Releases: microsoft/hcsshim
Releases · microsoft/hcsshim
v0.11.2
v0.11.1
What's Changed
- Fix closing stdin (#1899) by @rumpl
- defaulting to unbuffered reader for dmverity hashing (#1887) by @SethHollandsworth
- Cleanup tests that are skipped in CI by @kiashok
- skip failing test, use gotestsum (#1820) by @helsaawy
- fix integration test failure (#1799) by @helsaawy
- update to latest containerd/1.6 tag v1.6.23 by @kiashok
Full Changelog: v0.11.0...v0.11.1
v0.11.0
Note: This is the first tag from release/0.11 branch and release/0.11 branch is based off of v0.10.0-rc.8 tag. Tags cut from release/0.11 branch is intended to be used on containerd release/1.7
What's Changed
- Add test network agent for ncproxy dev work by @katiewasnothere in #1067
- Support restarting containerd in tests, add restart test case by @kevpar in #1188
- Export hcsshim annotations into its own package by @anmaxvl in #1201
- Extend integrity protection of LCOW layers to SCSI devices by @anmaxvl in #1170
- Remove block preventing us from making hardlinks to symlinks by @katiewasnothere in #1187
- Fix LayerData not being usable for ComputeStorage package by @dcantah in #1203
- tests: Add CRI tests for integrity protection of LCOW layers by @anmaxvl in #1193
- Fix commandline double quoting for job containers by @dcantah in #1207
- Support updating cpugroup membership by @katiewasnothere in #1202
- Add reconnect logic for stdio pipes by @dcantah in #1197
- Add support for finding net adapters that were assigned with vpci by @katiewasnothere in #1196
- Support booting isolated SNP from a GuestStateFile rather than separate kernel/initrd. by @KenGordon in #1206
- Add tool to install modules in lcow and plumb through shim by @katiewasnothere in #1195
- Add retries when removing device mapper target by @anmaxvl in #1200
- Handling of out-of-order whiteout files during tar expansion by @ambarve in #1218
- Fix permissions issues with sandbox mounts by @katiewasnothere in #1211
- Update readme to list accurate go version by @dcantah in #1220
- Pass disk handle for computestorage.FormatWritableLayerVhd on RS5 by @dcantah in #1204
- go.mod: Bump ttrpc to 1.1.0 by @dcantah in #1223
- Update the Type field name to PolicyType for SetPolicy by @netal in #1194
- Add DefaultContainerAnnotations runhcs option by @anmaxvl in #1210
- security policy appended to container's environment variables by @svolos in #1219
- Add 21H2 definitions to osversion package by @dcantah in #1205
- Rework merkle tree implementation to use io.Reader instead of byte array by @anmaxvl in #1209
- Time synchronization inside LCOW UVM by @ambarve in #1119
- Set default time zone for WCOW UVM by @dcantah in #1192
- Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 by @dependabot in #1231
- Restructure location of various ncproxy apis by @katiewasnothere in #1216
- Fix ReadExt4SuperBlock function by @anmaxvl in #1229
- Support assigning devices into LCOW by @katiewasnothere in #1215
- Add ws2022 image/build to cri-containerd tests by @dcantah in #1160
- Update ncproxy API and adjust hcn support by @katiewasnothere in #1212
- Add function to write hash device by @anmaxvl in #1235
- Add conpty (pseudo console) package by @dcantah in #1228
- Revendor in /test and remove dead code by @dcantah in #1244
- Add E2E test for pulling images with unorderd tar by @ambarve in #1238
- Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2 in /test by @dependabot in #1247
- Add new exec package for host process containers by @dcantah in #1233
- Swap to the internal/exec pkg for host process containers by @dcantah in #1248
- HCS fixes for HclEnabled and guest state file type. by @KenGordon in #1250
- Rename conpty.New to conpty.Create by @dcantah in #1254
- Ignore access denied on HcsTerminateProcess by @gabriel-samfira in #1252
- Change redundant conpty.ConPTY struct name by @dcantah in #1259
- Fix deferred os.Umask usage in loops by @anmaxvl in #1256
- Rework TestPseudoConsolePowershell by @dcantah in #1255
- Add endpoint settings to add nic call by @katiewasnothere in #1246
- Wait for waitInitExit() to return by @gabriel-samfira in #1249
- Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 in /test by @dependabot in #1265
- Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 by @dependabot in #1266
- Make kill noop on second run by @gabriel-samfira in #1269
- Rework process dump cri-containerd tests by @dcantah in #1267
- Add ErrInvalidHandle and fix list stats by @gabriel-samfira in #1276
- Fix ReadDMVeritySuperBlock function by @anmaxvl in #1257
- Update Go module version to 1.17 by @dcantah in #1222
- Add new service for querying compute systems' information by @katiewasnothere in #1243
- Fix Test_ExtendedTask_ProcessorInfo CRI test by @anmaxvl in #1283
- Update ncproxy to include new ncproxy network and endpoint types by @katiewasnothere in #1239
- Add logging to layer retry code path by @dcantah in #1281
- Skip flaky TestPseudoConsolePowershell by @dcantah in #1285
- Fix checkptr error with > 1 process in job object by @dcantah in #1284
- Refactor code for security policy by @anmaxvl in #1279
- shim: Don't shadow err return in createPod by @kevpar in #1288
- Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 by @dependabot in #1241
- Bug fix with runc container lifetime management by @helsaawy in #1272
- Shutdown hcsshim properly by @helsaawy in #1289
- Expand env variables for job containers to job mount path by @jsturtevant in #1292
- Enable gofmt in linter by @dcantah in #1293
- Delete shim workloads tasks in pod. by @helsaawy in #1271
- Add new guest request/resource packages by @anmaxvl in #1240
- Fix Network Namespace Bug For Ctr by @dcantah in #1270
- Fix comment placement for layers.MountContainerLayers by @dcantah in #1295
- Cleanup 'getUserTokenInheritAnnotation' by @dcantah in #1294
- Fix bugs in network setup introduced by a refactor PR by @anmaxvl in #1299
- Put Linux build tag on /internal/guest/transport/vsock.go by @dcantah in #1301
- Skip test for updating VM cpugroup membership for now by @katiewasnothere in #1298
- Linux GCS: Log disk info on ENOSPC errors by @dcantah in #1297
- Disable unsafe container options by @helsaawy in #1260
- Add local user account creation for host process containers by @dcantah in #1286
- all: fix typo by @cuishuang in #1310
- test: use
T.TempDir
to create temporary test directory by @Juneezee in #1308 - Replace winapi GetQueuedCompletionStatus bind with x/sys/windows by @dcantah in #1307
- fix lint issue by @anmaxvl in #1314
- Bump github.com/containerd/containerd from 1.5.9 to 1.5.10 by @dependabot in #1313
- Working directory enforcement by @anmaxvl in #1305
- Scrubbing env vars from logs by @helsaawy in #1315
- Add helper functions for generating security policy and setup CRI tests by @...
v0.12.0-rc.0
What's Changed
- tests: rego
get_properties
functional test by @anmaxvl in #1803 - cimfs: Add Offline registry API wrappers and export constants by @ambarve in #1842
- Add support for nodenetsvc v0 and readme to test network agent by @katiewasnothere in #1824
- Allow tar2ext4 to convert slashes by @helsaawy in #1847
- Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 by @dependabot in #1845
- disable fail fast on windows tests by @helsaawy in #1851
- Bump github.com/opencontainers/runtime-spec from 1.1.0-rc.3 to 1.1.0 by @dependabot in #1852
- Use RtlGetVersion instead of GetVersion by @ambarve in #1846
- Add exec benchmarks by @helsaawy in #1855
- Bump google.golang.org/grpc from 1.56.2 to 1.57.0 in /test by @dependabot in #1859
- Fall back on json encoding from protojson by @helsaawy in #1864
- [ci] Update testing jobs by @helsaawy in #1854
- Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 in /test by @dependabot in #1869
- Bump golang.org/x/sys from 0.10.0 to 0.11.0 in /test by @dependabot in #1868
- Bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #1856
- retry device mapper and cryptsetup errors by @anmaxvl in #1721
- computestorage: Fix incorrect syscall in DestroyLayer by @kevpar in #1872
- cimfs: Add helpers for retrieving partition information from a vhdx by @ambarve in #1850
- Add more go vet checks by @helsaawy in #1849
- Allow setting HclEnabled to false by @darracott in #1862
- Fix SVN reference in policy readme by @BryceDFisher in #1877
New Contributors
- @darracott made their first contribution in #1862
- @BryceDFisher made their first contribution in #1877
Full Changelog: v0.10.0...v0.12.0-rc.0
[Deprecated] v0.10.0
Note:
We are deprecating the v0.10.* versioning and moving to hcsshim/release/0.11 branch for containerd/1.7 hcsshim tags and using v0.12.0-rc.* versioning for tags cut from hcsshim/main for use on containerd/main
What's Changed
- Updated containerd1.7; google.golang.org/protobuf by @helsaawy in #1706
- [ci]Remove
Verify-GoModules.ps1
by @helsaawy in #1836 - [deps]Omni-bus dependency upgrade by @helsaawy in #1837
- Replace deprecated github.com/golang/mock by @helsaawy in #1839
- Replace cosesign1 and didx509 resolver with by @MahatiC in #1805
- cimfs support: Add cimfs writer by @ambarve in #927
- Create tools package to isolate dependencies by @helsaawy in #1840
- make sure to close files in dmverity-vhd tool by @anmaxvl in #1770
- use protojson when formatting for logs by @helsaawy in #1844
- policy: extend default networking mounts for standalone containers by @anmaxvl in #1826
New Contributors
Full Changelog: v0.10.0-rc.9...v0.10.0
v0.9.10
v0.10.0-rc.9
What's Changed
- Allow patch dependabot updates by @helsaawy in #1756
- omnibus dependency updates by @helsaawy in #1767
- Checkout appropriate containerd ref by @helsaawy in #1752
- gcs: Support routing container stdio to sidecar by @ashishsachdeva in #1728
- Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /test by @dependabot in #1771
- Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1772
- Enable guest agent unit tests in the CI by @katiewasnothere in #1773
- formalize ignored (test) dependency updates by @helsaawy in #1769
- Rewrite SCSI support in new package by @kevpar in #1744
- Support flexible LCOW layer parsing and partitioned layers by @kevpar in #1745
- [deps] weekly update by @helsaawy in #1779
- Guest agent support for partitions on SCSI devices by @katiewasnothere in #1747
- SCSI ensure filesystem by @katiewasnothere in #1757
- Update containerd-shim-runhcs-v1 tests by @helsaawy in #1783
- [deps] combine and tidy
\test
by @helsaawy in #1790 - update tar2ext4 package by @anmaxvl in #1785
- Bump github.com/containerd/ttrpc from 1.1.1 to 1.1.2 by @dependabot in #1791
- Use
gh
cli to download releases by @helsaawy in #1792 - Add test for support of NFS mount by @ambarve in #1726
- [gcs.test] update scratch space cleanup order by @helsaawy in #1794
- [func.test]update lcow layer processing by @helsaawy in #1795
- tests: fix uvm resources update tests by @anmaxvl in #1796
- tests: add rego e2e tests for dump_stacks and get_properties by @anmaxvl in #1793
- Minor fixes to SCSI mount operation by @ambarve in #1798
- [ci] Enable caching for proto and integration jobs by @helsaawy in #1755
- [ci] Fix integration test failure by @helsaawy in #1799
- Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #1800
- Version control and vendor mockgen by @helsaawy in #1802
- Revert image name change in the ArgsEscaped test by @ambarve in #1804
- Add support for NetworkConfigProxy v0 and v1 api by @katiewasnothere in #1797
- Support v0 and v1 nodenetsvc api for ncproxy by @katiewasnothere in #1806
- Add deprecated option to all types and fields for ncproxy v0 apis by @katiewasnothere in #1809
- When fetching the pid counts for the container the state can be invalid sometimes by @jsturtevant in #1807
- skip failing test, use gotestsum by @helsaawy in #1820
- Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #1818
- Bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #1817
- Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26 by @dependabot in #1812
- Add support for platform compatibility check for windows by @kiashok in #1821
New Contributors
- @ashishsachdeva made their first contribution in #1728
Full Changelog: v0.10.0-rc.8...v0.10.0-rc.9
v0.10.0-rc.8
What's Changed
- Adding policy enforcement for User. by @matajoh in #1669
- Bump golang.org/x/sys from 0.5.0 to 0.6.0 in /test by @dependabot in #1685
- Fix silly error whereby a chain was required although unnecessary. by @KenGordon in #1682
- github-ci: use go1.19.x by @anmaxvl in #1689
- Bump github.com/containerd/ttrpc from 1.1.0 to 1.2.1 in /test by @dependabot in #1693
- tests: rego exec in uvm cri integration tests by @anmaxvl in #1648
