conmon v2.2.1 Release Notes

Release date: 2026-02-12

Overview

This is a bugfix and stability release for conmon 2.2.1, reverting F-sequence behavior, addressing CPU load issues and improving test coverage for CRI-O integration.

Changes Since v2.2.0

Bug Fixes

• Fix EAGAIN busy-loop in drain_stdio() (#633, 2cf4dcd)
  • Resolved CPU load issue caused by busy-looping on EAGAIN in stdio drain operations
  • Significantly reduces CPU consumption during container I/O operations

Reverts

• Revert F-sequence behavior changes (#630)
  • Reverted PR #629: Fix k8s-file log format for terminating F-sequence (894e164)
  • Reverted PR #592: Previous F-sequence related changes (8563b0a)
  • Fixed test suite for reverted F-sequence behavior (5863a7f)
  • These changes were reverted to maintain compatibility and stability

Test Improvements

• Add CRI-O critest (#631, f8cc9d6)

  • Added comprehensive CRI-O integration testing using critest
  • Improves CI coverage for CRI-O compatibility

• Skip test if RUNTIME_BINARY is not runc (#628, 3bb1a4e)

  • Enhanced test suite to properly handle different OCI runtimes
  • Tests are now skipped when runc is not the configured runtime

• Ensure necessary dependencies are available (#627, de539b3)

  • Added dependency checks for test prerequisites
  • Improves test reliability by verifying socat and other required tools

Installation

Download the release from the GitHub and build from source:

git clone https://github.com/containers/conmon
cd conmon
git checkout v2.2.1
make
sudo make install

Dependencies

No changes to dependencies from v2.2.0. See README.md for full dependency list.

Contributors

Thanks to all contributors for this release:

• Jindrich Novy (@jnovy)
• Ayato Tokubi (@bitoku)
• Ricardo Branco (@ricardobranco777)
• Scott S. McCoy (@ssmccoy)

Full Changelog

For complete commit history: v2.2.0...v2.2.1

conmon v2.2.0 Release Notes

This release includes significant improvements in testing infrastructure, bug fixes for critical issues, and new features for log management.

Major Changes

Testing Infrastructure Overhaul

• Complete migration from Go tests to BATS framework, removing Go build dependency (#579)
• Added 52+ comprehensive BATS tests covering basic functionality, container logging, k8s log rotation, and full runtime integration
• Replaced busybox with UBI10 base image in tests for better reliability (#612)
• Added code coverage support with make test-coverage target (#594, #600)
• Enhanced test coverage for logging, terminal handling, exec operations, and OCI sync pipes (#602, #603, #604, #605, #607)

Critical Bug Fixes

• Fixed SIGABRT crash in drop_signal_event when signalfd read fails (#625)
• Fixed k8s-file log corruption during log rotation by properly handling buffer state (#563, #570)
• Fixed container exit detection in systemd scope environments where process is not direct child of conmon (#545, #571)
• Fixed OOM detection on cgroup v2 with proper event counters and race condition handling (#426, #581)
• Fixed JSON parsing error in console file descriptor communication with improved escaping (#493, #593)
• Fixed missing F-sequence on container exit with partial log output (#252, #592)
• Fixed inconsistent error messages when runtime fails (#617, #618)
• Fixed errno race condition in logging macros (#574, #575)
• Fixed terminal resize event processing to handle each line exactly once (#566)
• Fixed memory.events inotify watch to check file existence first (#620, #621)

New Features

• Added log rotation functionality as alternative to log truncation (#211, #596)
  • New --log-rotate option to enable rotation instead of truncation
  • New --log-max-files option to specify number of backup files
  • New --log-allowlist-dir option for allowed log directories
• Added --no-container-partial-message option (#335, #583)
• Added systemd priority prefix parsing to journald logging (#595, #601)
• Added container labels to journald log entries via --log-label option (#562)

Improvements

• Restored use of writev() system call for better performance (#609)
• Added optional systemd support for static builds via DISABLE_SYSTEMD flag (#348, #573)
• Documented all CLI options in conmon.8.md (#606)
• Fixed meson install path to match Makefile behavior (#304, #585)
• Enhanced terminal size validation with upper bound checks (#610, #612)

Code Quality

• Fixed multiple buffer safety and memory allocation issues (#582, #587)
• Fixed memory leak in seccomp_accept_cb (#557)
• Replaced sprintf with snprintf for security
• Improved error handling and logging throughout codebase (#554, #555)
• Modernized Go code: removed pkg/errors dependency, updated to ioutil replacements (#559)
• CI/CD improvements and Go version updates to 1.23+ (#560, #561, #569)

