fix(fmt): fix cargo fmt to pass static check
a04afab74 qemu: early exit from Check if the process was stopped
7e481f217 qemu: set stopped only if StopVM is successful
0e3ac66e7 clh: return faster with dead clh process from isClhRunning
9ef68e0c7 clh: fast exit from isClhRunning if the process was stopped
2631b08ff clh: don't try to stop clh multiple times
8be081730 tools: Fix indentation of build static virtiofsd script
3e9c3f12c docs: Fix configuration path
936fe35ac runtime-rs : fix shim source is ambiguous
f45fe4f90 versions: update vmm-sys-util and related crates to v0.11.0
29c75cf12 runtime-rs: delete all cargo patches
f8f97c1e2 feat(shim-mgmt): iptables handler
9f70a6949 tools: Remove empty spaces from build kernel script
57336835d dragonball: add more unit test for device manager
233370023 dragonball: add test utils.
2adb1c182 Dragonball: enable mem_file_path config into hugetlbfs process
fef8e92af runtime-rs:add hypervisor interface capabilities
daeee26a1 cloud-hypervisor: Fix GetThreadIDs function
40d514aa2 github: Parallelise static checks
27b191358 runtime-rs: blanks filled & fixes made to virtiofsd launch
2508d39b7 runtime: added vcpus pinning logics Core VCPU threads pinning logics for issue 4476. Also provided docs.
b74c18024 runtime-rs: fix shared volume permission issue
16dca4ecd runk: Ignore an error when calling kill cmd with --all option
df092185e runk: Upgrade libseccomp crate to v0.3.0 in Cargo.lock
990e6359b snap: Unbreak docker install
ca69a9ad6 snap: Use metadata for dependencies
39363ffbf runtime: remove same function
0ed7da30d tools: Fix indentation of build static clh script
43fcb8fd0 virtiofsd: Not use "link-self-contained=yes" on s390x The compile option link-self-contained=yes asks rustc to use C library startup object files that come with the compiler, which are not available on the target s390x-unknown-linux-gnu. A build does not contain any startup files leading to a broken executable entry point (causing segmentation fault).
c0f5bc81b cargo: Add Cargo.lock to version control
474927ec9 gitignore: Add gitignore file
699f821e1 utils: Add function to drop priveleges
a6fb4e2a6 versions: bump golangci-lint version
b015f34af runtime-rs: generate config files with the default target
219919e9f docs: Fix volumeMounts in SGX usage example
9d286af7b versions: Update Cloud Hypervisor to b4e39427080
144efd1a7 docs: update rust runtime installation guide
cbd84c3f5 rustjail: Upgrade libseccomp crate to v0.3.0
748be0fe3 makefile: remove sudo when create symbolic link
44d8de892 agent: remove redundant checks
89e62d4ed shim: Ensure pagesize is set when reporting hugetbl stats
e95089b71 kata-ctl: add basic cpu check for s390x
871d2cf2c kata-ctl: Limit running tests to x86 and use native-tls on s390x
9f2c7e47c Revert "kata-ctl: Disable network check on s390x"
081ee4871 agent: use NLM_F_REPLACE replace NLM_F_EXCL in rtnetlink
abf4f9b29 docs: kata 3.0 Architecture fix readme content error
72738dc11 agent: validate hugepage size is supported
f74e328ff Makefile: fix an typo in runtime-rs makefile
227e717d2 qemu: Re-work static-build Dockerfile
9c1ac3d45 runtime-rs: return port on agent-url req
f205472b0 Makefile: regulate the comment style for the runtime-rs comments
ac403cfa5 doc: Update how-to-run-kata-containers-with-SNP-VMs.md
00981b3c0 kata-ctl: Disable network check on s390x
c322d1d12 kata-ctl: arch: Improve check call
0bc5baafb snap: Build virtiofsd using the kata-deploy scripts
cb4ef4734 snap: Create a task for installing docker
7e5941c57 virtiofsd: Build inside a container
9717dc3f7 Dragonball: remove redundant comments in event manager
35d52d30f versions: Update TDX QEMU
4d9dd8790 runtime-rs: fix typo get_contaier_type to get_container_type
70676d4a9 kata-ctl: improve command descriptions for consistency
86ad832e3 runtime-rs: force shutdown shim process in it can't exit
9eb73d543 versions: Update TDX kernel
1f1901e05 dragonball: fix clippy warning for aarch64
a343c570e dragonball: enhance dragonball ci
6a64fb0eb ci: skip s390x for dragonball.
a743e37da Dragonball: delete redundant comments in blk_dev_mgr
00a42f69c kata-ctl: cargo: 2021 -> 2018
fb6327474 kata-ctl: rustfmt + clippy fixes
2b345ba29 build: Add kata-ctl to tools list
f7010b806 kata-ctl: docs: Write basic documentation
781e604c3 docs: Reference kata-ctl README
15c343cbf kata-ctl: Don't rely on system ssl libs
c23584994 kata-ctl: clippy: Resolve warnings and reformat
133690434 kata-ctl: implement CLI argument --check-version-only
eb5423cb7 kata-ctl: switch to use clap derive for CLI handling
018aa899c kata-ctl: Add cpu check
7c9f9a5a1 kata-ctl: Make arch test run at compile time
b63ba66dc kata-ctl: Formatting tweaks
cca7e32b5 kata-ctl: Lint fixes to allow the branch to be built
8e7bb8521 kata-ctl: add code for framework for arch
303fc8b11 kata-ctl: Add unit tests cases
d0b33e9a3 versions: Add kata-ctl version entry
002b18054 kata-ctl: Add initial rust code for kata-ctl
8d4ced3c8 runtime-rs: support ephemeral storage for emptydir
862eaef86 docs: fix a typo in rust-runtime-installation-guide
26c043dee ci: Add dragonball test
b62b18bf1 dragonball: fix clippy warning
2ddc948d3 Makefile: add dragonball components.
3fe81fe4a dragonball-ut: use skip_if_not_root to skip root case
72259f101 dragonball: add more unit test for vmm actions
046ddc646 readme: remove libraries mentioning

Compatibility with CRI-O

Kata Containers 3.1.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-alpha1 is compatible with contaienrd v1.6.8

OCI Runtime Specification

Kata Containers 3.1.0-alpha1 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Release 3.0.0

kata-containers Changes

• A new runtime implementation based on Rust
• An optional builtin sandboxing functionality with rust-vmm based hypervisor dragonball
• GPU VFIO passthrough support
• Support host cgroup v2
• Support drop-in config files
• Support shimv2 logging plugin
• Agent support FSGroup
• A new safe-path library to handle path calculation safely for rust components
• A few new subcommands of runk
• Switch from C version virtiofsd to virtiofsd-rs
• Support enabling QEMU sandbox feature
• io_uring as IO mechanism for QEMU
• Support for virtio-blk device multiqueue simulation for QEMU and Cloud-hypervisor
• intel TDX support for QEMU and Cloud-hypervisor
• QEMU updated to v6.2.0
• Cloud-hypervisor upgraded to v26.0
• Firecracker updated to v1.1.0
• Guest kernel upgraded to v5.19.2

