File youki.changes of Package youki
-------------------------------------------------------------------
Wed Feb 25 13:30:31 UTC 2026 - Ish Sookun <ish@sysadmin-journal.com>
- update to 0.6:
* Improvements
- Add net device feature by @nayuta723 in #3163
- feat(info): add rustc, spec, and libseccomp version by @nayuta723 in #3318
- Implement Linux memory policy by @n4mlz in #3230
- feat: add io limits controller for systemd by @gokulmaxi in #3235
- Added SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV by @viboognesh in #3404
* Breaking Changes
- fix hooks order by @saku3 in #3256
- mount info provider by @CheatCodeSam in #3280
- Use oci spec container process state for seccomp by @nayuta723 in #3330
- refactor(hooks): pass OCI-compliant state to lifecycle hooks by @nayuta723 in #3346
* Bug Fixes
- Implement mount destination validation to ensure absolute paths in OCI Runtime Spec by @nayuta723 in #3315
- Fix default filemode for device creation by @you-matsuura in #3276
- fix(3293) Ambient capabilities are not applied as expected by @tommady in #3294
- fix(libcgroups): set sz field in bpf_prog_load_opts by @sou1118 in #3340
- Fix recursive mount_setattr handling for rec_attr and improve mounts_recursive tests by @saku3 in #3345
- fix(libcgroups): pass full_path to Devices controller instead of cgroup_path by @sou1118 in #3355
- refactor(tty): call setup_console after pivot_root, use syscall for mount_console by @nayuta723 in #3333
- Align with runc: use user's HOME when HOME is empty string by @bells17 in #3269
- Refactor checkpoint by @nayuta723 in #3365
* Documentation improvements
- chore: fix docs mdbook toml by @YJDoc2 in #3307
- Doc: delete redundant statement on youki.md in dev doc by @logica0419 in #3310
- Fix typos in documentation by @oglok in #3343
- (chore) Fix broken links in user document by @donkomura in #3361
- add tommady as reviewers into doc by @tommady in #3369
- added saku3 as committer into doc by @saku3 in #3370
- add nayuta723 as reviewer into doc by @nayuta723 in #3373
* Test improvements and Misc Fixes
- Update netlink-packet dependencies to versions 0.8.1 and 0.25.1 in Cargo.toml and Cargo.lock by @nayuta723 in #3297
- Fixed minor spelling errors in libcontainer documentation. by @CheatCodeSam in #3305
- Add poststart hook test by @fspv in #3292
- Update/runc 1.4.0 by @nayuta723 in #3304
- chore: runc compatibility test improvements by @saku3 in #3319
- Replace once_cell with stdlib OnceLock/LazyLock by @yan-ace62 in #3323
- Update Kind and Kubernetes versions for k8s e2e tests by @IrvingMg in #3328
- ci(basic): pin Rust toolchain to 1.92.0 for cross-rs compatibility by @nayuta723 in #3348
- test: output contest logs to stdout by @saku3 in #3349
- Add poststart_fail hook test by @fspv in #3313
- Added new test "kill no effect" by @oneplus1000 in #3332
- Pass State directly to run_hooks instead of Container reference by @IrvingMg in #3360
- Batch running the test groups in test_framework by @donkomura in #3372
- refact mount_recursive test by @saku3 in #3383
- Add test poststop hook by @donkomura in #3395
- Add prestart hook test by @fspv in #3382
- Add create_runtime hook test by @fspv in #3396
- Sync the state to confirm hooks execution by @donkomura in #3385
- Include container status to IncorrectStatus error messaging by @CarloQuick in #3411
- Add prestart_fail hook test by @fspv in #3406
- chore(deps): bump wasmer, wasmtime by @YJDoc2 in #3423
- prepare v0.6.0 by @saku3 in #3424
-------------------------------------------------------------------
Wed Nov 5 17:51:49 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.5.7:
* Security Notice
This release addresses two CVEs. An update is recommended.
- CVE-2025-62161
container escape via "masked path" abuse due to mount race
conditions
- CVE-2025-62596
The write-target validation for /proc AppArmor label writes
(e.g., /proc/self/attr/apparmor/exec) was insufficient, and
combined with path substitution during pathname resolution
(via shared-mount races) could allow writes to unintended
/proc files.
