Releases: microsoft/hcsshim
Releases · microsoft/hcsshim
v0.9.3
v0.8.24
v0.9.2
What's Changed
- [release/0.9] Ignore ERROR_ACCESS_DENIED on Kill (#1252) by @gabriel-samfira in #1262
- [release/0.9] Backport TTY support for Host Process Containers by @dcantah in #1261
- [release/0.9] Wait for waitInitExit() to return #1249 by @gabriel-samfira in #1264
- [release/0.9] Add ws2022 image/build to cri-containerd tests (#1160) by @dcantah in #1274
- [release/0.9] Make kill noop on second run by @gabriel-samfira in #1275
- [release/0.9] Add ErrInvalidHandle and fix list stats by @gabriel-samfira in #1277
New Contributors
Full Changelog: v0.9.1...v0.9.2
v0.9.1
v0.8.23
v0.9.0
What's New
- The runhcs containerd shim now supports launching Host Process containers.
- LCOW layers can now be encrypted via dmverity.
- Process dumps can now be generated for WCOW and LCOW via an OCI annotation.
- LCOW container execs now run as whatever user the container was launched as, unless the spec was overridden with a different user.
- Shared memory is now configurable via an OCI annotation.
- WCOW supports extensible virtual disks as data disks.
- LCOW supports hugepage mounts if the kernel used is built with this support.
See the Changelog for the full list of changes!
Bug Fixes
- Fix duplicate "failed" in HCS error strings.
- Get rid of redundant logs in HCN version range checks.
- HNS v1 policy schemas now have correct omitEmpty fields.
See the Changelog for the full list of changes!
Changelog
- Enable scratch space encryption via annotation by @anmaxvl in #1095
- Enforce security policy at unmount by @SeanTAllen in #1162
- Make policy environment variable rules consts by @SeanTAllen in #1164
- Remove unused variable by @SeanTAllen in #1165
- Update naming in internal security policy tool by @SeanTAllen in #1166
- Rename variable in SecurityPolicyEnforcer by @SeanTAllen in #1168
- Rename EnforceStartContainerPolicy by @SeanTAllen in #1169
- fix vmAccess param usage in AddSCSI by @anmaxvl in #1167
- Change internal data structure in SecurityPolicyEnforcer by @SeanTAllen in #1171
- Update kernel driver annotation for accuracy by @katiewasnothere in #1172
- Rework how working directories function for job containers by @dcantah in #1137
- Add WCOW sandbox mount support by @dcantah in #1087
- Add support for passing in a virtual function index to assign pci device by @katiewasnothere in #1163
- Set PATHEXT for job containers to handle binaries with no extension by @dcantah in #1174
- Add process dump functionality for WCOW/LCOW by @dcantah in #1062
- Update json format for security policy by @SeanTAllen in #1173
- Rework LCOW username setup/exec behavior by @dcantah in #1178
- Refactor pod config generation in tests by @anmaxvl in #1180
- tests: Fix tests that used old pullRequiredLCOWImages func name by @anmaxvl in #1183
- Remove unused definitions in winapi by @dcantah in #1181
- Also run tests on Windows Server 2022 GitHub Runner by @TBBle in #1176
- tests: Fix ExecUser LCOW tests using old function signature by @anmaxvl in #1184
- Add unit tests for computeagent by @katiewasnothere in #1182
- Bump github.com/containerd/containerd from 1.5.4 to 1.5.7 in /test by @dependabot in #1185
- Bump github.com/containerd/containerd from 1.5.4 to 1.5.7 by @dependabot in #1186
- Add compute agent store for ncproxy reconnect by @katiewasnothere in #1097
- Update names of ncproxy proxy resources with test name included by @katiewasnothere in #1189
- Merge Microsoft/opengcs and Microsoft/hcsshim by @dcantah in #973
- Run late clone tests on 20H2+ builds only. by @ambarve in #1028
- Fix bug with VSMB & SCSI mounts on the same host path by @ambarve in #1021
- Support for storage space data disks by @ambarve in #998
- Add option to set no direct map by default on wcow VSMB devices by @katiewasnothere in #1030
- Read max 1MB data from panic.log by @ambarve in #1029
- Change Makefile file type from crlf to lf by @katiewasnothere in #1031
- support pod and container updates by @katiewasnothere in #931
- Add new flags to integration tests to specify virtstack by @dcantah in #1019
- Change VSMBNoDirectMap_WCOW_Hypervisor test to fix CI break by @dcantah in #1033
- fix break in cpu groups test on machines with build < 20124 by @katiewasnothere in #1036