Shortlog

63495cf43 release: Kata Containers 3.0.0
fb4430549 release: Adapt kata-deploy for 3.0.0
20c02528e agent: reduce reference count for failed mount
3eb6f5858 agent: don't exit early if signal fails due to ESRCH
8dc8565ed versions: Update gperf url to avoid libseccomp random failures
740e7e2f7 kata-sys-util: fix typo unknow
727f233e2 release: Kata Containers 3.0.0-rc1
babab160b tools: release: fix bogus version check
af22e7137 osbuilder: Export directory variables for libseccomp
d663f110d kata-deploy: get the config path from cri options
c6b3dcb67 kata-deploy: support kata-deploy for runtime-rs
a394761a5 kata-deploy: add installation for runtime-rs
b0c5f040f runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e05 runtime-rs: fix incorrect comments
43b0e9580 runtime: store the user name in hypervisor config
81801888a runtime: make StopVM thread-safe
fba39ef32 runtime: add more debug logs for non-root user operation
63309514c runtime-rs: drop dependency on rustc-serialize
e229a03cc runtime: update runc dependency
583591099 release: Kata Containers 3.0.0-rc0
be242a3c3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c324 runtime-rs: delete some allow(dead_code) attributes
fc9c6f87a kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be715 libs/kata-types: change return type of getting CPU period/quota
2b1d05857 runtime-rs: fix host device check pattern
62cf6e6fc runtime-rs: remove meaningless comment
84268f871 runtime-rs: update rust runtime roadmap
bcf6bf843 runk: Enable seccomp support by default
36d805fab config: add "inline-virtio-fs" as a "shared_fs" type
85b49cee0 runtime-rs: add README.md
968c2f6e8 runk: Refactor container builder
b948a8ffe kernel: fix kernel tarball name for SEV
50f912615 libs/kata-types: replace tabs by spaces in comments
566656b08 gperf: point URL to mirror site
d23779ec9 Revert "agent: fix unittests for arp neighbors"
d340564d6 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37bad kata-deploy: Add debug statement
e879270a0 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f240 docs: fix unix socket address in agent-ctl doc
41ec71169 runtime-rs: split amend_spec function
ff7c78e0e runtime-rs: static resource mgmt default to false
00f3a6de1 runtime-rs: make static resource mgmt idiomatic
4a54876dd runtime-rs: support static resource management functionality
52bbc3a4b cargo.lock: update crates to comply with checks
aa581f4b2 cargo.toml: Add oci to src/libs workplace
7914da72c cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab7e github-actions: Add cargo-deny
373dac2db qemu: Keep passing BUILD_SUFFIX
59e3850bf qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d0175 qemu: fix tdx qemu tarball directories
9997ab064 sandbox_test: Add test to verify memory hotplug behavior
f390c122f sandbox: don't hotplug too much memory at once
e0142db24 hypervisor: Add GetTotalMemoryMB to interface
e83b82131 docs: Update url in the Developer Guide
0ab49b233 release: Kata Containers 3.0.0-alpha1
b1a8acad5 versions: Update cni plugins version
749a6a248 docs: Specify language in markdown for syntax highlight
a1fdc0827 kernel: Re-work get_tee_kernel()
a6581734c kernel: Whitelist cleanup
cce99c5c7 runtime-rs: delete socket from shim command-line options
c75970b81 dragonball: add more unit test for config manager
dc32c4622 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91dac osbuilder: add systemd symlinks for kata-agent
731d39df4 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e98c kata-deploy: export CI in the build container
4f90e3c87 kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d903734 github-actions: Auto-backporting
a355812e0 runtime-rs: fixed bug on core-sched error handling
591dfa4fe runtime-rs: add support for core scheduling
92f7d6bf8 ci: Use versions.yaml for the libseccomp
b535bac9c runk: Add cli message for init command
c08a8631e agent: add some logs for mount operation
c1e3b8f40 govmm: Refactor qmp functions for adding block device
598884f37 govmm: Refactor code to get rid of redundant code
00860a7e4 qmp: Pass aio backend while adding block device
e1b49d758 config: Add block aio as a supported annotation
ed0f1d0b3 config: Add "block_device_aio" as a config option for qemu
b6cd2348f govmm: Add io_uring as AIO type
81cdaf077 govmm: Correct documentation for Linux aio.
763ceeb7b logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99e1 kata-deploy: fix threading conflicts
0a6f0174f kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4f7 agent-ctl: fix clippy error
4b57c04c3 runtime-rs: support loading kernel modules in guest vm
dc90eae17 qemu: Drop unnecessary tdx_guest kernel parameter
d4b67613f clh: Use HVC console with TDX
c0cb3cd4d clh: Avoid crashing when memory hotplug is not allowed
9f0a57c0e clh: Increase API and SandboxStop timeouts for TDX
c142fa254 clh: Lift the sharedFS restriction used with TDX
bdf8a57bd runk: Move delete logic to libcontainer
a06d819b2 runtime: cri-o annotations have been moved to podman
ffd1c1ff4 agent-ctl/trace-forwarder: udpate thread_local dependency
69080d76d agent/runk: update regex dependency
e0ec09039 runtime-rs: update async-std dependency
326f1cc77 agent: enrich some error code path
4f53e010b agent: skip test_load_kernel_module if non-root
f508c2909 runtime: constify splitIrqChipMachineOptions
2b0587db9 runtime: VMX is migratible in vm factory case
fa09f0ec8 runtime: remove qemuPaths
a6fbaac1b runk: add pause/resume commands
8e201501e kernel: fix for set_kmem_limit error
00aadfe20 kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d63e kernel: upgrade guest kernel support to 5.19.2
57bd3f42d runtime-rs: plug drop-in decoding into config-loading code
87b97b699 runtime-rs: add filesystem-related part of drop-in handling
cf785a1a2 runtime-rs: add core toml::Value tree merging
09672eb2d agent: do some rollback works if case of do_create_container failed
8ff5c10ac network: Fix error message for setting hardware address on TAP interface
3a597c274 runtime: clh: Use the new 'payload' interface
16baecc5b runtime: clh: Re-generate the client code
50ea07183 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c61 runtime: tracing: End root span at end of trace
78231a36e ci: Update libseccomp version
338c28295 dep: update nix dependency
3829ab809 docs: Update CRI-O target link
34746496b libs/test-utils: share test code by create a new crate
eab7c8f28 runtime-rs: delete vergen dependency
6d6c06869 workflow: trigger release for 3.x releases
4d7f3edba runtime-rs: support the functionality of cleanup
5aa83754e runtime-rs: support save to persist file and restore
3e9077f6e docs: Update url in containerd documentation
52133ef66 release: Kata Containers 3.0.0-alpha0
c280d6965 runtime-rs: delete route model
caada34f1 runtime-rs: fix design doc's typo
b61dda40b docs: use curl as default downloader for runtime-rs
ca9d16e5e runtime-rs: update Cargo.lock
99a7b4f3e workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e9f workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e646 versions: Update libseccomp version
b82819015 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169ef Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc42c runtime-rs:update rtnetlink version
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
931251105 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
8b0e1859c Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390c2 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653ba libs: fix CI error for protocols
993ae2408 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb03 Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11fc5 runtime-rs: fix stdin hang in azure
50b0b7cc1 Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
129335714 Merge pull request #4727 from openanolis/anolis-fix-network
71384b60f Merge pull request #4713 from openanolis/adjust_default_vcpu
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
57c556a80 runtime-rs: fix stop failed in azure
3f4dd92c2 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a03f Merge pull request #4721 from openanolis/install-guide-2
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
534a4920b Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd584 docs: add rust environment setup for kata 3.0
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d57e runtime-rs: support disable_guest_seccomp
540303880 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5d9 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a658167 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef80d Runtime-rs: add installation guide for rust-runtime
4c3bd6b1d Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7f7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
758cc47b3 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d00f Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db64 runtime-rs: add unit test for ipvlan endpoint
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
2b01e9ba4 dragonball: fix warning
996a6b80b kata-sys-util: upgrade nix version
9f49f7adc Merge pull request #4493 from openanolis/runtime-rs-dev
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
f3335c99c Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3c9 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
58b0fc479 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e72 docs: add Dragonball to hypervisors
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
30da3fb95 Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
514b4e723 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
59cab9e83 Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
18093251e Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2f3 runtime-rs:refactor network model with netlink
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
9c526292e runtime-rs:refactor network model with netlink
12c1b9e6d Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd8b Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
98f041ed8 Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f49f Merge branch 'main' into runtime-rs
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
f23d7092e Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit
9cb15ab4c agent: add the FSGroup support
ff7874bc2 protobuf: upgrade the protobuf version to 2.27.0
06f398a34 runtime-rs: use withContext to evaluate lazily
fd4c26f9c runtime-rs: support network resource
4be7185aa runtime-rs: runtime part implement
10343b1f3 runtime-rs: enhance runtimes
9887272db libs: enhance kata-sys-util and kata-types
3ff0db05a runtime-rs: support rootfs volume for resource
234d7bca0 runtime-rs: support cgroup resource
75e282b4c runtime-rs: hypervisor base define
bdfee005f runtime-rs: service and runtime framework
4296e3069 runtime-rs: agent implements
d3da156ee runtime-rs: uint FsType for s390x
e705ee07c runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e19 runtime-rs: modify the review suggestion
278f843f9 runtime-rs: shim implements for runtime-rs
641b73610 libs: enhance kata-sys-util
69ba1ae9e trans: fix the issue of wrong swapness type
d2a9bc667 agent: agent-protocol support async
aee9633ce libs/sys-util: provide functions to execute hooks
8509de0ae libs/sys-util: add function to detect and update K8s emptyDir volume
6d59e8e19 libs/sys-util: introduce function to get device id
5300ea23a libs/sys-util: implement reflink_copy()
1d5c898d7 libs/sys-util: add utilities to parse NUMA information
87887026f libs/sys-util: add utilities to manipulate cgroup
ccd03e2ca libs/sys-util: add wrappers for mount and fs
45a00b4f0 libs/sys-util: add kata-sys-util crate under src/libs
48c201a1a libs/types: make the variable name easier to understand
b9b6d70aa libs/types: modify implementation details
05ad026fc libs/types: fix implementation details
d96716b4d libs/types:fix styles and implementation details
6cffd943b libs/types:return Result to handle parse error
6ae87d9d6 libs/types: use contains to make code more readable
45e5780e7 libs/types: fixed spelling and grammer error
2599a06a5 libs/types:use include_str! in test file
8ffff40af libs/types:Option type to handle empty tomlconfig
626828696 libs/types: add license for test-config.rs
97d8c6c0f docs: modify move-issues-to-in-progress.yaml
8cdd70f6c libs/types: change method to update config by annotation
e19d04719 libs/types: implement KataConfig to wrap TomlConfig
387ffa914 libs/types: support load Kata agent configuration from file
69f10afb7 libs/types: support load Kata hypervisor configuration from file
21cc02d72 libs/types: support load Kata runtime configuration from file
5b89c1df2 libs/types: add kata-types crate under src/libs
4f62a7618 libs/logging: fix clippy warnings
6f8acb94c libs: refine Makefile rules
7cdee4980 libs/logging: introduce a wrapper writer for logging
426f38de9 libs/logging: implement rotator for log files
392f1ecdf libs: convert to a cargo workspace
575df4dc4 static-checks: Allow Merge commit to be >75 chars
2ae807fd2 nydus: wait nydusd API server ready before mounting share fs
8a4e69008 versions: Update TD-shim due to build breakage
065305f4a agent-ctl: Add an empty [workspace]
1444d7ce4 packaging: Create no_patches.txt for the SPR-BKC-PC-v9.6.x
c8d4ea84e docs: Improve SGX documentation
85f4e7caf runtime: explicitly mark the source of the log is from qemu.log
d8ad16a34 runtime: add unlock before return in sendReq
889557ecb docs: add back host network limitation
230a22905 runk: add ps sub-command
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
8bbffc42c runtime-rs:update rtnetlink version
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
c5452faec docs: Improve SGX documentation
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
86ac653ba libs: fix CI error for protocols
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
b06bc8228 versions: Track and add support for building TD-shim
9b1940e93 versions: update rust version
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0e24f47a4 agent: log RPC calls for debugging
fa0b11fc5 runtime-rs: fix stdin hang in azure
57c556a80 runtime-rs: fix stop failed in azure
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
326eb2f91 versions: Update runc version
f690b0aad qemu: Add liburing to qemu build
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
f5aa6ae46 agent: Fix stream fd's double close problem
d93e4b939 container: kill all of the processes in this container
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
fa85fd584 docs: add rust environment setup for kata 3.0
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
54f53d57e runtime-rs: support disable_guest_seccomp
9ae2a45b3 cgroups: remove unnecessary get_paths()
df79c8fe1 versions: Update firecracker version
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
4331ef80d Runtime-rs: add installation guide for rust-runtime
62182db64 runtime-rs: add unit test for ipvlan endpoint
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
996a6b80b kata-sys-util: upgrade nix version
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
2b01e9ba4 dragonball: fix warning
f59939a31 runk: Support exec sub-command
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
be31207f6 clh: Don't crash if no network device is set by the upper layer
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
1a25afcdf kernel: Allow passing the URL to download the tarball
80c68b80a kernel: Deduplicate code used for building TEE kernels
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
939959e72 docs: add Dragonball to hypervisors
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
e57a1c831 build: Mark git repos as safe for build
efdb92366 build: Fix clh source build as normal user
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
4d89476c9 runtime: Fix DisableSelinux config
57c2d8b74 docs: Update URL links for containerd documentation
2551924bd docs: delete CRI containerd plugin statement
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
0e40ecf38 tools/snap: simplify nproc
3bafafec5 action: extend commit message line limit to 150 bytes
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
07231b2f3 runtime-rs:refactor network model with netlink
9c526292e runtime-rs:refactor network model with netlink
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
86123f49f Merge branch 'main' into runtime-rs
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit

Compatibility with CRI-O

Kata Containers 3.0.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Release 3.1.0-alpha0

kata-containers Changes

• runtime: Support for AMD SEV-SNP VMs
• runtime-rs: debug console support in runtime
• runtime-rs: support watchable mount
• runtime-rs/agent locking optimization
• Cloud Hypervisor support upgraded to v27.0
• various bugfix and CI improvements

