Skip to content

June 2023 Update 3#5775

Merged
PawelWMS merged 29 commits into
2.0from
sammeluch/2.0-release-prep
Jun 30, 2023
Merged

June 2023 Update 3#5775
PawelWMS merged 29 commits into
2.0from
sammeluch/2.0-release-prep

Conversation

@sameluch

Copy link
Copy Markdown
Contributor

2.0 Update #3 for June

PawelWMS and others added 28 commits June 21, 2023 14:50
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
* use mcr.microsoft.com/cbl-mariner/base/core:2.0.20230609

* update cgmanifest

* install tar
* Add package fsverity-utils

---------

Co-authored-by: zwan <zhichunwan@microsoft.com>
* optimize brp-strip scripts in os_install_post

* fix manifests

* fix macros again

* do not strip .la files

* remove brp-elfperms

* add version constraint
* Enable CONFIG_IP_VS_MH module

* Update required configs

* Tighten requirement for ip-ms-vs
An error prints, but dot to png works.
…5640)

This PR introduces 3 additional flags, by default all the three flags are disabled.

- ENABLE_TRACE: Setting this flag to y, instruments the various tools in the
toolkit to record trace data. Tracing is a way to instrument code to analyze
latency throughout the lifecycle of a call or user request. Traces provide an
overview of how much latency each component contributes to the overall latency
in a system. Traces can span multiple Go processes.
- ENABLE_MEM_PROFILE: Setting this flag to y instruments the toolkit to record
the memory profile.
- ENABLE_CPU_PROFILE: Setting this flag to y instruments the toolkit to record
the cpu profile. 

Profiling tools analyze the complexity and costs of a Go program such as its
memory usage and frequently called functions to identify the expensive sections
of a Go program.

It is advisable to only turn one of the flags for a run to get data that does
not have noise due to other profiling/tracing flags.

The trace/profile data is created in the build/profile directory.
To use the profile data: `go tool pprof -http=:8080 file.profile`
To use the trace data: `go tool trace -http=:8080 file.trace`

Reference: https://go.dev/doc/diagnostics    
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* edk2: Add nvram-template mapping to ovmf x64 config

* Fix edk2 changelog
Enable dm-verity for use in the kernel-uvm. This allows confidential containers to validate the UVM and protect container image layers.
* modify cloud.cfg

* add patch mozjs cve
* Upgrade kata-containers-cc to 0.4.2 to pull in the latest snapshotter and policy features
* Enable dbus audit logs.

dbus has implemented its own SELinux rules. When dbus blocks an
operation based on SELinux, it has logic to log the violation to the
security audit logs (as it should). Unfortunatley, this logic is
currently incorrectly disabled by a build flag. This changes fixes this
problem.

Note: The audit client lib supports and actively encourages clients to
not fail when the audit service is not available on the system. So,
this does not add a dependency on the audit package.

* .spec linting fixes
- Fix missing role associations in cloud-init patch.
- Fix missing require in mkinitrd patch.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
@sameluch sameluch requested review from a team as code owners June 29, 2023 22:12
* modify cloud.cfg

* add patch mozjs cve

* add cloud-init CVE
@PawelWMS PawelWMS merged commit 77b67a6 into 2.0 Jun 30, 2023
@PawelWMS PawelWMS deleted the sammeluch/2.0-release-prep branch June 30, 2023 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.