* Improvements
- Drop cgroup v1 in github workflows by @utam0k in #3284
* Bug Fixes
- Waiting on systemd to add intermediate process to cgroup. by
@CheatCodeSam in #3262
* Test improvements and Misc Fixes
- Update/runc 1.3.2 by @n4mlz in #3274
* Other Changes
- (auto merged) chore(deps): bump flate2 from 1.1.4 to 1.1.5 in
the patch group by @dependabot[bot] in #3281
- Release for v0.5.7 by @github-actions[bot] in #3282
-------------------------------------------------------------------
Wed Nov 5 16:17:05 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.5.6:
* Improvements
- fix(3197): fix youki version command Part of Enhancing
Compatibility with runc by @tommady in #3200
- feat(3199): Add Linux personality support by @tommady in
#3202
* Breaking Changes
- Upgrade to Rust 1.89 and Edition 2024 by @utam0k in #3244
* Documentation improvements
- added saku3 as reviewers by @saku3 in #3228
- Changed the events_logger in the Dev Container to file by
@bells17 in #3221
- Update Rust edition requirement in docs to 2024 by
@FalkWoldmann in #3246
- Update basic_setup.md by @bells17 in #3253
* Test improvements and Misc Fixes
- Update Vagrantfile to support the ARM architecture by
@bells17 in #3222
- setup runc integration test by @saku3 in #3182
- update runc ci to 1.3.1 by @saku3 in #3237
- Add mdbook binary to devcontainer by @bells17 in #3240
- Unskip runc tests after CI runc update 1.3.1 by @saku3 in
#3249
- Fix podman ci by @saku3 in #3260
- add misc_props test by @YamasouA in #3250
- chore(deps): bump libseccomp from 0.3.0 to 0.4.0 by
@MattPatchava in #3275
* Other Changes
- (auto merged) chore(deps): bump thiserror from 2.0.14 to
2.0.15 in the patch group by @dependabot[bot] in #3223
- (auto merged) chore(deps): bump serde_json from 1.0.142 to
1.0.143 in the patch group by @dependabot[bot] in #3225
- (auto merged) chore(deps): bump thiserror from 2.0.15 to
2.0.16 in the patch group by @dependabot[bot] in #3226
- chore(deps): bump tempfile from 3.20.0 to 3.21.0 by
@dependabot[bot] in #3224
- (auto merged) chore(deps): bump regex from 1.11.1 to 1.11.2
in the patch group by @dependabot[bot] in #3229
- (auto merged) chore(deps): bump tracing-subscriber from
0.3.19 to 0.3.20 by @dependabot[bot] in #3231
- (auto merged) chore(deps): bump chrono from 0.4.41 to 0.4.42
in the patch group by @dependabot[bot] in #3239
- (auto merged) chore(deps): bump errno from 0.3.13 to 0.3.14
in the patch group by @dependabot[bot] in #3241
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3245
- chore(deps): bump tempfile from 3.21.0 to 3.22.0 by
@dependabot[bot] in #3242
- (auto merged) chore(deps): bump serde from 1.0.223 to 1.0.224
in the patch group by @dependabot[bot] in #3247
- (auto merged) chore(deps): bump serde from 1.0.224 to 1.0.225
in the patch group by @dependabot[bot] in #3248
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3251
- (auto merged) chore(deps): bump libc from 0.2.175 to 0.2.176
in the patch group by @dependabot[bot] in #3254
- chore(deps): bump tempfile from 3.22.0 to 3.23.0 by
@dependabot[bot] in #3255
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3257
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3261
- (auto merged) chore(deps): bump flate2 from 1.1.2 to 1.1.4 in
the patch group by @dependabot[bot] in #3268
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3270
- (auto merged) chore(deps): bump libc from 0.2.176 to 0.2.177
in the patch group by @dependabot[bot] in #3271
- chore(deps): bump regex from 1.11.3 to 1.12.1 by
@dependabot[bot] in #3272
- (auto merged) chore(deps): bump regex from 1.12.1 to 1.12.2
in the patch group by @dependabot[bot] in #3273
- (auto merged) chore(deps): bump caps from 0.5.5 to 0.5.6 in
the patch group by @dependabot[bot] in #3277
- Release for v0.5.6 by @github-actions[bot] in #3227
-------------------------------------------------------------------
Wed Aug 20 12:37:30 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.5.5:
* Security Announce If /proc and /sys in the rootfs are symbolic
links, they can potentially be exploited to gain access to the
host root filesystem.
