------------------------------------------------------------------- Thu Jan 29 05:47:24 UTC 2026 - Danish Prakash - Update to version 2.2.0: * Release v2.2.0 * Fix SIGABRT crash in drop_signal_event * Add an easy cleanup for tests * [skip-ci] Update actions/checkout action to v6 * Check memory.events file exists before adding inotify watch * Fix remaining busybox references in tests * Fix inconsistent error messages when runtime fails (bsc#1252432) * Move attach start message after failure check * Add more tests for ctr_logging.c * Document testing package requirements * Switch tests from busybox to UBI10 and add consistent terminal size validation * Restore use of `writev()` system call * Document all CLI options * Add tests for --terminal and ctrl.c * Add tests for _OCI_SYNCPIPE. * Add log rotation functionality as alternative to log truncation * Add tests for --exec-attach. * Add more tests for --stdin and --exec. * [skip-ci] Update actions/setup-go action to v6 * Add systemd priority prefix parsing to journald logging * Run the coverage_task also on VM, not in container. * Show the code coverage in `make test-coverage` output. * [skip-ci] Update actions/checkout action to v5 * Really run the container in the 04-runtime.bats. * Fix missing F-sequence on container exit * Fix JSON parsing error in console file descriptor communication * Fix code quality issues * Revert 'Fix conmon exec exit status handling' * Fix meson install path to match Makefile * Fix conmon exec exit status handling * Add --no-container-partial-message option * Fix OOM detection on cgroup v2 * Fix CI: Remove Go dependencies and fix missing make targets * Replace Go tests with BATS and remove Go dependency * Fix errno race condition and logging macro issues * Add optional systemd support for static builds * Require at least golang 1.23 * ci/int: test with Go 1.23 and 1.24 * ci/deps: use "stable" go version * Fix container exit detection in systemd scope environments * Enhance k8s-file log rotation test coverage for corruption fix * Add test suite for k8s-file log rotation fix * Fix k8s-file log corruption during log rotation * conn_sock: drop -1 fron snprintf * conn_sock: make sure strncpy buffer is NUL terminated * oom: drop usage of sprintf in favor of snprintf * conmon: drop usage of sprintf in favor of snprintf * cmsg: shrink buffer to effective size * src: Fix terminal resize event processing * fix integration github action * fix wrong conditions of k8s-file logging * logging: Add container labels to log entries on journald * Makefile: simplify fmt * Remove hack/tree_status.sh * Remove hack/kubernetes-e2e * ci: add go.mod/go.sum validation * ci/gha: add all-done job * ci/gha: fix branch name * Remove old vendored go-md2man * ci/gha: remove actions/cache * Use gofumpt * runner/conmon_test: rm unused skopeoPath * runner/conmon: rm unused writeConmonPipeData * Replace ioutil.TempDir with t.TempDir * Use os.ReadFile/os.WriteFile instead of ioutil * runner: stop using pkg/errors * Use %m instead of strerror(errno) * cmsg: error logging nits * seccomp_accept_cb: fix memory leak * Remove pwarn macro * write_journald: fix logging a warning * write_oom_adjust: remove extra newlines from ndebugf * Introduce pwarnf() for better diagnosis of socket/fd write issues. * Handle descriptor in non-blocking mode properly. Resolves: #490 * Bump conmon version to 2.1.13 * Install some packages to fix CI * Make timestamp generation never fail. * Change permissions of logs from 0600 to 0640 * Avoid bogus journal filling errors * Fix typos and clarify man page. * Packit: constrain downstream jobs to the fedora package * gh actions: use crun and update runc version * gh actions: call make correctly * runner: fix runtime test * gh actions: add sudo to make command * vendor: drop libpod in runner package * [skip-ci] Update actions/checkout action to v4 * chore(deps): update module github.com/docker/docker to v25 [security] * RPM: delete unnecessary patching from spec * RPM: cleanup changelog conditionals * RPM: do not create cri-o dirs * Use `.gitignore` in nix build excludes * conmon: do not create oom file under cwd * gh actions: bump to golang 1.22 * logging: remove unuseful fsync * fix(deps): update module golang.org/x/sys to v0.20.0 * Remove CI VM OS names * chore(deps): update dependency containers/automation_images to v20240513 * Bump version to 2.1.12 * Make 'docs' target not depend on 'install.tools' if GOMD2MAN is set * Packit: enable downstream sync to CentOS Stream 10 * Build s390x binaries using musl libc * Add support for s390x * Remove checks for (long)deprecated libsystemd-journal in favor of libsystemd * update packit config, enable downstream tasks * fix(deps): update module github.com/onsi/gomega to v1.31.1 * [skip-ci] Update actions/setup-go action to v5 * [skip-ci] Update actions/cache action to v4 * fix(deps): update github.com/opencontainers/runtime-tools digest to 408c51e * chore(deps): update dependency containers/automation_images to v20240102 * drop --tty on exec * chore(deps): update dependency