MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-12-13 21:55:23 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,857 Commits 38 Branches 0 Tags 10 MiB
HTML 30.4%
BitBake 26.9%
C++ 17.6%
PHP 8.8%
Python 6.4%
Other 9.9%
3fdf80a484
Go to file
Bruce Ashfield 3fdf80a484 runc: update to v1.4.0-rc.2 
Bumping runc to version v1.4.0-rc.2-13-g13a5c4ed, which comprises the following commits:

    ae199719 ci: only run lint-extra job on PRs to main
    8bb53e42 ci: bump golangci-lint to v2.5
    52ee0fed all: format sources with gofumpt v0.9.1
    61070cc0 CI: remove deprecated lima-vm/lima-actions/ssh
    42b405d5 libct: refactor setnsProcess.start
    e8e22ae1 libct: close child fds on prepareCgroupFD error
    5aa229f7 [1.4] libct: switch to (*CPUSet).Fill
    18fbdbe9 [1.4] deps: update to golang.org/x/sys@v0.37.0
    46331735 VERSION: back to development
    8aeb2a4b VERSION: release v1.4.0-rc.2
    a2f2cf31 CHANGELOG: add note about cpu shares changes
    0b8a41e3 fix(seccompagent): close received FDs, not loop index
    1f9157d6 libcontainer/intelrdt: add support for EnableMonitoring field
    d792f9fd [1.4] runc exec: use CLONE_INTO_CGROUP when available
    33382519 [1.4] libct: use manager.AddPid to add exec to cgroup
    7db9930f [1.4] libct: move exec sub-cgroup handling down the line
    f19a4c71 [1.4] libct: split addIntoCgroup into V1 and V2
    207a497c [1.4] libct: factor out addIntoCgroup from setnsProcess.start
    c443aee7 [1.4] script/setup_rootless.sh: chown nit
    910f1345 [1.4] Add memory policy support
    12ed7f73 [1.4] events/intelrdt: report full schemata
    517e7996 [1.4] libcontainer/intelrdt: add support for Schemata field
    3009f9d7 [1.4] libcontainer/intelrdt: refactor tests
    a0858eaf [1.4] Update runtime-spec
    fb0268a0 libcontainer: remove deprecated package "userns"
    edef954c test: runc run with personality syscall blocked by seccomp
    a6efa62d libct: setup personality before initializing seccomp
    b72f4a8d tests/int/cgroups: Use 64K aligned limits for memory.max
    bce56e00 libcontainer/validator: allow setting user.* sysctls inside userns
    6297cb16 [1.4] VERSION: back to development
    b2ec7f92 VERSION: release v1.4.0-rc.1
    081b8c25 CHANGELOG: forward-port v1.3.1 changelog
    1931ebf7 CHANGELOG: forward-port v1.2.7 changelog
    edc2eb60 build(deps): bump actions/setup-go from 5 to 6
    779c9e1d libct: user: remove deprecated module
    c04d9c44 ci/validate: add modernize run
    76281949 libcontainer/configs/validate: add doc.go
    ba68a17a libcontainer/configs: add validator unit tests for intelRdt
    b8a83ac2 libcontainer/intelrdt: support explicit assignment to root CLOS
    89e59902 Modernize code for Go 1.24
    b042b6d4 types/events: use omitzero where appropriate
    26602650 Add go 1.25, require go 1.24
    237cc980 libct/sys/rlimit_linux: drop go:build tag
    a38f42ab tests/int/help: simplify and fix
    c5e7bc87 tests/int/selinux: fix for non-standard binary name
    121192ad libct: reset CPU affinity by default
    d1f6acfa tests: add RUNC_CMDLINE for tests incompatible with functions
    ea385de4 tests: add sane_run helper
    a8faf925 CHANGELOG: document breaking change of runc update
    a876347d build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0
    eedec9c5 build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8
    96f4a90a Switch to packaged criu on arm
    9e0f9890 ci: bump golangci-lint to v2.4.x
    cfb22c9a build(deps): bump actions/checkout from 4 to 5
    10567484 ci: use criu built from source on gha arm
    1cf09680 CI: switch to GHA for arm
    db26a717 build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
    8f0bb877 build(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0
    bf33fe5f build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7