GHSA-j26p-6wx7-f3pw
* Improvements
- fix(3198): fix difference in how commands are passed after exec
and ps by @tommady in #3201
* Documentation improvements
- Add license scan report and status by @fossabot in #3204
* Test improvements and Misc Fixes
- Revert "[DNM] ci: temp disable workflows" by @YJDoc2 in #3194
- Fixed Minor Spelling Errors by @CheatCodeSam in #3205
- chore(justfile):add install recipe by @saku3 in #3213
* Other Changes
- (auto merged) chore(deps): bump the patch group with 2 updates
by @dependabot[bot] in #3203
- (auto merged) chore(deps): bump serde_json from 1.0.141 to
1.0.142 in the patch group by @dependabot[bot] in #3212
- (auto merged) chore(deps): bump the patch group with 3 updates
by @dependabot[bot] in #3217
- (auto merged) chore(deps): bump oci-spec from 0.8.1 to 0.8.2 in
the patch group by @dependabot[bot] in #3219
- chore(deps): bump libbpf-sys from 1.5.2+v1.5.1 to 1.6.1+v1.6.1
by @dependabot[bot] in #3218
- Release for v0.5.5 by @github-actions[bot] in #3195
-------------------------------------------------------------------
Thu Jul 17 13:42:52 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.5.4:
* Improvements
- add support exec-cpu-affinity by @saku3 in #3164
- fix: allow duplicate additionalGids by @saku3 in #3189
* Bug Fixes
- use additional gids,user,group in exec, inject path iif not
given by @YJDoc2 in #3131
- fix: mount retry and logging by @z63d in #3157
- fix: Gracefully terminate processes after successful
execution of Wasm executors by @z63d in #3099
- fix: Running create_runtime hook after container is set to
created. by @CheatCodeSam in #3181
- fix: Ignoring CPU realtime on cgroupsv2 if set to zero by
@CheatCodeSam in #3180
* Documentation improvements
- Add the CNCF footer in README.md by @utam0k in #3140
- chore(docs): Fix codecov link in README by @khanhtc1202 in
#3129
- Fixed grammatical error in README by @CheatCodeSam in #3160
- fix: protobuf bug on docs rs by @mdaffad in #3159
- docs: clarify reviewer qualification and self-nomination
process by @utam0k in #3175
* Test improvements and Misc Fixes
- bump nix to 0.29.0 by @kemingy in #3123
- update rust version to 1.85.0 by @YJDoc2 in #3085
- add-test-linux_rootfs_propagation by @saku3 in #3024
- Add a relative_network_cgroups test as one of the integration
tests by @moz-sec in #2986
- Refactor init process by @utam0k in #3158
- add kill test by @YamasouA in #2996
- allow running selected tests in contest.sh and justfile by
@saku3 in #3165
- fix: capet Ambient log level by @z63d in #3150
- add test process_capabilities_fail by @kazmsk in #3010
- fix typos and outdated typos ci action by @howjmay in #3168
- add a system call mock for uid/gid. by @nayuta-ai in #3173
- fix: remove println statements from contest tests by @YJDoc2
in #3167
- Installing kubectl in dev container. by @CheatCodeSam in
#3177
- Add uid_mappings test by @moz-sec in #3161
- fix: update devcontainer.json by @AobaIwaki123 in #3172
- Remove oci tests that are duplicates of contest by @utam0k in
#3042
- Remove oci tests that are duplicates of contest by @saku3 in
#3184
- Fix debug logging for CPU affinity bitmask by @saku3 in #3191
- [DNM] ci: temp disable workflows by @YJDoc2 in #3192
* Other Changes
- chore(deps): bump uuid from 1.15.1 to 1.16.0 by
@dependabot[bot] in #3113
- (auto merged) chore(deps): bump once_cell from 1.21.1 to
1.21.2 in the patch group by @dependabot[bot] in #3126
- (auto merged) chore(deps): bump once_cell from 1.21.2 to
1.21.3 in the patch group by @dependabot[bot] in #3128
- (auto merged) chore(deps): bump the patch group with 2
updates by @dependabot[bot] in #3133
- (auto merged) chore(deps): bump errno from 0.3.10 to 0.3.11
in the patch group by @dependabot[bot] in #3135
- (auto merged) chore(deps): bump openssl from 0.10.70 to
0.10.72 by @dependabot[bot] in #3134
- chore(deps): bump wasmtime from 29.0.1 to 31.0.0 by
@dependabot[bot] in #3121
- (auto merged) chore(deps): bump vergen-gitcl from 1.0.5 to
1.0.7 in the patch group by @dependabot[bot] in #3142
- (auto merged) chore(deps): bump crossbeam-channel from 0.5.12
to 0.5.15 by @dependabot[bot] in #3143
- (auto merged) chore(deps): bump vergen-gitcl from 1.0.7 to
1.0.8 in the patch group by @dependabot[bot] in #3145
- (auto merged) chore(deps): bump anyhow from 1.0.97 to 1.0.98
in the patch group by @dependabot[bot] in #3147
- (auto merged) chore(deps): bump libc from 0.2.171 to 0.2.172
in the patch group by @dependabot[bot] in #3148
