Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
This will help the Kata Containers community understand:
how you use Kata Containers
what features and improvements you would like to see in Kata Containers
Libseccomp Notices
The kata-agent binaries inside the Kata Containers images provided with this release are
statically linked with the following GNU LGPL-2.1 licensed libseccomp library.
The kata-agent uses the libseccomp v2.5.5 which is not modified from the upstream version.
However, in order to comply with the LGPL-2.1 (§6(a)), we attach the complete source code for the library.
Kata Containers builder images
agent (on all its different flavours): quay.io/kata-containers/builders:agent-5f68b343b-22d60a36c-1.85.1-x86_64
Kernel (on all its different flavours): quay.io/kata-containers/builders:kernel-b00013c71-x86_64
OVMF (on all its different flavours): quay.io/kata-containers/builders:ovmf-af919686a-x86_64
QEMU (on all its different flavurs): quay.io/kata-containers/builders:qemu-b2c943931-x86_64
genpolicy: Make cpath compatible with both runtime-rs and runtime-go by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12064
Runtime/QEMU: Introduce virtio-blk with iothreads and enable Indep iothreads framework by @zhangckid in https://github.com/kata-containers/kata-containers/pull/11620
build: Introduce root workspace for rust components by @RuoqingHe in https://github.com/kata-containers/kata-containers/pull/11563
genpolicy: prepare integration tests for programmatic modification by @burgerdev in https://github.com/kata-containers/kata-containers/pull/11978
tests: Run authenticated tests with experimental_force_guest_pull by @fidencio in https://github.com/kata-containers/kata-containers/pull/12074
ci: Adjust gatekeeper's job fetch by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12106
tests: nvidia: cc: Re-enable NIM tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/12056
runtime-rs: Clear Linux.Resources.Devices completely and correct the guest path for container mount binding by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12102
tests: Enable AUTO_GENERATE_POLICY for qemu-coco-dev-runtime-rs by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12109
build(deps): bump the bit-vec group across 2 directories with 1 update by @dependabot[bot] in https://github.com/kata-containers/kata-containers/pull/11370
build(deps): bump oras-project/setup-oras from 1.2.2 to 1.2.4 by @dependabot[bot] in https://github.com/kata-containers/kata-containers/pull/11802
build: Exclude tools from root workspace by @RuoqingHe in https://github.com/kata-containers/kata-containers/pull/12110
tests: k8s: Fix typo in authenticated tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/12111
gpu: introduce a new devkit build flag to produce a rootfs for developers by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12059
tests: nvidia: cc: Re-enable multi GPU test case by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12117
shim: Support device cold plug with Kubernetes by @jojimt in https://github.com/kata-containers/kata-containers/pull/12087
tests: cc: Test authenticated images with force guest pull by @fidencio in https://github.com/kata-containers/kata-containers/pull/12118
tests: Reduce KBS deployment check flakeness by @fidencio in https://github.com/kata-containers/kata-containers/pull/12119
runtime-rs: Bump cgroups-rs to v0.5.0 by @justxuewei in https://github.com/kata-containers/kata-containers/pull/12121
tests: nvidia: cc: add allow-all policy and init-data generation by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12050
New Contributors
@zhangckid made their first contribution in https://github.com/kata-containers/kata-containers/pull/11620
@jojimt made their first contribution in https://github.com/kata-containers/kata-containers/pull/12087
@LandonTClipp made their first contribution in https://github.com/kata-containers/kata-containers/pull/12173
Full Changelog: https://github.com/kata-containers/kata-containers/compare/3.23.0...3.24.0
Required tests update 14 nov 2025 by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12090
tests: nvidia: cc: Remove nvrc.smi.srs=1 parameter by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12092
Kata-deploy: Add tolerations to daemonset and cleanup job by @nheinemans-asml in https://github.com/kata-containers/kata-containers/pull/12115
gpu: Cleanup Makefile by @zvonkok in https://github.com/kata-containers/kata-containers/pull/12126
kata-deploy: nfd: Patch TEE runtimeclasses when needed by @fidencio in https://github.com/kata-containers/kata-containers/pull/12128
gpu: TDX kernel cmdline fixes by @zvonkok in https://github.com/kata-containers/kata-containers/pull/12127
runtime-rs: Allow configuration of virtio block queue parameters by @Apokleos in https://github.com/kata-containers/kata-containers/pull/11932
runtimeclasses: Fix nvidia-gpu podOverhead by @fidencio in https://github.com/kata-containers/kata-containers/pull/12132
agent: allow disabling detect_initdata_device by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/12135
policy: ci: enable security policy for openvpn test case by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12116
runtimes: config: Do NOT have commented fields by @fidencio in https://github.com/kata-containers/kata-containers/pull/12122
runtime-rs: fix QMP 'mq' parameter type in netdev_add to boolean by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12137
