The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this

ostree is in meta-oe, libseccomp is in oe-core. So remove these two. Signed-off-by: Chen Qi <Qi.Chen@...> Signed-off-by: Bruce Ashfield <bruce.ashfield@...> --- README | 2 -- 1 file changed, 2 deletio

From: Bruce Ashfield <bruce.ashfield@...> This is a configuration only recipe that produces a package which installs some common configuration files. In this introduction we have both registries.conf

The old crio.conf file can cause cri-o start failure. The error message is as below. validating runtime config: runtime validation: failed to \ translate monitor fields for runtime runc: cgroupfs mana

From: Bruce Ashfield <bruce.ashfield@...> Introducing a small (at the moment) class that represents configuration and processing required to prepare a target image to be a container host. A recipe tha

crio.service now reports the following error messages: level=error msg="Writing clean shutdown supported file: \ open /var/lib/crio/clean.shutdown.supported: no such file or directory" level=error msg

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, met

From: Xiangyu Chen <xiangyu.chen@...> Signed-off-by: Xiangyu Chen <xiangyu.chen@...> --- ...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++ recipes-containers/lxc/lxc_git.bb | 1 +

Bumping runc to last release-1.0. Upstream based on commit df3cc4955002b5057fba92f1fd8b6fd94af3eb0b Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@...> --- ...-GOBUILDFLAGS-for-runc-and-remove-r

Fixes below CVEs: * CVE-2020-15257 * CVE-2021-21334 * CVE-2021-32760 * CVE-2021-41103 * CVE-2022-23648 Based on commit cd6feb72b84aab9655af6c8c0774a180ea2a4f60 Signed-off-by: Hugo SIMELIERE <hsimelier

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@...> --- .../runc/files/CVE-2022-29162.patch | 123 ++++++++++++++++++ recipes-containers/runc/runc-docker_git.bb | 1 + .../runc/runc-opencontainers

Do NOT merge this patch. This revert-type patch is only an indication that the original patch on master-next should be dropped. A follow-up patch to master-next will be sent to add policy.json to cont

skopeo rdepends on it, and skopeo has been extended to native and nativesdk, so container-host-config needs also be extended. Signed-off-by: Chen Qi <Qi.Chen@...> --- .../container-host-config/contain

The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG. In this way, meta-selinux dependency could be removed. Signed-off-by: Chen

* don't export CGO_CFLAGS/CGO_CXXFLAGS like the previous version didn't before: https://git.yoctoproject.org/meta-virtualization/commit/?id=aceed7bf95cc8a42c8f470d8edf3c6f03d49da00 * both docker-moby

I was testing the meta-virtualization/recipes-demo/images/ app-container. I was able to build the container. But I am not sure where the image is created and how we run the image using docker commands

For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, met

ostree is in meta-oe, libseccomp is in oe-core. So remove these two. Signed-off-by: Chen Qi <Qi.Chen@...> --- README | 2 -- 1 file changed, 2 deletions(-) diff --git a/README b/README index 1c75f4a..7

When deploying a simple workload using 'kubectl appy -f', we met the following error. Failed to inspect image "ubuntu:latest": rpc error: code = Unknown desc = short-name "ubuntu:latest" did not resol