Reverts

• Reverted exec exit status handling fix that caused regression (#589, #590)

Issues Fixed

#211, #252, #304, #328, #335, #348, #391, #426, #490, #493, #532, #540, #545, #551, #554, #555, #557, #559, #560, #561, #562, #563, #566, #569, #570, #571, #572, #573, #574, #575, #579, #581, #582, #583, #584, #585, #586, #587, #589, #590, #592, #593, #594, #595, #596, #597, #600, #601, #602, #603, #604, #605, #606, #607, #609, #610, #612, #613, #617, #618, #619, #620, #621, #623, #624, #625

External Issues Fixed

• https://bugzilla.redhat.com/show_bug.cgi?id=2348843
• containers/podman#27335
• containers/podman#26981

Contributors

Special thanks to all contributors who made this release possible:

• Ayato Tokubi atokubi@redhat.com
• Dan Cermak dcermak@suse.com
• Daniel J Walsh dwalsh@redhat.com
• Giuseppe Scrivano gscrivan@redhat.com
• Jan Kaluza jkaluza@redhat.com
• Jindrich Novy jnovy@redhat.com
• Kir Kolyshkin kolyshkin@gmail.com
• Lokesh Mandvekar lsm5@fedoraproject.org
• Peter Portante peter.portante@redhat.com
• Povilas Kanapickas povilas@radix.lt
• Sohan Kunkerkar sohank2602@gmail.com
• renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Installation

Download from GitHub and build from source:

git clone https://github.com/containers/conmon.git
cd conmon
git checkout v2.2.0
make
sudo make install

Bug fixes

• Make timestamp generation never fail.
• Change permissions of logs from 0600 to 0640
• Avoid bogus journal filling errors
• Fix typos and clarify man page.
• conmon: do not create oom file under cwd
• logging: remove unuseful fsync

What's Changed

• Packit: enable downstream sync to CentOS Stream 10 by @lsm5 in #506
• Make 'docs' target not depend on 'install.tools' if GOMD2MAN is set by @Flowdalic in #507
• Bump version to 2.1.12 by @saschagrunert in #505

New Contributors

• @Flowdalic made their first contribution in #507

Full Changelog: v2.1.11...v2.1.12

What's Changed

• docs/Makefile: softcode GOMD2MAN by @rahilarious in #482
• chore(deps): update dependency containers/automation_images to v20231208 by @renovate in #478
• drop --tty on exec by @haircommander in #484
• chore(deps): update dependency containers/automation_images to v20240102 by @renovate in #485
• fix(deps): update github.com/opencontainers/runtime-tools digest to 408c51e by @renovate in #458
• [skip-ci] Update actions/setup-go action to v5 by @renovate in #479
• [skip-ci] Update actions/cache action to v4 - autoclosed by @renovate in #486
• fix(deps): update module github.com/onsi/gomega to v1.31.1 by @renovate in #487
• update packit config, enable downstream tasks by @lsm5 in #488
• Remove checks for (long)deprecated libsystemd-journal for libsystemd by @rahilarious in #456
• Add support for s390x by @saschagrunert in #492
• Build s390x binaries using musl libc by @saschagrunert in #503

New Contributors

• @rahilarious made their first contribution in #482

Full Changelog: v2.1.10...v2.1.11

Bug fixes

• Fix incorrect free in conn_sock
• logging: Respect log-size-max immediately after open

Invalid Release

Note: this release contains a regression and shouldn't be used in production. Please use 2.1.10 instead
#475

Bug fixes

• fix some issues flagged by SAST scan
• src: fix write after end of buffer
• src: open all files with O_CLOEXEC
• oom-score: restore oom score before running exit command

Features

• Forward more messages on the sd-notify socket
• logging: -l passthrough accepts TTYs

Bug Fixes

• stdio: ignore EIO for terminals
• ensure console socket buffers are properly sized
• conmon: drop return after pexit()
• ctrl: make accept4 failures fatal
• logging: avoid opening /dev/null for each write
• oom: restore old OOM score
• Use default umask 0022

Misc

• cli: log parsing errors to stderr
• Changes to build conmon for riscv64
• Changes to build conmon for ppc64le
• Fix close_other_fds on FreeBSD

Bug Fixes

Fix leaking symbolic links in the opt_socket_path directory
cgroup: Stumble on if we can't set up oom handling

Bug Fixes

• Fix OOM watcher for cgroupv2 oom_kill events

Misc

• Use --detach instead of -d
• ctrl: drop fifo perms to 0660