containers/automation_images to v20231208 * docs/Makefile: softcode GOMD2MAN * bump to 2.1.10 * fix(deps): update module github.com/onsi/gomega to v1.30.0 * chore(deps): update module github.com/docker/docker to v24 [security] * chore(deps): update module golang.org/x/net to v0.17.0 [security] * Fix incorrect free in conn_sock * logging: Respect log-size-max immediately after open * fix some issues flagged by SAST scan * version: bump to 2.1.9 * README.md: update the correct Nix channel * Fix podman tests * Forward more messages on the sd-notify socket * ci: skip broken cri-o tests * logging: -l passthrough accepts TTYs * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command * src/seccomp_notify.c: fix static build * CI: Update Fedora names * chore(deps): update dependency containers/automation_images to v20231004 * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.0 * bump to v2.1.8 * fix(deps): update module github.com/containers/storage to v1.48.0 * cli: log parsing errors to stderr * Update nix and use an overlay * chore(deps): update dependency containers/automation_images to v20230809 * gh actions: bump to go 1.21 * gh actions: drop perma-failing jobs * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.11.0 * Changes to build conmon for `riscv64` * stdio: ignore EIO for terminals * refactor: handle a broken pipe with write_sync_fd * ensure console socket buffers are properly sized * Remove lgtm badge * chore(deps): update dependency containers/automation_images to v20230614 * log fds more permissive * Fix close_other_fds on FreeBSD * chore(deps): update dependency containers/automation_images to v20230601 * chore(deps): update dependency containers/automation_images to v20230517 * Update nixos image and dependencies' version. * Changes to build conmon for ppc64le * fix compile regression on FreeBSD * chore(deps): update dependency containers/automation_images to v20230426 * Packit: update config * ctrl: fix a debug statement * [skip-ci] Update actions/setup-go action to v4 * [skip-ci] Update actions/checkout action to v3 * [skip-ci] Update actions/cache action to v3 * vendor: bump to latest packages * fix(deps): update module github.com/containers/libpod to v4 * chore(deps): update dependency containers/automation_images to v20230405 * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * cmsg: recvfd returns an error on failures * cmsg: fix program name * ctrl: on EINTR retry accept4 * Add renovate configuration * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Update CI VM images * Switch go version to 1.19 * Use default umask `0022` * exit: Free allocated string * version: bump to v2.1.7 * Fix leaking symbolic links in the opt_socket_path directory * cgroup: Stumble on if we can't set up oom handling * bump to v2.1.6 * packit: build in dedicated projects * hack: build ginkgo in GOPATH * vendor bump ginkgo to v2 * gh actions: bump to go 1.20 * Use --detach instead of -d * Fix OOM watcher for cgroupv2 `oom_kill` events * Lint/format fixes for golang 1.19 * Update CI VM Images to F36/F37 * ctrl: drop fifo perms to 0660 * Fix tools/Makefile with GNU make 4.4 * bump to v2.1.5 * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * cli: Fix conmon-pidfile/container-pidfile description * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement * bump to 2.1.4 * signal: handle SIGUSR1 with signalfd * Use /usr/bin/env to locate bash * Cirrus: Add meta task to keep CI VM images alive * VERSION: bump to 2.1.3 * meson: build with seccomp if available * Fix build on FreeBSD-13.0 * Reduce the amount of duplicated code between Linux and FreeBSD * Port conmon to FreeBSD * gh actions: bump versions * bump golang in gh action to 1.18 * Stop using g_unix_signal_add() to avoid threads * [Fixup #342] `log-size-global-max` Should Be`log-global-size-max` * bump to v2.1.2 * log_global_max: ignore if negative * add log-global-size-max option to limit the total output conmon processes * bump to v2.1.1 * journald: print tag and name if both are specified * logging: add missing static keyword * drop some logs to debug level * meson: Handle journald * bump to v2.1.0 * logging: buffer partial messages to journald * ci: add podman system to different cache * ci: install rootlessport right * ci: install go correctly * ci: add subid ranges for crio tests * ci: install all binaries for podman-system * ci: run vendor on podman job * ci: set host IP * ci: give conmon job sudo * ci: bump to go 1.17 * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free. * Make libdl optional in meson definition * bump to v2.0.33-dev * bump to v2.0.32 * Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: unset subreaper attribute before running exit command * bump to 2.0.32-dev * bump to 2.0.31 * conmon: fix error message * logging: set SYSLOG_IDENTIFIER= with --log-tag * conmon: free userdata files before exec cleanup * Cirrus: Remove disused scripts * test: drop seccomp tests * fix gh action yaml * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * logging: new mode -l passthrough * ctrl: delete