Alibaba Cloud releases ContainerOS image versions on a regular basis to offer the latest operating system features, performance optimizations, and security patches. This topic describes the latest release versions and update details of ContainerOS images.
For more information about benefits, use scenarios, and billing of ContainerOS, see ContainerOS overview.
ContainerOS 3.3.1
Version | Image ID | Release date | Description |
ContainerOS 3.3.1 | lifsea_3_x64_10G_alibase_20240918.qcow2 | 2024-09-12 |
Important The Kubernetes version of the Container Service for Kubernetes (ACK) cluster must be 1.28 or later. For more information about how to update a cluster, see Manually update ACK clusters. For more information about update details, see the following sections. |
Important updates
Kernel updates:
The kernel version is upgraded to kernel-5.10.134-17.2.1.lifsea8.
The containerd version is upgraded to 1.6.34.
Users can create directories in the root directory and mount custom data disks.
Package updates
Upgraded software packages
bubblewrap, 0.4.0-1.1.al8->0.4.0-2.1.al8
containerd.io, 1.6.28-20240202134619.alios7->1.6.34-20240829163547.alios7
glib2, 2.68.4-11.al8->2.68.4-11.1.al8
ignition, 2.9.0-2.git1d56dc8.13.al8->2.9.0-2.git1d56dc8.14.al8
kernel-core, 5.10.134-17.0.2.lifsea8->5.10.134-17.2.1.lifsea8
libndp, 1.7-6.0.1.al8->1.7-7.0.1.al8
libxml2, 2.9.7-18.0.3.al8->2.9.7-18.0.3.1.al8
libxml2-devel, 2.9.7-18.0.3.al8->2.9.7-18.0.3.1.al8
lifsea-cli, 0.2.0-2.al8->0.2.1-1.al8
tzdata, 2024a-1.0.1.1.al8->2024a-1.0.1.3.al8Fixed issues
Image:
The tooltip for lifseacli is optimized to include a reminder to restart the system after the kernel update is complete.
ContainerOS 3.3
Version | Image ID | Release date | Description |
ContainerOS 3.3 | lifsea_3_x64_10G_containerd_1_6_28_alibase_20240705.vhd | 2024-07-05 |
Important The Kubernetes version of the ACK cluster must be 1.28 or later. For more information about how to update a cluster, see Manually update ACK clusters. For more information about update details, see the following sections. |
Important updates
Kernel updates:
The kernel version is upgraded to kernel-5.10.134-17.0.2.lifsea8.
Startup acceleration for CONFIG_BT Bluetooth module is disabled.
The cgroup v2 mode is used by default.
Default values of two kernel parameters related to scheduling are adjusted to improve the performance of CPU-intensive tasks:
kernel.sched_wakeup_granularity_ns=15000000kernel.sched_min_granularity_ns=10000000
Default values of the following kernel parameters are adjusted based on Alibaba Cloud Linux 3:
kernel.hung_task_timeout_secs = 240 kernel.panic_on_oops = 1 kernel.watchdog_thresh = 50 kernel.hardlockup_panic = 1 kernel.sysrq = 1 net.ipv4.neigh.default.gc_stale_time = 120 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_announce = 2 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_slow_start_after_idle = 0 vm.swappiness = 0The default value of Transparent Huge Pages (THP) is modified from
alwaystomadvise.
Security updates
Package name | CVE ID | Package version |
curl | CVE-2023-38546 | 7.61.1-34.0.1.al8 |
dnsmasq | CVE-2023-28450 CVE-2023-50387 CVE-2023-50868 | 2.79-32.0.1.al8 |
