[Deprecated] v0.10.0

Note:

We are deprecating the v0.10.* versioning and moving to hcsshim/release/0.11 branch for containerd/1.7 hcsshim tags and using v0.12.0-rc.* versioning for tags cut from hcsshim/main for use on containerd/main

What's Changed

• Updated containerd1.7; google.golang.org/protobuf by @helsaawy in #1706
• [ci]Remove Verify-GoModules.ps1 by @helsaawy in #1836
• [deps]Omni-bus dependency upgrade by @helsaawy in #1837
• Replace deprecated github.com/golang/mock by @helsaawy in #1839
• Replace cosesign1 and didx509 resolver with by @MahatiC in #1805
• cimfs support: Add cimfs writer by @ambarve in #927
• Create tools package to isolate dependencies by @helsaawy in #1840
• make sure to close files in dmverity-vhd tool by @anmaxvl in #1770
• use protojson when formatting for logs by @helsaawy in #1844
• policy: extend default networking mounts for standalone containers by @anmaxvl in #1826

New Contributors

• @MahatiC made their first contribution in #1805

Full Changelog: v0.10.0-rc.9...v0.10.0

v0.9.10

What's Changed

• [release/0.9] Add support for platform compatibility check for windows + add windows builds by @kiashok in #1843

Full Changelog: v0.9.8...v0.9.10

v0.10.0-rc.9

What's Changed

• Allow patch dependabot updates by @helsaawy in #1756
• omnibus dependency updates by @helsaawy in #1767
• Checkout appropriate containerd ref by @helsaawy in #1752
• gcs: Support routing container stdio to sidecar by @ashishsachdeva in #1728
• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /test by @dependabot in #1771
• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1772
• Enable guest agent unit tests in the CI by @katiewasnothere in #1773
• formalize ignored (test) dependency updates by @helsaawy in #1769
• Rewrite SCSI support in new package by @kevpar in #1744
• Support flexible LCOW layer parsing and partitioned layers by @kevpar in #1745
• [deps] weekly update by @helsaawy in #1779
• Guest agent support for partitions on SCSI devices by @katiewasnothere in #1747
• SCSI ensure filesystem by @katiewasnothere in #1757
• Update containerd-shim-runhcs-v1 tests by @helsaawy in #1783
• [deps] combine and tidy \test by @helsaawy in #1790
• update tar2ext4 package by @anmaxvl in #1785
• Bump github.com/containerd/ttrpc from 1.1.1 to 1.1.2 by @dependabot in #1791
• Use gh cli to download releases by @helsaawy in #1792
• Add test for support of NFS mount by @ambarve in #1726
• [gcs.test] update scratch space cleanup order by @helsaawy in #1794
• [func.test]update lcow layer processing by @helsaawy in #1795
• tests: fix uvm resources update tests by @anmaxvl in #1796
• tests: add rego e2e tests for dump_stacks and get_properties by @anmaxvl in #1793
• Minor fixes to SCSI mount operation by @ambarve in #1798
• [ci] Enable caching for proto and integration jobs by @helsaawy in #1755
• [ci] Fix integration test failure by @helsaawy in #1799
• Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #1800
• Version control and vendor mockgen by @helsaawy in #1802
• Revert image name change in the ArgsEscaped test by @ambarve in #1804
• Add support for NetworkConfigProxy v0 and v1 api by @katiewasnothere in #1797
• Support v0 and v1 nodenetsvc api for ncproxy by @katiewasnothere in #1806
• Add deprecated option to all types and fields for ncproxy v0 apis by @katiewasnothere in #1809
• When fetching the pid counts for the container the state can be invalid sometimes by @jsturtevant in #1807
• skip failing test, use gotestsum by @helsaawy in #1820
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #1818
• Bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #1817
• Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26 by @dependabot in #1812
• Add support for platform compatibility check for windows by @kiashok in #1821