    620956c2 libcontainer/intelrdt: use Mkdir/Remove instead of MkdirAll/RemoveAll
    f6a52d7f build(deps): bump github.com/seccomp/libseccomp-golang
    3b533b23 script/lib.sh: remove obsoleted comment
    3a962655 libcontainer/intelrdt: use SecureJoin in NewManager
    e6b4b5a1 tests: bfq: skip tests on misbehaving udev systems
    ceef984f tests: clean up loopback devices properly
    f73e2837 libcontainer/intelrdt: refactor path handling
    85801e84 runc update: refuse to create new rdt group
    e846add5 libcontainer/configs/validate: check that intelrdt is enabled
    57b6a317 runc update: don't lose intelRdt state
    314dd812 tests/cmd: simplify getting net.UnixConn
    87b8f974 setupIO: close conn on error
    7d2161f8 setupIO: simplify getting net.UnixConn
    1a26cf3a ci: speed up criu-dev install
    1c2810be ci: bump golangci-lint to v2.3.x
    66a533eb tests/int/events.bats: don't require root
    3620185d rootfs: remove /proc/net/dev from allowed overmount list
    46dac589 tests/int/update: fix getting block major
    6a0644df build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
    859feb8e build(seccomp): Add audit support for loong64
    fc8162e6 build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4
    b3432118 tests/int/cgroups.bats: exclude dmem controller
    4a6ef6b9 build(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0
    a09e7038 docs/systemd.md: amend
    aa0e7989 libcontainer: close seccomp agent connection to prevent resource leaks
    da909478 deps: bump cgroups to v0.0.3, fix tests
    f24aa06e libct: State: ensure Resources is not nil
    1b39997e Preventing containers from being unable to be deleted
    d22a4211 libct/configs: stop using deprecated id
    b25bcaa8 libct/configs: fix/improve deprecation notices
    a10d338e libct/configs: add package docstring
    8d180e96 Add support for Linux Network Devices
    889c7b27 update runtime-spec
    ed5df5f9 libcontainer/configs package doc
    0b01dccf runc update: handle duplicated devs properly
    7696402d runc update: support per-device weight and iops
    99a4f198 build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17
    31d141e2 build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
    8b0e7511 build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5
    ce3cd423 criu: simplify isOnTmpfs check in prepareCriuRestoreMounts
    f91fbd34 criu: inline makeCriuRestoreMountpoints
    b8aa5481 criu: ignore cgroup early in prepareCriuRestoreMounts
    0c93d41c criu: improve prepareCriuRestoreMounts
    04be81b6 fix rootfs propagation mode
    995a39a4 ci: add scheduled run of GHA CI
    74209b73 ci/gha: allow to run jobs manually
    62e6ab6d gha/ci: allow validate/all-done to succeed for non-PRs
    b39bd105 ci/gha: fix exclusion rules
    b206a015 deps: bump opencontainers/cgroups to v0.0.2
    ae00c2bd tests/int: simplify using check_cpu_quota
    fbf1a320 build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1
    5cdfeea7 CHANGELOG: forward-port entries from 1.3.0
    e0282287 bug:fix runc delete run before delete exec.fifo
    0623ea10 build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
    c1958d88 build(deps): bump golangci/golangci-lint-action from 7 to 8
    9f86496c ci: Check for exclude/replace directives
    67b8a685 go.mod: Delete exclude directives
    b0aa863f ci: bump golangci-lint to v2.1
    d920a722 build(deps): bump github.com/seccomp/libseccomp-golang
    8e3ee502 ci/cross-i386: retry adding ppa
    c12c99b7 runc: embed version from VERSION file
    d54eaaf2 runc --version: use a function
    3e3e0482 ci: upgrade to criu-4.1-2 in Fedora
    58c3ab77 rootfs: improve error messages for bind-mount vfs flag setting
    30302a28 mount: add string representation of mount flags
    87ae2f84 Unify and fix rootless key setup