Shortlog

ee74231b1 release: Kata Containers 3.1.0-alpha0
102a9dda7 workflow: Revert "workflow: trigger test-kata-deploy with pull_request"
68e8a86ae runtime: fix incorrect comment for SetFsSharingSupport function
04bbce8dc virtcontainers: add warn log record for qmp hotplug cpu error
53f209af4 libs/kata-types: adjust default_vcpus correctly
3aeaa6459 runtime-rs: delete duplicated PASSTHROUGH_FS_DIR const
435c8f181 acrn: Enable ACRN hypervisor support for Kata 2.x release
c31cf7269 agent: reduce reference count for failed mount
ef5a2dc3b agent: don't exit early if signal fails due to ESRCH
43ae97233 kata-sys-util: delete duplicated get_bundle_path
4da743f90 packaging: Mount $HOME/.docker in the 1st layer container
067e2b1e3 runtime: clh: Use the new API to boot with TDX firmware (td-shim)
5d63fcf34 runtime: clh: Re-generate the client code
fe6107042 versions: Upgrade to Cloud Hypervisor v27.0
17de94e11 microvm: Remove kernel_irqchip=on option
ac0483122 kata-sys-util: fix typo unknow
f89ada2de dragonball: update ut for kernel config
a24127659 versions: Update gperf url to avoid libseccomp random failures
a617a6348 versions: Update oci version
6d585d591 dragonball: fix no "as_str" error on Arm
421729f99 tools: release: fix bogus version check
457b0beaf runtime-rs: update Cargo.lock
50299a329 refactor(runtime-rs): Use RwLock in runtime agent
0e899669e runtime-rs: fix shim close_io call to support kubectl cp
96cf21fad runtime-rs: add comments for runtime-rs shared directory
7676cde0c workflow: trigger test-kata-deploy with pull_request
f10827357 workflow: require PR num input on test-kata-deploy workflow_dispatch
90ecc015e Dragonball: update linux_loader to 0.6.0
abc26b00b dragonball: modify wrong code comments modify virtio_net_dev_mgr.rs wrong code comments
9bd941098 docs: Update urls in runk documentation
4a763925e runtime-rs: support watchable mount
e23bfd615 runtime-rs: make function name more understandable
426a43678 runtime-rs: add unit test and eliminate raw string
87959cb72 runtime-rs: debug console support in runtime
d663f110d kata-deploy: get the config path from cri options
c6b3dcb67 kata-deploy: support kata-deploy for runtime-rs
a394761a5 kata-deploy: add installation for runtime-rs
2caee1f38 runtime-rs: define VFIO unbind path as a const
20bcaf0e3 runtime-rs: set agent timeout to 0 for stream RPCs
d9e6eb11a docs: Guide to use SNP-VMs with Kata-Containers
ded60173d runtime: Enable choice between AMD SEV and SNP
22bda0838 runtime: Support for AMD SEV-SNP VMs
a2bbd2942 kernel: Introduce SNP kernel
0e69405e1 docs: Developer-Guide updated
105eda5b9 runtime: Initrd path option added to config
adb33a412 packaging: fix typo in configure-hypervisor.sh
9628c7df0 runtime: update runc dependency
7fbc88387 runtime-rs: drop dependency on rustc-serialize
bf2be0cf7 release: Revert kata-deploy changes after 3.0.0-rc0 release
208233288 runtime-rs: add test for StaticResource
46965739a runtime-rs: remove hardcoded string
274de024c docs: add README for runtime-rs hypervisor crate
9670a3caa runtime-rs: use Path.is_file to check regular files
a4a23457c osbuilder: Export directory variables for libseccomp
a828292b4 runtime-rs: add unit tests for network resource
a8a8a28a3 runtime-rs/resource: use macro to reduce duplicated code
3f65ff2d0 runtime-rs: fix incorrect comments
86a02c5f6 kernel: Add crypto kernel config for s390
f91431987 runtime: store the user name in hypervisor config
5cafe2177 runtime: make StopVM thread-safe
c3015927a runtime: add more debug logs for non-root user operation
0399da677 runtime-rs: update dependencies
f6f19917a dragonball: update dragonball-sandbox dependencies
d55cf9ab7 docs: Update url in virtualization document
7622452f4 Dragonball: Fix the problem about stdio console
aaf6d6908 runtime-rs: call TomlConfig's validate function after load
5add50aea runtime-rs: timeout for shim management client
9f13496e1 runtime-rs: shim management client
e891295e1 runtime-rs: shim management - agent-url
59aeb776b runtime-rs: shim management

Compatibility with CRI-O

Kata Containers 3.1.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.1.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.1.0-alpha0 support the OCI Runtime Specification v1.0.2

Compatibility with Kubernetes

Kata Containers 3.1.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.1.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.1.0-alpha0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

5c69eb5be691 release: Kata Containers 2.5.2
309756db95ab release: Adapt kata-deploy for 2.5.2
a8187717506b tools: release: fix bogus version check
52993b91b7e3 runtime: store the user name in hypervisor config
30a8166f4ae2 runtime: make StopVM thread-safe
7033c97cd284 runtime: add more debug logs for non-root user operation
e8ec0c402fa0 stable-2.5: fix cargo vendor
d92ada72deb6 kernel: upgrade guest kernel support to 5.19.2
565fdf8263db kernel: fix for set_kmem_limit error
f174fac0d670 sandbox_test: Add test to verify memory hotplug behavior
928654b5cd2f sandbox: don't hotplug too much memory at once
1c0e6b4356e8 hypervisor: Add GetTotalMemoryMB to interface
8f40927df8e7 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments

Compatibility with CRI-O

Kata Containers 2.5.2 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.2 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.2 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.2 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.2

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.2 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Shortlog

727f233e2adc release: Kata Containers 3.0.0-rc1
babab160bc61 tools: release: fix bogus version check
af22e7137500 osbuilder: Export directory variables for libseccomp
d663f110d737 kata-deploy: get the config path from cri options
c6b3dcb67d5f kata-deploy: support kata-deploy for runtime-rs
a394761a5cc7 kata-deploy: add installation for runtime-rs
b0c5f040f02f runtime-rs: set agent timeout to 0 for stream RPCs
d44e39e0592c runtime-rs: fix incorrect comments
43b0e95800f6 runtime: store the user name in hypervisor config
81801888a29f runtime: make StopVM thread-safe
fba39ef32d03 runtime: add more debug logs for non-root user operation
63309514cacc runtime-rs: drop dependency on rustc-serialize
e229a03cc814 runtime: update runc dependency

Compatibility with CRI-O

Kata Containers 3.0.0-rc1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

Release 3.0.0-rc0

kata-containers Changes

Shortlog

583591099 release: Kata Containers 3.0.0-rc0
be242a3c3 release: Adapt kata-deploy for 3.0.0-rc0
156e1c324 runtime-rs: delete some allow(dead_code) attributes
fc9c6f87a kata-types: don't check virtio_fs_daemon for inline-virtio-fs
96c8be715 libs/kata-types: change return type of getting CPU period/quota
2b1d05857 runtime-rs: fix host device check pattern
62cf6e6fc runtime-rs: remove meaningless comment
84268f871 runtime-rs: update rust runtime roadmap
bcf6bf843 runk: Enable seccomp support by default
36d805fab config: add "inline-virtio-fs" as a "shared_fs" type
85b49cee0 runtime-rs: add README.md
968c2f6e8 runk: Refactor container builder
b948a8ffe kernel: fix kernel tarball name for SEV
50f912615 libs/kata-types: replace tabs by spaces in comments
566656b08 gperf: point URL to mirror site

Compatibility with CRI-O

Kata Containers 3.0.0-rc0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-rc0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-rc0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-rc0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-rc0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-rc0 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Major highlights of this release include:

• Support for io_uring as I/O mechanism for qemu
• Upgrade to Cloud Hypervisor v26.0
• Kernel upgrade to 5.19.2
• Several improvements in cloud-hypervisor support for Intel TDX
• Support for static resource management functionality in rust runtime
• Support for hugetlb cgroups in the guest
• Addition of cargo-deny to scan for vulnerabilities and license issues wrt rust crates.