- (auto merged) chore(deps): bump rand from 0.9.0 to 0.9.1 in
the patch group by @dependabot[bot] in #3149
- chore(deps): bump tokio from 1.37.0 to 1.44.2 by
@dependabot[bot] in #3137
- Bump oci-spec.rs to v0.8.1 by @saku3 in #3154
- (auto merged) chore(deps): bump chrono from 0.4.40 to 0.4.41
in the patch group by @dependabot[bot] in #3156
- (auto merged) chore(deps): bump errno from 0.3.11 to 0.3.12
in the patch group by @dependabot[bot] in #3169
- selinux: lima vm by @utam0k in #3162
- chore(deps): bump tokio from 1.37.0 to 1.38.2 in
/experiment/seccomp by @dependabot[bot] in #3138
- (auto merged) chore(deps): bump libbpf-sys from 1.5.0+v1.5.0
to 1.5.1+v1.5.1 in the patch group by @dependabot[bot] in
#3171
- chore(deps): bump num_cpus from 1.16.0 to 1.17.0 by
@dependabot[bot] in #3176
- chore(deps): bump tempfile from 3.19.1 to 3.20.0 by
@dependabot[bot] in #3166
- (auto merged) chore(deps): bump flate2 from 1.1.1 to 1.1.2 in
the patch group by @dependabot[bot] in #3183
- chore(deps): bump libc from 0.2.172 to 0.2.173 in the patch
group by @dependabot[bot] in #3185
- (auto merged) chore(deps): bump libc from 0.2.173 to 0.2.174
in the patch group by @dependabot[bot] in #3187
- (auto merged) chore(deps): bump errno from 0.3.12 to 0.3.13
in the patch group by @dependabot[bot] in #3188
- (auto merged) chore(deps): bump libbpf-sys from 1.5.1+v1.5.1
to 1.5.2+v1.5.1 in the patch group by @dependabot[bot] in
#3190
- Release for v0.5.4 by @github-actions[bot] in #3124
-------------------------------------------------------------------
Fri Mar 21 13:01:22 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.5.3:
* Security Announce
- A security issue related to the Capability of TenantBuilder
has been discovered.
This issue mainly affects those who execute the exec command.
Although the risk of attack from outside is limited, we
recommend that you update.
GHSA-5w4j-f78p-4wh9
* Bug Fixes
- Security: Fix compromised tj-actions/changed-files action by
@sou1118 in #3112
* Test improvements and Misc Fixes
- Fix the release flow by @utam0k in #3098
- chore(ci): add cgroup v1 compatibility for tests on
ubuntu-24.04 by @sou1118 in #3102
- fix: CPU controller tests for Kernel 6.10 cgroup v2 changes
by @sou1118 in #3106
- chore(ci): Upgrade GitHub Actions workflows for ubuntu-24.04
by @sou1118 in #3097
- fix: release ci tests also need apparmor disable by @YJDoc2
in #3118
- chore(ci): add criu ppa for podman-tests ci by @sou1118 in
#3120
* Other Changes
- Release for v0.5.3 by @github-actions in #3119
-------------------------------------------------------------------
Wed Mar 5 18:43:14 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- fix `_service` file to work with only the tarball
- update to 0.5.2:
* Improvements
- Support feature subcommand by @musaprg in #2837
* Bug Fixes
- fix(libcgroup): fix disable_oom_killer in cgroup v1 by
@xujihui1985 in #3090
* Test improvements and Misc Fixes
- Add a PR template file by @Gekko0114 in #3049
- add process rlimits fail test by @ntkm61027 in #3051
- Use MountOption enum to parse mount options defined in the
spec by @musaprg in #2937
- ci: Publish packages after the release flow by @utam0k in
#3064
- Make sepc into &spec in test_{outside,inside}_containe by
@utam0k in #3068
- linux_masked_paths integration test by @nayuta-ai in #2950
- fix: compilation errors in contest by @YJDoc2 in #3086
- Remove problematic comments between package name in apt
install by @musaprg in #3060
- Add delete test by @sou1118 in #3082
* Other Changes
- Upgrade direct dep rand to 0.9.0 by @YJDoc2 in #3083
- rollup multiple dep updates by @YJDoc2 in #3084
- lset_file_label should check for symlink instead of raw file
by @foreverddong in #3073
- Release for v0.5.2 by @github-actions in #3050
-------------------------------------------------------------------
Wed Feb 5 15:53:09 UTC 2025 - Dirk Müller <dmueller@suse.com>
- switch to the tarball so that the full url in the Sources
actually matter
-------------------------------------------------------------------
Wed Feb 5 13:13:52 UTC 2025 - Ish Sookun <ish@sysadmin-journal.com>
- Fix building the wasmedge feature by @utam0k in #3041
- Do cargo check before releasing a new version by @utam0k in #3039
-------------------------------------------------------------------
Fri Apr 19 12:42:52 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package youki: A container runtime written in Rust
