mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-12-14 22:25:28 +01:00

Go to file

Bruce Ashfield 7bdfb7806e runc-docker: update to v1.2.0 Bumping runc to version v1.2.0-69-gb7da1673, which comprises the following commits: b7da1673 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 119111a0 libct/cg: add test for remove a non-existent dir in a ro mount point 068d7da7 Revert "Temporary set vagrant to 2.4.1-1" ac435895 memfd-bind: elaborate kernel requirements for overlayfs protection ba3d026e libct/cg: RemovePath: improve comments 12e06a7c libct/cg: RemovePath: simplify logic db59489b runc delete: fix for rootless cgroup + ro cgroupfs ca4a7a86 build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 43af111e MAINTAINERS: move dqminh and hqhq to EMERITUS ec5e7eb7 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 9cb59b46 ci: rm "skip on CentOS 7" kludges 5000f169 Temporary set vagrant to 2.4.1-1 b9dfb22d readme: drop unused memfd-bind reference aa505bfa memfd-bind: mention that overlayfs obviates the need for it 9bc42d61 dmz: overlay: set xino=off to disable dmesg spam 9ce7392b Vagrantfile.fedora: bump Fedora to 41 609e9a51 Vagrantfile.fedora: stop using dnf shell 80c46d31 build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0 5586d7ca libct: rm obsoleted comment f9fd70b7 CHANGELOG: add (forward-port) v1.1.15 changes 8cc73754 libct: fix a comment ee1bced1 script/check-config.sh: add OVERLAY_FS check c8f5d033 docs: remove prompt symbols from shell snippets 871057d8 drop runc-dmz solution according to overlay solution 34a92855 test join other container userns with selinux enabled c78f3f2e libct/nsenter: become root after joining userns 1e674098 libct/int: add exec benchmark cb201487 libct/int: use testing.TB for utils 4df7b1b1 build(deps): bump golang.org/x/sys from 0.22.0 to 0.26.0 cbb9b309 ci: use Go 1.23 732806e2 runc update: fix updating swap for cgroup v2 cb9f3d6d libct/cg: improve ConvertMemorySwapToCgroupV2Value 69b3be76 build(deps): bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0 eb2ff52a libct: rm x/sys/execabs usage f20f273a build(deps): bump github.com/opencontainers/selinux 139789f1 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.1 93db63ab build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16 af024b6c build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 42f96305 VERSION: back to development 0b9fa21b VERSION: release v1.2.0 568231cc Revert "increase memory.max in cgroups.bats" e6699266 fix an error caused by fd reuse race when starting runc init 515f09f7 dmz: use overlayfs to write-protect /proc/self/exe if possible 8cfbccb6 tests: integration: add helper to check if we're in a userns 54ef07d8 tests/int: skip "update memory vs CheckBeforeUpdate" on EL9 ff775363 tests/int: rm centos-7 exclusion 76a821fa tests/int: update info about EL9 kernel b5bdf592 libct: rm initWaiter 9fa324c4 dmz: cloned binary: set +x permissions when creating regular tmpfile 324fcea4 Terminate execution for criu that does not meet version requirements eff6f049 libct/cap: no need to load capabilities 9b60a93c libcontainer/userns: migrate to github.com/moby/sys/userns 1623cde1 go: update github.com/cyphar/filepath-securejoin to v0.3.4 4fdd5616 memfd-bind: more specific doc URL 9e554587 memfd-bind: fixup systemd unit file and README 13a6f560 runc run: fix mount leak b096459a vendor: update github.com/cyphar/filepath-securejoin to v0.3.3 f55957de build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0 bb2bd38d change go minimum version in README faffe1b9 replace strings.SplitN with strings.Cut 1be06760 libcontainer/cgroups/fs: remove todo since strings.Fields performs well 7a449109 libct/README: simplify example, rm inheritable caps 0de19533 runc spec, libct/int: do not add ambient capabilities 3e3f9603 runc exec --cap: do not add capabilities to ambient 5b161e04 update bats-action to 2.1.1 35f999dd remove installation of unused bats support libs 10c951e3 add ErrCgroupNotExist 319e133c go.mod: Use toolchain 1.22.4 8671a7db ci: update to setup bats action from bats-core 30f8f51e runc create/run: warn on rootless + shared pidns + no cgroup 21c61165 tests/int: log when teardown starts b1449fd5 libct: use Namespaces.IsPrivate more d8844e29 tests: integration: add setgid mkdirall test 066b109e vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2 646efe70 utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll 457e1ffa tests: add regression test for CVE-2019-19921 / CVE-2023-27561 216175a9 Upgrade Cilium's eBPF library version to 0.16 a31efe70 libct/seccomp/patchbpf: use binary.NativeEndian 429e06a5 libct: Signal: honor RootlessCgroups dd827f7b utils: switch to securejoin.MkdirAllHandle 1d308c7d vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1 5ab5ef3d deps: update to golang.org/x/sys@v0.22 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>		2024-12-10 03:47:54 +00:00