Shortlog

d23779ec9 Revert "agent: fix unittests for arp neighbors"
d340564d6 Revert "agent: use rtnetlink's neighbours API to add neighbors"
188d37bad kata-deploy: Add debug statement
e879270a0 runtime-rs: add default agent/runtime/hypervisor for configuration
5f4f5f240 docs: fix unix socket address in agent-ctl doc
41ec71169 runtime-rs: split amend_spec function
ff7c78e0e runtime-rs: static resource mgmt default to false
00f3a6de1 runtime-rs: make static resource mgmt idiomatic
4a54876dd runtime-rs: support static resource management functionality
52bbc3a4b cargo.lock: update crates to comply with checks
aa581f4b2 cargo.toml: Add oci to src/libs workplace
7914da72c cargo.tomls: Added Apache 2.0 to cargo.tomls
bed4aab7e github-actions: Add cargo-deny
373dac2db qemu: Keep passing BUILD_SUFFIX
59e3850bf qemu: create no_patches.txt file for SPR-BKC-QEMU-v2.5
54d6d0175 qemu: fix tdx qemu tarball directories
9997ab064 sandbox_test: Add test to verify memory hotplug behavior
f390c122f sandbox: don't hotplug too much memory at once
e0142db24 hypervisor: Add GetTotalMemoryMB to interface
e83b82131 docs: Update url in the Developer Guide
0ab49b233 release: Kata Containers 3.0.0-alpha1
b1a8acad5 versions: Update cni plugins version
749a6a248 docs: Specify language in markdown for syntax highlight
a1fdc0827 kernel: Re-work get_tee_kernel()
a6581734c kernel: Whitelist cleanup
cce99c5c7 runtime-rs: delete socket from shim command-line options
c75970b81 dragonball: add more unit test for config manager
dc32c4622 osbuilder: fix ubuntu initrd /dev/ttyS0 hang
cc5f91dac osbuilder: add systemd symlinks for kata-agent
731d39df4 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
f7d41e98c kata-deploy: export CI in the build container
4f90e3c87 kata-deploy: add dockerbuild/install_yq.sh to gitignore
96d903734 github-actions: Auto-backporting
a355812e0 runtime-rs: fixed bug on core-sched error handling
591dfa4fe runtime-rs: add support for core scheduling
92f7d6bf8 ci: Use versions.yaml for the libseccomp
b535bac9c runk: Add cli message for init command
c08a8631e agent: add some logs for mount operation
c1e3b8f40 govmm: Refactor qmp functions for adding block device
598884f37 govmm: Refactor code to get rid of redundant code
00860a7e4 qmp: Pass aio backend while adding block device
e1b49d758 config: Add block aio as a supported annotation
ed0f1d0b3 config: Add "block_device_aio" as a config option for qemu
b6cd2348f govmm: Add io_uring as AIO type
81cdaf077 govmm: Correct documentation for Linux aio.
763ceeb7b logging: Replace nix::Error::EINVAL with more descriptive msgs
4ee2b99e1 kata-deploy: fix threading conflicts
0a6f0174f kernel: Ignore CONFIG_SPECULATION_MITIGATIONS for older kernels
6cf16c4f7 agent-ctl: fix clippy error
4b57c04c3 runtime-rs: support loading kernel modules in guest vm
dc90eae17 qemu: Drop unnecessary tdx_guest kernel parameter
d4b67613f clh: Use HVC console with TDX
c0cb3cd4d clh: Avoid crashing when memory hotplug is not allowed
9f0a57c0e clh: Increase API and SandboxStop timeouts for TDX
c142fa254 clh: Lift the sharedFS restriction used with TDX
bdf8a57bd runk: Move delete logic to libcontainer
a06d819b2 runtime: cri-o annotations have been moved to podman
ffd1c1ff4 agent-ctl/trace-forwarder: udpate thread_local dependency
69080d76d agent/runk: update regex dependency
e0ec09039 runtime-rs: update async-std dependency
326f1cc77 agent: enrich some error code path
4f53e010b agent: skip test_load_kernel_module if non-root
f508c2909 runtime: constify splitIrqChipMachineOptions
2b0587db9 runtime: VMX is migratible in vm factory case
fa09f0ec8 runtime: remove qemuPaths
a6fbaac1b runk: add pause/resume commands
8e201501e kernel: fix for set_kmem_limit error
00aadfe20 kernel: SEV guest kernel upgrade to 5.19.2
0d9d8d63e kernel: upgrade guest kernel support to 5.19.2
57bd3f42d runtime-rs: plug drop-in decoding into config-loading code
87b97b699 runtime-rs: add filesystem-related part of drop-in handling
cf785a1a2 runtime-rs: add core toml::Value tree merging
09672eb2d agent: do some rollback works if case of do_create_container failed
8ff5c10ac network: Fix error message for setting hardware address on TAP interface
3a597c274 runtime: clh: Use the new 'payload' interface
16baecc5b runtime: clh: Re-generate the client code
50ea07183 versions: Upgrade to Cloud Hypervisor v26.0
fcc1e0c61 runtime: tracing: End root span at end of trace
78231a36e ci: Update libseccomp version
338c28295 dep: update nix dependency
3829ab809 docs: Update CRI-O target link
34746496b libs/test-utils: share test code by create a new crate

Compatibility with CRI-O

Kata Containers 3.0.0-alpha1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

This releases includes security fixes for rust dependencies.
Cloud-hypervisor has been upgraded tp v26.0.
Rust supported version has been also upgraded to 1.59.0.
CONFIG_CGROUP_HUGETLB was added to the kernel to support hugetlb cgroups.
In addition, some minor bug fixes for hadling container create failures
and tracing were added.

Shortlog

d6437435a release: Kata Containers 2.5.1
38801e5bf release: Adapt kata-deploy for 2.5.1
8f8b93d75 kernel: Add CONFIG_CGROUP_HUGETLB=y as part of the cgroup fragments
25b1a5229 runtime: tracing: End root span at end of trace
553293010 agent: do some rollback works if case of do_create_container failed
69505695b agent-ctl/trace-forwarder: udpate thread_local dependency
48a94f36a agent/runk: update regex dependency
1a396a178 dep: update nix dependency
012837260 versions: Update kernel to 5.15.63
2e3ae3f23 agent-ctl: Get rid of compiler warning
14a4551d5 versions: Upgrade rust supported version to 1.59.0
cd898d28c runtime: clh: Use the new 'payload' interface
e8512320c runtime: clh: Re-generate the client code
c0b5ba230 versions: Upgrade to Cloud Hypervisor v26.0

Compatibility with CRI-O

Kata Containers 2.5.1 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.1 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.1 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.1 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.1

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"
ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.1 suggest to use the Linux kernel v5.19.2
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

Feature highlights include:

• Firecracker has been updated to v1.1.0
• Nydus has been updated to v2.1.0-alpha.4
• Cloud Hypervisor has been updated to v25.0
• Support containerd shimv2 logging plugin
• Support virtio-block multiqueue
• Support QEMU sandbox feature
• Switch to rust version virtiofsd
• Support core scheduling with containerd
• kata-runtime iptables subcommand to manipulate iptables in the guest
• A few new subcommands for runk
• Support direct-assigned volumes
• Many bugfix, CI and packaging improvements.