expat | CVE-2023-52425 | 2.2.5-13.al8 |
glib2 | CVE-2023-29499 CVE-2023-32611 CVE-2023-32665 | 2.68.4-11.al8 |
glibc | CVE-2024-2961 | 2.32-1.17.al8.lifsea8 |
gmp | CVE-2021-43618 | 6.2.0-13.0.1.al8 |
gnutls | CVE-2023-5981 | 3.6.16-8.0.2.al8 |
kernel-core | CVE-2022-3114 CVE-2022-3424 CVE-2022-38096 CVE-2022-3903 CVE-2022-45887 CVE-2023-0160 CVE-2023-0615 CVE-2023-1206 CVE-2023-20569 CVE-2023-20588 CVE-2023-20593 CVE-2023-28464 CVE-2023-2860 CVE-2023-3006 CVE-2023-31083 CVE-2023-31085 CVE-2023-3358 CVE-2023-3567 CVE-2023-3772 CVE-2023-3863 CVE-2023-39192 CVE-2023-4015 CVE-2023-4132 CVE-2023-4155 CVE-2023-42753 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-45871 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-51042 CVE-2023-51779 CVE-2023-5178 CVE-2023-52438 CVE-2023-52445 CVE-2023-5717 CVE-2023-6176 CVE-2023-6546 CVE-2023-6817 CVE-2023-6915 CVE-2023-6931 CVE-2023-6932 CVE-2024-0565 CVE-2024-0646 CVE-2024-1086 CVE-2024-22099 CVE-2024-23307 CVE-2024-24855 CVE-2024-24860 CVE-2024-26589 CVE-2024-26597 | 5.10.134-17.0.2.lifsea8 |
libssh | CVE-2023-6004 CVE-2023-6918 CVE-2023-48795 | 0.9.6-12.al8 |
libxml2 | CVE-2024-25062 | 2.9.7-18.0.3.al8 |
oniguruma | CVE-2019-13224 CVE-2019-16163 CVE-2019-19012 CVE-2019-19203 CVE-2019-19204 | 6.8.2-3.0.1.al8 |
openssl | CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 | 1.1.1k-12.0.1.al8 |
pam | CVE-2024-22365 | 1.3.1-28.al8 |
procps-ng | CVE-2023-4016 | 3.3.15-14.0.1.al8 |
rpm | CVE-2021-35937 CVE-2021-35938 CVE-2021-35939 | 4.14.3-27.0.5.2.al8 |
shadow-utils | CVE-2023-4641 | 4.6-19.0.1.al8 |
sudo | CVE-2023-28486 CVE-2023-28487 CVE-2023-42465 | 1.9.5p2-1.0.1.al8 |
util-linux | CVE-2024-28085 | 2.32.1-45.0.1.1.al8.1 |
Package updates
Upgraded software packages
NetworkManager, 1.40.16-4.0.1.al8->1.40.16-15.0.1.al8
NetworkManager-libnm, 1.40.16-4.0.1.al8->1.40.16-15.0.1.al8
acpid, 2.0.32-6.0.1.al8->2.0.32-7.al8
audit-libs, 3.0.7-4.0.1.al8->3.0.7-5.0.1.al8
chkconfig, 1.19.1-1.al8->1.19.2-1.al8
cmake-filesystem, 3.20.2-5.al8->3.26.5-1.0.2.al8
coreutils-single, 8.30-15.al8->8.30-15.0.3.al8
crypto-policies, 20221215-1.gitece0092.al8->20230731-1.git3177e06.al8
curl, 7.61.1-31.0.3.al8.2->7.61.1-34.0.1.al8
dbus, 1.12.8-25.0.1.al8->1.12.8-26.0.1.al8
dbus-common, 1.12.8-25.0.1.al8->1.12.8-26.0.1.al8
dbus-daemon, 1.12.8-25.0.1.al8->1.12.8-26.0.1.al8
dbus-libs, 1.12.8-25.0.1.al8->1.12.8-26.0.1.al8
dbus-tools, 1.12.8-25.0.1.al8->1.12.8-26.0.1.al8
device-mapper, 1.02.181-9.0.1.al8->1.02.181-13.al8.0.1.al8
device-mapper-libs, 1.02.181-9.0.1.al8->1.02.181-13.al8.0.1.al8
dnsmasq, 2.79-27.al8->2.79-32.0.1.al8
elfutils-libelf, 0.188-3.0.1.al8->0.189-3.al8
expat, 2.2.5-11.al8->2.2.5-13.al8
file-libs, 5.33-24.al8->5.33-25.al8
findutils, 4.6.0-20.2.al8->4.6.0-21.0.1.al8
fuse, 2.9.7-16.al8->2.9.7-17.al8
fuse-common, 3.3.0-16.al8->3.3.0-17.al8
fuse-devel, 2.9.7-16.al8->2.9.7-17.al8
fuse-libs, 2.9.7-16.al8->2.9.7-17.al8
glib2, 2.68.4-6.al8->2.68.4-11.al8
glibc, 2.32-1.13.2.lifsea8->2.32-1.17.al8.lifsea8
gmp, 6.2.0-10.0.1.al8->6.2.0-13.0.1.al8
gnutls, 3.6.16-6.0.1.al8->3.6.16-8.0.2.al8
gzip, 1.9-13.al8->1.9-14.al8
hwdata, 0.314-8.16.al8->0.314-8.19.0.2.1.al8
ignition, 2.9.0-2.git1d56dc8.11.al8->2.9.0-2.git1d56dc8.13.al8