- Fix graceful termination test errors by @kiashok in #1687
- Logging (JSON) formatting; span export by @helsaawy in #1364
- Bump actions/setup-go from 3 to 4 by @dependabot in #1696
- Fix "no matches" test that can somewhat easily match by @SeanTAllen in #1684
- Update dependencies by @helsaawy in #1697
- tests: add tests for concurrent pod startup by @anmaxvl in #1639
- Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 in /test by @dependabot in #1700
- Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 by @dependabot in #1701
- Adding policy for Linux capabilities. by @matajoh in #1683
- NCProxy: attach to host and macpool by @helsaawy in #1591
- Update golangci linter and clean go mod cache by @katiewasnothere in #1707
- Seccomp profile policy enforcement. by @matajoh in #1705
- upgrade runc dependency by @helsaawy in #1714
- Clarifying SVN vs. Version. by @matajoh in #1715
- sev-snp: add SEV device when security policy is present by @anmaxvl in #1679
- tests: Add rego cri-integration tests for plan9 mount policy. by @anmaxvl in #1651
- con-con: write policy, reference info and cert to container's rootfs by @anmaxvl in #1708
- Moving to structured JSON policy decisions. by @matajoh in #1718
- hack: add blanket retries on device-mapper failures with SCSI by @anmaxvl in #1720
- negative rego cri-integration tests by @anmaxvl in #1719
- tests: fix error assertion and container layer sha256 by @anmaxvl in #1725
- Create new test packages that reference internal packages by @katiewasnothere in #1704
- Make sure that security context files are readable by all by @jumaffre in #1729
- Switch from filepath.EvalSymlinks to fs.ResolvePath by @helsaawy in #1644
- Policy decision truncation. by @matajoh in #1731
- Fixing the errors for missing enforcement points by @matajoh in #1735
- tests: write seccomp profile to a temporary file by @anmaxvl in #1736
- Add code to format disk as ext4 in guest by @katiewasnothere in #1717
- Adding padding to base64 encoded policy decisions by @matajoh in #1738
- fix: bug potentially not removing RW device. by @anmaxvl in #1737
- Consolidate dependabot updates by @helsaawy in #1748
- [bug] Consolidate dependabot updates by @helsaawy in #1749
- Remove UVM/container cloning functionality by @kevpar in #1740
- gcs: Add SCSIDevice type with remove operation by @kevpar in #1741
- Remove dependence on GetScsiUvmPath function by @kevpar in #1742
- Rework layer handling to return a ResourceCloser by @kevpar in #1743
- Remove godeps from makefile by @helsaawy in #1750
- slice bounds and nil VM access fix by @helsaawy in #1754
New Contributors
Full Changelog: v0.10.0-rc.7...v0.10.0-rc.8
v0.9.8
v0.10.0-rc.7
What's Changed
- Provide error message when allow_stdio_access creates and undecideable error by @SeanTAllen in #1662
- Make a couple tests match the naming convention around them by @SeanTAllen in #1664
- Update selectContainerFromConstraints to work on a container list by @SeanTAllen in #1645
- Bump golang.org/x/net from 0.5.0 to 0.7.0 in /test by @dependabot in #1666
- Provide error message when the lack of required environment variable causes policy denial by @SeanTAllen in #1661
- tests: rego policy exec in container tests by @anmaxvl in #1635
- Fix compilation error caused by "PRs crossing in the night" by @SeanTAllen in #1668
- Adding support and policy enforcement for NoNewPrivileges. by @matajoh in #1652
- Bump golang.org/x/net from 0.1.0 to 0.7.0 by @dependabot in #1667
- Format encrypted scratch disk as xfs rather than ext4fs by @KenGordon in #1665
- Wait longer before trying to install mingw after failing to install by @SeanTAllen in #1670
- osversion: implement stringer interface, deprecate ToString() by @thaJeztah in #1547
- Bump actions/upload-artifact from 2 to 3 by @dependabot in #1677
- Bump actions/checkout from 2 to 3 by @dependabot in #1676
- Bump github.com/opencontainers/runtime-tools from 0.0.0-20181011054405-1d69bd0f9c39 to 0.9.0 in /test by @dependabot in #1674
- Use gotestsum to get test summary by @helsaawy in #1678
- simplify zeroDevice to just zero first block by @anmaxvl in #1672
- Base layer manipulation by @gabriel-samfira in #1637
Full Changelog: v0.10.0-rc.6...v0.10.0-rc.7