Shortlog

da875e747 release: Kata Containers 2.5.0
05b2096c0 release: Adapt kata-deploy for 2.5.0
1b930156c build: Fix clh source build as normal user
01c889fb6 runtime: Fix DisableSelinux config
59bd5c2e0 container: kill all of the processes in this container
22c005f55 nydus: upgrade nydus/nydus-snapshotter version
8220e5478 runtime: add unlock before return in sendReq
4f0ca40e0 versions: Update Firecracker version to v1.1.0
da24fd88e clh: Don't crash if no network device is set by the upper layer
ed25d2cf5 versions: Update Cloud Hypervisor to v25.0
dfc1413e4 action: extend commit message line limit to 150 bytes
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
2a4fbd6d8 agent: enhance get handled signal
0ddb34a38 oci: fix serde skip serializing condition
acd3302be agent: Run OCI poststart hooks after a container is launched
fbb2e9bce agent: Replace some libc functions with nix ones
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
433816cca ci/cd: update check-commit-message
48ccd4233 ci: Set safe.directory against tests repository
a5a25ed13 runtime: delete Console from Cmd type
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
afdc96042 hypervisor: Add default_maxmemory configuration
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
1a78c3df2 packaging: Remove unused kata docker configure script
0e2459d13 docs: Add cgroupDriver for containerd
4e30e11b3 shim: support shim v2 logging plugin
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
1b7d36fdb agent: Allow BUILD_TYPE=debug
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
e227b4c40 block: Leverage multiqueue for virtio-block
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
ef925d40c runtime: enable sandbox feature on qemu
0bbbe7068 snap: fix snap build on ppc64le
c7dd10e5e packaging: Remove unused publish kata image script
1b7fd19ac rootfs: Fix chronyd.service failing on boot
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
a305bafee docs: Update outdated URLs and keep them available
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
90a7763ac snap: Fix debug cli option
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
bee770343 docs: Update containerd url link
1a5ba31cb agent: refactor reading file timing for debugging
bb26bd73b safe-path: fix clippy warning
db5048d52 kernel: build efi_secret module for SEV
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
9773838c0 virtiofsd: export env vars needed for building it
eff4e1017 shim: change the log level for GetOOMEvent call failures
412441308 docs: Add more kata monitor details
8f10e13e0 config: Allow enable_iommu pod annotation by default
b0e090f40 versions: Bump virtiofsd to v1.3.0
1b845978f docs: Add storage limits to arch doc
7ae11cad6 docs: Update source for cri-tools
f5099620f tools: Enable extra detail on error
34bcef884 docs: Add agent-ctl examples section
815157bf0 docs: Remove erroneous whitespace
eb24e9715 release: Kata Containers 2.5.0-alpha2
d2df1209a docs: describe kata handling for core-scheduling
22b6a94a8 shim: add support for core scheduling
fe3c1d9cd docs: Update storage documentation link
6ecea84bc rustjail: get home dir using nix crate
38a318820 runk: Support list sub-command
6d0ff901a docs: Update vGPU use-case
9d27c1fce agent: ignore ESRCH error when destroying containers
9726f56fd runtime: force stop container after the container process exits
168f325c4 docs: Update configuration reference for snap documentation
b9fc24ff3 docs: update release process github token instructions
c1476a174 docs: update release process with latest workflow triggering
8b57bf97a workflows: add workflow_dispatch triggering to test-kata-deploy
002f2cd10 snap: Use helper script and cleanup
9b108d993 docs: Improve snap formatting
894f661cc docs: Add warning to snap build
d759f6c3e snap: Fix CH architecture check
56591804b docs: Improve snap build instructions
cb2b30970 snap: Build using destructive mode
60823abb9 docs: Move snap README
af2ef3f7a agent-ctl: introduce handle for iptables get/set
65f0cef16 kata-runtime: add iptables CLI to test http endpoint
3201ad083 shim-client: ensure we check resp status for Put/Post
0706fb28a kata-runtime: shmgmt: make url usage consistent
2a09378dd shim-client: add support for DoPut
640173cfc shim-mgmt: Add endpoint handler for interacting with iptables
0136be22c virtcontainers: plumb iptable set/get from sandbox to agent
bd50d463b agent: iptables: get/set handling for iptables
03176a9e0 proto: update generated code based on proto update
38ebbc705 proto: update to add set/get iptables
78d45b434 agent: return mount file content if parse mountinfo failed
2e04833fb docs: Update Intel QAT documentation links
7c4049aab osbuilder: add iptables package
648b8d0ae runk: Return error when tty is used without console socket
5205efd9b runk: Add Podman guide in README
590381574 agent: Pass standard I/O to container launched by runk
c7b3941c9 runk: Enable test for the agent built with standard-oci-runtime feature
6dbce7c3d agent: Remove unused import in console test
d862ca059 runk: Handle rootfs path in config.json properly
c95ba63c0 docs: Remove information related to Kata 1.x
34b80382b docs: Get rid of note related to networking.
dfad5728a docs: Mention --cni flag while invoking ctr
fff832874 clh: Update to v24.0
49361749e snap: Build and package rust version of virtiofsd
27d903b76 snap: Put the yq binary in the staging bin directory
d7b4ce049 snap: Remove unused variable
43de5440e snap: Fix unbound variable error
c9b291509 snap: Fix whitespace
122a85e22 agent: remove bin oci-kata-agent
35619b45a runk: merge oci-kata-agent into runk
10c13d719 qemu: remove virtiofsd option in qemu config
d20bc5a4d virtiofsd: build rust based virtiofsd from source for non-x86_64
8e7c5975c agent: fix direct-assigned volume stats
4428ceae1 runtime: direct-volume stats use correct name
ffdc065b4 runtime: direct-volume stats update to use GET parameter
f29595318 runtime: fix incorrect Action function for direct-volume stats
2a1d39414 runtime: Adding the correct detection of mediated PCIe devices
ce2e521a0 runtime: remove duplicate 'types' import
7a5ccd126 runtime: sync docstrings with function names
834f93ce8 docs: fix annotations example
f4994e486 runtime: allow annotation configuration to use_legacy_serial
c67b9d297 qemu: allow using legacy serial device for the console
44814dce1 qemu: treat console kernel params within appendConsole
24a2b0f6a docs: Remove clear containers reference in README
8052fe62f runtime: do not check for EOF error in console watcher
abad33eba kernel: Remove nemu.conf from packaging
e87eb13c4 tools: delete unused param from get_from_kata_deps callers
4b437d91f agent: Fix is_signal_handled failing parsing str to u64
e73b70baf runtime: Don't run unit tests verbose by default
f24a6e761 runtime: Consolidate flags setting in unit tests script
cf465feb0 runtime: Don't change test behaviour based on $CI or $KATA_DEV_MODE
34c4ac599 runtime: Remove redundant subcommands from go-test.sh
0aff5aaa3 runtime: Simplify package listing in go-test.sh
557c4cfd0 runtime: Don't chmod coverage files in Go tests
04c8b52e0 runtime: Remove HTML coverage option from go-test.sh
7f7691442 runtime: Add coverage.txt.tmp to gitignore
13c257700 runtime: Move go testing script locally
4f586d2a9 packaging: Add kernel config option for SGX in Gramine
7bc4ab68c ci: Don't run Docs URL Alive Check workflow on forks
b4b9068cb tools: Add QEMU patches for SGX numa support
88fb9b72e docs: Update runc containerd runtime
a475956ab workflows: Add support for building virtiofsd
71f59f3a7 local-build: Add support for building virtiofsd
c7ac55b6d dockerbuild: Install unzip
8e2042d05 tools: add script to pull virtiofsd
dbedea508 versions: Add virtiofsd entry
421064680 doc: Update log parser link
271933fec log-parser: fix some of the documentation
c7dacb121 log-parser: move the kata-log-parser from the tests repo
82ea01828 versions: Upgrade to Cloud Hypervisor v23.1
383be2203 agent: Add a macro to skip a loop easier
97d7b1845 runk: use custom Kill command to support --all option
475e3bf38 agent: add test coverage for functions find_process and online_resources
4a1e13bd8 rustjail: Add tests for hook_grpc_to_oci
9b863b0e0 release: Kata Containers 2.5.0-alpha1
70eda2fa6 agent: watchers: ensure uid/gid is preserved on copy/mkdir
33a8b7055 clh: Rely on Cloud Hypervisor for generating the device ID
81f6b4862 agent: add tests for create_logger_task function
7772f7dd9 runk: set BinaryName for runk for containerd
b221a2590 tools: Add runk
2c218a07b agent: Modify Kata agent for runk
b0e439cb6 rustjail: add tests for parse_mount_table
b975f2e8d Virtcontainers: Enable hot plugging vhost-user-blk device on ARM
7ffe5a16f docs: Direct-assigned volume design
081f6de87 versions: change qemu tdx url and tag
dd4bd7f47 doc: Added initial doc update for NV GPUs
666aee54d docs: Add VSOCK localhost example for agent-ctl
86d348e06 docs: Use VM term in agent-ctl doc
4b9b62bb3 agent-ctl: Fix abstract socket connections
b6467ddd7 clh: Expose disk rate limiter config
7580bb5a7 clh: Expose net rate limiter config
a88adabaa clh: Cloud Hypervisor has a built-in Rate Limiter
63c4da03a clh: Implement the Disk RateLimiter logic
511f7f822 config: Add DiskRateLimiter* to Cloud Hypervisor
5b18575df hypervisor: Add disk bandwidth and operations rate limiters
1cf946929 clh: Implement the Network RateLimiter logic
00a5b1bda utils: Define DefaultRateLimiterRefillTimeMilliSecs
be1bb7e39 utils: Move FC's function to revert bytes to utils
c9f6496d6 config: Add NetRateLimiter* to Cloud Hypervisor
2d35e6066 hypervisor: Add network bandwidth and operations rate limiters
ccb018393 kata-deploy: Add support to RKE2
9d39362e3 kata-deploy: Reestructure the installing section
18d27f794 kata-deploy: Add a missing $ prefix in the README
6948b4b36 docs: Update containerd link to installation guide
832c33d5b docs: remove pc machine type supports
1cad3a469 agent/random: Ensure data.len > 0
33c953ace agent: Add test_ressed_rng_not_root
39a35b693 agent: Add test to random::reseed_rng()
d8f39fb26 agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG
4b9e78b83 rustjail: Add tests for mount_grpc_to_oci
b658dccc5 tools: fix typo in clh directory name
afbd60da2 packaging: Fix clh build from source fall-back
1b931f420 runtime: Allock mockfs storage to be placed in any directory
ef6d54a78 runtime: Let MockFSInit create a mock fs driver at any path
5d8438e93 runtime: Move mockfs control global into mockfs.go
963d03ea8 runtime: Export StoragePathSuffix
1719a8b49 runtime: Don't abuse MockStorageRootPath() for factory tests
bec59f9e3 runtime: Make bind mount tests better clean up after themselves
f7ba21c86 runtime: Clean up mock hook logs in tests
90b2f5b77 runtime: Make SetupOCIConfigFile clean up after itself
2eeb5dc22 runtime: Don't use fixed /tmp/mountPoint path
f385b21b0 rustjail: add tests for mount_from function
96bc3ec2e rustjail: Add tests for hooks_grpc_to_oci
023950278 agent: modify the type of swappiness to u64
0ad89ebd7 safe-path: add more unit test cases
b63774ec6 libs/safe-path: add crate to safely resolve fs paths
0e7f1a5e3 agent: move assert_result macro to test_utils file
2256bcb6a rustjail: Add tests for root_grpc_to_oci
9b6f24b2e agent: add tests for mount_to_rootfs function
9c22d9554 agent: add tests for update_container_namespaces
c3776b179 agent: add tests for is_signal_handled function
29e569aa9 virtcontainers: clh: Re-generate the client code
6012c1970 versions: Upgrade to Cloud Hypervisor v23.0
aabcebbf5 agent: best-effort removing mount point
d136c9c24 test: Fix golangci-lint error for s390x
92c00c7e8 agent: fsGroup support for direct-assigned volume
532d53977 runtime: fsGroup support for direct-assigned volume
6a47b82c8 proto: fsGroup support for direct-assigned volume
7b2ff0264 kata-monitor: add a README file
86977ff78 kata-monitor: update the hrefs in the debug/pprof index page
354cd3b9b runtime: Base64 encode the direct volume mountInfo path
6e79042aa runtime: no need to write virtiofsd error to log
f8cc5d1ad kata-monitor: add some links when generating pages for browsers
78f30c33c agent: Avoid agent panic when reading empty stats
6e9e4e8ce docs: Update link to contributions guide
9d5e7ee0d agent: add tests for mount_storage
1118a3d2d agent: add test coverage for parse_mount_flags_and_options function
485aeabb6 agent: add tests for do_write_stream function
9d5b03a1b runtime: delete debug option in virtiofsd
c31cd0e81 rustjail: add test coverage for process_grpc_to_oci function
eff7c7e0f agent: Allow the agent to be rebuilt with the change of Cargo features
962d05ec8 protocols: add src/csi.rs to .gitignore
a2f5c1768 runtime/virtcontainers: Pass the hugepages resources to agent
4405b188e docs: Add a firecracker installation guide
ff17c756d runtime: Allow and require no initrd for SE
59c7165ee test: use T.TempDir to create temporary test directory
98750d792 clh: Expose service offload configuration
c9e24433d release: Kata Containers 2.5.0-alpha0
0d5f80b80 versions: Bump firecracker to v0.23.4
800e4a9cf agent: use ms as unit of cputime instead of ticks
0d765bd08 agent: fix container stop error with signal SIGRTMIN+3
9e4ca0c4f doc: Improve kata-deploy README.md by changing sh blocks to bash blocks
2b91dcfee docs: Remove kata-proxy reference
a63bbf979 kata-monitor: fix duplicated output when printing usage
5e1c30d48 runtime: add logs around sandbox monitor
fb8be9619 runtime: stop getting OOM events when ttrpc: closed error
a779e19be tools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'
0baebd2b3 tools/packaging: Fix usage of kata-deploy-binaries.sh
93d03cc06 kata-deploy: fix version bump from -rc to stable
3606923ac workflows,release: Ship all the rust vendored code
2eb07455d tools: Add a generate_vendor.sh script
ecf71d6dd docs: Remove VPP documentation
66f05c5bc runtime: Remove the explicit VirtioMem set and fix the comment
154c8b03d tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
1ed7da8fc packaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploy
bad859d2f tools/packaging/kata-deploy/local-build: Add build to gitignore
a93140237 docs: Remove kata-proxy references in documentation
0928eb9f4 agent: Kill the all the container processes of the same cgroup
19f372b5f runtime: Add more debug logs for container io stream copy
c27963276 osbuilder/qat: don't pull kata sources if exist
774348641 docs: fix markdown issues in how-to-run-docker-with-kata.md
459f4bfed osbuilder/qat: use centos as base OS
9a5b47706 docs: Update vcpu handling document
32131cb8b Agent: fix unneeded late initialization lint
ebec6903b static-build,clh: Add the ability to build from a PR
c77e34de3 runtime: Move mock hook source
86723b51a virtcontainers: Remove unused install/uninstall targets
0e83c95fa virtcontainers: Run mock hook from build tree rather than system bin dir
e65db838f virtcontainers: Remove VC_BIN_DIR
c20ad2836 virtcontainers: Remove unused Makefile defines
c776bdf4a virtcontainers: Remove unused parameter from go-test.sh
168fadf1d ci: Weekly check whether the docs url is alive
72f7e9e30 osbuilder: Multistrap Ubuntu
df511bf17 packaging: Enable cross-building agent
0a313eda1 osbuilder: Fix use of LIBC in rootfs.sh
2c86b956f osbuilder: Simplify Rust installation
0072cc2b6 osbuilder: Remove musl installations
5c3e55362 osbuilder: apk add --no-cache
efa19c41e device: use const strings for block-driver option instead of hard coding
24b29310b doc: update Intel SGX use cases document
18d4d7fb1 tools: update QEMU to 6.2
62351637d action: Update link for format patch documentation
aa5ae6b17 runtime: Properly handle ESRCH error when signaling container
5c434270d docs: Update k8s documentation
92ce5e2dc rustjail: optimization, merged several writelns into one
dacf6e395 doc: fix filename typo
7a18e32fa versions: Upgrade to Cloud Hypervisor v22.1
be12baf3c manager: Change here documents to use standard delimiter
9576a7da5 manager: Add options to change self test behaviour
d4d65bed3 manager: Add option to enable component debug
019da91d7 manager: Whitespace fix
d234cb76b manager: Create containerd link
5d6d39be4 scripts: Change here document delimiters
c088a3f3a agent: add tests for get_memory_info function
4b1e2f527 CI: Update GHA secret name
4adf93ef2 tools: release: Do not consider release candidates as stable releases
5ec7592df kernel: fix cve-2022-0847
ffdf961ae docs: Update contact link in runtime README
42e35505b agent: Verify that we allocated as many hugepages as we need
608e003ab agent: Don't attempt to create directories for hugepage configuration
6a850899c CI: Create GHA to add PR sizing label
2b41d275a release: Revert kata-deploy changes after 2.4.0-rc0 release

Compatibility with CRI-O

Kata Containers 2.5.0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 2.5.0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 2.5.0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 2.5.0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.1 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 2.5.0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 2.5.0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations

kata-containers Changes

The biggest highlights of the first 3.0 alpha release are the addition of a rustified
runtime and the integrated rust hypervisor (dragonball), contributed by engineers from
Alibaba Cloud and Ant Group. The new runtime will further improve Kata's resource
comsumption, speed, and management simplicity. It is still an on-going work and we
expect it to stablize and mature in the coming few months.

