v0.10.0-rc.8

What's Changed

• Adding policy enforcement for User. by @matajoh in #1669
• Bump golang.org/x/sys from 0.5.0 to 0.6.0 in /test by @dependabot in #1685
• Fix silly error whereby a chain was required although unnecessary. by @KenGordon in #1682
• github-ci: use go1.19.x by @anmaxvl in #1689
• Bump github.com/containerd/ttrpc from 1.1.0 to 1.2.1 in /test by @dependabot in #1693
• tests: rego exec in uvm cri integration tests by @anmaxvl in #1648
• Fix graceful termination test errors by @kiashok in #1687
• Logging (JSON) formatting; span export by @helsaawy in #1364
• Bump actions/setup-go from 3 to 4 by @dependabot in #1696
• Fix "no matches" test that can somewhat easily match by @SeanTAllen in #1684
• Update dependencies by @helsaawy in #1697
• tests: add tests for concurrent pod startup by @anmaxvl in #1639
• Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 in /test by @dependabot in #1700
• Bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 by @dependabot in #1701
• Adding policy for Linux capabilities. by @matajoh in #1683
• NCProxy: attach to host and macpool by @helsaawy in #1591
• Update golangci linter and clean go mod cache by @katiewasnothere in #1707
• Seccomp profile policy enforcement. by @matajoh in #1705
• upgrade runc dependency by @helsaawy in #1714
• Clarifying SVN vs. Version. by @matajoh in #1715
• sev-snp: add SEV device when security policy is present by @anmaxvl in #1679
• tests: Add rego cri-integration tests for plan9 mount policy. by @anmaxvl in #1651
• con-con: write policy, reference info and cert to container's rootfs by @anmaxvl in #1708
• Moving to structured JSON policy decisions. by @matajoh in #1718
• hack: add blanket retries on device-mapper failures with SCSI by @anmaxvl in #1720
• negative rego cri-integration tests by @anmaxvl in #1719
• tests: fix error assertion and container layer sha256 by @anmaxvl in #1725
• Create new test packages that reference internal packages by @katiewasnothere in #1704
• Make sure that security context files are readable by all by @jumaffre in #1729
• Switch from filepath.EvalSymlinks to fs.ResolvePath by @helsaawy in #1644
• Policy decision truncation. by @matajoh in #1731
• Fixing the errors for missing enforcement points by @matajoh in #1735
• tests: write seccomp profile to a temporary file by @anmaxvl in #1736
• Add code to format disk as ext4 in guest by @katiewasnothere in #1717
• Adding padding to base64 encoded policy decisions by @matajoh in #1738
• fix: bug potentially not removing RW device. by @anmaxvl in #1737
• Consolidate dependabot updates by @helsaawy in #1748
• [bug] Consolidate dependabot updates by @helsaawy in #1749
• Remove UVM/container cloning functionality by @kevpar in #1740
• gcs: Add SCSIDevice type with remove operation by @kevpar in #1741
• Remove dependence on GetScsiUvmPath function by @kevpar in #1742
• Rework layer handling to return a ResourceCloser by @kevpar in #1743
• Remove godeps from makefile by @helsaawy in #1750
• slice bounds and nil VM access fix by @helsaawy in #1754

New Contributors

• @jumaffre made their first contribution in #1729

Full Changelog: v0.10.0-rc.7...v0.10.0-rc.8