CI: readding SNP as required by @arvindskumar99 in https://github.com/kata-containers/kata-containers/pull/12138
workflows: Add Report tests to all workflows by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12143
ci: re-enable IBM runners for ppc64le and s390x by @Amulyam24 in https://github.com/kata-containers/kata-containers/pull/12096
qemu: Enable NUMA by @zvonkok in https://github.com/kata-containers/kata-containers/pull/11586
agent: fix the list_routes failure by @shwetha-s-poojary in https://github.com/kata-containers/kata-containers/pull/12112
kata-deploy: Fix multiInstallSuffix for NV shims by @fidencio in https://github.com/kata-containers/kata-containers/pull/12142
tests: Properly handle containerd config based on version by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12141
tests: Enable stability tests for runtime-rs by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12130
runtime-rs: Only QEMU supports templating by @fidencio in https://github.com/kata-containers/kata-containers/pull/12140
GHA: Use runs-on only for choosing proper runners by @BbolroC in https://github.com/kata-containers/kata-containers/pull/12144
kernel: Enable NUMA by @zvonkok in https://github.com/kata-containers/kata-containers/pull/11591
build: Add nvidia image rootfs builds by @fidencio in https://github.com/kata-containers/kata-containers/pull/12149
agent: Bump CDI-rs to latest by @zvonkok in https://github.com/kata-containers/kata-containers/pull/12151
ci: Add two extra gatekeeper triggers by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12150
gatekeeper: Drop SEV-SNP from required by @fidencio in https://github.com/kata-containers/kata-containers/pull/12154
ci: nvidia: remove kubectl_retry calls by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12158
kata-deploy: Fix binary find install_tools_helper by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12129
Nginx test image unification by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12153
doc: Document our Toolchain policy by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/11983
tests: Switch nginx test image ref to digest by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12179
ci: nvidia: Install kata-artifacts by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12175
gatekeeper: Drop all s390x e2e tests temporarily by @BbolroC in https://github.com/kata-containers/kata-containers/pull/12190
gatekeeper: Mark NVIDIA CC GPU test as required by @fidencio in https://github.com/kata-containers/kata-containers/pull/12172
gpu: Measured rootfs by @zvonkok in https://github.com/kata-containers/kata-containers/pull/12124
version: Update golang to 1.24.11 by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12184
ci: Add qemu-runtime-rs AKS tests to required by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12185
rootfs: Temporarily revert "gpu: Handle root_hash.txt correctly" by @fidencio in https://github.com/kata-containers/kata-containers/pull/12196
tests: use Authorization when GH_TOKEN is set by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12181
version: Bump sirupsen/logrus by @stevenhorsman in https://github.com/kata-containers/kata-containers/pull/12197
tests: nvidia: cc: Add attestation test by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12080
gpu: VFIO handling container vs sandbox by @zvonkok in https://github.com/kata-containers/kata-containers/pull/12188
versions: Bump experimental {tdx,snp} QEMU by @fidencio in https://github.com/kata-containers/kata-containers/pull/12113
tests: k8s: tests_common.sh shellcheck clean-up by @danmihai1 in https://github.com/kata-containers/kata-containers/pull/12192
podOverhead: Reduce memory overhead for GPU runtime classes by @fidencio in https://github.com/kata-containers/kata-containers/pull/12200
tests: remove containerd guest pull stability tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/12206
Revert "tests: Add workaround to override CDI files" by @fidencio in https://github.com/kata-containers/kata-containers/pull/12212
tests: Adjust install_bats() by @fidencio in https://github.com/kata-containers/kata-containers/pull/12215
runtime: gpu: Skip CDI annos for pause container by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12214
runtime: Add IOMMUFD Object Creation for QEMU QMP Commands by @LandonTClipp in https://github.com/kata-containers/kata-containers/pull/12173
build(deps): bump github.com/containernetworking/plugins from 1.7.1 to 1.9.0 in /src/runtime by @dependabot[bot] in https://github.com/kata-containers/kata-containers/pull/12211
runtime-rs: Enable runtime-rs CI for several features by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12105
tests: nvidia: cc: Affirming attestation policy by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12199
ci: arm64-non-k8s: temporarily skip the tests by @fidencio in https://github.com/kata-containers/kata-containers/pull/12220
kata-types: Allow dynamic queue config via Pod annotations by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12178
policy: gpu: validation of vfio passthrough GPUs by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12108
version: Bump rtnetlink and netlink-packet-route by @Apokleos in https://github.com/kata-containers/kata-containers/pull/12225
NVIDIA CI: cleanups, improved print-outs, shellcheck warnings, resource policy by @manuelh-dev in https://github.com/kata-containers/kata-containers/pull/12201
release: Bump version to 3.24.0 by @fidencio in https://github.com/kata-containers/kata-containers/pull/12226