An insufficient validation of annotations affects Kata Containers prior to
version 1.11.5, making it possible to execute arbitrary programs on the
host. Unless specific filtering of the annotations is performed by the upper
layers of the stack, it makes it possible for a user to send manifests that
instruct kata-runtime to execute arbitrary code with the same privilege level as
kata-runtime itself.
Fixes: #191
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Various improvements to the KCSA document including:
- Add "Date" (of announcement) and "Affected Versions" columns to table.
- Sort table rows by date.
- Add section showing how to determine which version of Kata you are using.
- Add section with references to upgrading doc if you are affected by a KCSA.
- Add table of contents.
Fixes: #189.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We mentioned in the KCSA doc, that the advisories are listed
in reverse date order, but the advisories themselves are listed
in chronological order.
Change the order as it makes sense to list the most recent
KCSA first.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
As a result of the elections that took place in Sep - Oct 2020,
Archana Shinde and Fabiano Fidêncio became part of the Architecture
Committee.
Link to the published results:
http://lists.katacontainers.io/pipermail/kata-dev/2020-October/001545.htmlFixes: #185
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Add GitHub actions to:
- Add newly-created issues to the issue backlog project.
- Move issues with a linked PR into the "In progress" column
of the issue backlog project.
Related: https://github.com/kata-containers/kata-containers/issues/512Fixes: #166.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Declare myself a candidate for one seat on the Kata Containers
Architecture Committee.
Fixes: #175
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Fixes#163
The Signed-off-by line should also contain the name of the contributor.
Fix it in the documentation.
Signed-off-by: Jens Freimann <jfreiman@redhat.com>
Use github actions for performing wip and DCO checks on PRs.
Note since external actions for DCO check access github token, a
particular sha for the actions is used.
Fixes: github.com/kata-containers/kata-containers#437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
These have been fixed and put in releases 1.11.1 and 1.10.5.
Sending out announcement.
Fixes#159
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
* Fixes#151
* Create 1-level depth of TOC to simplify
* Add Contributor roles section w links
* Replace longer examples of PR process w links to GitHub workflows
* Reorganize and revise GitHub instructions in 3 new sections
* GitHub basic setup, -best practices, and -workflows.
* Abstracts most other GitHub refs to external links.
* Revises process to use fork-and-clone method.
* Removes comments; resolves w revisions; reformats notes.
Signed-off-by: Michael Vincerra <michael.vincerra@intel.com>
How to report vulnerabilities was not clearly documented. Add a section
noting you can use either the launchpad or email.
Fixes: #132
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
