File conmon.changes of Package conmon
-------------------------------------------------------------------
Thu Jan 29 05:47:24 UTC 2026 - Danish Prakash <danish.prakash@suse.com>
- Update to version 2.2.0:
* Release v2.2.0
* Fix SIGABRT crash in drop_signal_event
* Add an easy cleanup for tests
* [skip-ci] Update actions/checkout action to v6
* Check memory.events file exists before adding inotify watch
* Fix remaining busybox references in tests
* Fix inconsistent error messages when runtime fails (bsc#1252432)
* Move attach start message after failure check
* Add more tests for ctr_logging.c
* Document testing package requirements
* Switch tests from busybox to UBI10 and add consistent terminal size validation
* Restore use of `writev()` system call
* Document all CLI options
* Add tests for --terminal and ctrl.c
* Add tests for _OCI_SYNCPIPE.
* Add log rotation functionality as alternative to log truncation
* Add tests for --exec-attach.
* Add more tests for --stdin and --exec.
* [skip-ci] Update actions/setup-go action to v6
* Add systemd priority prefix parsing to journald logging
* Run the coverage_task also on VM, not in container.
* Show the code coverage in `make test-coverage` output.
* [skip-ci] Update actions/checkout action to v5
* Really run the container in the 04-runtime.bats.
* Fix missing F-sequence on container exit
* Fix JSON parsing error in console file descriptor communication
* Fix code quality issues
* Revert 'Fix conmon exec exit status handling'
* Fix meson install path to match Makefile
* Fix conmon exec exit status handling
* Add --no-container-partial-message option
* Fix OOM detection on cgroup v2
* Fix CI: Remove Go dependencies and fix missing make targets
* Replace Go tests with BATS and remove Go dependency
* Fix errno race condition and logging macro issues
* Add optional systemd support for static builds
* Require at least golang 1.23
* ci/int: test with Go 1.23 and 1.24
* ci/deps: use "stable" go version
* Fix container exit detection in systemd scope environments
* Enhance k8s-file log rotation test coverage for corruption fix
* Add test suite for k8s-file log rotation fix
* Fix k8s-file log corruption during log rotation
* conn_sock: drop -1 fron snprintf
* conn_sock: make sure strncpy buffer is NUL terminated
* oom: drop usage of sprintf in favor of snprintf
* conmon: drop usage of sprintf in favor of snprintf
* cmsg: shrink buffer to effective size
* src: Fix terminal resize event processing
* fix integration github action
* fix wrong conditions of k8s-file logging
* logging: Add container labels to log entries on journald
* Makefile: simplify fmt
* Remove hack/tree_status.sh
* Remove hack/kubernetes-e2e
* ci: add go.mod/go.sum validation
* ci/gha: add all-done job
* ci/gha: fix branch name
* Remove old vendored go-md2man
* ci/gha: remove actions/cache
* Use gofumpt
* runner/conmon_test: rm unused skopeoPath
* runner/conmon: rm unused writeConmonPipeData
* Replace ioutil.TempDir with t.TempDir
* Use os.ReadFile/os.WriteFile instead of ioutil
* runner: stop using pkg/errors
* Use %m instead of strerror(errno)
* cmsg: error logging nits
* seccomp_accept_cb: fix memory leak
* Remove pwarn macro
* write_journald: fix logging a warning
* write_oom_adjust: remove extra newlines from ndebugf
* Introduce pwarnf() for better diagnosis of socket/fd write issues.
* Handle descriptor in non-blocking mode properly. Resolves: #490
* Bump conmon version to 2.1.13
* Install some packages to fix CI
* Make timestamp generation never fail.
* Change permissions of logs from 0600 to 0640
* Avoid bogus journal filling errors
* Fix typos and clarify man page.
* Packit: constrain downstream jobs to the fedora package
* gh actions: use crun and update runc version
* gh actions: call make correctly
* runner: fix runtime test
* gh actions: add sudo to make command
* vendor: drop libpod in runner package
* [skip-ci] Update actions/checkout action to v4
* chore(deps): update module github.com/docker/docker to v25 [security]
* RPM: delete unnecessary patching from spec
* RPM: cleanup changelog conditionals
* RPM: do not create cri-o dirs
* Use `.gitignore` in nix build excludes
* conmon: do not create oom file under cwd
* gh actions: bump to golang 1.22
* logging: remove unuseful fsync
* fix(deps): update module golang.org/x/sys to v0.20.0
* Remove CI VM OS names
* chore(deps): update dependency containers/automation_images to v20240513
* Bump version to 2.1.12
* Make 'docs' target not depend on 'install.tools' if GOMD2MAN is set
* Packit: enable downstream sync to CentOS Stream 10
* Build s390x binaries using musl libc
* Add support for s390x
* Remove checks for (long)deprecated libsystemd-journal in favor of libsystemd
* update packit config, enable downstream tasks
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* [skip-ci] Update actions/setup-go action to v5
* [skip-ci] Update actions/cache action to v4
* fix(deps): update github.com/opencontainers/runtime-tools digest to 408c51e
* chore(deps): update dependency containers/automation_images to v20240102
* drop --tty on exec
* chore(deps): update dependency containers/automation_images to v20231208
* docs/Makefile: softcode GOMD2MAN
* bump to 2.1.10
* fix(deps): update module github.com/onsi/gomega to v1.30.0
* chore(deps): update module github.com/docker/docker to v24 [security]
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* Fix incorrect free in conn_sock
* logging: Respect log-size-max immediately after open
* fix some issues flagged by SAST scan
* version: bump to 2.1.9
* README.md: update the correct Nix channel
* Fix podman tests
* Forward more messages on the sd-notify socket
* ci: skip broken cri-o tests
* logging: -l passthrough accepts TTYs
* src: fix write after end of buffer
* src: open all files with O_CLOEXEC
* oom-score: restore oom score before running exit command
* src/seccomp_notify.c: fix static build
* CI: Update Fedora names
* chore(deps): update dependency containers/automation_images to v20231004
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.0
* bump to v2.1.8
* fix(deps): update module github.com/containers/storage to v1.48.0
* cli: log parsing errors to stderr
* Update nix and use an overlay
* chore(deps): update dependency containers/automation_images to v20230809
* gh actions: bump to go 1.21
* gh actions: drop perma-failing jobs
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.11.0
* Changes to build conmon for `riscv64`
* stdio: ignore EIO for terminals
* refactor: handle a broken pipe with write_sync_fd
* ensure console socket buffers are properly sized
* Remove lgtm badge
* chore(deps): update dependency containers/automation_images to v20230614
* log fds more permissive
* Fix close_other_fds on FreeBSD
* chore(deps): update dependency containers/automation_images to v20230601
* chore(deps): update dependency containers/automation_images to v20230517
* Update nixos image and dependencies' version.
* Changes to build conmon for ppc64le
* fix compile regression on FreeBSD
* chore(deps): update dependency containers/automation_images to v20230426
* Packit: update config
* ctrl: fix a debug statement
* [skip-ci] Update actions/setup-go action to v4
* [skip-ci] Update actions/checkout action to v3
* [skip-ci] Update actions/cache action to v3
* vendor: bump to latest packages
* fix(deps): update module github.com/containers/libpod to v4
* chore(deps): update dependency containers/automation_images to v20230405
* conmon: drop return after pexit()
* ctrl: make accept4 failures fatal
* cmsg: recvfd returns an error on failures
* cmsg: fix program name
* ctrl: on EINTR retry accept4
* Add renovate configuration
* logging: avoid opening /dev/null for each write
* oom: restore old OOM score
* Update CI VM images
* Switch go version to 1.19
* Use default umask `0022`
* exit: Free allocated string
* version: bump to v2.1.7
* Fix leaking symbolic links in the opt_socket_path directory
* cgroup: Stumble on if we can't set up oom handling
* bump to v2.1.6
* packit: build in dedicated projects
* hack: build ginkgo in GOPATH
* vendor bump ginkgo to v2
* gh actions: bump to go 1.20
* Use --detach instead of -d
* Fix OOM watcher for cgroupv2 `oom_kill` events
* Lint/format fixes for golang 1.19
* Update CI VM Images to F36/F37
* ctrl: drop fifo perms to 0660
* Fix tools/Makefile with GNU make 4.4
* bump to v2.1.5
* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* cli: Fix conmon-pidfile/container-pidfile description
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement
* bump to 2.1.4
* signal: handle SIGUSR1 with signalfd
* Use /usr/bin/env to locate bash
* Cirrus: Add meta task to keep CI VM images alive
* VERSION: bump to 2.1.3
* meson: build with seccomp if available
* Fix build on FreeBSD-13.0
* Reduce the amount of duplicated code between Linux and FreeBSD
* Port conmon to FreeBSD
* gh actions: bump versions
* bump golang in gh action to 1.18
* Stop using g_unix_signal_add() to avoid threads
* [Fixup #342] `log-size-global-max` Should Be`log-global-size-max`
* bump to v2.1.2
* log_global_max: ignore if negative
* add log-global-size-max option to limit the total output conmon processes
* bump to v2.1.1
* journald: print tag and name if both are specified
* logging: add missing static keyword
* drop some logs to debug level
* meson: Handle journald
* bump to v2.1.0
* logging: buffer partial messages to journald
* ci: add podman system to different cache
* ci: install rootlessport right
* ci: install go correctly
* ci: add subid ranges for crio tests
* ci: install all binaries for podman-system
* ci: run vendor on podman job
* ci: set host IP
* ci: give conmon job sudo
* ci: bump to go 1.17
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free.
* Make libdl optional in meson definition
* bump to v2.0.33-dev
* bump to v2.0.32
* Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: unset subreaper attribute before running exit command
* bump to 2.0.32-dev
* bump to 2.0.31
* conmon: fix error message
* logging: set SYSLOG_IDENTIFIER= with --log-tag
* conmon: free userdata files before exec cleanup
* Cirrus: Remove disused scripts
* test: drop seccomp tests
* fix gh action yaml
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* logging: new mode -l passthrough
* ctrl: delete the fifo if it exists
* conmon_test: fix race condition on os.RemoveAll
* integration: use the built binary
* bump to v2.0.31-dev
-------------------------------------------------------------------
Thu Dec 4 10:56:18 UTC 2025 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Build with distro flags
-------------------------------------------------------------------
Wed Feb 26 13:08:23 UTC 2025 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.13
### Bug fixes
* Make timestamp generation never fail.
* Change permissions of logs from 0600 to 0640
* Avoid bogus journal filling errors
* Fix typos and clarify man page.
* conmon: do not create oom file under cwd
* logging: remove unuseful fsync
-------------------------------------------------------------------
Fri May 17 11:11:36 UTC 2024 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.12
* Packit: enable downstream sync to CentOS Stream 10
* Make 'docs' target not depend on 'install.tools' if GOMD2MAN is set
-------------------------------------------------------------------
Tue Apr 30 09:29:53 UTC 2024 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.11
* docs/Makefile: softcode GOMD2MAN by @rahilarious
* chore(deps): update dependency containers/automation_images to v20231208 by @renovate
* drop --tty on exec by @haircommander
* update packit config, enable downstream tasks by @lsm5
* Remove checks for (long)deprecated libsystemd-journal for libsystemd by @rahilarious
* Add support for s390x by @saschagrunert
* Build s390x binaries using musl libc by @saschagrunert
-------------------------------------------------------------------
Tue Dec 19 08:01:08 UTC 2023 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.10
Bug fixes:
* Fix incorrect free in conn_sock (removes fix-incorrect-free-in-conn_sock.patch)
* logging: Respect log-size-max immediately after open
-------------------------------------------------------------------
Mon Dec 18 09:02:52 UTC 2023 - Dan Čermák <dcermak@suse.com>
- Add fix-incorrect-free-in-conn_sock.patch
This fixes a regression in 2.1.9
(https://github.com/containers/conmon/issues/475 and
https://github.com/containers/conmon/issues/477)
-------------------------------------------------------------------
Fri Dec 15 09:54:35 UTC 2023 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.9
### Bug fixes
* fix some issues flagged by SAST scan
* src: fix write after end of buffer
* src: open all files with O_CLOEXEC
* oom-score: restore oom score before running exit command
### Features
* Forward more messages on the sd-notify socket
* logging: -l passthrough accepts TTYs
-------------------------------------------------------------------
Thu Sep 28 16:02:58 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- go 1.19 EOL, swith to go >= 1.20
* [bsc#1215806]
-------------------------------------------------------------------
Wed Sep 6 05:41:47 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
- Update to version 2.1.8:
* stdio: ignore EIO for terminals (bsc#1217773)
* ensure console socket buffers are properly sized
* conmon: drop return after pexit()
* ctrl: make accept4 failures fatal
* logging: avoid opening /dev/null for each write
* oom: restore old OOM score
* Use default umask 0022
* cli: log parsing errors to stderr
* Changes to build conmon for riscv64
* Changes to build conmon for ppc64le
* Fix close_other_fds on FreeBSD
-------------------------------------------------------------------
Wed Mar 15 14:36:27 UTC 2023 - Dan Čermák <dcermak@suse.com>
- New upstream release 2.1.7
2.1.7:
### Bug Fixes
Fix leaking symbolic links in the opt_socket_path directory
cgroup: Stumble on if we can't set up oom handling (bsc#1208737)
2.1.6:
### Bug Fixes
* Fix OOM watcher for cgroupv2 `oom_kill` events
### Misc
* Use --detach instead of -d
* ctrl: drop fifo perms to 0660
- Remove merged patch:
* 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch
- Bump go version to 1.19 (bsc#1209307)
-------------------------------------------------------------------
Wed Nov 23 14:43:15 UTC 2022 - Dan Čermák <dcermak@suse.com>
- Update to version 2.1.5:
* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement
- Update to version 2.1.4:
* Fix a bug where conmon crashed when it got a SIGCHLD
-------------------------------------------------------------------
Fri Nov 4 14:35:09 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Add patch to fix build with make >= 4.4:
* 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch
-------------------------------------------------------------------
Wed Aug 17 20:16:56 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.1.3:
* Port conmon to FreeBSD
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
-------------------------------------------------------------------
Wed Jun 29 06:05:57 UTC 2022 - Enrico Belleri <idesmi@protonmail.com>
- Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
-------------------------------------------------------------------
Thu May 5 15:46:07 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Call g_free instead of free.
- Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
*exit_command: Fix: unset subreaper attribute before running exit command
- Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
-------------------------------------------------------------------
Fri Sep 24 07:31:03 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- Update to version 2.0.30:
* Remove unreachable code path
* exit: report if the exit command was killed
* exit: fix race zombie reaper
* conn_sock: allow watchdog messages through the notify socket proxy
* seccomp: add support for seccomp notify
-------------------------------------------------------------------
Fri Jul 23 09:51:11 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.0.29:
* Reset OOM score back to 0 for container runtime
* call functions registered with atexit on SIGTERM
* conn_sock: fix potential segfault
-------------------------------------------------------------------
Tue Mar 30 08:47:10 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.0.27:
* bump to v2.0.27
* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary
* bump to v2.0.27-dev
-------------------------------------------------------------------
Thu Feb 25 15:41:49 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Update to version 2.0.26:
* conn_sock: do not fail on EAGAIN
* fix segfault from a double freed pointer
* Fix a bug where conmon could never spawn a container, because
a disagreement between the caller and itself on where the attach
socket was.
* improve --full-attach to ignore the socket-dir directly. that
means callers don't need to specify a socket dir at all (and
can remove it)
* add full-attach option to allow callers to not truncate a very
long path for the attach socket
* close only opened FDs
* set locale to inherit environment
-------------------------------------------------------------------
Tue Jan 12 08:10:52 UTC 2021 - sgrunert@suse.com
- Update to version 2.0.22:
* added man page
* attach: always chdir
* conn_sock: Explicitly free a heap-allocated string
* refactor I/O and add SD_NOTIFY proxy support
-------------------------------------------------------------------
Mon Sep 21 07:06:04 UTC 2020 - dmueller@suse.com
- Update to version 2.0.21:
* bump to v2.0.21
* protect against kill(-1)
* Makefile: enable debuginfo generation
* Remove go.sum file and add go.mod
* Fail if conmon config could not be written
* nix: remove double definition for e2fsprogs
* Speedup static build by utilizing CI cache on `/nix` folder
* Fix nix build for failing e2fsprogs tests
* test: fix CI
* Use Podman for building
-------------------------------------------------------------------
Wed Jul 29 10:20:58 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.20 (bsc#1175821)
- journald: fix logging container name
- container logging: Implement none driver - "off", "null" or
"none" all work.
- ctrl: warn if we fail to unlink
- Drop fsync calls
- Reap PIDs before running exit command
- Fix log path parsing
- Add --sync option to prevent conmon from double forking
- Add --no-sync-log option to instruct conmon to not sync the
logs of the containers upon shutting down. This feature fixes a
regression where we unconditionally dropped the log sync. It is
possible the container logs could be corrupted on a sudden
power-off. If you need container logs to remain in consistent
state after a sudden shutdown, please update from v2.0.19 to
v2.0.20
-------------------------------------------------------------------
Wed May 27 06:55:07 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.17
- Add option to delay execution of exit command
-------------------------------------------------------------------
Mon May 18 07:38:30 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.16
- tty: flush pending data when fd is ready
-------------------------------------------------------------------
Fri Apr 3 14:33:46 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Enable support for journald logging (bsc#1162432)
-------------------------------------------------------------------
Fri Apr 3 07:22:43 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.15
- store status while waiting for pid
-------------------------------------------------------------------
Wed Mar 25 08:55:06 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.14
- drop usage of splice(2)
- avoid hanging on stdin
- stdio: sometimes quit main loop after io is done
- ignore sigpipe
-------------------------------------------------------------------
Tue Mar 17 10:10:44 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to v2.0.12
- oom: fix potential race between verification steps
-------------------------------------------------------------------
Thu Mar 5 08:06:24 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.11
- log: reject --log-tag with k8s-file
- chmod std files pipes
- adjust score to -1000 to prevent conmon from ever being OOM
killed
- container OOM: verify cgroup hasn't been cleaned up before
reporting OOM
-------------------------------------------------------------------
Fri Feb 21 09:22:06 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to v2.0.10 (bsc#1160460, bsc#1164390, jsc#ECO-1048,
jsc#SLE-11485, jsc#SLE-11331):
- journal logging: write to /dev/null instead of -1
-------------------------------------------------------------------
Tue Jan 7 12:20:08 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Add TimedOutMessage to config to share with go code
- Fix format string to limit the size of the string to 10
characters
-------------------------------------------------------------------
Mon Dec 16 08:41:54 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Persist oom files on cgroup v2
- Revert the check for the OOM counter on cgroups v1 before
writing OOM file
-------------------------------------------------------------------
Fri Dec 13 08:23:04 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add --persist-dir flag to allow important container files to be
written to a persistent directory
- Check OOM counter on cgroups v1 before writing OOM file
- Use splice(2) to copy from stdin
-------------------------------------------------------------------
Thu Dec 12 11:37:19 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Kill the process group on timeout
-------------------------------------------------------------------
Wed Dec 11 07:39:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add --persist-dir to allow callers to specify a directory that
conmon should mirror certain important files that should persist
reboots (right now, just the container exit file)
-------------------------------------------------------------------
Mon Dec 9 17:34:49 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Fix tight loop on OOM
-------------------------------------------------------------------
Thu Nov 14 14:25:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add log level trace
- Separate handling of log reopen events and terminal resize events
-------------------------------------------------------------------
Tue Oct 29 09:03:03 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add CONN_SOCK_BUF_SIZE to config
- Fix bug to close the sync pipe before exit command
-------------------------------------------------------------------
Mon Sep 16 16:59:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Set masterfd_stdout before registering ctrl_cb
-------------------------------------------------------------------
Sat Aug 24 04:10:04 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Upstream has an actual description, use it instead of just
duplicating the summary again.
-------------------------------------------------------------------
Fri Aug 16 11:48:30 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Use `%make_build` macro instead of `%{__make}`
- Use `%make_install` macro instead of `%{__make} install`
- Use `%{_bindir}` macro instead of `%{_usr}/bin`
- Change `PREFIX` to not contain `%{buildroot}` and use the
`$DESTDIR` variable
-------------------------------------------------------------------
Mon Aug 12 06:41:41 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Initial release v2.0.0