iptables, 1.8.4-24.0.1.al8->1.8.5-9.0.1.al8
iptables-libs, 1.8.4-24.0.1.al8->1.8.5-9.0.1.al8
iptables-services, 1.8.4-24.0.1.al8->1.8.5-9.0.1.al8
irqbalance, 1.9.0-4.0.1.al8->1.9.2-1.0.1.al8
jq, 1.6-14.al8->1.6-15.al8
kernel-core, 5.10.134-16.1.1.lifsea8->5.10.134-17.0.2.lifsea8
krb5-devel, 1.18.2-25.0.1.al8->1.18.2-26.0.1.al8
krb5-libs, 1.18.2-25.0.1.al8->1.18.2-26.0.1.al8
libblkid, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
libcap, 2.48-5.al8->2.48-6.0.1.al8
libcurl, 7.61.1-31.0.3.al8.2->7.61.1-34.0.1.al8
libcurl-devel, 7.61.1-31.0.3.al8.2->7.61.1-34.0.1.al8
libfdisk, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
libgcc, 10.2.1-3.5.al8->10.2.1-3.8.al8
libibverbs, 44.0-2.0.1.al8.1->46.0-1.0.3.al8.1
libkadm5, 1.18.2-25.0.1.al8->1.18.2-26.0.1.al8
libmount, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
libnfsidmap, 2.3.3-41.2.lifsea8->2.3.3-59.0.3.al8.lifsea8
libnftnl, 1.1.5-5.0.1.al8->1.2.2-3.0.1.al8
libnghttp2, 1.33.0-4.0.1.al8.1->libnghttp2, 1.33.0-4.0.1.al8.1->1.33.0-5.al8
libsmartcols, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
libsolv, 0.7.20-4.al8->0.7.20-6.al8
libssh, 0.9.6-10.al8->0.9.6-12.al8
libssh-config, 0.9.6-10.al8->0.9.6-12.al8
libstdc++, 10.2.1-3.5.al8->10.2.1-3.8.al8
libuuid, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
libxml2, 2.9.7-18.0.2.al8->2.9.7-18.0.3.al8
libxml2-devel, 2.9.7-18.0.2.al8->2.9.7-18.0.3.al8
lifsea-release, 3-8.al8->3-11.al8
lifsea-repos, 1.0-4.al8->1.0-5.al8
lifsea-repos-ostree, 1.0-4.al8->1.0-5.al8
nfs-utils, 2.3.3-41.2.lifsea8->2.3.3-59.0.3.al8.lifsea8
numactl-libs, 2.0.14-9.al8->2.0.16-1.0.1.al8
oniguruma, 6.8.2-2.1.al8->6.8.2-3.0.1.al8
openssl-devel, 1.1.1k-9.0.1.al8->1.1.1k-12.0.1.al8
openssl-libs, 1.1.1k-9.0.1.al8->1.1.1k-12.0.1.al8
ostree, 2022.2-5.0.1.3.lifsea8->2022.2-9.al8.lifsea8
ostree-libs, 2022.2-5.0.1.3.lifsea8->2022.2-9.al8.lifsea8
ostree-prepare-root, 2022.2-5.0.1.3.lifsea8->2022.2-9.al8.lifsea8
pam, 1.3.1-25.0.1.al8->1.3.1-28.al8
procps-ng, 3.3.15-13.0.1.al8->3.3.15-14.0.1.al8
rpcbind, 1.2.5-8.2.lifsea8->1.2.5-10.0.2.al8.lifsea8
rpm, 4.14.3-26.0.6.al8->4.14.3-27.0.5.2.al8
rpm-libs, 4.14.3-26.0.6.al8->4.14.3-27.0.5.2.al8
rpm-ostree, 2022.10.115.g15eba7b1-2.0.1.4.lifsea8->2022.10.117.g52714b51-2.0.2.al8.lifsea8
rpm-ostree-libs, 2022.10.115.g15eba7b1-2.0.1.4.lifsea8->2022.10.117.g52714b51-2.0.2.al8.lifsea8
rpm-plugin-selinux, 4.14.3-26.0.6.al8->4.14.3-27.0.5.2.al8
selinux-policy, 3.14.3-54.4.lifsea8->3.14.3-128.0.1.al8.1
selinux-policy-targeted, 3.14.3-54.4.lifsea8->3.14.3-128.0.1.al8.1
shadow-utils, 4.6-17.0.1.al8->4.6-19.0.1.al8
sqlite-libs, 3.26.0-18.al8->3.26.0-19.al8
sudo, 1.8.29-10.al8->1.9.5p2-1.0.1.al8
systemd, 239-74.0.3.lifsea8.3.1->239-78.0.4.1.al8.lifsea8
systemd-libs, 239-74.0.3.lifsea8.3.1->239-78.0.4.1.al8.lifsea8
systemd-udev, 239-74.0.3.lifsea8.3.1->239-78.0.4.1.al8.lifsea8
tzdata, 2023c-1.0.1.al8->2024a-1.0.1.1.al8
util-linux, 2.32.1-42.0.1.al8->2.32.1-45.0.1.1.al8.1
which, 2.21-18.0.1.al8->2.21-20.0.1.al8
xfsprogs, 5.0.0-11.0.1.al8->5.0.0-12.0.1.alFixed issues
Image:
The issue that the scale-out activity fails if the Non-Volatile Memory Express (NVMe) disk is used as the system disk during startup is fixed.