the fifo if it exists * conmon_test: fix race condition on os.RemoveAll * integration: use the built binary * bump to v2.0.31-dev ------------------------------------------------------------------- Thu Dec 4 10:56:18 UTC 2025 - Guillaume GARDET - Build with distro flags ------------------------------------------------------------------- Wed Feb 26 13:08:23 UTC 2025 - Dan Čermák - New upstream release 2.1.13 ### Bug fixes * Make timestamp generation never fail. * Change permissions of logs from 0600 to 0640 * Avoid bogus journal filling errors * Fix typos and clarify man page. * conmon: do not create oom file under cwd * logging: remove unuseful fsync ------------------------------------------------------------------- Fri May 17 11:11:36 UTC 2024 - Dan Čermák - New upstream release 2.1.12 * Packit: enable downstream sync to CentOS Stream 10 * Make 'docs' target not depend on 'install.tools' if GOMD2MAN is set ------------------------------------------------------------------- Tue Apr 30 09:29:53 UTC 2024 - Dan Čermák - New upstream release 2.1.11 * docs/Makefile: softcode GOMD2MAN by @rahilarious * chore(deps): update dependency containers/automation_images to v20231208 by @renovate * drop --tty on exec by @haircommander * update packit config, enable downstream tasks by @lsm5 * Remove checks for (long)deprecated libsystemd-journal for libsystemd by @rahilarious * Add support for s390x by @saschagrunert * Build s390x binaries using musl libc by @saschagrunert ------------------------------------------------------------------- Tue Dec 19 08:01:08 UTC 2023 - Dan Čermák - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock (removes fix-incorrect-free-in-conn_sock.patch) * logging: Respect log-size-max immediately after open ------------------------------------------------------------------- Mon Dec 18 09:02:52 UTC 2023 - Dan Čermák - Add fix-incorrect-free-in-conn_sock.patch This fixes a regression in 2.1.9 (https://github.com/containers/conmon/issues/475 and https://github.com/containers/conmon/issues/477) ------------------------------------------------------------------- Fri Dec 15 09:54:35 UTC 2023 - Dan Čermák - New upstream release 2.1.9 ### Bug fixes * fix some issues flagged by SAST scan * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command ### Features * Forward more messages on the sd-notify socket * logging: -l passthrough accepts TTYs ------------------------------------------------------------------- Thu Sep 28 16:02:58 UTC 2023 - Valentin Lefebvre - go 1.19 EOL, swith to go >= 1.20 * [bsc#1215806] ------------------------------------------------------------------- Wed Sep 6 05:41:47 UTC 2023 - Danish Prakash - Update to version 2.1.8: * stdio: ignore EIO for terminals (bsc#1217773) * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD ------------------------------------------------------------------- Wed Mar 15 14:36:27 UTC 2023 - Dan Čermák - New upstream release 2.1.7 2.1.7: ### Bug Fixes Fix leaking symbolic links in the opt_socket_path directory cgroup: Stumble on if we can't set up oom handling (bsc#1208737) 2.1.6: ### Bug Fixes * Fix OOM watcher for cgroupv2 `oom_kill` events ### Misc * Use --detach instead of -d * ctrl: drop fifo perms to 0660 - Remove merged patch: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch - Bump go version to 1.19 (bsc#1209307) ------------------------------------------------------------------- Wed Nov 23 14:43:15 UTC 2022 - Dan Čermák - Update to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement - Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD ------------------------------------------------------------------- Fri Nov 4 14:35:09 UTC 2022 - Fabian Vogt - Add patch to fix build with make >= 4.4: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch ------------------------------------------------------------------- Wed Aug 17 20:16:56 UTC 2022 - Dirk Müller - update to 2.1.3: * Port conmon to FreeBSD * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max ------------------------------------------------------------------- Wed Jun 29 06:05:57 UTC 2022 - Enrico Belleri - Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285) * journald: print tag and name if both are specified * drop some logs to debug level ------------------------------------------------------------------- Thu May 5 15:46:07 UTC 2022 - Ferdinand Thiessen - Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free. - Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. *exit_command: Fix: unset subreaper attribute before running exit command - Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ------------------------------------------------------------------- Fri Sep 24 07:31:03 UTC 2021 - Paolo Stivanin - Update to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify ------------------------------------------------------------------- Fri Jul 23 09:51:11 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault ------------------------------------------------------------------- Tue Mar 30 08:47:10 