New Contributors

• @ashishsachdeva made their first contribution in #1728

Full Changelog: v0.10.0-rc.8...v0.10.0-rc.9

v0.10.0-rc.8

What's Changed

• Adding policy enforcement for User. by @matajoh in #1669
• Bump golang.org/x/sys from 0.5.0 to 0.6.0 in /test by @dependabot in #1685
• Fix silly error whereby a chain was required although unnecessary. by @KenGordon in #1682
• github-ci: use go1.19.x by @anmaxvl in #1689
• Bump github.com/containerd/ttrpc from 1.1.0 to 1.2.1 in /test by @dependabot in #1693
• tests: rego exec in uvm cri integration tests by @anmaxvl in #1648
• Fix graceful termination test errors by @kiashok in #1687
• Logging (JSON) formatting; span export by @helsaawy in #1364
• Bump actions/setup-go from 3 to 4 by @dependabot in #1696
• Fix "no matches" test that can somewhat easily match by @SeanTAllen in #1684
• Update dependencies by @helsaawy in #1697
• tests: add tests for concurrent pod startup by @anmaxvl in #1639
• Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 in /test by @dependabot in #1700
• Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 by @dependabot in #1701
• Adding policy for Linux capabilities. by @matajoh in #1683
• NCProxy: attach to host and macpool by @helsaawy in #1591
• Update golangci linter and clean go mod cache by @katiewasnothere in #1707
• Seccomp profile policy enforcement. by @matajoh in #1705
• upgrade runc dependency by @helsaawy in #1714
• Clarifying SVN vs. Version. by @matajoh in #1715
• sev-snp: add SEV device when security policy is present by @anmaxvl in #1679
• tests: Add rego cri-integration tests for plan9 mount policy. by @anmaxvl in #1651
• con-con: write policy, reference info and cert to container's rootfs by @anmaxvl in #1708
• Moving to structured JSON policy decisions. by @matajoh in #1718
• hack: add blanket retries on device-mapper failures with SCSI by @anmaxvl in #1720
• negative rego cri-integration tests by @anmaxvl in #1719
• tests: fix error assertion and container layer sha256 by @anmaxvl in #1725
• Create new test packages that reference internal packages by @katiewasnothere in #1704
• Make sure that security context files are readable by all by @jumaffre in #1729
• Switch from filepath.EvalSymlinks to fs.ResolvePath by @helsaawy in #1644
• Policy decision truncation. by @matajoh in #1731
• Fixing the errors for missing enforcement points by @matajoh in #1735
• tests: write seccomp profile to a temporary file by @anmaxvl in #1736
• Add code to format disk as ext4 in guest by @katiewasnothere in #1717
• Adding padding to base64 encoded policy decisions by @matajoh in #1738
• fix: bug potentially not removing RW device. by @anmaxvl in #1737
• Consolidate dependabot updates by @helsaawy in #1748
• [bug] Consolidate dependabot updates by @helsaawy in #1749
• Remove UVM/container cloning functionality by @kevpar in #1740
• gcs: Add SCSIDevice type with remove operation by @kevpar in #1741
• Remove dependence on GetScsiUvmPath function by @kevpar in #1742
• Rework layer handling to return a ResourceCloser by @kevpar in #1743
• Remove godeps from makefile by @helsaawy in #1750
• slice bounds and nil VM access fix by @helsaawy in #1754

New Contributors

• @jumaffre made their first contribution in #1729

Full Changelog: v0.10.0-rc.7...v0.10.0-rc.8

v0.9.8

What's Changed

• [release/0.9] Fix graceful termination test errors (#1687) by @kiashok in #1695

