v0.25.0
版本发布时间: 2021-08-14 00:26:05
firecracker-microvm/firecracker最新发布版本:v1.9.1(2024-10-03 23:17:10)
Added
- Added devtool build
--ssh-keys
flag to support fetching from private git repositories. - Added option to configure block device flush.
- Added
--new-pid-ns
flag to the Jailer in order to spawn the Firecracker process in a new PID namespace. - Added API metrics for
GET
,PUT
andPATCH
requests on/mmds
endpoint. - Added
--describe-snapshot
flag to Firecracker to fetch the data format version of a snapshot state file provided as argument. - Added
--no-seccomp
parameter for disabling the default seccomp filters. - Added
--seccomp-filter
parameter for supplying user-provided, custom filters. - Added the
seccompiler-bin
binary that is used to compile JSON seccomp filters into serialized BPF for Firecracker consumption. - Snapshotting support for GICv2 enabled guests.
- Added
devtool install
to deploy built binaries in/usr/local/bin
or a given path. - Added code logic to send
VIRTIO_VSOCK_EVENT_TRANSPORT_RESET
on snapshot creation, when the Vsock device is active. The event will close active connections on the guest. - Added
GET
request on/vm/config
that provides full microVM configuration as a JSON HTTP response. - Added
--resource-limit
flag to jailer to limit resources such as: number of file descriptors allowed at a time (with a default value of 2048) and maximum size of files created by the process.
Changed
- Changed Docker images repository from DockerHub to Amazon ECR.
- Fixed off-by-one error in virtio-block descriptor address validation.
- Changed the
PATCH
request on/balloon/statistics
to schedule the first statistics update immediately after processing the request. - Deprecated the
--seccomp-level parameter
. It will be removed in a future release. Using it logs a runtime warning. - Experimental gnu libc builds use empty default seccomp filters, allowing all system calls.
Fixed
- Fixed non-compliant check for the RTC device ensuring a fixed 4-sized data buffer.
- Unnecessary interrupt assertion was removed from the RTC. However, a dummy interrupt is still allocated for snapshot compatibility reasons.
- Fixed the SIGPIPE signal handler so Firecracker no longer exits. The signal is still recorded in metrics and logs.
- Fixed ballooning API definitions by renaming all fields which mentioned "MB" to use "MiB" instead.
- Snapshot related host files (vm-state, memory, block backing files) are now flushed to their backing mediums as part of the CreateSnapshot operation.
- Fixed the SSBD mitigation not being enabled on
aarch64
with the providedprod-host-setup.md
. - Fixed the balloon statistics not working after a snapshot restore event.
- The
utc_timestamp_ms
now reports the timestamp in ms from the UTC UNIX Epoch, as the name suggests. It was previously using a monotonic clock with an undefined starting point.
1、 firecracker-v0.25.0-aarch64.tgz 1.67MB
2、 firecracker-v0.25.0-x86_64.tgz 1.69MB