    b520f750 ci: install newer criu for almalinux-8
    d7285e46 Fix "invalid workflow file" github actions error
    5f4d3f36 libct/apparmor: don't use vars for public functions
    08ebbfc8 tests/cmd/remap-rootfs: fix mips builds
    1d78cb21 Completely remove --criu option
    c8991936 ci: add check for toolchain in go.mod
    e34c1a04 CHANGELOG: Port 1.2.x changes
    c5ab4b6e runc pause/unpause/ps: get rid of excessive warning
    fda034c9 pause: refactor
    75a4546b go.mod: rm toolchain
    0a9639e3 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
    c5e0ece4 build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
    19c65154 tests: Add env var tests
    09501d96 libct: Override HOME if its set to the empty string
    bb5aa116 build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0
    bf386464 libct: we should set envs after we are in the jail of the container
    4a0e282b test: check whether runc set a correct default home env or not
    7fdec327 Use any instead of interface{}
    17570625 Use for range over integers
    f64edc4d ps: use slices.Contains
    ef5acfab libct/configs: use slices.Delete
    0fc2338d libct/specconv: use maps.Clone
    7a58d823 .golanci-extra: disable staticcheck QF1008
    0b536265 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
    5cfd1a62 build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1
    131bdac1 tests/int/selinux: test keyring security label
    c735c073 tests/integration/selinux: collect user_avc as well
    491326cd int/linux: add/use Recvfrom
    e655abc0 int/linux: add/use Dup3, Open, Openat
    c690b66d int/linux: add/use Exec
    431b8bb4 int/linux: add/use Getwd
    8cc1eb37 Introduce and use internal/linux
    b68cbdff criu: Add time namespace to container config after checkpoint/restore
    127e8e68 ci: bump to golangci-lint v2.0
    9b3ccc19 libct/intelrdt: fix staticcheck ST1020 warnings
    30f8acab Fix staticcheck ST1020/ST1021 warnings
    9510ffb6 Fix a few staticcheck QF1001 warnings
    6405725c libct: fix staticcheck QF1006 warning
    fdb69163 notify_socket.go: fix staticcheck warning
    4622bb87 build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6
    a638f133 .golangci.yml: add nolintlint, fix found issues
    d00c3be9 ci: bump codespell to v2.4.1, fix some typos
    65e0f2b7 libct/int: use destroyContainer
    1aebfa3e libct/int: don't use _ = runContainerOk
    f55400dc .github: Improve issue template description
    bac33825 build(deps): bump github.com/opencontainers/selinux
    bc96bc85 libct/seccomp: use maps and slices pkgs
    370733b7 libct/cap: rm mapKeys, use maps.Keys, slices.Sorted
    3a33b6a3 Make state.json 25% smaller
    9c5e687b libct: Use chown(uid, -1) to not change the gid
    d31e6b87 ci: bump bats to v0.11.0
    8e653e40 script/setup_host_fedora.sh: use bash arrays
    a76a1361 script/setup_host_fedora.sh: remove -p from mkdir
    af386d1d tests/int: rm some "shellcheck disable" annotations
    b48dd651 ci: bump shellcheck to v0.10.0
    6e5ffb7c Makefile: bump shfmt to v3.11.0
    53931553 libct: log a warning on join session keyring failure
    9aeb7905 tests/int/selinux: fix skip message
    5ac77ed6 libct/int: add/use needUserNS helper
    1d9bea53 .cirrus.yml: install less dependencies
    1afa1b86 signals: replace unix.Kill with process.Signal
    346c80d7 libct: replace unix.Kill with os.Process.Signal
    135552e5 CI: migrate Vagrant + Cirrus to Lima + GHA
    d5fe5303 build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0
    000cdef7 build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0
    79e9cf53 doc: update spec-conformance.md
    12c2e21f build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0
    05e83fc6 deps: bump go-criu to v7
    5d6e7e12 VERSION: back to development
    6a3f8ea3 skip read /proc/filesystems if process_label is null