Other new changes include:

• A new safe-path library to handle path calculation safely for rust components
• A few new subcommands of runk
• Support host cgroup v2
• Support drop-in config files
• Quite a few dependency updates and bugfixes etc.

Shortlog

3e9077f6e docs: Update url in containerd documentation
52133ef66 release: Kata Containers 3.0.0-alpha0
c280d6965 runtime-rs: delete route model
caada34f1 runtime-rs: fix design doc's typo
b61dda40b docs: use curl as default downloader for runtime-rs
ca9d16e5e runtime-rs: update Cargo.lock
99a7b4f3e workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
d14e80e9f workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
1f4b6e646 versions: Update libseccomp version
b82819015 Merge pull request #4823 from openanolis/runtime-rs-merge-main-runtime-rs
f791169ef Merge pull request #4826 from openanolis/runtime-rs-version
8bbffc42c runtime-rs:update rtnetlink version
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
931251105 Merge pull request #4817 from openanolis/runtime-rs-s390x-fail
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
8b0e1859c Merge pull request #4784 from openanolis/fix-protocol-ci-err
b337390c2 Merge pull request #4791 from openanolis/runtime-rs-merge-main-1
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
86ac653ba libs: fix CI error for protocols
993ae2408 Merge pull request #4777 from openanolis/runtime-rs-merge
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
5457deb03 Merge pull request #4741 from openanolis/fix-stop-failed-in-azure
fa0b11fc5 runtime-rs: fix stdin hang in azure
50b0b7cc1 Merge pull request #4681 from Tim-0731-Hzt/runtime-rs-sharepid
129335714 Merge pull request #4727 from openanolis/anolis-fix-network
71384b60f Merge pull request #4713 from openanolis/adjust_default_vcpu
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
57c556a80 runtime-rs: fix stop failed in azure
3f4dd92c2 Merge pull request #4702 from openanolis/runtime-rs-endpoint-dev
a3127a03f Merge pull request #4721 from openanolis/install-guide-2
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
534a4920b Merge pull request #4692 from openanolis/support_disable_guest_seccomp
fa85fd584 docs: add rust environment setup for kata 3.0
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
54f53d57e runtime-rs: support disable_guest_seccomp
540303880 Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false
7c146a5d9 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error
08a658167 Merge pull request #4662 from openanolis/runtime-rs-user-manaul
4331ef80d Runtime-rs: add installation guide for rust-runtime
4c3bd6b1d Merge pull request #4656 from openanolis/runtime-rs-ipvlan
960f2a7f7 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
758cc47b3 Merge pull request #4671 from liubin/4670-upgrade-nix
25be4d00f Merge pull request #4676 from openanolis/xuejun/runtime-rs
62182db64 runtime-rs: add unit test for ipvlan endpoint
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
2b01e9ba4 dragonball: fix warning
996a6b80b kata-sys-util: upgrade nix version
9f49f7adc Merge pull request #4493 from openanolis/runtime-rs-dev
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
f3335c99c Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main
b424cf3c9 Merge pull request #4544 from openanolis/anolis/virtio_device_aarch64
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
58b0fc479 Merge pull request #4192 from Tim-0731-Hzt/runtime-rs
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
939959e72 docs: add Dragonball to hypervisors
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
30da3fb95 Merge pull request #4515 from openanolis/anolis/dragonball-3
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
514b4e723 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
59cab9e83 Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
18093251e Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
07231b2f3 runtime-rs:refactor network model with netlink
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
9c526292e runtime-rs:refactor network model with netlink
12c1b9e6d Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
badbbcd8b Merge pull request #4400 from openanolis/anolis/dragonball-2
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
98f041ed8 Merge pull request #4486 from openanolis/runtime-rs-merge-main
86123f49f Merge branch 'main' into runtime-rs
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
f23d7092e Merge pull request #4265 from openanolis/anolis/dragonball-1
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit
9cb15ab4c agent: add the FSGroup support
ff7874bc2 protobuf: upgrade the protobuf version to 2.27.0
06f398a34 runtime-rs: use withContext to evaluate lazily
fd4c26f9c runtime-rs: support network resource
4be7185aa runtime-rs: runtime part implement
10343b1f3 runtime-rs: enhance runtimes
9887272db libs: enhance kata-sys-util and kata-types
3ff0db05a runtime-rs: support rootfs volume for resource
234d7bca0 runtime-rs: support cgroup resource
75e282b4c runtime-rs: hypervisor base define
bdfee005f runtime-rs: service and runtime framework
4296e3069 runtime-rs: agent implements
d3da156ee runtime-rs: uint FsType for s390x
e705ee07c runtime-rs: update containerd-shim-protos to 0.2.0
8c0a60e19 runtime-rs: modify the review suggestion
278f843f9 runtime-rs: shim implements for runtime-rs
641b73610 libs: enhance kata-sys-util
69ba1ae9e trans: fix the issue of wrong swapness type
d2a9bc667 agent: agent-protocol support async
aee9633ce libs/sys-util: provide functions to execute hooks
8509de0ae libs/sys-util: add function to detect and update K8s emptyDir volume
6d59e8e19 libs/sys-util: introduce function to get device id
5300ea23a libs/sys-util: implement reflink_copy()
1d5c898d7 libs/sys-util: add utilities to parse NUMA information
87887026f libs/sys-util: add utilities to manipulate cgroup
ccd03e2ca libs/sys-util: add wrappers for mount and fs
45a00b4f0 libs/sys-util: add kata-sys-util crate under src/libs
48c201a1a libs/types: make the variable name easier to understand
b9b6d70aa libs/types: modify implementation details
05ad026fc libs/types: fix implementation details
d96716b4d libs/types:fix styles and implementation details
6cffd943b libs/types:return Result to handle parse error
6ae87d9d6 libs/types: use contains to make code more readable
45e5780e7 libs/types: fixed spelling and grammer error
2599a06a5 libs/types:use include_str! in test file
8ffff40af libs/types:Option type to handle empty tomlconfig
626828696 libs/types: add license for test-config.rs
97d8c6c0f docs: modify move-issues-to-in-progress.yaml
8cdd70f6c libs/types: change method to update config by annotation
e19d04719 libs/types: implement KataConfig to wrap TomlConfig
387ffa914 libs/types: support load Kata agent configuration from file
69f10afb7 libs/types: support load Kata hypervisor configuration from file
21cc02d72 libs/types: support load Kata runtime configuration from file
5b89c1df2 libs/types: add kata-types crate under src/libs
4f62a7618 libs/logging: fix clippy warnings
6f8acb94c libs: refine Makefile rules
7cdee4980 libs/logging: introduce a wrapper writer for logging
426f38de9 libs/logging: implement rotator for log files
392f1ecdf libs: convert to a cargo workspace
575df4dc4 static-checks: Allow Merge commit to be >75 chars
2ae807fd2 nydus: wait nydusd API server ready before mounting share fs
8a4e69008 versions: Update TD-shim due to build breakage
065305f4a agent-ctl: Add an empty [workspace]
1444d7ce4 packaging: Create no_patches.txt for the SPR-BKC-PC-v9.6.x
c8d4ea84e docs: Improve SGX documentation
85f4e7caf runtime: explicitly mark the source of the log is from qemu.log
d8ad16a34 runtime: add unlock before return in sendReq
889557ecb docs: add back host network limitation
230a22905 runk: add ps sub-command
e40383813 runtim-rs: Merge remote-tracking branch 'origin/main' into runtime-rs
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
8bbffc42c runtime-rs:update rtnetlink version
587c0c5e5 Merge pull request #4820 from cmaf/sgx-update-docs-1
c5452faec docs: Improve SGX documentation
2764bd752 Merge pull request #4770 from justxuewei/refactor/agent/netlink-neighbor
578121124 Merge pull request #4805 from fidencio/topic/bump-tdx-dependencies
869e40851 Merge pull request #4810 from fidencio/topic/adjust-final-tarball-location-for-tdvf-and-td-shim
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
873e75b91 Merge pull request #4773 from fidencio/topic/build-tdvf
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
389ae9702 runtime-rs:skip the test when the arch is s390x
945e02227 runtime-rs:skip the build process when the arch is s390x
c5452faec docs: Improve SGX documentation
81fe51ab0 agent: fix unittests for arp neighbors
845c1c03c agent: use rtnetlink's neighbours API to add neighbors
9972487f6 versions: Bump Kernel TDX version
c9358155a kernel: Sort the TDX configs alphabetically
dd397ff1b versions: Bump QEMU TDX version
8d1cb1d51 td-shim: Adjust final tarball location
62f05d4b4 ovmf: Adjust final tarball location
86ac653ba libs: fix CI error for protocols
7247575fa runtime-rs:fix cargo clippy
9803393f2 runtime-rs: Merge branch 'main' into runtime-rs-merge-main-1
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
c9b5bde30 versions: Track and build TDVF
e6a5a5106 packaging: Generate a tarball as OVMF build result
42eaf19b4 packaging: Simplify OVMF repo clone
4d33b0541 packaging: Don't hardcode "edk2" as the cloned repo's dir.
7503bdab6 Merge pull request #4783 from fidencio/topic/build-td-shim
b06bc8228 versions: Track and add support for building TD-shim
8d9135a7c Merge pull request #4765 from ryansavino/ccv0-rust-upgrade
9b1940e93 versions: update rust version
b06bc8228 versions: Track and add support for building TD-shim
9b1940e93 versions: update rust version
adfad44ef Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0aefab4d8 Merge pull request #4739 from liubin/fix/4738-trace-rpc-calls
54147db92 Merge pull request #4170 from Alex-Carter01/build-amdsev-ovmf
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
a67402cc1 Merge pull request #4397 from yaoyinnan/3073/ftr/host-cgroupv2
229ff29c0 Merge pull request #4758 from GabyCT/topic/updaterunc
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
9dfd949f2 Merge pull request #4646 from amshinde/add-liburing-qemu
326eb2f91 versions: Update runc version
557229c39 Merge pull request #4724 from yahaa/fix-docs
1b01ea53d Merge pull request #4735 from nubificus/feature-fc-v1.1
27c82018d Merge pull request #4753 from Tim-Zhang/agent-fix-stream-fd-double-close
6fddf031d Merge pull request #4664 from lifupan/main
f5aa6ae46 agent: Fix stream fd's double close problem
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
0e24f47a4 agent: log RPC calls for debugging
e764a726a Merge pull request #4715 from Tim-Zhang/fix-ut-test_do_write_stream
427b29454 Merge pull request #4709 from liubin/fix/4708-unwrap-error
033737783 Merge pull request #4695 from liubin/4694/upgrade-nydus-version
0b4a91ec1 Merge pull request #4644 from bookinabox/optimize-get-paths
68c265587 Merge pull request #4718 from GabyCT/topic/updatefirecrackerversion
df79c8fe1 versions: Update firecracker version
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
6d56cdb9a Merge pull request #4686 from xujunjie-cover/issue4685
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
f690b0aad qemu: Add liburing to qemu build
d93e4b939 container: kill all of the processes in this container
575b5eb5f Merge pull request #4506 from cyyzero/runk-exec
9ae2a45b3 cgroups: remove unnecessary get_paths()
0cc20f014 Merge pull request #4647 from fidencio/topic/fix-clh-crash-when-booting-up-with-no-network-device
418a03a12 Merge pull request #4639 from fidencio/topic/packaging-rework-qemu-build-suffix
be31207f6 clh: Don't crash if no network device is set by the upper layer
39974fbac Merge pull request #4642 from fidencio/topic/clh-bump-to-v25.0-release
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
9f0e4bb77 Merge pull request #4628 from fidencio/topic/rework-tee-kernel-builds
cda1919a0 Merge pull request #4609 from fidencio/topic/kata-deploy-simplify-config-path-handling
1a25afcdf kernel: Allow passing the URL to download the tarball
0024b8d10 Merge pull request #4617 from Yuan-Zhuo/main
80c68b80a kernel: Deduplicate code used for building TEE kernels
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
f59939a31 runk: Support exec sub-command
0e24f47a4 agent: log RPC calls for debugging
fa0b11fc5 runtime-rs: fix stdin hang in azure
57c556a80 runtime-rs: fix stop failed in azure
638c2c416 static-build: Add AmdSev option for OVMF builder Introduces new build of firmware needed for SEV
f0b58e38d static-build: Add build script for OVMF
5c3155f7e runtime: Support for host cgroup v2
4ab45e5c9 docs: Update support for host cgroupv2
326eb2f91 versions: Update runc version
f690b0aad qemu: Add liburing to qemu build
b3147411e runtime-rs:add unit test for set share pid ns
1ef3f8eac runtime-rs: set share sandbox pid namespace
6e149b43f Docs: fix tables format error
56d49b507 versions: Update Firecracker version to v1.1.0
f5aa6ae46 agent: Fix stream fd's double close problem
d93e4b939 container: kill all of the processes in this container
c825065b2 runtime-rs: fix tc filter setup failed
e0194dcb5 runtime-rs: update route destination with prefix
43045be8d runtime-rs: handle default_vcpus greator than default_maxvcpu
912641509 agent: fix fd-double-close problem in ut test_do_write_stream
896478c92 runtime-rs: add functionalities support for macvlan and vlan endpoints
fa85fd584 docs: add rust environment setup for kata 3.0
0d7cb7eb1 agent: delete agent-type property in announce
eec9ac81e rustjail: check result to let it return early.
402bfa0ce nydus: upgrade nydus/nydus-snapshotter version
54f53d57e runtime-rs: support disable_guest_seccomp
9ae2a45b3 cgroups: remove unnecessary get_paths()
df79c8fe1 versions: Update firecracker version
72dbd1fcb kata-monitor: fix can't monitor /run/vc/sbs.
