-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-d6bca63b66 2023-07-28 02:40:36.315019 -------------------------------------------------------------------------------- Name : firecracker Product : Fedora 38 Version : 1.4.0 Release : 1.fc38 URL : https://firecracker-microvm.github.io/ Summary : Secure and fast microVMs for serverless computing Description : Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers. This package does not include all of the security features of an official release. It is not production ready without additional sandboxing. -------------------------------------------------------------------------------- Update Information: ##### Added - Added support for custom CPU templates allowing users to adjust vCPU features exposed to the guest via CPUID, MSRs and ARM registers. - Introduced V1N1 static CPU template for ARM to represent Neoverse V1 CPU as Neoverse N1. - Added support for the virtio-rng entropy device. The device is optional. A single device can be enabled per VM using the /entropy endpoint. - Added a cpu-template-helper tool for assisting with creating and managing custom CPU templates. ##### Changed - Set FDP_EXCPTN_ONLY bit (CPUID.7h.0:EBX[6]) and ZERO_FCS_FDS bit (CPUID.7h.0:EBX[13]) in Intel's CPUID normalization process. ##### Fixed - Fixed feature flags in T2S CPU template on Intel Ice Lake. - Fixed CPUID leaf 0xb to be exposed to guests running on AMD host. - Fixed a performance regression in the jailer logic for closing open file descriptors. Related to: #3542. - A race condition that has been identified between the API thread and the VMM thread due to a misconfiguration of the api_event_fd. - Fixed CPUID leaf 0x1 to disable perfmon and debug feature on x86 host. - Fixed passing through cache information from host in CPUID leaf 0x80000006. - Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES MSR to 1 in accordance with an Intel microcode update. - Fixed the T2CL CPU template to pass through the RSBA and RRSBA bits of the IA32_ARCH_CAPABILITIES MSR from the host in accordance with an Intel microcode update. - Fixed passing through cache information from host in CPUID leaf 0x80000005. - Fixed the T2A CPU template to disable SVM (nested virtualization). - Fixed the T2A CPU template to set EferLmsleUnsupported bit (CPUID.80000008h:EBX[20]), which indicates that EFER[LMSLE] is not supported. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 19 2023 David Michael <fedora.dm0@xxxxxxxxx> - 1.4.0-1 - Update to the 1.4.0 release. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d6bca63b66' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue