June 2023 Update 3#5775
Merged
Merged
Conversation
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
* use mcr.microsoft.com/cbl-mariner/base/core:2.0.20230609 * update cgmanifest * install tar
* Add package fsverity-utils --------- Co-authored-by: zwan <zhichunwan@microsoft.com>
* optimize brp-strip scripts in os_install_post * fix manifests * fix macros again * do not strip .la files * remove brp-elfperms * add version constraint
* Enable CONFIG_IP_VS_MH module * Update required configs * Tighten requirement for ip-ms-vs
An error prints, but dot to png works.
…5640) This PR introduces 3 additional flags, by default all the three flags are disabled. - ENABLE_TRACE: Setting this flag to y, instruments the various tools in the toolkit to record trace data. Tracing is a way to instrument code to analyze latency throughout the lifecycle of a call or user request. Traces provide an overview of how much latency each component contributes to the overall latency in a system. Traces can span multiple Go processes. - ENABLE_MEM_PROFILE: Setting this flag to y instruments the toolkit to record the memory profile. - ENABLE_CPU_PROFILE: Setting this flag to y instruments the toolkit to record the cpu profile. Profiling tools analyze the complexity and costs of a Go program such as its memory usage and frequently called functions to identify the expensive sections of a Go program. It is advisable to only turn one of the flags for a run to get data that does not have noise due to other profiling/tracing flags. The trace/profile data is created in the build/profile directory. To use the profile data: `go tool pprof -http=:8080 file.profile` To use the trace data: `go tool trace -http=:8080 file.trace` Reference: https://go.dev/doc/diagnostics Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* edk2: Add nvram-template mapping to ovmf x64 config * Fix edk2 changelog
Enable dm-verity for use in the kernel-uvm. This allows confidential containers to validate the UVM and protect container image layers.
* modify cloud.cfg * add patch mozjs cve
* Upgrade kata-containers-cc to 0.4.2 to pull in the latest snapshotter and policy features
* Enable dbus audit logs. dbus has implemented its own SELinux rules. When dbus blocks an operation based on SELinux, it has logic to log the violation to the security audit logs (as it should). Unfortunatley, this logic is currently incorrectly disabled by a build flag. This changes fixes this problem. Note: The audit client lib supports and actively encourages clients to not fail when the audit service is not available on the system. So, this does not add a dependency on the audit package. * .spec linting fixes
- Fix missing role associations in cloud-init patch. - Fix missing require in mkinitrd patch. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
* modify cloud.cfg * add patch mozjs cve * add cloud-init CVE
PawelWMS
approved these changes
Jun 30, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
2.0 Update #3 for June