e9988f0c6 runtime-rs: fix sandbox_cgroup_only=false panic
cebbebbe8 runtime-rs: fix ctr exit failed
4331ef80d Runtime-rs: add installation guide for rust-runtime
62182db64 runtime-rs: add unit test for ipvlan endpoint
d8920b00c runtime-rs: support functionalities of ipvlan endpoint
19eca71cd runtime-rs: remove the value of hypervisor path in DB config
996a6b80b kata-sys-util: upgrade nix version
99654ce69 runtime-rs: update dbs-xxx dependencies
f4c3adf59 runtime-rs: Add compile option file
545ae3f0e runtime-rs: fix warning
2b01e9ba4 dragonball: fix warning
f59939a31 runk: Support exec sub-command
3c989521b dragonball: update for review
274598ae5 kata-runtime: add dragonball config check support.
1befbe673 runtime-rs: Cargo lock for fix version problem
3d6156f6e runtime-rs: support dragonball and runtime-binary
3f6123b4d libs: update configuration and annotations
be31207f6 clh: Don't crash if no network device is set by the upper layer
051181249 packaging: Add a "-" in the dir name if $BUILD_DIR is available
201ff223f packaging: Use the $BUILD_SUFFIX when renaming the qemu binary
dc3b6f659 versions: Update Cloud Hypervisor to v25.0
0826a2157 Merge remote-tracking branch 'origin/main' into runtime-rs-1
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
1a25afcdf kernel: Allow passing the URL to download the tarball
80c68b80a kernel: Deduplicate code used for building TEE kernels
d2584991e dragonball: fix dependency unused warning
458f6f42f dragonball: use const string for legacy device type
f6f96b8fe dragonball: add legacy device support for aarch64
7a4183980 dragonball: add device info support for aarch64
f7ccf92dc kata-deploy: Rely on the configured config path
386a523a0 kata-deploy: Pass the config path to CRI-O
13df57c39 build: save lines for repository_owner check
939959e72 docs: add Dragonball to hypervisors
2bb1eeaec docs: further questions related to upcall
026aaeecc docs: add FAQ to the report
fffcb8165 docs: update the content of the report
42ea854eb docs: kata 3.0 Architecture
46fd7ce02 Merge pull request #4595 from amshinde/fix-clh-tarball-build
33360f171 Merge pull request #4600 from ManaSugi/fix/selinux-hypervisor-config
f36bc8bc5 Merge pull request #4616 from GabyCT/topic/updatecontainerddoc
57c2d8b74 docs: Update URL links for containerd documentation
e57a1c831 build: Mark git repos as safe for build
ee3f5558a Merge pull request #4606 from liubin/fix/4605-delete-cri-containerd-plugin
c09634dbc Merge pull request #4592 from fidencio/revert-kata-deploy-changes-after-2.5.0-rc0-release
2551924bd docs: delete CRI containerd plugin statement
bee791593 Merge pull request #4533 from bookinabox/simplify-nproc
efdb92366 build: Fix clh source build as normal user
0e40ecf38 tools/snap: simplify nproc
be68cf071 Merge pull request #4597 from bergwolf/github/action
4d89476c9 runtime: Fix DisableSelinux config
ac91fb7a1 Merge pull request #4591 from fidencio/2.5.0-rc0-branch-bump
3bafafec5 action: extend commit message line limit to 150 bytes
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
2d29791c1 release: Kata Containers 2.5.0-rc0
f4eea832a release: Adapt kata-deploy for 2.5.0-rc0
071dd4c79 Merge pull request #4109 from pmores/drop-in-cfg-files-support
d9e868f44 Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal
b33ad7e57 Merge pull request #4574 from jelipo/fix-serde-serializing
018973828 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook
cd2d8c6fe Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix
a1de394e5 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount
44ec9684d Merge pull request #4573 from amshinde/unsafe-repo-runtime-shimv2
0ddb34a38 oci: fix serde skip serializing condition
fbb2e9bce agent: Replace some libc functions with nix ones
acd3302be agent: Run OCI poststart hooks after a container is launched
635fa543a Merge pull request #4560 from bookinabox/update-commit-message-check
1f363a386 runtime: overwrite mount type to bind for bind mounts
4e48509ed build: Set safe.directory for runtime repo
c29038a2e Merge pull request #4562 from ManaSugi/git-safe-repo
02a51e75a Merge pull request #4554 from liubin/fix/delete-not-used-console-from-container-config
aa561b49f Merge pull request #4540 from fidencio/topic/default_maxmemory
48ccd4233 ci: Set safe.directory against tests repository
2a4fbd6d8 agent: enhance get handled signal
433816cca ci/cd: update check-commit-message
2a94261df Merge pull request #4549 from liubin/fix/4419-set-status-if-wait-process-failed
1e12d5651 Merge pull request #4469 from egernst/config-validation-refactor
a5a25ed13 runtime: delete Console from Cmd type
96553e8bd runtime: Add documentation of drop-in config file fragments
c656457e9 runtime: Add tests of drop-in config file decoding
99f5ca80f runtime: Plug drop-in decoding into decodeConfig()
0f9856c46 runtime: Scan drop-in directory, read files and decode them
2c1efcc69 runtime: Add helpers to copy fields between tomlConfig instances
20f11877b runtime: Add framework to manipulate config structs via reflection
ab5f1c956 shim: set a non-zero return code if the wait process call failed.
e5be5cb08 runtime: device: cleanup outdated comments
5f936f268 virtcontainers: config validation is host specific
323271403 virtcontainers: Remove unused function
0939f5181 config: Expose default_maxmemory
58ff2bd5c clh,qemu: Adapt to using default_maxmemory
ad055235a Merge pull request #4547 from GabyCT/topic/removeunuseddocker
b2c038799 Merge pull request #4130 from surajssd/add-cgroup-driver-info
1a78c3df2 packaging: Remove unused kata docker configure script
afdc96042 hypervisor: Add default_maxmemory configuration
bdf5e5229 virtcontainers: validate hypervisor config outside of hypervisor itself
469e09854 katautils: don't do validation when loading hypervisor config
0e2459d13 docs: Add cgroupDriver for containerd
e57a1c831 build: Mark git repos as safe for build
efdb92366 build: Fix clh source build as normal user
9cee52153 fmt: do cargo fmt and add a dependency for blk_dev
47a4142e0 fs: change vhostuser and virtio into const
e14e98bbe cpu_topo: add handle_cpu_topology function
5d3b53ee7 downtime: add downtime support
6a1fe85f1 vfio: add vfio as TODO
5ea35ddcd refractor: remove redundant by_id
b646d7cb3 config: remove ht_enabled
cb54ac6c6 memory: remove reserve_memory_bytes
bde6609b9 hotplug: add room for other hotplug solution
d88b1bf01 dragonball: update vsock dependency
dd003ebe0 Dragonball: change error name and fix compile error
38957fe00 UT: fix compile error in unit tests
11b3f9514 dragonball: add virtio-fs device support
948381bdb dragonball: add virtio-net device support
3d20387a2 dragonball: add virtio-blk device support
87d38ae49 Doc: add document for Dragonball API
090de2dae dragonball: fix the clippy errors.
a1593322b dragonball: add vsock api to api server
89b9ba860 dragonball: add set_vm_configuration api
95fa0c70c dragonball: add start microvm support
5c1ccc376 dragonball: add Vmm struct
4d234f574 dragonball: refactor code layout
cfd5dae47 dragonball: add vm struct
527b73a8e dragonball: remove unused feature in AddressSpaceMgr
4d89476c9 runtime: Fix DisableSelinux config
57c2d8b74 docs: Update URL links for containerd documentation
2551924bd docs: delete CRI containerd plugin statement
5010c643c release: Revert kata-deploy changes after 2.5.0-rc0 release
0e40ecf38 tools/snap: simplify nproc
3bafafec5 action: extend commit message line limit to 150 bytes
7120afe4e dragonball: add vcpu test function for aarch64
648d285a2 dragonball: add vcpu support for aarch64
7dad7c89f dragonball: update dbs-xxx dependency
c8a905206 build: format files
242992e3d build: put install methods in utils.mk
8a697268d build: makefile for dragonball config
07231b2f3 runtime-rs:refactor network model with netlink
9c526292e runtime-rs:refactor network model with netlink
f3907aa12 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
916ffb75d Merge pull request #4432 from liubin/fix/4420-binary-log
4e30e11b3 shim: support shim v2 logging plugin
27b1bb5ed Merge pull request #4467 from egernst/device-pkg
e32bf5331 device: deduplicate state structures
f97d9b45c runtime: device/persist: drop persist dependency from device pkgs
f9e96c650 runtime: device: move to top level package
3880e0c07 agent: refactor reading file timing for debugging
2488a0f6c Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
083ca5f21 Merge pull request #4505 from yoheiueda/agent-debug-build
03fca8b45 Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
c70d3a2c3 agent: Update the dependencies
612fd79ba random: Fix "nonminimal-bool" clippy warning
d4417f210 netlink: Fix "or-fun-call" clippy warnings
93874cb3b packaging: Restrict kernel patches applied to top-level dir
07b1367c2 versions: Update kernel to latest LTS version 5.15.48
133528dd1 Merge pull request #4503 from amshinde/multi-queue-block
f186a52b1 Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
1b7d36fdb agent: Allow BUILD_TYPE=debug
9ff10c083 kernel: Add CONFIG_EFI=y as part of the TDX fragments
78e27de6c Merge pull request #4358 from zvonkok/memreserve
e227b4c40 block: Leverage multiqueue for virtio-block
72049350a Merge pull request #4288 from fengwang666/enable-qemu-sandbox
8eac22ac5 Merge pull request #4495 from Amulyam24/snap-fix
e7e7dc9df runtime: Add heuristic to get the right value(s) for mem-reserve
e422730c7 Merge pull request #4497 from GabyCT/topic/removeunusedref
e11fcf7d3 Merge pull request #4168 from Champ-Goblem/patch/fix-chronyd-failure-on-boot
c7dd10e5e packaging: Remove unused publish kata image script
0bbbe7068 snap: fix snap build on ppc64le
6fd40085e Merge pull request #4484 from cmaf/tracing-update-rootspan-name
2c1b68d6e Merge pull request #4481 from zvonkok/fix-action
ef925d40c runtime: enable sandbox feature on qemu
28995301b tracing: Remove whitespace from root span
9941588c0 workflow: Removing man-db, workflow kept failing
1b7fd19ac rootfs: Fix chronyd.service failing on boot
71db2dd5b hotplug: add room for future acpi hotplug mechanism
8bb00a3dc dragonball: fix a bug when generating kernel boot args
2aedd4d12 doc: add document for vCPU, api and device
bec22ad01 dragonball: add api module
07f44c3e0 dragonball: add vcpu manager
78c971875 dragonball: add upcall support
7d1953b52 dragonball: add vcpu
468c73b3c dragonball: add kvm context
e89e6507a dragonball: add signal handler
b6cb2c4ae dragonball: add metrics system
e80e0c464 dragonball: add io manager wrapper
86123f49f Merge branch 'main' into runtime-rs
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
f30fe86dc Merge pull request #4456 from Bevisy/fixIssue4454
553ec4611 Merge pull request #4436 from alex-matei/fix/sandbox-mem-overflow
0d33b2880 Merge pull request #4459 from jodh-intel/snap-fix-cli-options
9766a285a Merge pull request #4422 from snir911/dependabot_bumps
90a7763ac snap: Fix debug cli option
d06dd8fcd Merge pull request #4312 from fidencio/topic/pass-the-tuntap-fd-to-clh
a305bafee docs: Update outdated URLs and keep them available
185360cb9 Merge pull request #4452 from GabyCT/topic/updatedeveloperguide
db2a4d6cd Merge pull request #4441 from liubin/fix/refactor-reading-mountstat-log
bee770343 docs: Update containerd url link
ac5dbd859 clh: Improve logging related to the net dev addition
0b75522e1 network: Set queues to 1 to ensure we get the network fds
93b61e0f0 network: Add FFI_NO_PI to the netlink flags
bf3ddc125 clh: Pass the tuntap fds down to Cloud Hypervisor
55ed32e92 clh: Take care of the VmAdNetdPut request ourselves
01fe09a4e clh: Hotplug the network devices
2e0753833 clh: Expose VmAddNetPut
c84a42525 Merge pull request #4442 from openanolis/anolis/fix_safepath_clippy
1d5448fbc Merge pull request #4180 from Alex-Carter01/build-kernel-efi-secret
a80eb33cd Merge pull request #4308 from fidencio/topic/virtiofsd-switch-to-using-the-rust-version-on-all-arches
81acfc128 Merge pull request #4425 from liubin/fix/4376-change-log-level-of-getoomevent
9b93db022 Merge pull request #4417 from jodh-intel/docs-monitor-considerations
1ef0b7ded runtime: Switch to using the rust version of virtiofsd (all but power)
bb26bd73b safe-path: fix clippy warning
1a5ba31cb agent: refactor reading file timing for debugging
721ca72a6 runtime: fix error when trying to parse sandbox sizing annotations
aefe11b9b Merge pull request #4331 from dgibson/config-enable-iommu-annotation
7deb87dcb Merge pull request #4434 from fidencio/topic/bump-virtiofsd-release
f811c8b60 Merge pull request #4431 from jodh-intel/docs-arch-storage-limits
9773838c0 virtiofsd: export env vars needed for building it
b0e090f40 versions: Bump virtiofsd to v1.3.0
db5048d52 kernel: build efi_secret module for SEV
1b845978f docs: Add storage limits to arch doc
412441308 docs: Add more kata monitor details
eff4e1017 shim: change the log level for GetOOMEvent call failures
5d7fb7b7b build(deps): bump github.com/containerd/containerd in /src/runtime
d0ca2fcbb build(deps): bump crossbeam-utils in /src/tools/trace-forwarder
a60dcff4d build(deps): bump regex from 1.5.4 to 1.5.6 in /src/tools/agent-ctl
dbf50672e build(deps): bump crossbeam-utils in /src/tools/agent-ctl
8e2847bd5 build(deps): bump crossbeam-utils from 0.8.6 to 0.8.8 in /src/libs
e9ada165f build(deps): bump regex from 1.5.4 to 1.5.5 in /src/agent
adad9cef1 build(deps): bump crossbeam-utils from 0.8.5 to 0.8.8 in /src/agent
8f10e13e0 config: Allow enable_iommu pod annotation by default
d5ee3fc85 safe-path: fix clippy warning
93c10dfd8 runtime-rs: add crosvm license in Dragonball
dfe6de771 dragonball: add dragonball into kata README
39ff85d61 dragonball: green ci
71f24d827 dragonball: add Makefile.
a1df6d096 Doc: Update Dragonball Readme and add document for device
8619f2b3d dragonball: add virtio vsock device manager.
52d42af63 dragonball: add device manager.
c1c1e5152 dragonball: add kernel config.
6850ef99a dragonball: add configuration manager.
0bcb422fc dragonball: add legacy devices manager
3c45c0715 dragonball: add console manager.
3d38bb300 dragonball: add address space manager.
aff604055 dragonball: add resource manager support.
8835db6b0 dragonball: initial commit