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-10-18 21:27:03 -04:00
classes image-oci-unmoci: preserve file modes 2025-01-17 19:17:10 +00:00
conf runc: start removing 'opencontainers' reference 2025-07-07 11:42:27 -04:00
docs podman: Add support for rootless mode 2022-07-15 17:11:58 -04:00
dynamic-layers kernel: drop 6.6 support 2025-02-11 23:19:51 +00:00
files
lib/oeqa/runtime/cases xtf: add testimage integration to run XTF test cases in OEQA 2021-09-02 16:36:23 -04:00
recipes-containers runc: update to v1.4.0-rc.2 2025-10-18 21:27:03 -04:00
recipes-core packagegroup-container: fix do_package_wrte_rpm issue in multilib build 2025-07-16 14:48:19 -04:00
recipes-demo demo: adapt to UNPACKDIR changes 2025-06-25 22:56:41 -04:00
recipes-devtools grpc-go 1.59.0+git: Ignore CVE-2024-7246 2025-09-03 21:40:45 -04:00
recipes-extended cloud-init: update to 25.2 2025-09-18 22:11:46 -04:00
recipes-graphics/xorg-xserver global: overrides syntax conversion 2021-08-02 17:17:53 -04:00
recipes-kernel lopper: update to -tip 2025-10-09 15:54:44 -04:00
recipes-networking openvswitch: small ptest fix adapt to UNPACKDIR changes 2025-07-20 22:36:08 -04:00
scripts scripts: wic plugin bootimg-biosxen drop helper to reuse bootimg_pcbios 2025-07-31 13:34:50 -04:00
wic xen: use bzImage for boot (instead of vmlinux) 2024-03-21 23:15:13 +00:00
.gitignore buildah: add seccomp and ipv6 to REQUIRED_DISTRO_FEATURES 2023-04-12 13:10:11 -04:00
COPYING.MIT
MAINTAINERS MAINTAINERS: add xtf and the raspberry pi dynamic layer for Xen 2021-12-16 21:45:00 -05:00
meta-virt-roadmap.txt
README.md docs: update README with improved layer description 2025-09-25 12:47:13 -04:00
SECURITY.md docs: add SECURITY.md and rename README.md 2023-11-06 16:21:12 +00:00

README.md

meta-virtualization

The meta-virtualization layer is the authoritative resource for virtualization technologies in OpenEmbedded / Yocto built distributions. It provides support or both hypervisor-based virtualization (such as KVM, Xen, and QEMU) and system-level virtualization (Linux containers), along with the host and guest technologies required to build complete solutions ranging from embedded systems to full deep CNCF stack deployments.

The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.

DISTRO_FEATURES:append = " virtualization"

If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:

You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.

If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:

SKIP_META_VIRT_SANITY_CHECK = 1

Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:

  • xen: enables xen functionality in various packages (kernel, libvirt, etc)
  • kvm: enables KVM configurations in the kernel and autoloads modules
  • k8s: enables kubernetes configurations in the kernel, tools and configuration
  • aufs: enables aufs support in docker and linux-yocto
  • x11: enable xen and libvirt functionality related to x11
  • selinux: enables functionality in libvirt and lxc
  • systemd: enable systemd services and unit files (for recipes for support)
  • sysvinit: enable sysvinit scripts (for recipes with support)
  • seccomp: enable seccomp support for packages that have the capability.

Dependencies

This layer depends on:

URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default

URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python

Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default

Required for cri-o: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Community / Collaboration

Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel

Maintenance

Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org

Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information

When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'

License

All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.