kinvolk/manifest v2983.1.0 on GitHub

New Beta release 2983.1.0

Changes since Beta 2942.1.2

Update to CGroupsV2

As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/

Security fixes

Bug Fixes

Fixed containerd config after introduction of CGroupsV2 (coreos-overlay#1214)
Fixed path for amazon-ssm-agent in base-ec2.ign (coreos-overlay#1228)
Fixed locksmith adhering to reboot window when getting the etcd lock (locksmith#10)
Disabled SELinux by default on dockerd wrapper script (coreos-overlay#1149)
Let network-cleanup.service finish before entering rootfs (coreos-overlay#1182)

Changes

Added Azure Generation 2 VM support (coreos-overlay#1198)
cgroups v2 by default for new nodes (coreos-overlay#931).
Upgrade Docker to 20.10 (coreos-overlay#931)
Switched Docker ecosystem packages to go1.16 (coreos-overlay#1217)
Added lbzip2 binary to the image (coreos-overlay#1221)
flatcar-install uses lbzip2 if present, falls back on bzip2 if not (init#46)
Added Intel E800 series network adapter driver (coreos-overlay#1237)
Enabled 'audit' use flag for sys-libs/pam (coreos-overlay#1233)
Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 (coreos-overlay#1179)
Switched to zstd compression for the initramfs (coreos-overlay#1136)
Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
Switched the arm64 kernel to use a 4k page size instead of 64k
Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data
Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. (coreos-overlay#1106)
Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition
Deleted the unused kernel+initramfs vmlinuz file from the /usr partition
devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID
Enabled ARM64 SDK bootstrap (scripts#134)
SDK: enabled experimental ARM64 SDK usage (flatcar-scripts#134) (flatcar-scripts#141)
AWS: Added amazon-ssm-agent (coreos-overlay#1162)
Azure: Compile OEM contents for all architectures (coreos-overlay#1196)
update_engine: add postinstall hook to stay on cgroupv1 (update_engine#13)

Updates

Linux (5.10.63)
Linux firmware (20210818)
c-ares (1.17.2)
docker (20.10.8)
docker CLI (20.10.8)
docker proxy (0.8.0_p20210525)
Go (1.16.7)
glibc (2.33-r5)
etcd (3.5.0)
flannel (0.14.0)
runc (1.0.2)
strace (5.12)
wa-linux-agent (2.3.1.1)
cryptsetup (2.3.6)
expat (2.4.1)
portage-utils (0.90)
libarchive (3.5.1)
xz-utils (5.2.5)
tar (1.34)
libuv (1.41.1)
tini (0.19)
mit-krb5 (1.19.2)
SDK: dnsmasq (2.85)
SDK: rust (1.54)

Changes since Alpha 2983.0.0

Security fixes

Linux(CVE-2021-3753, CVE-2021-3739)

Updates

Linux (5.10.63)