Compatibility with CRI-O

Kata Containers 3.0.0-alpha0 is compatible with CRI-O

Compatibility with containerd

Kata Containers 3.0.0-alpha0 is compatible with contaienrd v1.5.2

OCI Runtime Specification

Kata Containers 3.0.0-alpha0 support the OCI Runtime Specification v1.0.0-rc5

Compatibility with Kubernetes

Kata Containers 3.0.0-alpha0 is compatible with Kubernetes 1.23.1-00

Libseccomp Notices

The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.

• libseccomp

The kata-agent uses the libseccomp v2.5.4 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.

If you want to use the kata-agent which is not statically linked with the library, you can build
a custom kata-agent that does not use the library from sources.
For the details, please check the developer guide.

Kata Linux Containers image

Agent version: 3.0.0-alpha0

Default Image Guest OS:

description: |
Root filesystem disk image used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "ubuntu"
version: "latest"
ppc64le:
name: "ubuntu"
version: "latest"
s390x:
name: "ubuntu"
version: "latest"
x86_64:
name: "clearlinux"
version: "latest"
meta:
image-type: "clearlinux"

Default Initrd Guest OS:

description: |
Root filesystem initrd used to boot the guest virtual
machine.
url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture:
aarch64:
name: "alpine"
version: "3.15"

Do not use Alpine on ppc64le & s390x, the agent cannot use musl because

there is no such Rust target

ppc64le:
name: "ubuntu"
version: "20.04"
s390x:
name: "ubuntu"
version: "20.04"
x86_64:
name: "alpine"
version: "3.15"

Kata Linux Containers Kernel

Kata Containers 3.0.0-alpha0 suggest to use the Linux kernel v5.15.48
See the kernel suggested Guest Kernel patches
See the kernel suggested Guest Kernel config

Installation

Follow the Kata installation instructions.

Issues & limitations

More information Limitations