classes	xen: enable networking and guest image bundling	2024-11-15 19:50:00 +00:00
conf	conf: containerd: add networking configuration	2024-11-15 19:50:00 +00:00
docs	podman: Add support for rootless mode	2022-07-15 17:11:58 -04:00
dynamic-layers	device-tree: Rename EXTRA_OVERLAYS to EXTRA_DT_INCLUDE_FILES	2024-10-10 13:09:31 +00:00
files	fs-perms-nagios.txt: add perms conf file	2018-09-06 12:45:17 -04:00
lib/oeqa/runtime/cases	xtf: add testimage integration to run XTF test cases in OEQA	2021-09-02 16:36:23 -04:00
recipes-containers	runc-docker: update to v1.2.0	2024-12-10 03:47:54 +00:00
recipes-core	packagegroup-container: respect seccomp in DISTRO_FEATURES	2024-11-21 04:28:51 +00:00
recipes-demo	demos/helloworld: fix S and UNPACKDIR	2024-11-15 19:50:00 +00:00
recipes-devtools	go-cli: use main branch	2024-11-12 23:14:33 +00:00
recipes-extended	container-devtools: add editor + package management dependencies	2024-12-10 03:36:25 +00:00
recipes-graphics/xorg-xserver	global: overrides syntax conversion	2021-08-02 17:17:53 -04:00
recipes-kernel	kernel/cfg: import docker configuration tweaks	2024-11-15 19:50:00 +00:00
recipes-networking	cni: make cnitool more readily available	2024-11-15 19:50:00 +00:00
scripts	scripts/oe-go-mod-autogen: allow repository mapping	2024-07-15 14:12:53 +00:00
wic	xen: use bzImage for boot (instead of vmlinux)	2024-03-21 23:15:13 +00:00
.gitignore	buildah: add seccomp and ipv6 to REQUIRED_DISTRO_FEATURES	2023-04-12 13:10:11 -04:00
COPYING.MIT	Initial meta-xen layer documentation.	2012-06-21 15:51:11 -06:00
MAINTAINERS	MAINTAINERS: add xtf and the raspberry pi dynamic layer for Xen	2021-12-16 21:45:00 -05:00
meta-virt-roadmap.txt	docs: roadmap: add missing workflow items	2019-10-28 11:56:10 -04:00
README.md	docs/README: drop meta-oe priority recommendation	2024-04-04 19:57:46 +00:00
SECURITY.md	docs: add SECURITY.md and rename README.md	2023-11-06 16:21:12 +00:00

README.md

meta-virtualization

This layer provides support for building Xen, KVM, Libvirt, and associated packages necessary for constructing OE-based virtualized solutions.

The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.

DISTRO_FEATURES:append = " virtualization"

If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:

You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.

If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:

SKIP_META_VIRT_SANITY_CHECK = 1

Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:

xen: enables xen functionality in various packages (kernel, libvirt, etc)
kvm: enables KVM configurations in the kernel and autoloads modules
k8s: enables kubernets configurations in the kernel, tools and configuration
aufs: enables aufs support in docker and linux-yocto
x11: enable xen and libvirt functionality related to x11
selinux: enables functionality in libvirt and lxc
systemd: enable systemd services and unit files (for recipes for support)
sysvinit: enable sysvinit scripts (for recipes with support)
seccomp: enable seccomp support for packages that have the capability.

Dependencies

This layer depends on:

URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default

URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python

Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default

Required for cri-o: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default

Community / Colaboration

Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel

Maintenance

Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org

Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information

When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'

License

All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.