conmon v2.2.0 Release Notes
This release includes significant improvements in testing infrastructure, bug fixes for critical issues, and new features for log management.
Major Changes
Testing Infrastructure Overhaul
- Complete migration from Go tests to BATS framework, removing Go build dependency (#579)
- Added 52+ comprehensive BATS tests covering basic functionality, container logging, k8s log rotation, and full runtime integration
- Replaced busybox with UBI10 base image in tests for better reliability (#612)
- Added code coverage support with
make test-coveragetarget (#594, #600) - Enhanced test coverage for logging, terminal handling, exec operations, and OCI sync pipes (#602, #603, #604, #605, #607)
Critical Bug Fixes
- Fixed SIGABRT crash in drop_signal_event when signalfd read fails (#625)
- Fixed k8s-file log corruption during log rotation by properly handling buffer state (#563, #570)
- Fixed container exit detection in systemd scope environments where process is not direct child of conmon (#545, #571)
- Fixed OOM detection on cgroup v2 with proper event counters and race condition handling (#426, #581)
- Fixed JSON parsing error in console file descriptor communication with improved escaping (#493, #593)
- Fixed missing F-sequence on container exit with partial log output (#252, #592)
- Fixed inconsistent error messages when runtime fails (#617, #618)
- Fixed errno race condition in logging macros (#574, #575)
- Fixed terminal resize event processing to handle each line exactly once (#566)
- Fixed memory.events inotify watch to check file existence first (#620, #621)
New Features
- Added log rotation functionality as alternative to log truncation (#211, #596)
- New
--log-rotateoption to enable rotation instead of truncation - New
--log-max-filesoption to specify number of backup files - New
--log-allowlist-diroption for allowed log directories
- New
- Added
--no-container-partial-messageoption (#335, #583) - Added systemd priority prefix parsing to journald logging (#595, #601)
- Added container labels to journald log entries via
--log-labeloption (#562)
Improvements
- Restored use of writev() system call for better performance (#609)
- Added optional systemd support for static builds via DISABLE_SYSTEMD flag (#348, #573)
- Documented all CLI options in conmon.8.md (#606)
- Fixed meson install path to match Makefile behavior (#304, #585)
- Enhanced terminal size validation with upper bound checks (#610, #612)
Code Quality
- Fixed multiple buffer safety and memory allocation issues (#582, #587)
- Fixed memory leak in seccomp_accept_cb (#557)
- Replaced sprintf with snprintf for security
- Improved error handling and logging throughout codebase (#554, #555)
- Modernized Go code: removed pkg/errors dependency, updated to ioutil replacements (#559)
- CI/CD improvements and Go version updates to 1.23+ (#560, #561, #569)
Reverts
Issues Fixed
#211, #252, #304, #328, #335, #348, #391, #426, #490, #493, #532, #540, #545, #551, #554, #555, #557, #559, #560, #561, #562, #563, #566, #569, #570, #571, #572, #573, #574, #575, #579, #581, #582, #583, #584, #585, #586, #587, #589, #590, #592, #593, #594, #595, #596, #597, #600, #601, #602, #603, #604, #605, #606, #607, #609, #610, #612, #613, #617, #618, #619, #620, #621, #623, #624, #625
External Issues Fixed
Contributors
Special thanks to all contributors who made this release possible:
- Ayato Tokubi atokubi@redhat.com
- Dan Cermak dcermak@suse.com
- Daniel J Walsh dwalsh@redhat.com
- Giuseppe Scrivano gscrivan@redhat.com
- Jan Kaluza jkaluza@redhat.com
- Jindrich Novy jnovy@redhat.com
- Kir Kolyshkin kolyshkin@gmail.com
- Lokesh Mandvekar lsm5@fedoraproject.org
- Peter Portante peter.portante@redhat.com
- Povilas Kanapickas povilas@radix.lt
- Sohan Kunkerkar sohank2602@gmail.com
- renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Installation
Download the release from GitHub or build from source:
git clone https://github.com/containers/conmon.git
cd conmon
git checkout v2.2.0
make
sudo make install