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 2.0.27: * bump to v2.0.27 * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary * bump to v2.0.27-dev ------------------------------------------------------------------- Thu Feb 25 15:41:49 UTC 2021 - Alexandre Vicenzi - Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment ------------------------------------------------------------------- Tue Jan 12 08:10:52 UTC 2021 - sgrunert@suse.com - Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support ------------------------------------------------------------------- Mon Sep 21 07:06:04 UTC 2020 - dmueller@suse.com - Update to version 2.0.21: * bump to v2.0.21 * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building ------------------------------------------------------------------- Wed Jul 29 10:20:58 UTC 2020 - Sascha Grunert - Update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - "off", "null" or "none" all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 ------------------------------------------------------------------- Wed May 27 06:55:07 UTC 2020 - Sascha Grunert - Update to v2.0.17 - Add option to delay execution of exit command ------------------------------------------------------------------- Mon May 18 07:38:30 UTC 2020 - Sascha Grunert - Update to v2.0.16 - tty: flush pending data when fd is ready ------------------------------------------------------------------- Fri Apr 3 14:33:46 UTC 2020 - Ralf Haferkamp - Enable support for journald logging (bsc#1162432) ------------------------------------------------------------------- Fri Apr 3 07:22:43 UTC 2020 - Sascha Grunert - Update to v2.0.15 - store status while waiting for pid ------------------------------------------------------------------- Wed Mar 25 08:55:06 UTC 2020 - Sascha Grunert - Update to v2.0.14 - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe ------------------------------------------------------------------- Tue Mar 17 10:10:44 UTC 2020 - Ralf Haferkamp - Update to v2.0.12 - oom: fix potential race between verification steps ------------------------------------------------------------------- Thu Mar 5 08:06:24 UTC 2020 - Sascha Grunert - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM ------------------------------------------------------------------- Fri Feb 21 09:22:06 UTC 2020 - Ralf Haferkamp - Update to v2.0.10 (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): - journal logging: write to /dev/null instead of -1 ------------------------------------------------------------------- Tue Jan 7 12:20:08 UTC 2020 - Sascha Grunert - Add TimedOutMessage to config to share with go code - Fix format string to limit the size of the string to 10 characters ------------------------------------------------------------------- Mon Dec 16 08:41:54 UTC 2019 - Sascha Grunert - Persist oom files on cgroup v2 - Revert the check for the OOM counter on cgroups v1 before writing OOM file ------------------------------------------------------------------- Fri Dec 13 08:23:04 UTC 2019 - Sascha Grunert - Add --persist-dir flag to allow important container files to be written to a persistent directory - Check OOM counter on cgroups v1 before writing OOM file - Use splice(2) to copy from stdin ------------------------------------------------------------------- Thu Dec 12 11:37:19 UTC 2019 - Sascha Grunert - Kill the process group on timeout ------------------------------------------------------------------- Wed Dec 11 07:39:29 UTC 2019 - Sascha Grunert - Add --persist-dir to allow callers to specify a directory that conmon should mirror certain important files that should persist reboots (right now, just the container exit file) ------------------------------------------------------------------- Mon Dec 9 17:34:49 UTC 2019 - Sascha Grunert - Fix tight loop on OOM ------------------------------------------------------------------- Thu Nov 14 14:25:29 UTC 2019 - Sascha Grunert - Add log level trace - Separate handling of log reopen events and terminal resize events ------------------------------------------------------------------- Tue Oct 29 09:03:03 UTC 2019 - Sascha Grunert - Add CONN_SOCK_BUF_SIZE to config - Fix bug to close the sync pipe before exit command ------------------------------------------------------------------- Mon Sep 16 16:59:28 UTC 2019 - Sascha Grunert - Set masterfd_stdout before registering ctrl_cb ------------------------------------------------------------------- Sat Aug 24 04:10:04 UTC 2019 - Jan Engelhardt - Upstream has an actual description, use it instead of just duplicating the summary again. ------------------------------------------------------------------- Fri Aug 16 11:48:30 UTC 2019 - Sascha Grunert - Use `%make_build` macro instead of `%{__make}` - Use `%make_install` macro instead of `%{__make} install` - Use `%{_bindir}` macro instead of `%{_usr}/bin` - Change `PREFIX` to not contain `%{buildroot}` and use the `$DESTDIR` variable ------------------------------------------------------------------- Mon Aug 12 06:41:41 UTC 2019 - Sascha Grunert - Initial release v2.0.0