- lf line endingify stray opengcs files by @dcantah in #1032
- Remotevm UVM implementation by @dcantah in #1023
- VHD with dm-verity by @SeanTAllen in #985
- Add tests for LCOW shared scratch space work by @dcantah in #955
- shim: Clean up delete invocation behavior by @kevpar in #1041
- Remove internal GCS connection functionality by @dcantah in #1038
- Add instructions to build containerd-shim and gcs binaries by @dcantah in #1034
- Add DnsSettings to ncproxy CreateEndpointRequest by @dcantah in #1026
- use requested stdio in call to exec in shim host by @katiewasnothere in #1044
- Added Support for NestedIpSet type in SetPolicy and a new Network Policy called NetworkACL policy by @netal in #1045
- Add DNSDomain to hns endpoint object by @dcantah in #1047
- add logic to stack lcow layers on a single VPMEM device by @anmaxvl in #930
- Read vhd verity footer by @anmaxvl in #1008
- fix wrong error logged when dm-verity footer read fails by @anmaxvl in #1054
- Get rid of redundant logs in HCN version range checks by @dcantah in #1053
- Add containerd-shim plumbing for job containers by @dcantah in #962
- Fix functional tests build and revendor by @katiewasnothere in #1063
- Remove ERROR_PROC_NOT_FOUND from error checks by @kevpar in #1064
- export annotations for use in test suite by @katiewasnothere in #1061
- Support specifying a specific logrus log level for shim log output by @dcantah in #1058
- Support registering and unregistering ncproxy as a Windows service by @dcantah in #1046
- Bump containerd to 1.5.2 by @aledbf in #1068
- Add missing 'functional' tag to test source by @TBBle in #1069
- Add support to dump stacks for ncproxy when requested by @katiewasnothere in #1070
- Fix lost span attribute for NameToGuid by @TBBle in #1071
- Remove leftover generated HCS2 schema file by @TBBle in #1074
- Add volume mount support for job containers by @dcantah in #1057
- Gate CRI update container tests behind feature flag by @dcantah in #1079
- Updating HNS v1 policy schemas with correct omitEmpty fields by @elweb9858 in #1078
- Fix relative paths (with dot) not working for job containers by @dcantah in #1081
- Add support for reading in device extension files for container create hcs document by @katiewasnothere in #1060
- Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 in /test by @dependabot in #1082
- Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 by @dependabot in #1083
- Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc95 by @dependabot in #1084
- tests: increase opengcs tests verbosity by @anmaxvl in #1088
- make container's shared memory configurable via annotation by @anmaxvl in #1052
- Support for extensible virtual disks as data disks by @ambarve in #1039
- Minor bug fixes by @ambarve in #1093
- Add support to encrypt SCSI scratch disks with dm-crypt by @AntonioND in #1090
- Add basis for allowing the creation of configuration enforcement in gcs by @SeanTAllen in #1094
- Add retry around wclayer operations for...
v0.8.22
Dependencies
- Revert containerd/containerd dependency to 1.4.9 to avoid some circular dependency issues in Kubernetes. See kubernetes/kubernetes#104827
v0.8.21
Packages
- Adjusted behavior in the
github.com/microsoft/hcsshim/hcn
package where logs were being generated on every invocation of any of thehcn.XSupported
methods orhcn.GetSupportedFeatures
. There's now only one log printed on the first invocation of any of the methods. - Add a new
GetCachedSupportedFeatures
to thegithub.com/microsoft/hcsshim/hcn
package. This optimizes for scenarios where multiple calls are made to check if certain features are supported by caching the very first result from HCN. - Add a new
GetHNSEndpointStats
function to thegithub.com/microsoft/hcsshim/
package. This allows statistics about the hns endpoint to be queried.
Bug Fixes/Misc.
- Add a best effort fix to remedy some errors seen during container layer setup on RS5 (Windows Server 2019). See #919
v0.8.20
v0.8.18
Shim
- Fix behavior when the shim is invoked with the "delete" command line argument. Previously we would try and delete the bundle directory ourselves as well as shutdown a sandbox container for a pod in the delete path. This unveiled an issue where if delete was called on an application container in a pod, it would bring down the whole pod.