Skip to content

Latest commit

 

History

History
149 lines (129 loc) · 8.68 KB

2017-07-02.md

File metadata and controls

149 lines (129 loc) · 8.68 KB

Weekly LinuxKit dev report for 2017-06-26 to 2017-07-02 (week 26)

This report covers weekly developments in the linuxkit, linuxkit-ci, rtf, and virtsock repositories. This week, we welcome Avi Deitcher (@deitch) as an official maintainer to the project! (#2116 @justincormack @deitch).

The SIG security agenda for 2017-07-05 is now up, with [@nduaten] due to talk about his Memorizer project, which he also plans to add as a LinuxKit project soon. (#2114 #2141 @ndauten @riyazdf)

Vultr provider: A Vultr.com provider and example is now available in the mainline tree. (#2109 #2101 @furious-luke @riyazdf @justincormack)

Auditing: The auditd userspace components responsible for writing audit records to the disk are now containerised. (#2092 #2121 @tych0 @justincormack @riyazdf)

Improvements to kernel build: (#2113 @rn @justincormack @riyazdf)

  • If a package or the kernel is built from a dirty git repository, add -dirty to the tag and disallow pushing to hub (#1812 @rn).
  • If the latest commit has a tag, also push an image to hub as <org>/<image>:<tag>. This should allow us to simplify YAML files once we introduce releases.
  • For packages, don't build the package if it already exists on Hub. This was already done for the kernel, but for packages, the check was only performed on push. This should make it easier for CI to just attempt to build all packages.
  • For kernel build, merge the sign target into push. This brings it in line with the package and other builds which do not have a sign target.
  • Update kernels to 4.11.8/4.9.35/4.4.75 (#2140 #2111 @rn @RobbKistler)

Gettying more obvious: the effort to make it more obvious that Getty and Sshd are namespaced and not running on the host namespace is now merged (#2120 @justincormack @deitch @dave-tucker @ijc @rn). We also now ensure ctr works in the getty container (#2102 #2104 @talex5 @justincormack @ijc)

Qemu wih KVM: There is a -enable-kvm option in the linuxkit cli to force (attempted) use (or not) of KVM (#2110 @justincormack @ijc)

Packaging and Blueprints

The Docker for Mac Blueprint continues to integrate customisations from the downstream use within Docker:

## Projects

The MirageSDK project development continues, with support for a new file descriptor sharing daemon that allows linked containers to drop even more privileges while transmitting data securely between each other. (#2129 @samoht @riyazdf)

The overall RFC for point-to-point channels between containers is also available for review and comment (#2045 @samoht). There is also a yml example on how to use fdd to create container channels (#2133 @samoht @justincormack).

Docs and Testing

Other reports in this series can be browsed directly in the repository at linuxkit:/reports.