Full Changelog: v0.9.7...v0.9.8

v0.10.0-rc.7

What's Changed

• Provide error message when allow_stdio_access creates and undecideable error by @SeanTAllen in #1662
• Make a couple tests match the naming convention around them by @SeanTAllen in #1664
• Update selectContainerFromConstraints to work on a container list by @SeanTAllen in #1645
• Bump golang.org/x/net from 0.5.0 to 0.7.0 in /test by @dependabot in #1666
• Provide error message when the lack of required environment variable causes policy denial by @SeanTAllen in #1661
• tests: rego policy exec in container tests by @anmaxvl in #1635
• Fix compilation error caused by "PRs crossing in the night" by @SeanTAllen in #1668
• Adding support and policy enforcement for NoNewPrivileges. by @matajoh in #1652
• Bump golang.org/x/net from 0.1.0 to 0.7.0 by @dependabot in #1667
• Format encrypted scratch disk as xfs rather than ext4fs by @KenGordon in #1665
• Wait longer before trying to install mingw after failing to install by @SeanTAllen in #1670
• osversion: implement stringer interface, deprecate ToString() by @thaJeztah in #1547
• Bump actions/upload-artifact from 2 to 3 by @dependabot in #1677
• Bump actions/checkout from 2 to 3 by @dependabot in #1676
• Bump github.com/opencontainers/runtime-tools from 0.0.0-20181011054405-1d69bd0f9c39 to 0.9.0 in /test by @dependabot in #1674
• Use gotestsum to get test summary by @helsaawy in #1678
• simplify zeroDevice to just zero first block by @anmaxvl in #1672
• Base layer manipulation by @gabriel-samfira in #1637

Full Changelog: v0.10.0-rc.6...v0.10.0-rc.7

v0.9.7

What's Changed

• [release/0.9] Retain pause.exe as entrypoint for default pause images by @kiashok in #1634
• [release/0.9] wcow: support graceful termination of servercore containers (#1416) by @kiashok in #1640

Full Changelog: v0.9.6...v0.9.7

v0.10.0-rc.6

fix: temp file leak during hash computation (#1641)

Fix a temp file leak when computing dmverity root hash. This
mainly affects `dmverity-vhd` tool and users may see their temp
storage filling up.

Signed-off-by: Maksim An <[email protected]>

v0.10.0-rc.5

What's Changed

• Add logic to cleanup the oci bundle root dir on container delete by @katiewasnothere in #1597
• Retain pause.exe as entrypoint for default pause images by @kiashok in #1615
• Add missing AllowElevated policy check when creating a container by @SeanTAllen in #1624
• rego enforcer: trim whitespaces from fragment namespace name by @anmaxvl in #1627
• Make LCOWPrivileged annotation more resilient to change by @SeanTAllen in #1628
• fix snp-report: fake-report flag is now correctly parsed by @anmaxvl in #1626
• API Data and Framework Versioning. by @matajoh in #1622
• rego: fix slightly incorrect sandbox and hugepage mounts enforcement by @anmaxvl in #1625
• Fragment COSE Sign1 support. by @KenGordon in #1575
• Bump github.com/containerd/cgroups from 1.0.3 to 1.1.0 in /test by @dependabot in #1631
• Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 in /test by @dependabot in #1632
• Bump google.golang.org/grpc from 1.51.0 to 1.52.3 in /test by @dependabot in #1633
• Bump golang.org/x/sys from 0.3.0 to 0.4.0 in /test by @dependabot in #1612
• Bump github.com/containerd/cgroups from 1.0.3 to 1.1.0 by @dependabot in #1630
• Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 by @dependabot in #1629
• internal/tools/securitypolicy: switch to github.com/pelletier/go-toml by @thaJeztah in #1620
• Add retry to install mingw by @helsaawy in #1636
• test: Add CRI benchmarks for container operations by @helsaawy in #1569

Full Changelog: v0.10.0-rc.4...v0.10.0-rc.5

v0.10.0-rc.4

What's Changed

• Updating dependencies by @helsaawy in #1607
• policy: do not set policy to open door if none is provided by @anmaxvl in #1572
• wcow: support graceful termination of servercore containers by @kiashok in #1416
• Add 20H2 container image to test constants by @helsaawy in #1611
• Remove goversioninfo from tools.go by @helsaawy in #1616
• Adding a simulator + regopolicyinterpreter. by @matajoh in #1558
• adding tarball support for generating root layer hashes by @SethHollandsworth in #1600

Full Changelog: v0.10.0-rc.3...v0.10.0-rc.4